[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    liability for harboring hackers
From:       smb () research ! att ! com
Date:       1994-12-30 11:47:12
[Download RAW message or body]

There's an interesting case going on right now that might establish some
precedents.  Oddly enough, it's a libel case.  The plaintiff alleges that
he was libeled by some postings on Prodigy.  He sued both the account owner
and Prodigy.  The former, though, was dropped from the case -- he claimed,
and the other parties agreed, that someone had stolen his account and/or
password, and he was an innocent party.  Prodigy, meanwhile, is claiming
common carrier status.  And if they can win on those grounds, anyone can,
especially given Prodigy's screening policies.

As for liability -- well, Bill and I said what we had to say in the book,
but I'll note here that yes, I do think that under certain conditions,
a plaintiff could win a tort suit against a site that was harboring a
hacker.  Very briefly, you're liable if you have some duty to be careful
but you aren't and someone else suffers harm.  Common carriers do *not*
have a duty to screen packets; indeed, as Mike Godwin has often pointed
out, attempting to screen traffic but failing might actually leave you
*more* liable.  But given the prevalence of firewalls in the .com domain,
I could make a very good case that such a site that did not have one was
negligent, to say the least.

[prev in list] [next in list] [prev in thread] [next in thread]