Open, anonymous services and dealing with abuse

• Previous message (by thread): Open, anonymous services and dealing with abuse
• Next message (by thread): Open, anonymous services and dealing with abuse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 12:43 PM 2/17/2004, John Palmer wrote:

>I hate to see government get involved in anything, but perhaps
>some law holding PC owners responsible for SPAM that comes
>from their unpatched machines AS LONG AS there is ample
>notification to that user that their machine is compromised.

We don't need more new laws.  There is already a law - in most parts of the 
world you can be charged with "contributory negligence" for failing to 
secure an "attractive nuisance" and then a third party is injured or 
damaged due to your negligence.  In any part of the world that doesn't have 
such a law, a "new law" in another part of the world wouldn't matter anyway.

What is needed is for someone to CARE enough to bother to investigate and 
prosecute.  And yes, it's going to cost "more than it's worth" to 
prosecute, at least the first few times.  Someone has to decide that the 
long-term good is worth the price of being the leader in this charge.

IMHO, you should sue both the owner of the PC (for negligently failing to 
properly secure their computer, or to fix it when notified), and sue 
Microsoft (for neglegently producing and selling software that was so 
easily compromised) as they are both responsible for the hardware/software 
that was used to damage your servers/network etc.  Microsoft's EULA doesn't 
apply to you as a third party who is damaged by their faulty software.  You 
should also consider an offer to settle with the PC owner if they agree to 
jointly sue Microsoft on your behalf.  You are not held to the EULA, but 
they are, but since Microsoft's software is *negligent* it's possible that 
the EULA doesn't penetrate their inherent liability to not produce a 
product that causes harm.  (A EULA won't protect a ladder maker from 
negligently building and selling a ladder on which people get hurt when 
they use it for its intended purpose.)  But we won't know until someone 
digs down into their pockets and funds a lawsuit to try it out.

Sorry about the lack of operational content in this post, but sometimes you 
have to consider the costs and benefits of both operational solutions and 
other solutions (e.g. legal solution) in order to determine which solution 
is the best one for your network, both in the short term and in the long term.

jc



--

p.s.  Please do not cc me on replies to the list.  Please reply to the list 
only, or to me only (as you prefer) but not to both. 

• Previous message (by thread): Open, anonymous services and dealing with abuse
• Next message (by thread): Open, anonymous services and dealing with abuse
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]