Cleaning Up U.S. Cyberspace <http://www.cfr.org/internet-policy/cleaning-up-us-cyberspace/p37333?cid=otr-...> The U.S. government's effort to persuade other countries to adopt norms of responsibility for cyberspace faces a significant obstacle: computers located in the United States host much of the malicious software used to carry out cyberattacks. Botnets—groups of compromised computers under the control of a malicious actor—are regularly used to distribute spam, spy, break passwords, harvest credentials, and engage in distributed denial-of-service (DDOS) attacks. When botnets located in the United States attack computers in other countries, the victims could view the United States as either being behind the attacks or an accomplice in violation of the norms the United States is pressuring other countries to uphold. [] Yet the placement of the United States at the top of the list for botnets and DDOS attacks undermines efforts to promote norms of cyberspace responsibility. Other countries, notably Finland, have been able to nearly eliminate botnets by monitoring for infections and quarantining infected computers from the Internet. U.S. ISPs and hosting providers—such as GoDaddy and Rackspace, two companies whose powerful servers are often used to carry out malicious attacks—have resisted embracing such an approach. ISPs argue that monitoring their customers' network flows for malicious activity and notifying their customers when they detect it will be viewed as an unreasonable intrusion on customer privacy. [] Under a voluntary agreement with the Federal Communications Commission, the major ISPs have agreed to a notification protocol. However, under the agreement, ISPs only need to respond to customers who want to know if they are infected; they do not have to actively inform the customer in advance.