[LINK] Identity theft virus infects 10,000 computers

Wed Aug 16 03:13:29 AEST 2006

--- Craig Sanders <cas at taz.net.au> wrote:

> On Tue, Aug 15, 2006 at 05:26:45PM +1000, Deus Ex Machina wrote:
> > 
> > oh please. a quick look under google shows that negligence in software
> > is a serious legal issue and a big insurance problem. I do have
> > programers that develop software for 3rd parties who insist on software
> > liability insurance and it is *not* cheap.
> 
> there's a difference between programming work done under contract
> and off-the-shelf crapware. the former is covered by the terms of
> the contract and contract law and laws covering hire of professional
> services (i.e same as any other contracted service). the latter isnt
> really covered by anything.

Do Linkers recall the posting to this very list a few years about the
cost of business insurance coverage for Windows NT compared to other systems?
Windows NT was attracting higher premiums than other O/Ses due to its
higher risk of failure and damage. It seems the insurance business is
aware of the risks of using crappy software. I wonder if the same applies
to Windows 2K/XP server technology these days.

"Off-the-shelf crapware" does not exist under the law. It is a highly
subjective term that could be debated for hours on philosophical grounds
alone. "Free" software is indeed covered by something: copyright law.
As has been pointed out already, the terms of a licence like Microsoft's
EULA have yet to be tested in court. Even if they state in the licence that
their liability extends to at most $5.00 in compensation, if the law disagrees,
the law wins.

Consider this. It is illegal in some juridictions to cause to be installed
spyware and hacking tools onto a third party's computers. So if the "crapware"
to which you refer does this, someone has broken the law. Yes, "crapware" 
is already covered if it violates the provisions of anti-hacking and anti-spyware
legislation. Whether the violation applies to the author or the installer of
the software is not clear to me, but I would hazard a guess that a judge would
not look too kindly on the author of such sofware. Nor the distributor.

Another case in point: the AUTHOR of the freeware called DeCSS was found guilty
under the provisions of DMCA (USA). There are similar laws in place in many other
jurisdictions. "Off-the-shelf crapware" is indeed convered by the provisions
of such legislation. Contract law has nothing to do with it in this case.

Is it that great a leap in CRIMINAL (not CONTRACT) law from prohibiting software
that intentionally damages a computer (spyware/virusware) to prohibiting
software that through negligence damages a computer system or systems or a
network like the Internet? I don't think so.

Another thing to consider in the area of software liability. The law of torts
covers claims for damages due to negligence. This is another area of law that
might be used to establish a precedence in the area of software negligence.
I could, today, bring action against an individual who, through negligence,
damaged my computer, say physically. I could also bring action against someone
who provided software that damaged my computer in a logical fashion. The latter
action would certainly be novel, but I am sure one that would be heard by the
courts.

This is "wild west" stuff and, as we have seen over only the past fifteen years or
so, many pieces of legislation have already been enacted to curtail or limit
the actions of individuals and businesses in that area of computing and software.
The process of controlling what software and its authors/distributors can do is
going to accelerate. And I see no reason not to include liability for negligence
in the areas of reliability and security in this acceleration.

cheers
rickw

____________________________________________________ 
On Yahoo!7 
360°: Your own space to share what you want with who you want! 
http://www.yahoo7.com.au/360