newman@uunet.UU.NET (Bo Newman) (02/22/90)
This may be a rehash of an old topic and if it is, I apologize at the start. The FOLLOWING VIEWS ARE IN NO WAY ATTRIBUTABLE TO ANYONE OTHER THAN ME. - ---------- Does anyone know what the status of US H.R. 55 is? H.R. 55 introduced in July of 89, is a follow-up to the 1986 Computer Fraud and Abuse Act. It addresses, in part, computer virus designed with "authorized " assess to computers, or viruses that are not designed to delete files. According to Rep Wally Herger (R-Calif) this bill was supported by a number of computer lobbying groups. What concerns me most was that it was reported that H.R. 55 establishes tough penalties(up to 20 years in prison) for; "knowingly" planing a virus that causes "loss, expense, or risk to the health or welfare" of an individual or a company. This would seem to open the provider/installer of any software at risk of libel. Software has bugs, like it or not. (Also remember that in layman's vernacular the common cold is caused by a bug/virus without much distinction) If the presence of a "bug" results in a "potential" risk to the health or welfare(?) of an (individual or) company you as the provider/installer could find yourself facing 20 years in jail. If this is the case, the liability insurance problem faced by the medical profession will be nothing compared to what the software industry will face. With the way the federal Racketeer Influenced and Corrupt Organizations Act (RICO) has been used in civil court, it is very hard to bank on "intention of congress" when it comes to the way a law will be applied. RICO was designed as a weapon to protect legitimate business from organized crime. But civil claims have been filed under it in cases of bank fore-closures on real estate, between doctors and hospitals over staff privileges, to cases between warring spouses in divorce cases and child custody battles. The parallels for misuse of the provisions of H.R. 55 seem too obvious. You have just converted your companies market information system to a new Relational Database product that contains a bug. Because of that bug you are unable to retrieve key marketing information and as a result the "well being" (market position) of your company is now "at risk." Will this be grounds for prosecution or a civil suit? Before you answer, consider the RICO situation. When RICO was enacted it was mostly ignored, as was the 1986 Computer Fraud and Abuse Act until the Morris case). But around 1980, plaintiffs' lawyer started seeing the potential for applying RICO to individuals other than typical racketeers. The number of civil RICO cases increased eightfold for the early 1970s to the mid sixties. The increased cost for defending against litigation brought under RICO and the costs of higher insurance premiums end up coming out of the consumers pocket. If the same situation develops as a result of law based on H.R. 55 the impacts could be felt in almost every sector of the economy. But then for those brave soles who are still willing to face the risks of the lawyers, writing software may become a vveerryy well paying profession. =================================================================== :Bo Newman newman@inco.uu.net uunet!inco!newman : - ------------------------------------------------------------------- : ALL STANDARD DISCLAIMERS APPLY AND THEN SOME : ===================================================================