ABSTRACT
Internet service providers (ISPs) have something that everyone wants: information. From law enforcement to marketers to criminals, information about subscribers and others who transit ISPs is valuable. Information about subscribers and others can be critical to the victims of criminal hackers trying to secure their systems and determine the identity and motives of the intruder. Yet there is a volume of misinformation about when and to whom an ISP can lawfully disclose information. All too often, the upstream ISP tells the downstream victim that information about the intruder is available but that the law requires a subpoena. This unfortunate response requires that the victim absorb the expense of retaining a lawyer and file a “John Doe” lawsuit without any assurance that the information obtained will be useful, or give up and just repair the damaged systems. Most victims choose the latter, giving the criminal hackers a tremendous boon.
