The way I read this article, Verizon is only saying that it is not responsible for attacks that are occurring OVER its networks or someone else's networks. In effect, it is not responsible for maintaining security other than for its own, internal systems. The fact is that California State Bill 1386, what I believe to be the start of the slippery slope, requires companies to inform their customers with 48 hours if a breach has occurred. Corbin - you are correct. this is more of the same New York Times / Washington Post corporation attack-machine. - Ryan _____ From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Nash, Corbin Sent: Friday, March 19, 2004 12:57 PM To: crime@private Subject: RE: CRIME Firms Look to Limit Liability for Online Security Breaches This is sensationalistic journalism on the part of this writer. It attempts to wrap up the entire legality of this into a binary, black and white picture. You would expect companies to clarify and limit their liability to circumstances that are out of their complete control (a nod to the concept of the unfeasibility of "complete security"). Granted I am not a lawyer but from previous interactions I have had there is the understanding that a company can never excuse themselves from the liability stemming from their own negligence no matter what they get you to sign. It seems like more journalistic doom-and-gloom fear tactics instead of responsible reporting on the complete picture. But then again, trying to paint a layperson's clear picture in a legal situation is a Sisyphusian task. -Corbin -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Sasha Romanosky Sent: Friday, March 19, 2004 9:33 AM To: crime@private Subject: CRIME Firms Look to Limit Liability for Online Security Breaches Ohhh, news like this really burns me up. http://www.washingtonpost.com/wp-dyn/articles/A31874-2004Mar4.html By Jonathan Krim Washington Post Staff Writer Friday, March 5, 2004; Page E01 In the face of ongoing attacks by computer hackers, some companies that store their customers' personal data are adopting a new defensive tactic: If your information is stolen, they're not legally responsible. Across the Internet, retailers and other service providers that handle consumer transactions are requiring customers to agree to waive any right to sue the companies if the businesses are hacked, regardless of how secure their systems are. The waivers are contained in lengthy terms-of-use agreements that consumers often click to accept without reading closely. "You agree to assume all risk and liability arising from your use of Verizon Wireless's online services, including the risk of breach in the security" of its system, according to the mobile-phone giant's use agreement, if you choose to use its online billing system. American Airlines' Web site sports similar language, warning that it is not liable for break-ins by outsiders "regardless of whether American Airlines was given . . . notice that damages were possible." ...
This archive was generated by hypermail 2b30 : Fri Mar 19 2004 - 12:42:46 PST