Earlier in the year I wrote about the German ISP Association’s scheme to remove the economic disincentive for ISPs to inform their customers of botnet infections on their PCs by providing a centrally-funded helpdesk. In Latvia a different approach has been taken: providing a “responsible ISP” mark that consumer networks can use on their websites and other promotional materials. To be entitled to use the mark an ISP must satisfy three conditions:
- When notified by the Latvian hotline for child abuse imagery of illegal material on web hosting services, remove it;
- When notified by the Latvian national CERT of a computer infected by malware, inform the relevant customer;
- Provide content filtering services to customers who request them.
Interestingly, Latvia report the same problem as Germany: that if an ISP contacts a customer and recommends installing anti-virus or other security software, this is sometimes interpreted as a sales call rather than a security warning. The same solution has been adopted – to refer customers to advice provided by an independent third party, in this case the National CERT.