Compromised machines liable for damage?
Jason Frisvold
xenophage0 at gmail.com
Wed Dec 28 14:38:11 UTC 2005
On 12/27/05, Owen DeLong <owen at delong.com> wrote:
> Look at it another way... If the software is open source, then, there
> is no requirement for the author to maintain it as any end user has
> all the tools necessary to develop and deploy a fix. In the case of
> closed software, liability may be the only tool society has to
> protect itself from the negligence of the author(s). What is the
> liability situation for, say, a Model T car if it runs over someone?
> Can Ford still be held liable if he accident turns out to be caused
> by a known design flaw in the car? (I don't know the answer, but,
> I suspect that it would be the same for "old" software).
But can't something similar be said for closed source? You know
there's a vulnerability, stop using it... (I'm aware that this is
much harder in practice)
<snip dead horse />
> In general, if the gross act of stupidity was reasonably foreseeable,
> the manufacturer has a "duty to care" to make some attempt to mitigate
> or prevent the customer from taking such action. That's why toasters
> all come with warnings about unplugging them before you stick a
> fork in them. That's why every piece of electronic equipment says
> "No user serviceable parts inside" and "Warning risk of electric shock".
So what if Microsoft put a warning label on all copies of Windows that
said something to the tune of "Not intended for use without firewall
and anti-virus software installed" ? :) Isn't the consumer at least
partially responsible for reasonable precautions?
> They feel for the carpenter and the only option they have to help
> him is to take money from the corporation.
I'm all for compassion, but sometimes it's a bit much.. :)
> Owen
I guess, in a nutshell, I'm trying to understand the liability
issue... It seems, based on the arguments, that it generally applies
to "stuff" that was received due to some monetary transaction. And
that the developer/manufacturer/etc is given a chance to repair the
problem, provided that problem does not exist due to gross negligence
on the part of the developer/manufacturer/etc ... Does that about sum
it up?
[From your other mail]
> SPAM does a lot of actual harm. There are relatively high costs associated
> with SPAM. Machine time, network bandwidth, and, labor.
*nod* I agree.. My point here was that SPAM, when compared to
something like a virus, is *generally* less harmful. Granted, SPAM is
more of a constant problem rather than a single virus that may attack
for a few days before mitigation is possible. I spend a great deal of
time tweaking my mail servers to prevent spam.. :)
--
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com
More information about the NANOG
mailing list