[long] Re: Legal traps in open source

[James McNeill]

I think that the blame will always sit with the person exploiting the 
software, not the company that released the exploitable software.

When you buy a car, it's up to you to take into account the car's 
security systems. If you purchase a car without locks of any sort, 
that's your porogative. If said car get's stolen, it's part the fault of 
the theif, but your insurance company will blame you for having a car 
with no locks. NOTE: the manufacturer of the car isn't held responsible [1].

MS don't often advertise outlook as 'the most secure way to menage your 
e-mail'.

-James

[1] -Yes, I know every car cold in australia must meet certain 
standards, and if above scenario did occure the manufacturer would be in 
shit. No such standards exist for software, so it still applies. it was 
only an metaphore anyway.


Simon Fowler wrote:

>On Thu, Oct 31, 2002 at 10:56:32AM +1100, Alex Satrapa wrote:
>  
>
>>>How about we simply apply the same standards of liability as we do
>>>now?
>>>      
>>>
>>AFAIK, current standards of liability look only at actual harm caused 
>>and actual dollars lost.  Until we find a way to represent the cost of 
>>lost data as lives or dollars (the latter being more important in the 
>>Australian legal system), there's no real way to estimate the damages 
>>(or potential damages) arising from, say, Microsoft Outlook.
>>
>>    
>>
>What about lost time and/or productivity? That seems to be the
>standard measure used for viruses and cracking and the like. The
>numbers tend to be ridiculously inflated, but there's nothing to
>stop us from coming up with more reasonable models. 
>
>I don't think it's an inability to put numbers to the losses that's
>the problem, it's the complete lack of desire to /do/ something
>about it. 
>
>  
>
>>>If you sell something, then barring gross
>>>negligence the damages are proportional to the purchase price. So,
>>>if you screw up seriously, you're liable for whatever the court
>>>decides, otherwise you're only liable for something along the lines
>>>of the original purchase price. What, exactly, is so terrible about
>>>this?
>>>      
>>>
>>Take Microsoft Outlook for example - it's a great big security incident 
>>looking for a time to happen. It is shipped, by default, to be extremely 
>>permissive about proliferating viruses. To me, this counts as being 
>>about as negligent as Ford continuing to sell the Pinto even after many 
>>of them had caught fire in minor accidents - or continuing to sell that 
>>SUV with factory tyres after they knew the tyres were dangerous.
>>
>>Microsoft's stance of, "you should protect yourself better" makes as 
>>much sense as Ford saying, "don't have accidents if you drive a Pinto!"
>>
>>    
>>
>That's an excellent argument for limiting their ability to disclaim
>liability, I would have thought. 
>
>As for suing a free software developer, my law student friend is of
>the opinion (obviously not a legal opinion, just an informed one)
>that short of gross negligence there's bugger all chance of a court
>awarding damages against a free software developer. He was talking
>about a "no financial risk incurred" test, which free software would
>meet quite easily. And reallistically, what is a court going to
>think if someone brings a case before it that basically says "this
>person licensed me this software for free, source code and all, and 
>it doesn't do something I want it to do, so I want damages!". 
>
>Really, the more I look at this, the more reasonable it seems to
>just limit the ability of software developers to disclaim liability.
>Either that or introduce a stricter test for deciding whether a
>disclaimer is reasonable - something along the lines of not letting
>you disclaim liability for the purpose you've advertised the
>software as having. 
>
>Simon
>
>  
>

-- 
======
This signature was stolen from the 'self referencing statments' department