[Ecommerce] Re: Software Liability Laws from an Alternate Universe

Jeff Williams jwkckid1@ix.netcom.com
Tue Jan 10 05:55:01 2006 

Steven and all,

These are good "By-Laws" and ones that we pretty much incorporated
into our security policy.  It's a shame that most of the folks in the legal
profession may or would, as you said, find these (See below) irritating
or annoying.  Maybe that is because they themselves are guilty of
not following these/your nicely stated "By-Laws", or something
very similar.

What's more, is that ANY Operating system on ANY PC or server
can be "Cleaned up" to meet these "By Laws" but often are not as
recent events that have been newsworthy, and legal actions have
clearly shown.  For these reasons, and others, trust in third party
financial and credit reporting/tracking systems are at best, circumspect.
Yet the vast majority of the legal and law enforcement community are
unaware of such, and as a result, make bad or very bad decisions.
The Lopez case is one of many such examples, for instance..

Even further, the NIST standards recently released that address
much or what your "By-Laws" indicate, are not even known to
most legal professionals or law enforcement folks.  One has to
wonder why?

BTW Steven did you see the $50m award against Mcafee?

Steven W. Teppler wrote:

> I wrote this nearly one year ago, and decided not to post at the time.  In
> light of recent events, including the refusal of a Breath-a-lyzer appliance
> to provide source code as required by law, I will now step out on a limb,
> probably really annoy some people, maybe everyone and post...
>
> Steven
>
> The ten alternate by-laws:
>
> 1.  If your operating system cannot either detect or prevent a bad guy from
> running his program on your computer, it is badly written, and you've
> purchased defective software.
>
> 2.  If operating system software requires monthly patches in order to
> correct security issues identified by former (and current) bad guys, you've
> purchased defective software.
>
> 3. If operating system software contains no native anti-virus or other
> malware prevention features in its fourth of fifth iteration in fifteen or
> twenty years, you've purchased defective software.
>
> 4. Talking about trustworthy computing at trade shows does not make
> defective software non-defective.
>
> 5. If operating system software is designed so that popular anti-virus and
> anti-malware programs can't be installed with crashing the operating system,
> you've purchased defective software.
>
> 6. Grafting an internet browser to an operating system is like grafting a
> leg onto your head.
>
> 7. Creating an impression that walking around with a leg grafted onto your
> head makes you run better does not make you run better.
>
> 8. If an operating system is defective and subject to an exploit in a
> computer at home, it is more than likely to be equally defective and subject
> to same when ported to a mobile device.
>
> 9. Case hardening defective operating system software in a FIPS enclosure
> does not make the operating system software non-defective.  It just protects
> it better.
>
> 10.  A thirty day programming hiatus is never sufficient to correct security
> vulnerabilities in various operating systems containing millions of lines of
> code.
> "If the probability be called P; the injury, L; and the burden, B; liability
> depends upon whether B is less than L multiplied by P: i.e., whether B is
> less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
>
> Your e-mail address will only be used within the ABA and its entities.
> We do not sell or rent e-mail addresses to anyone outside the ABA.
>
> To change your e-mail address or remove your name from any future general distribution e-mails you can call us at 1-800-285-2221 or write to:
>
>    American Bar Association
>    Service Center
>    321 N Clark Street
>    Chicago, IL  60610
>
> To unsubscribe send the following in the body of a message to
> listserv@abanet.org  - unsubscribe st-isc
>
> To review our privacy statement, go to
> http://www.abanet.org/privacy_statement.html.

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@ix.netcom.com
 Registered Email addr with the USPS
Contact Number: 214-244-4827