RE: Compromised machines liable for damage?
If you want to choke off freeware(gnu, et. Al), sure, go after them. I doubt the licensing agreement allows it though. (IANAL). I think all you'd do is encourage people to write more music about 'freeing the software'. I'd rather not be stricken in that fashion. I think that angle is DOA. Martin -----Original Message----- From: Joseph Jackson [mailto:jjackson@aninetworks.com] Sent: Mon Dec 26 03:13:02 2005 To: Hannigan, Martin Cc: NANOG Subject: RE: Compromised machines liable for damage? What about the coders that write the buggy software in the first place? Don't they hold some of the responsibility also? IE I am running some webserver software that a bug is found in it. Attackers use that bug in the software to generate a DOS attack against you from my machines. No update has been released for the software I am running and/or no warning as been released. You sue me I sue the coders. What a wonderful world. (I'm not for this but its another side of the issue.) _____ From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Hannigan, Martin Sent: Sunday, December 25, 2005 9:22 PM To: Steven M. Bellovin Cc: Dave Pooser; NANOG Subject: Re: Compromised machines liable for damage? Yes, I agree. As usual, I too am 'IANAL'. Marty -----Original Message----- From: Steven M. Bellovin [mailto:smb@cs.columbia.edu <mailto:smb@cs.columbia.edu> ] Sent: Sun Dec 25 23:52:27 2005 To: Hannigan, Martin Cc: Dave Pooser; NANOG Subject: Re: Compromised machines liable for damage? In message <80632326218FE74899BDD48BB836421A033001@Dul1wnexmb04.vcorp.ad.vrsn.c om>, "Hannigan, Martin" writes:
Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting = dichotomy.
"Wins" is too strong a word, since I don't think any have gone to court -- see http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html <http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html> as my source. Besides, it's a very different situation. For my take on liability issues -- note that I'm not a lawyer, and note that this is from 1994 -- see http://www.wilyhacker.com/1e/chap12.pdf <http://www.wilyhacker.com/1e/chap12.pdf> --Steven M. Bellovin, http://www.cs.columbia.edu/~smb <http://www.cs.columbia.edu/~smb>
I've seen this argument time and again, and, the reality is that it is absolutely false. In fact, it will do nothing but encourage freeware. Liability for a product generally doesn't exist until money changes hands. If you design a piece of equipment and post the drawings in the public domain, you are not liable if someone builds it and harms themselves. You are liable if someone pays you for the design, because, the money changing hands creates a "duty to care". Outside of a "duty to care", the only opening for liability is if they can prove that you failed to take some precaution that would be expected of any "reasonably prudent" person. So, liability for bad software and the consequences it creates would be bad for the Micr0$0ft and Oracles of the world, but, generally, very good for the Free Software movement. It might turn out to be bad for organizations like Cygnus and RedHat, but, that's more of a gray area. As to the specific example cited... If no update has been released, in the case of Open Source, that's no excuse. You have the source, so, you don't have to wait for an update. In the case of closed software, then, I think manufacturer liability is a good thing for the industry in general. Owen --On December 26, 2005 10:07:20 PM -0500 "Hannigan, Martin" <hannigan@verisign.com> wrote:
If you want to choke off freeware(gnu, et. Al), sure, go after them. I doubt the licensing agreement allows it though. (IANAL).
I think all you'd do is encourage people to write more music about 'freeing the software'. I'd rather not be stricken in that fashion.
I think that angle is DOA.
Martin
-----Original Message----- From: Joseph Jackson [mailto:jjackson@aninetworks.com] Sent: Mon Dec 26 03:13:02 2005 To: Hannigan, Martin Cc: NANOG Subject: RE: Compromised machines liable for damage?
What about the coders that write the buggy software in the first place? Don't they hold some of the responsibility also? IE I am running some webserver software that a bug is found in it. Attackers use that bug in the software to generate a DOS attack against you from my machines. No update has been released for the software I am running and/or no warning as been released. You sue me I sue the coders. What a wonderful world. (I'm not for this but its another side of the issue.)
_____
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Hannigan, Martin Sent: Sunday, December 25, 2005 9:22 PM To: Steven M. Bellovin Cc: Dave Pooser; NANOG Subject: Re: Compromised machines liable for damage?
Yes, I agree. As usual, I too am 'IANAL'.
Marty
-----Original Message----- From: Steven M. Bellovin [mailto:smb@cs.columbia.edu <mailto:smb@cs.columbia.edu> ] Sent: Sun Dec 25 23:52:27 2005 To: Hannigan, Martin Cc: Dave Pooser; NANOG Subject: Re: Compromised machines liable for damage?
In message <80632326218FE74899BDD48BB836421A033001@Dul1wnexmb04.vcorp.ad.vrsn.c om>, "Hannigan, Martin" writes:
Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting = dichotomy.
"Wins" is too strong a word, since I don't think any have gone to court -- see http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html <http://www.nytimes.com/aponline/arts/AP-Music-Download-Suit.html> as my source.
Besides, it's a very different situation. For my take on liability issues -- note that I'm not a lawyer, and note that this is from 1994 -- see http://www.wilyhacker.com/1e/chap12.pdf <http://www.wilyhacker.com/1e/chap12.pdf>
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb <http://www.cs.columbia.edu/~smb>
-- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
participants (2)
-
Hannigan, Martin
-
Owen DeLong