People are only be held accountable for things that they or any reasonable person would beheld accountable. Corporate users are taught not to use their 'work' computer for personal use or not to go to unauthorized sites. This is mostly to keep the corporate internet connection from being the source of malicious applications. Some organizations go so far to teach or introduce users to information assurance as part of their right to access the internet. ISPs will continue allowing Darwin Award candidates access to the internet as long as they continue to pay for service. God help the USA when free internet gets here for every home. By free I mean, purchase by US tax dollars. ISPs should do their part in education the account holder on internet usage, or ISPs should be held responsible for the attacks that happen on or from their networks. I am not asking that they censor access, just education the user. That annual 'this-is-how-to-safely-use-the-internet' course would remove responsibility from the ISP on any incident.