Re: Ethics. (and liability)

From: Patrick Dughi (dughi@imaxx.net)
Date: 02/02/00


> Oh, I thought it was up to society to protect us from the bad people?

        You try walking around what was Caprini Green, with handfuls of
100$ bills, and just make sure to shout 'Society will protect me from you
bad people!' when you get mugged.

>
> You mean we should assume that all this open information we send
> out on the open world-wide internet is being monitored, including
> passwords?

        Yes. It is.  That's why people make six figures simply being
'computer security consultants'.

>
> I mean, isn't there laws against wiretapping?  Isn't that what you're
> doing if you log everything I do?

        Nope. You're using a private system, owned by a private
individual.

>
> Aha... the problem is the the US govt considers the telephone to be a
> NECESSITY, a public utility.  Internet access is a PRIVELAGE and not
> subject to the same privacy concerns for the most part.  If the FBI
> politely asks your ISP for your mail logs, they'd probably hand it
> over without a warrant.

        I would. Worse comes to worse, they'll get your logs any way they
can, and from experience (ex-employeer) they'd much rather just grab the
entire computer systems, monitors, powercords, peripherals and everything
then have to wait for you to send then a file.

 >
> I guess a lot boils down to the usage agreement your users must
> answer 'Y' to in order to log in.  You do have one, right?
>
        Nope.  There is a little blurb in the motd which does say that
'You may be monitored for innapropriate behavior', but it's a given as far
as I'm concerned.

> If you DON'T have one and you log everything, and those logs are stolen/
> hacked, then you really ought to get a good lawyer, cause you could be
> in serious trouble.  There is an "assumed" warranty in the absense of
> an explicit warranty in many US states.
>
        We don't log everything of course, we simply don't care, and
there'd probably be space issues before long.  As far as warranty, it's a
public service provided by a private individual which requires no permits
or other forms of classification, categorization, standardization, etc.. a
total absence of any sort of requirements or expectations delivered by
some authority.

        From what I understand, that makes the legal statment something
like 'all services provided AS IS, with no statments otherwise made or
implied'.

> Hey, did you hear about the company who logged all of the credit card
> numbers of everyone who had ever logged into their site?  A hacker
> stole them all and asked a $1mil ransom to keep him from releasing all
> of the numbers on the web.  Funny thing, they didn't even know they
> had the logs.
>
> They threw his ransom fax in the garbage and he started releasing
> them.  Check it out at MSNBC.com.  I forget the exact reference, but
> it was in the last month that they covered the story.  The victim
> was an online music CD warehouse.
>
> Are they liable for any damage on those stolen cards?  Mmm.... that's
> a good question.

        Depends on a few things, but no, they're not liable specifically
for "release of their customers CC #'s".  As a matter of fact, unless they
performed actions which were geared specifically towards relasing the
two-party confidential information in their posession, it's probably not
going to be anything more than an embarassment.  You're not ever
specifically liable for other people performing illegal actions with your
property.  If that were the case, it'd be funny to see microsoft go to
jail because their software has been pirated.  Or a jewelry store owner
get locked up because someone had broken in and stolen all the
merchandise.

                                                PjD


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     |  http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html  |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 04/10/01 PDT