On Fri, 18 Feb 2000, Ryan Russell wrote: > > And E-trade, where *timing* matters a lot to their customers? > > > > --Steve Bellovin > > For E-trade, it makes a lot more sense that business would be lost that > would happen then and only then (well, mostly... I'm sure some folks will > still sell even after the stock dropped below what they meant to sell at.) But then the damages aren't just to E*Trade, they're to their customers too. Even if they still sell, they've lost real money. > It makes sense to punish the attacker exta on behalf of the customers of > E-trade *IFF* E-Trade does something along those lines for normal outages. Why the if? The law shouldn't care about "normal" policy, it should care about the results of the illegal action. > (I think they've had some, and I don't think they did anything for the > customers, did they? Hmm..lesse, our click-wrap agreement says "Screw > You.") Irrelevent under the law as I understand it (which isn't all that well I suppose.) > All I want is for prosecutors, judges, and law enforcement to put some > intelligent thought into what the damages really were. I still say the > attacker couldn't have done 1.2B in damages, and that's the "crucifixtion" > dollar amount. Bad market day, people trying to get out of positions at pre-set ammounts or as soon as possible - yeah, 1.2B isn't that difficult to reach in those conditions. > If someone decides that mapping out the Internet to produce nice-looking > graphs constitutes a criminal port-scanning attack, you would want to have > someone force the prosecutors to name reasonable damages, right? You (You're picking on the wrong one.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions probertsat_private which may have no basis whatsoever in fact." PSB#9280
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:54 PDT