ISP not liable for “hostile code” sent by user, says US court

The case was brought by John Green, an electronics engineer and AOL subscriber, who claimed he received malicious software instructions designed to temporarily block his internet access.

Green alleged that AOL should be held liable for the incident, because it failed to enforce the terms of its service agreement against the sender of the hostile code.

His arguments were initially rejected by the US District Court for the District of New Jersey. Under the US Communications Decency Act, ISPs are not responsible for information distributed through their systems.

The court ruled that the Act's definition of information does not only cover the communication of "knowledge or intelligence", but also the transmission of electronic "signals", such as software instructions.

That ruling was upheld last week by the US Court of Appeals for the Third Circuit, according to CNet News.com.

The decision is in line with other case law, which has been developed in both the US and the UK and has tended to support the proposition that an ISP and/or web host will not be liable for third party content, provided that they do not perform any editorial function.

In the EU, the legal position on the issue has been clarified by the E-Commerce Directive. Under the Directive, ISPs should not be held liable for information transmitted through their system, provided they have not:

Initiated the transmission;

Selected the receiver of the transmission; and

Selected or modified the information contained in the transmission.

ISPs, however, may be held liable for third party material, if they fail to remove it from their systems once they have been notified it is illegal.