Firewall Wizards mailing list archives
The New Security Threat: Lawyers?
From: "Alan Rudd" <arudd () bytex com>
Date: Wed, 29 Jan 2003 18:06:22 -0500
Ok group, just thought I would toss this one into your capable hands for some fun dialog. Although when you dig thru this it's scary. Alan Rudd Bytex Corp 508.422.9422 "A number of security experts seem to believe that lawsuits resulting from lax, or simply ineffective, computer security are on the horizon. It's not hard to picture. John Doe buys US$300 worth of stereo equipment online using a credit card; two days later, someone manages to crack the server holding the customer information database, and John Doe becomes a victim of identity theft. After establishing which company is responsible for leaking his information, John Doe gets a lawyer and sues the company. Within a couple of months, it snowballs into a class-action suit after hundreds of other customers realize that their information was pilfered as well. "How about a scenario in which a company is struck by another Outlook virus that e-mails random files from a user's hard drive? All it takes is one confidential document landing in the wrong hands, and your company or organization could be facing a lawsuit from one of your partners or customers. "Software vendors, too, may find themselves liable for vulnerabilities in their products. "The language in End User License Agreements (EULAs) and so-called shrinkwrap licenses has protected companies against damages for products with security holes -- or at least that was the intent. "However, a recent ruling against Network Associates (NYSE: NET) proves that clauses in a EULA may be unenforceable -- allowing customers to sue a software or hardware vendor for damages if that vendor's products are not secure. I've never understood how companies could get away with such onerous license agreements, and the answer may be -- they can't. "Shouldn't legal action be feasible when a company's negligence allows my or someone else's credit card number or social security number to be stolen? If the damage caused by viruses, trojans and computer break-ins is not enough to motivate a company to take computer security seriously, perhaps the threat of a lawsuit will be sufficient".
<<attachment: winmail.dat>>
Current thread:
- The New Security Threat: Lawyers? Alan Rudd (Jan 29)
- Re: The New Security Threat: Lawyers? Paul Robertson (Jan 29)