[LINK] Identity theft virus infects 10,000 computers

[Craig Sanders]

On Wed, Aug 16, 2006 at 02:51:34AM +1000, Rick Welykochy wrote:
> Currently, the dollar total of losses and expenses due to shoddy
> software and security break-ins (think zombie boes for example) on
> Microsoft systems must run into the $$$ BILLIONS for businesses and
> individuals combined.  Society would benefit as a whole if Mickeysoft
> were forced by law to provide more secure software.

yes, well, they are claiming that their software is of merchantable quality,
and they are taking good money on that premise.

> Now, how such a law fits FOSS is quite debatable. Perhaps the law
> would apply to the copyright holder(s) of the software in any case.
>
> If you think that producing free (as in beer) software would exempt
> the copyright holder from liability under such a law, think again.

i don't think it should be entirely exempt (particularly in the case of
deliberately malicious intent) - but, the development of free software
is an iterative process of "release early, release often" with feedback
and patches from users being used to find and fix bugs and suggest new
features. this is quite distinct from proprietary software which is
released as (allegedly) finished, working product.

also, the fact that source code is available to be examined and fixed
by the user (or their agent) is (or should be) a significant mitigating
factor in any liability claim.

strict liability for free software developers would effectively kill
free software - it would be too great a risk (with no benefit at all)
to release any free software. by contrast, proprietary/commercial
developers can balance the risk against the financial reward (and,
accordingly, incur obligations *because* they accept money for their
product).

> There is already sufficient precedent for safety-related issues in
> society that fall far beyond the confines of contract law and the
> exchange of goods and services for some sort of consideration. One
> example that comes to mind is the responsibility of a property
> owner to provide safe access through their property, even though
> that property is private. If someone slips and breaks a hip on your
> footpath, you are liable. If a child falls into your swimming pool and
> drowns, you are responsible.

partially true, but not entirely. the fact that it is private property
without implied public access is a mitigating factor. if negligence
can be proved, you may still be liable but if you took reasonable
precautions to secure any danger on your property then you can not be
held responsible.


> No contract, no consideration. I am sure some of the legal eagles
> on Link could come up with many more examples of where safety and
> security are legal issues that fall far beyond the area of contract
> law.

OTOH, for an example closer to software distribution, look at the
liability of a financial counsellor (or lawyer or other professional
advisor) providing generic opinions on a radio or TV show vs the
liability for the same counsellor providing specific detailed advice
to a client. there is far greater responsibility and liability for the
latter.


craig

-- 
craig sanders <cas at taz.net.au>           (part time cyborg)