[87603] in North American Network Operators' Group
Re: Compromised machines liable for damage?
daemon@ATHENA.MIT.EDU (Jason Frisvold)
Wed Dec 28 09:38:41 2005
Date: Wed, 28 Dec 2005 09:38:11 -0500
From: Jason Frisvold <xenophage0@gmail.com>
To: Owen DeLong <owen@delong.com>
Cc: Marshall Eubanks <tme@multicasttech.com>,
"Steven M. Bellovin" <smb@cs.columbia.edu>,
"Hannigan, Martin" <hannigan@verisign.com>,
Joseph Jackson <jjackson@aninetworks.com>, NANOG <nanog@merit.edu>
In-Reply-To: <768860D00298F8D2C85B56A0@imac-en0.delong.sj.ca.us>
Errors-To: owner-nanog@merit.edu
On 12/27/05, Owen DeLong <owen@delong.com> wrote:
> Look at it another way... If the software is open source, then, there
> is no requirement for the author to maintain it as any end user has
> all the tools necessary to develop and deploy a fix. In the case of
> closed software, liability may be the only tool society has to
> protect itself from the negligence of the author(s). What is the
> liability situation for, say, a Model T car if it runs over someone?
> Can Ford still be held liable if he accident turns out to be caused
> by a known design flaw in the car? (I don't know the answer, but,
> I suspect that it would be the same for "old" software).
But can't something similar be said for closed source? You know
there's a vulnerability, stop using it... (I'm aware that this is
much harder in practice)
<snip dead horse />
> In general, if the gross act of stupidity was reasonably foreseeable,
> the manufacturer has a "duty to care" to make some attempt to mitigate
> or prevent the customer from taking such action. That's why toasters
> all come with warnings about unplugging them before you stick a
> fork in them. That's why every piece of electronic equipment says
> "No user serviceable parts inside" and "Warning risk of electric shock".
So what if Microsoft put a warning label on all copies of Windows that
said something to the tune of "Not intended for use without firewall
and anti-virus software installed" ? :) Isn't the consumer at least
partially responsible for reasonable precautions?
> They feel for the carpenter and the only option they have to help
> him is to take money from the corporation.
I'm all for compassion, but sometimes it's a bit much.. :)
> Owen
I guess, in a nutshell, I'm trying to understand the liability
issue... It seems, based on the arguments, that it generally applies
to "stuff" that was received due to some monetary transaction. And
that the developer/manufacturer/etc is given a chance to repair the
problem, provided that problem does not exist due to gross negligence
on the part of the developer/manufacturer/etc ... Does that about sum
it up?
[From your other mail]
> SPAM does a lot of actual harm. There are relatively high costs associat=
ed
> with SPAM. Machine time, network bandwidth, and, labor.
*nod* I agree.. My point here was that SPAM, when compared to
something like a virus, is *generally* less harmful. Granted, SPAM is
more of a constant problem rather than a single virus that may attack
for a few days before mitigation is possible. I spend a great deal of
time tweaking my mail servers to prevent spam.. :)
--
Jason 'XenoPhage' Frisvold
XenoPhage0@gmail.com
