[LINK] Assault on Consumer Protection on the Net
Alastair Rankine
arsptr at internode.on.net
Tue Apr 17 22:23:57 AEST 2007
On 12/04/2007, at 10:35 AM, Roger Clarke wrote:
> The Feasibility of Consumer Device Security
> Roger Clarke and Alana Maurushat
>
> http://www.anu.edu.au/people/Roger.Clarke/II/ConsDevSecy.html
Roger,
I was reminded of your submission the other day when I came across
the T&Cs for "My 3", the online account manager for the Three mobile
phone carrier.
It struck me that Three were trying to indemnify themselves against
the possibility that they would (inadvertently or otherwise) infect
their customers with a virus. Here is the exact wording (emphasis
added):
"This website contains information derived from customer databases
and computer systems. There may be technical inaccuracies,
typographical errors, programming bugs or **computer viruses** in
this website or its contents. The information is provided "as is"
without express or implied warranty. Use the information and links at
your own risk."
This is a fairly standard clause I imagine. But it prompts the
question: do any of the financial institutions who are pushing for
reform for the EFT Code have any similar conditions in their own
T&Cs? I didn't notice anything like this when I last read those from
my own bank, but maybe I just missed it.
Anyway it seems only fair that if your bank wants to make you liable
for malware infections on your own PC, then there should at least be
an exception if they infect you. In other words, such a clause as
written above should be incompatible with the idea of consumer
responsibility for their own devices.
Apologies if you already addressed this in your paper, I confess I
didn't read it all :).
More information about the Link
mailing list