newman@uunet.UU.NET (Bo Newman) (02/22/90)
This may be a rehash of an old topic and if it is, I apologize at
the start. The FOLLOWING VIEWS ARE IN NO WAY ATTRIBUTABLE TO
ANYONE OTHER THAN ME.
- ----------
Does anyone know what the status of US H.R. 55 is? H.R. 55
introduced in July of 89, is a follow-up to the 1986 Computer Fraud
and Abuse Act. It addresses, in part, computer virus designed
with "authorized " assess to computers, or viruses that are not
designed to delete files. According to Rep Wally Herger (R-Calif)
this bill was supported by a number of computer lobbying groups.
What concerns me most was that it was reported that H.R. 55
establishes tough penalties(up to 20 years in prison) for;
"knowingly" planing a virus that causes "loss, expense,
or risk to the health or welfare" of an individual or a
company.
This would seem to open the provider/installer of any software at
risk of libel. Software has bugs, like it or not. (Also remember
that in layman's vernacular the common cold is caused by a
bug/virus without much distinction) If the presence of a "bug"
results in a "potential" risk to the health or welfare(?) of an
(individual or) company you as the provider/installer could find
yourself facing 20 years in jail. If this is the case, the
liability insurance problem faced by the medical profession will
be nothing compared to what the software industry will face.
With the way the federal Racketeer Influenced and Corrupt
Organizations Act (RICO) has been used in civil court, it is very
hard to bank on "intention of congress" when it comes to the way
a law will be applied.
RICO was designed as a weapon to protect legitimate business from
organized crime. But civil claims have been filed under it in
cases of bank fore-closures on real estate, between doctors and
hospitals over staff privileges, to cases between warring spouses
in divorce cases and child custody battles.
The parallels for misuse of the provisions of H.R. 55 seem too
obvious.
You have just converted your companies market information
system to a new Relational Database product that contains
a bug. Because of that bug you are unable to retrieve key
marketing information and as a result the "well being"
(market position) of your company is now "at risk."
Will this be grounds for prosecution or a civil suit? Before you
answer, consider the RICO situation.
When RICO was enacted it was mostly ignored, as was the 1986
Computer Fraud and Abuse Act until the Morris case). But around
1980, plaintiffs' lawyer started seeing the potential for applying
RICO to individuals other than typical racketeers. The number of
civil RICO cases increased eightfold for the early 1970s to the mid
sixties.
The increased cost for defending against litigation brought under
RICO and the costs of higher insurance premiums end up coming out
of the consumers pocket. If the same situation develops as a
result of law based on H.R. 55 the impacts could be felt in almost
every sector of the economy.
But then for those brave soles who are still willing to face the
risks of the lawyers, writing software may become a vveerryy well
paying profession.
===================================================================
:Bo Newman newman@inco.uu.net uunet!inco!newman :
- -------------------------------------------------------------------
: ALL STANDARD DISCLAIMERS APPLY AND THEN SOME :
===================================================================