Subject: Re: Internet Law (was:Re: Attemted Theft of Services via FTP)
From: Keary Suska (hierophant@pcisys.net)
Date: Mon Mar 04 2002 - 16:53:03 MST
on 3/4/02 1:33 PM, nhruby@arches.uga.edu purportedly said:
> True. the holding a company liable bit would be a hard sell in court,
> becasue you would need to prove that they knew about the problem, and then
> activly ignored it, to whiohc they can come back and say "we weren't
> ignoring, but just figuring things out.. we have a big netowrk and this
> takes time..."
Actually, it is not as far fetched as it may seem. This potential liability
has become a Big Deal in corporate security circles. Especially since it can
be proved that a company did not exercise reasonable efforts to prevent
unauthorized access and use. ISPs have lobbied for immunity--and they have
it. Because of this, corporations (and potentially individual users), are
the only ones left to sue if the perpetrator can't be found, and possibly
even if they are found. There is sufficient legal basis for this. For
instance, such a basis is used by the DEA to impound personal property used
in conjunction with the distribution of controlled substances, whether or
not such use was authorized or known by the property owner.
Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"
This archive was generated by hypermail 2a24 : Mon Mar 04 2002 - 17:07:45 MST