One of the reasons why various safe harbor rules
exist is to protect parties who really have nothing to do with any kind of law breaking from being liable for the activities of others. Thus, we don't blame an ISP for the activities of one of its users, even if that user breaks the law. That's both reasonable and fair. Those who want to blame those providers often do so just because it's easier
-- or, more commonly, because they somehow think it's better for that service provider to somehow act in the role of the police to make things easier. Something similar seems to be happening with the FTC placing the onus on small businesses to make sure they don't sell to online criminals. Slashdot
points us to the news that, starting November 1st, all companies are supposed to compare customer info with a "red flag" list of online identity fraudsters and money launderers
. Firms that fail to check may be liable if they end up doing business with "known" criminals. You can understand the reasoning here. It certainly makes it a lot easier for the FTC to try to crack down on these crimes. But it adds significant expense and liability to small businesses for potential crimes in which they were totally uninvolved.