North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Compromised machines liable for damage?

  • From: Jason Frisvold
  • Date: Wed Dec 28 09:39:28 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta;; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=b01FyORczahe9WISsXkjcW+qzwK3g2m/zE2ilEf9F3I2SiyghpkBrG0qX3XYjKKfDn9TlkcToeWcBkmhwAYF3+rm0lnQjW64PVpTzHDOPsUq6mKxMaCKxNgV6z9ULo6K4UEU6XpLlN8ywV3PVqJh2Al65mVthZ3bUDW8qRmEYCE=

On 12/27/05, Owen DeLong <[email protected]> wrote:
> Look at it another way... If the software is open source, then, there
> is no requirement for the author to maintain it as any end user has
> all the tools necessary to develop and deploy a fix.  In the case of
> closed software, liability may be the only tool society has to
> protect itself from the negligence of the author(s).  What is the
> liability situation for, say, a Model T car if it runs over someone?
> Can Ford still be held liable if he accident turns out to be caused
> by a known design flaw in the car? (I don't know the answer, but,
> I suspect that it would be the same for "old" software).

But can't something similar be said for closed source?  You know
there's a vulnerability, stop using it...  (I'm aware that this is
much harder in practice)

<snip dead horse />

> In general, if the gross act of stupidity was reasonably foreseeable,
> the manufacturer has a "duty to care" to make some attempt to mitigate
> or prevent the customer from taking such action.  That's why toasters
> all come with warnings about unplugging them before you stick a
> fork in them.  That's why every piece of electronic equipment says
> "No user serviceable parts inside" and "Warning risk of electric shock".

So what if Microsoft put a warning label on all copies of Windows that
said something to the tune of "Not intended for use without firewall
and anti-virus software installed" ?  :)  Isn't the consumer at least
partially responsible for reasonable precautions?

> They feel for the carpenter and the only option they have to help
> him is to take money from the corporation.

I'm all for compassion, but sometimes it's a bit much..  :)

> Owen

I guess, in a nutshell, I'm trying to understand the liability
issue...  It seems, based on the arguments, that it generally applies
to "stuff" that was received due to some monetary transaction.  And
that the developer/manufacturer/etc is given a chance to repair the
problem, provided that problem does not exist due to gross negligence
on the part of the developer/manufacturer/etc ...  Does that about sum
it up?

[From your other mail]
> SPAM does a lot of actual harm.  There are relatively high costs associated
> with SPAM.  Machine time, network bandwidth, and, labor.

*nod*  I agree..  My point here was that SPAM, when compared to
something like a virus, is *generally* less harmful.  Granted, SPAM is
more of a constant problem rather than a single virus that may attack
for a few days before mitigation is possible.  I spend a great deal of
time tweaking my mail servers to prevent spam..  :)

Jason 'XenoPhage' Frisvold
[email protected]