nanog mailing list archives

RE: Compromised machines liable for damage?

From: "Hannigan, Martin" <hannigan () verisign com>
Date: Mon, 26 Dec 2005 23:18:46 -0500


In the general sense, possibly, but where there are lawyers there is always discoragement.

Suing people with no money is easy, but it does stop them from contributing in most cases. There are always a few who 
like getting sued. RIAA has shown companies will widescale sue so your argument is suspect, IMO..




 -----Original Message-----
From:   Owen DeLong [mailto:owen () delong com]
Sent:   Mon Dec 26 23:11:13 2005
To:     Hannigan, Martin; Joseph Jackson
Cc:     NANOG
Subject:        RE: Compromised machines liable for damage? 

I've seen this argument time and again, and, the reality is that it is 
absolutely
false.

In fact, it will do nothing but encourage freeware.  Liability for a product
generally doesn't exist until money changes hands.  If you design a piece of
equipment and post the drawings in the public domain, you are not liable
if someone builds it and harms themselves.  You are liable if someone pays
you for the design, because, the money changing hands creates a "duty to 
care".
Outside of a "duty to care", the only opening for liability is if they
can prove that you failed to take some precaution that would be expected
of any "reasonably prudent" person.

So, liability for bad software and the consequences it creates would be
bad for the Micr0$0ft and Oracles of the world, but, generally, very good
for the Free Software movement.  It might turn out to be bad for 
organizations
like Cygnus and RedHat, but, that's more of a gray area.

As to the specific example cited...

If no update has been released, in the case of Open Source, that's no 
excuse.
You have the source, so, you don't have to wait for an update.  In the case
of closed software, then, I think manufacturer liability is a good thing
for the industry in general.

Owen


--On December 26, 2005 10:07:20 PM -0500 "Hannigan, Martin" 
<hannigan () verisign com> wrote:



If you want to choke off freeware(gnu, et. Al), sure, go after them. I
doubt the licensing agreement allows it though. (IANAL).

I think all you'd do is encourage people to write more music about
'freeing the software'. I'd rather not be stricken in that fashion.

I think that angle is DOA.

Martin


 -----Original Message-----
From:   Joseph Jackson [mailto:jjackson () aninetworks com]
Sent:   Mon Dec 26 03:13:02 2005
To:     Hannigan, Martin
Cc:     NANOG
Subject:        RE: Compromised machines liable for damage?

What about the coders that write the buggy software in the first place?
Don't they hold some of the responsibility also?  IE I am running some
webserver software that a bug is found in it.  Attackers use that bug in
the
software to generate a DOS attack against you from my machines.  No update
has been released for the software I am running and/or no warning as been
released. You sue me I sue the coders.  What a wonderful world.  (I'm not
for this but its another side of the issue.)



  _____

From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Hannigan, Martin
Sent: Sunday, December 25, 2005 9:22 PM
To: Steven M. Bellovin
Cc: Dave Pooser; NANOG
Subject: Re: Compromised machines liable for damage?





Yes, I agree. As usual, I too am 'IANAL'.

Marty



 -----Original Message-----
From:   Steven M. Bellovin [mailto:smb () cs columbia edu
<mailto:smb () cs columbia edu> ]
Sent:   Sun Dec 25 23:52:27 2005
To:     Hannigan, Martin
Cc:     Dave Pooser; NANOG
Subject:        Re: Compromised machines liable for damage?

In message
<80632326218FE74899BDD48BB836421A033001 () Dul1wnexmb04 vcorp ad vrsn.c
om>, "Hannigan, Martin" writes:


Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting =
dichotomy.


"Wins" is too strong a word, since I don't think any have gone to
court -- see
http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html
<http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html>
as my source.

Besides, it's a very different situation.  For my take on liability
issues -- note that I'm not a lawyer, and note that this is from 1994
-- see http://www.wilyhacker.com/1e/chap12.pdf
<http://www.wilyhacker.com/1e/chap12.pdf>

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
<http://www.cs.columbia.edu/~smb>




-- 
If this message was not signed with gpg key 0FE2AA3D, it's probably
a forgery.

Current thread:

RE: Compromised machines liable for damage? Hannigan, Martin (Dec 25)
- Re: Compromised machines liable for damage? Steven M. Bellovin (Dec 25)
- RE: Compromised machines liable for damage? Barry Shein (Dec 26)
  - Re: Compromised machines liable for damage? Paul Vixie (Dec 26)
- Re: Compromised machines liable for damage? Florian Weimer (Dec 27)
  - Re: Compromised machines liable for damage? Matthew Sullivan (Dec 27)
- <Possible follow-ups>
- Re: Compromised machines liable for damage? Hannigan, Martin (Dec 25)
- RE: Compromised machines liable for damage? Hannigan, Martin (Dec 26)
  - RE: Compromised machines liable for damage? Owen DeLong (Dec 26)
- RE: Compromised machines liable for damage? Hannigan, Martin (Dec 26)
  - RE: Compromised machines liable for damage? Owen DeLong (Dec 26)
  - Re: Compromised machines liable for damage? Steven M. Bellovin (Dec 27)
    - Re: Compromised machines liable for damage? Owen DeLong (Dec 27)
    - Re: Compromised machines liable for damage? Marshall Eubanks (Dec 27)
    - Re: Compromised machines liable for damage? Jason Frisvold (Dec 27)
    - Re: Compromised machines liable for damage? JC Dill (Dec 27)
    - Re: Compromised machines liable for damage? Jason Frisvold (Dec 27)
    - Re: Compromised machines liable for damage? JC Dill (Dec 27)
    - Re: Compromised machines liable for damage? Owen DeLong (Dec 27)
    - Re: Compromised machines liable for damage? Per Heldal (Dec 28)

(Thread continues...)