A recurrent idea, with the FTC (in the US) putting it forward once more. Note that the COnvention of cybercrime lets the member states parties free to narrow the offences (hacking and misuse of computers) by including a condition, that of having up-to-date security features. Now the problem is what is up to date?
http://www.techdirt.com/articles/20080825/2320012094.shtml (26 August 2008)
In the same line of thought is the comment of a Nigerian official who points out that victims of 419 scams should be held responsible "Nigerian Official Blames The Victims Of Nigerian 419 Advance Fee Scams" http://www.techdirt.com/articles/20080822/0315012062.shtml (22 August 2008)
And earlier, "Banks slip through virus loophole" (TheGuardian, 12 June 208): "A quiet rule change allows British banks to refuse to compensate the victims of online fraud if they do not have "up-to-date" anti-virus protection, says Danny Bradbury"