《侵权责任法》第36条第二、三款规定了网络服务提供者的连带责任，这一立法的逻辑和机理至今争论重重。本文以立法文本为起点，遵循解释论优先的思维，试图重塑其连带责任的合理性，检讨立法不足，并尝试提出解决方案。

网络服务提供者的侵权责任形态在立法上固定为连带责任，然而许多学者提出了不同看法，包括按份责任说、补充责任说等，即使是认同连带责任的学者间，也就连带责任的法理基础有不同意见。究其实质是共同侵权行为之要件未能统一。考虑到共同侵权的立法倾向与侵权责任体系性，应当优先以解释论方法诠释网络服务提供者之连带责任。通过分析“接到通知”内涵及法律效果，并溯源美国法探究“知道”的含义，可以推出二者实指皆为网络服务提供者的主观明知。事实上，我国立法中大量的“应当知道”属于对主观明知的推定而非负有知道之义务。“应当知道”仅表示义务是误读。同时，结合刑法“片面帮助”之概念，说明网络服务提供者与网络用户间意思联络之存在。从而以共同侵权解释网络服务提供者之连带责任。

连带责任的合理性能以解释论方法补足，但解释结果排斥过失责任的存在。根源在于法律移植的疏忽。对比美国法“避风港规则”与我国“通知删除”规则的差异，发现法律移植过程中没有很好处理免责条款与归责条款的转换问题，将“不知则免责”改造成了“若知则有责”，犯了逻辑错误。对此，应当以安全保障义务理论创设过失责任。安全保障义务理论存在不断扩张和一般化的趋势。功能上，该理论是不作为侵权的法理基础，解决了作为义务来源、违法性判断、过失认定以及因果关系问题。设置安全保障义务也具有合理性。首先，网络服务提供者的角色已由中立的通道转变为网络虚拟社区的管理者，“通知删除”规则已无法适应网络2.0时代。其次，设置安全保障义务是事实可行的。安全保障义务与网络服务提供者责任相契合，我国的立法与实践都有将安全保障义务引入网络领域的趋势。并且，域外法经验也证明了这一做法的可行。

网络服务提供者安全保障义务的内容，借鉴《网络安全法》之理念，划分出网络运行安全保障义务和网络信息安全保障义务。前者包括日常维护义务、安全防护义务以及警示义务，后者包括数据保护义务和信息管理义务。违反义务的判断标准，应当在客观标准之上，在具体情境中建立理性人标准。具体来说，结合网络侵权的避免可能性、网络服务提供者的能力、防范成本以及获利情况进行判断。责任形态上，故意违反安全保障义务侵害他人权益的，在第三人故意侵权的场合，成立共同侵权。过失违反安全保障义务，在第三人侵权的场合，承担相应的补充责任。

The second and third paragraphs of Article 36 of the Tort Liability Law stipulate the joint liability of Internet service providers. The logic of this legislation is still controversial.Based on the legislative text as the starting point, this thesis tries to reshape the rationality of joint liability, review the legislative deficiencies, and try to put forward solutions.

The tort liability of Internet service provider is fixed as joint liability in legislation. However, many scholars have put forward different views, including the theory of several liability and the theory of supplementary liability. Even scholars who agree with joint liability have different views on the legal basis of joint liability. The essence is that the elements of joint tort are not unified. Considering the legislative tendency of joint tort and the system of tort liability, we should give priority to the interpretation of joint liability of Internet service providers. By analyzing the connotation and legal effect of "receiving notice" and tracing back to American law to explore the meaning of "knowing", it can be concluded that both of them are subjective knowing of Internet service providers. In fact, a large number of "should know" in our legislation belongs to the presumption of subjective knowledge rather than the obligation to know. "Should know" only means that the obligation is misread. At the same time, combined with the concept of "one-sided help" in criminal law, this thesis explains the existence of intention contact between Internet service providers and Internet users. Thus, the joint liability of Internet service providers can be explained by joint tort.

The reasonable performance of joint and several liability can be supplemented by the method of interpretation, but the result of interpretation excludes the existence of fault liability. The root lies in the negligence of law transplantation. By comparing the differences between American law's "safe harbor rule" and China's "Notice - delete" rule, it is found that in the process of law transplantation, the conversion between exemption clause and liability imputation clause is not well handled, and the "exemption without knowing" is transformed into "liable if knowing", which makes logical mistakes. In this regard, the theory of security obligation should be used to create fault liability. The theory of security obligation has the trend of expansion and generalization. In function, the theory is the legal basis of omission infringement, which solves the problems of the source of obligation, the judgment of illegality, the determination of fault and the causal relationship. It is also reasonable to set up security obligations. First of all, the role of Internet service provider has changed from a neutral channel to a manager of Internet virtual community, and the "notice- delete" rule can no longer adapt to the era of WEB 2.0. Secondly, it is feasible to set up security obligations. The security obligation is consistent with the liability of the Internet service provider, and the legislation and practice of our country have the trend of introducing the security obligation into the Internet field. In addition, the experience of extraterritorial law has also proved the feasibility of this approach.

Based on the concept of Internet Security Law, the content of security obligations of Internet service providers is divided into network operation security obligations and information security obligations. The former includes daily maintenance obligations, security protection obligations and warning obligations, while the latter includes data protection obligations and information management obligations. The judgment standard of violating obligation should be based on the objective standard and the rational person standard in the specific situation. Specifically, it is judged by the avoidance possibility of Internet infringement, the ability of Internet service provider, the cost of prevention and the profit situation. In the form of liability, if one intentionally violates the obligation of security and infringes upon the rights and interests of others, joint infringement shall be established in the case of intentional infringement by the third party. In the case of the third party's infringement, the network service provider shall bear the corresponding supplementary responsibility for the negligent violation of the security obligation.