dmg@retina.mitre.org (David Gursky) (12/13/89)
The AIDS Trojan Horse discussed by Alan Jay and John McAfee raises some interesting questions about accountability. Ignoring the issue that it is unlikely that the U.S. Government is unlikely to get cooperation from the Panamanian authorities in apprehending the culprits and bringing them to trial in either country, could the perpetrators be held liable under U.S. law for damages, when the licensing notice clearly states the program is not licensed to be used in the United States, and that damage will result if you attempt to do so. In the broader case, could the perpetrators be extradicted to one of the European countries that have better relations with Panama, and be held liable for damages even though the license says not to use the application without first paying for it. One consequence of this attack (although I find it unlikely legal authorities will be able to take advantage of it because of the situation in Panama) is that the perpetrators should be relatively easy to track. Someone rented the Post Office box in Panama. Hopefully someone is picking up the mail from that box, and from there it goes to the people behind it, somehow.
IA96@PACE.BITNET (IA96000) (12/15/89)
The AIDS trojan does bring up some interesting questions. Political issues aside for a second, what makes anyone think that the company or individuals behind this are in Panama? Just because the mail goes to Panama does not mean a thing. There are also more lax regulations (I would assume) about renting post office boxes outside of the United States. Has anyone considered that this might be work of the people who introduced BRAIN to the world? Other than the address, it might well be the same culprits. Rather than worry about who did it, perhaps it would be a better idea to figure out what to do about? After all the potential for damage is quite high, and little seems to be know about what is happening, so far.
Ralph.Mitchell@brunel.ac.uk (Ralph Mitchell) (12/19/89)
dmg@retina.mitre.org (David Gursky) writes: >The AIDS Trojan Horse discussed by Alan Jay and John McAfee raises some >interesting questions about accountability. >[...] >In the broader case, could the perpetrators be extradicted to one of >the European countries that have better relations with Panama, and be >held liable for damages even though the license says not to use the >application without first paying for it. There is no actual address on the documentation that comes with the disk. The only way to find out where to send the money is by running the install program, thought it doesn't even say that in the notes... Of course, by that time, it is firmly ensconced on your hard disk... Ralph Mitchell - -- JANET: ralph@uk.ac.brunel.cc ARPA: ralph%cc.brunel.ac.uk@cwi.nl UUCP: ...ukc!cc.brunel!ralph PHONE: +44 895 74000 x2561 "There's so many different worlds, so many different Suns" - Dire Straits "Never underestimate the power of human stupidity" - Salvor Hardin, Foundation
craig@tolerant.com (Craig Harmer) (12/20/89)
dmg@retina.mitre.org (David Gursky) writes: >The AIDS Trojan Horse discussed by Alan Jay and John McAfee raises some >interesting questions about accountability. > > ... could the perpetrators be held liable under U.S. law for >damages, when the licensing notice clearly states the program is not >licensed to be used in the United States, and that damage will result >if you attempt to do so. actualy, the licensing notices reminds me of the popular "shrink-wrap" licenses where by breaking the shrink-wrap, you agree to the terms of the license. making the necessary action "running the program" doesn't seem much different to me (though i'm not a lawyer). so, assuming the people who's machines have been struck are in violation of a "legally enforceable" licensing agreement, is the destruction of data or denial of servicesomething they can sue over? some of the purveyors of data-block protection schemes for PCs seem to have provisions that cause the program to stop working if monthly payments aren't made. a friend of mine points out that there are also "good faith" types of clauses in the law that hold that given the method of distribution, the license agreement would not be valid. it would be highly interesting to see the PC Cyborg Corp. sue afflicted PC owners for breach of license! {apple,amdahl}!tolsoft!craig craig@tolerant.com (415) 626-6827 (h) (408) 433-5588 x220 (w) [views expressed above shouldn't be taken as Tolerants' views, or your views or my views. they are facts!]
David_Conrad%Wayne-MTS@um.cc.umich.edu (02/22/90)
munnari!mqccsunc.mqcc.mq.oz.au!ifarqhar@uunet.UU.NET (Ian Farquhar) writes: >...As for the concept of the user having legal control over what was >deleted from his/her hard disk, I cannot see this as a problem. >Multi-user systems have traditionally provided mechanisms for the >superuser to control the user's files with far more privileges >than the users themselves.... So intellectual property may be destroyed by anyone at any time and the owner has no recourse whatsoever? If current laws say this, then it is another failure by those who created our laws to provide adequate protection of intellectual property. The parallel with multi-user systems is flawed, in that in a multi-user system a user *knowingly* grants the superuser certain privileges in exchange for the system being efficiently organized, and *with the understanding that the superuser will *not* abuse those privileges*! What the AIDS program did was most likely illegal, but what's even more important, it was entirely unethical. As to the response here, all I've seen are warnings not to run the program (in light of what it does), and perhaps there was some advice on how to recover files that the program took hostage. Telling people how to recover their legal property is hardly wrong. What I haven't seen are instructions on how to run the AIDS program despite its "copy protection", which would violate the rights of the author. Creating disassembled listings of the program would, unfortunately, violate the author's right to create derivative works, but I see this as a necessary evil in the highly ethical process of attempting to restore the legal property of victims of this program. Ian also writes: >...If I were the defense lawyer with access to this newsgroup, the >first thing that I would have done is to take all of the relevant >articles that have appeared, and present them as evidence >prejudicial to the fair conduct of the trial.... Fine, but you'd have to show that the jury members had read the articles. Ian also writes: >...There also is a strong reluctance to change an opinion in the light >of new evidence, which is very worrying indeed.... Just remember, Ian, you said it! ___________________________________________________________________________ David R. Conrad BITNET: dconrad%wayne-mts@um.cc.umich.edu "Monday is an awful way to spend one seventh of your life."