Re: [fw-wiz] The New Security Threat: Lawyers?
From: Paul Robertson (proberts@patriot.net)
Date: 01/29/03
- Next message: dave: "RE: [fw-wiz] Acqusition of time"
- Previous message: Javier Perez: "[fw-wiz] Proxy Firewalls (was FWTK vs T.REX)"
- In reply to: Alan Rudd: "[fw-wiz] The New Security Threat: Lawyers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Paul Robertson <proberts@patriot.net> To: Alan Rudd <arudd@bytex.com> Date: Wed Jan 29 18:04:20 2003
On Wed, 29 Jan 2003, Alan Rudd wrote:
> Ok group, just thought I would toss this one into your capable hands for
> some fun dialog. Although when you dig thru this it's scary.
>
> Alan Rudd
> Bytex Corp
> 508.422.9422
>
> "A number of security experts seem to believe that lawsuits resulting from
> lax, or simply ineffective, computer security are on the horizon. It's not
That's been said for most of the last 10 or so years, it hasn't proven to
be true yet. We'll be _worse_ off if it proves ever to happen[1].
> hard to picture. John Doe buys US$300 worth of stereo equipment online using
> a credit card; two days later, someone manages to crack the server holding
> the customer information database, and John Doe becomes a victim of identity
> theft. After establishing which company is responsible for leaking his
> information, John Doe gets a lawyer and sues the company. Within a couple of
> months, it snowballs into a class-action suit after hundreds of other
> customers realize that their information was pilfered as well.
Sure it's hard to picture, I can't picture the same thing happening if
someone breaks into the local mall and steals credit card receipts.
> "How about a scenario in which a company is struck by another Outlook virus
> that e-mails random files from a user's hard drive? All it takes is one
> confidential document landing in the wrong hands, and your company or
> organization could be facing a lawsuit from one of your partners or
> customers.
We've had viruses that did that, no lawsuits yet.
> "Software vendors, too, may find themselves liable for vulnerabilities in
> their products.
>
> "The language in End User License Agreements (EULAs) and so-called
> shrinkwrap licenses has protected companies against damages for products
> with security holes -- or at least that was the intent.
>
> "However, a recent ruling against Network Associates (NYSE: NET) proves that
> clauses in a EULA may be unenforceable -- allowing customers to sue a
> software or hardware vendor for damages if that vendor's products are not
> secure. I've never understood how companies could get away with such onerous
> license agreements, and the answer may be -- they can't.
I think it's a pretty large step to get from "can't publish reviews of a
product isn't valid" to "liability limitation clause isn't valid."
I don't think the NY court explained its reasoning behind making that part
of the EULA unenforcable well (it's also a state court, so there aren't
widespread issues here for the industry as a whole- other than in doing
business in the state of New York.)
Part of that case seems to hinge on misleading statements, and part on
selective enforcement of the terms. Also, there seems to have been some
splitting of the restrictive cluase from the rest of the license
agreement.
EFF has the opinion up at:
http://www.eff.org/IP/UCITA_UCC2B/spitzer-v-network-assic.pdf
I doubt this is really going to open any major legal ground. Though I'm
not a lawyer and don't play one on mailing lists.
Paul
[1] For real positive change, have the SEC mandate reporting of security
incidents and infections in a quarterly report.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
- APPLICATION/MS-TNEF attachment: winmail.dat
- Next message: dave: "RE: [fw-wiz] Acqusition of time"
- Previous message: Javier Perez: "[fw-wiz] Proxy Firewalls (was FWTK vs T.REX)"
- In reply to: Alan Rudd: "[fw-wiz] The New Security Threat: Lawyers?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
