Do We Need a Sarbanes-Oxley for The Internet?

An anonymous reader asks: "Since 2002, corporate executives have been held accountable through the Sarbanes-Oxley Act (SOX) for their own internal IT security (with heavy fines and even prison terms when SOX isn't complied with) despite the fact that this level of accountability doesn't exist for some critical elements of the internet. Is it high time for industry to collaborate on a stringent security doctrine to hold organizations accountable for operating, providing and commercializing Internet service, in effect a Sarbanes-Oxley Act for the Internet?"

Streamlined Regulation

[4of12]

I would advocate minimum possible regulations, particularly ingredients that require rigorous identification, government screening to prevent "slander of the state", etc.

Delegate control and punishment measures down throught the DNS hierarchy - if you run an open relay that spews, then it's up to your provider to discipline you - or face worse consequences upstream as his provider gets angry about the flood.