Compromised machines liable for damage?

Jason Frisvold xenophage0 at gmail.com
Wed Dec 28 14:38:11 UTC 2005


On 12/27/05, Owen DeLong <owen at delong.com> wrote:
> Look at it another way... If the software is open source, then, there
> is no requirement for the author to maintain it as any end user has
> all the tools necessary to develop and deploy a fix.  In the case of
> closed software, liability may be the only tool society has to
> protect itself from the negligence of the author(s).  What is the
> liability situation for, say, a Model T car if it runs over someone?
> Can Ford still be held liable if he accident turns out to be caused
> by a known design flaw in the car? (I don't know the answer, but,
> I suspect that it would be the same for "old" software).

But can't something similar be said for closed source?  You know
there's a vulnerability, stop using it...  (I'm aware that this is
much harder in practice)

<snip dead horse />

> In general, if the gross act of stupidity was reasonably foreseeable,
> the manufacturer has a "duty to care" to make some attempt to mitigate
> or prevent the customer from taking such action.  That's why toasters
> all come with warnings about unplugging them before you stick a
> fork in them.  That's why every piece of electronic equipment says
> "No user serviceable parts inside" and "Warning risk of electric shock".

So what if Microsoft put a warning label on all copies of Windows that
said something to the tune of "Not intended for use without firewall
and anti-virus software installed" ?  :)  Isn't the consumer at least
partially responsible for reasonable precautions?

> They feel for the carpenter and the only option they have to help
> him is to take money from the corporation.

I'm all for compassion, but sometimes it's a bit much..  :)

> Owen

I guess, in a nutshell, I'm trying to understand the liability
issue...  It seems, based on the arguments, that it generally applies
to "stuff" that was received due to some monetary transaction.  And
that the developer/manufacturer/etc is given a chance to repair the
problem, provided that problem does not exist due to gross negligence
on the part of the developer/manufacturer/etc ...  Does that about sum
it up?

[From your other mail]
> SPAM does a lot of actual harm.  There are relatively high costs associated
> with SPAM.  Machine time, network bandwidth, and, labor.

*nod*  I agree..  My point here was that SPAM, when compared to
something like a virus, is *generally* less harmful.  Granted, SPAM is
more of a constant problem rather than a single virus that may attack
for a few days before mitigation is possible.  I spend a great deal of
time tweaking my mail servers to prevent spam..  :)

--
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com



More information about the NANOG mailing list