The New Security Threat: Lawyers?

["Alan Rudd" <arudd () bytex com>]

Ok group, just thought I would toss this one into your capable hands for 
some fun dialog.  Although when you dig thru this it's scary.

Alan Rudd
Bytex Corp
508.422.9422

"A number of security experts seem to believe that lawsuits resulting from
lax, or simply ineffective, computer security are on the horizon. It's not
hard to picture. John Doe buys US$300 worth of stereo equipment online using
a credit card; two days later, someone manages to crack the server  holding
the customer information database, and John Doe becomes a victim of identity
theft. After establishing which company is responsible for leaking his
information, John Doe gets a lawyer and sues the company. Within a couple of
months, it snowballs into a class-action suit after hundreds of other
customers realize that their information was pilfered as well.

"How about a scenario in which a company is struck by another Outlook virus
that e-mails random files from a user's hard drive? All it takes is one
confidential document landing in the wrong hands, and your company or
organization could be facing a lawsuit from one of your partners or
customers.

"Software vendors, too, may find themselves liable for vulnerabilities in
their products.

"The language in End User License Agreements (EULAs) and so-called
shrinkwrap licenses has protected companies against damages for products
with security holes -- or at least that was the intent.

"However, a recent ruling against Network Associates (NYSE: NET) proves that
clauses in a EULA may be unenforceable -- allowing customers to sue a
software or hardware vendor for damages if that vendor's products are not
secure. I've never understood how companies could get away with such onerous
license agreements, and the answer may be -- they can't.

"Shouldn't legal action be feasible when a company's negligence allows my or
someone else's credit card number or social security number to be stolen? If
the damage caused by viruses, trojans and computer break-ins is not enough
to motivate a company to take computer security seriously, perhaps the
threat of a lawsuit will be sufficient".

<<attachment: winmail.dat>>