|
Re: Truecrypt 4.1
nemo_outis wrote:
> Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in > news:77c6b506a119c1428ef1b0a3d8a54f55@pseudo.borke d.net: > > ... >>> You seem to have a strange sense of entitlement. The authors of a free >>> program have exactly ZERO duty or responsibility - least of all to you, >>> a whining parasite! >> >> The price one charges for a product and their liability and >> responsibility for that product are NOT synonymous nemo. Sorry. If it >> doesn't work as advertised they're liable for any damages it might >> cause, and that has nothing at all to do with how much money they make >> off it. >> >> In the case of TrueCrypt they're offering software that allegedly >> secures data. If there's some flaw that makes this software insecure and >> they DON'T make an acceptable effort to fix that flaw they're negligent. >> Again, no matter what they're charging for the product. >> >> This is the cross ALL software authors must bear. If you don't want to >> play the game, stay home. :) >> >> > > Nope, not so. If you're interested in legal folderol you might wish to > read the Truecrypt Licence, and, more particularly, Section IV, Disclaimer > of Warranties and Liabilities. No disclaimer in the world will cover your tail if you're negligent. You're simply wrong. I know you like the software and the people who write it, I do too, but don't let that could your judgment. If TrueCrypt had not addressed their problems in a reasonable way and someone lost data or had something compromised because of the KNOWN flaw in their software they could and maybe WOULD have been legally responsible. This is very basic business law. You can not disclaim away the responsibilities normal people would have. Disclaimers do not relieve you of those responsibilities. > > As a more practical matter, the authors are unknown, and this would make > pursuing a claim more than a little difficult. (I speculate that they're > also likely impecunious, too :-) John Doe warrants are pretty common these days. Ask anyone who works for RIAA or around the DMCA. Someone somewhere knows who they are, or has an account of theirs with a credit card or bank number. Damages might be collected even without knowing exactly who you're collecting from. At the very least the software could have been removed from reputable download sites. > > As for maintaining that the authors of a freeware program have a duty to > update it - that is so preposterous as not to deserve further comment. Fixing basic, functional errors in your programs isn't updating nemo, it's being responsible. The authors have a right at any time to quit developing, but they're offering a product that's advertised to do a certain thing. If it fails because of their negligence they're responsible. That's just the way the real world works. > > Caveat emptor. And all the more so when the "emptor" has paid nothing. > No, I stand by my statement: no duty and no responsibility. And I say so, > not just regarding reasonable jurisdictions, but even for the litigious > lawyer- infested USA. The entire WORLD is infested with money grubbing lawyers. I don't like it any more than you. But what we like or dislike is irrelevant. We must deal with what IS. The current state of "is" means that if you offer a product no matter what the cost, you are responsible for that product. Do you think that Ford wouldn't be held responsible for flaws in their automobiles if for some reason they decided to give them away with a "take it or leave it" offer? If they did something that caused the brakes to lock up and someone skidded over a cliff and died? Sure they would nemo, because that's what normal people are responsible for. There's a difference between innocent mistakes and just saying screwit. The TrueCrypt CBC thing was border line, but since they ARE maintaining it they have a responsibility to do it properly. The "I don't own you anything because I give stuff away" theory is real Utopian and everything, but it just doesn't hold water in the real world. |
Re: Truecrypt 4.1
Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in
news:8636b28f192e1d4620f8898dcda5e615@pseudo.borke d.net: Utopian? Me? Believe me, I'm no dewy-eyed ingenu; I am as worldly-wise and cynical as they come. >> Nope, not so. If you're interested in legal folderol you might wish >> to read the Truecrypt Licence, and, more particularly, Section IV, >> Disclaimer of Warranties and Liabilities. > > No disclaimer in the world will cover your tail if you're negligent. You're already guilty of begging the question (petitio principii). There can be no negligence where there is no duty of care - and that remains to be established. If you are merely saying that anyone can sue anyone else for any reason - or, indeed, for no reason - then, yes, you are correct. So conceded and stipulated. In fact, that is altogether too commonly the case in the US; in other, less supine, jurisdictions, such lawsuits are summarily dismissed as "frivolous and vexatious" (which is legalese for "a ****ing waste of the court's and everybody else's time"). Yes, in most jurisdictions the common law doctrine of "caveat emptor" has been widely supplanted by statutory provisions, including those for consumer protection. And the scope of product liability has been broaadened, sometimes to strict or even absolute liability (usually confined to specific products or industries!). But let's look a little deeper. Speaking broadly, there are two bases for which a product liability suit might be brought against Truecypt (I say broadly because there are differences in the law between jurisdictions). Those bases are contract and tort. Now here's the crux: there is no basis for a suit in contract since an essential element of contract, consideration, was absent - the software was free! With that, whole great chunks of the law, including most consumer protection laws, become inapplicable. (Not to say a lawyer might not argue otherwise, but he would find it very hard uphill sledding.) So only tort remains. I'll continue below. > You're simply wrong. I know you like the software and the people who > write it, I do too, but don't let that could your judgment. If > TrueCrypt had not addressed their problems in a reasonable way and > someone lost data or had something compromised because of the KNOWN > flaw in their software they could and maybe WOULD have been legally > responsible. > > This is very basic business law. You can not disclaim away the > responsibilities normal people would have. Disclaimers do not relieve > you of those responsibilities. While an ingenious lawyer might try any of a number of tacks, a suit in tort would hinge on "reckless or fraudulent misrepresentation" on which the user relied. That is going to be astoundingly difficult given the disclaimers and limitations of liability printed prominently in caps in the licence. And further, it is **universally** established that "commercial usage" for software (unlike, say, automobiles) is that it comes with a disclaimer, not a warranty. Not even a software user from Pluto could claim to be unaware of this; the user cannot reasonably claim otherwise. (Incidentally, Truecrypt has an additional defence layer going for it: it can claim to be specialized software for sophisticated users, who can reasonably be expected to use far greater levels of due diligence to ensure such specialized software is suitable for their purposes. But I digress...) >> As a more practical matter, the authors are unknown, and this would >> make pursuing a claim more than a little difficult. (I speculate >> that they're also likely impecunious, too :-) > > John Doe warrants are pretty common these days. Ask anyone who works > for RIAA or around the DMCA. Someone somewhere knows who they are, or > has an account of theirs with a credit card or bank number. Damages > might be collected even without knowing exactly who you're collecting > from. At the very least the software could have been removed from > reputable download sites. Even if I squint and stand on one leg, I can conceive of nothing stronger than a civil suit being brought for any alleged deficiencies in Truecrypt. Accordingly, all talk of warrants and such is bullshit, No, we are talking ordinary civil service for an ordinary civil suit. And no litigation lawyer worth his salt - even the bottom-feeding ones who work on a contingency basis - will do much unless there is a clear path to a defendant with deep pockets. That absent, the case (especially such a weak and tenuous one) would wither on the vine. As for suppressing the software's availability? Gimme a break! The RIAA and such, despite their massive lobbying efforts to buy legislators and laws, have been tilting at windmills trying to suppress software. Don't say such silly things - it undermines your credibility. You can't really think thata user could get such an injunction. At worst Truecrypt would relocate from sourceforge. (Even if Truecrypt lost a suit - which itself strains credulity - it is most unlikely it would have to do anything other than modify its representaions and licence.) >> As for maintaining that the authors of a freeware program have a duty >> to update it - that is so preposterous as not to deserve further >> comment. > > Fixing basic, functional errors in your programs isn't updating nemo, > it's being responsible. The authors have a right at any time to quit > developing, but they're offering a product that's advertised to do a > certain thing. If it fails because of their negligence they're > responsible. That's just the way the real world works. Responsible? Responsible to whom for what? Using what theory of law? You continue to beg the question. The standard of care required in the circumstances of free software is not much higher than not constituting deliberate malfeasance - a standard easily met by anything other than an outright virus or trojan. No, all responsibility for suitability of software to meet the user's needs falls on the user. That is the universal situation for software, including software sold commercially. The standard for free software is many notches lower yet. >> Caveat emptor. And all the more so when the "emptor" has paid >> nothing. No, I stand by my statement: no duty and no responsibility. >> And I say so, not just regarding reasonable jurisdictions, but even >> for the litigious lawyer- infested USA. > > The entire WORLD is infested with money grubbing lawyers. I don't like > it any more than you. But what we like or dislike is irrelevant. We > must deal with what IS. The current state of "is" means that if you > offer a product no matter what the cost, you are responsible for that > product. Of course the world is filled with money-grubbing lawyers. And sometimes even I use them! But suing Truecrypt for failing to update their product? I'd rather sue the sun for shining too brightly - the chances are better! But, hey, I'm willing to be educated. Cite me some instances of successful suits against free software. Regards, |
Re: Truecrypt 4.1
Borked Pseudo Mailed wrote:
> nemo_outis wrote: > > >>Borked Pseudo Mailed <nobody@pseudo.borked.net> wrote in >>news:77c6b506a119c1428ef1b0a3d8a54f55@pseudo.bor ked.net: >> >>... >> >>>>You seem to have a strange sense of entitlement. The authors of a free >>>>program have exactly ZERO duty or responsibility - least of all to you, >>>>a whining parasite! >>> >>>The price one charges for a product and their liability and >>>responsibility for that product are NOT synonymous nemo. Sorry. If it >>>doesn't work as advertised they're liable for any damages it might >>>cause, and that has nothing at all to do with how much money they make >>>off it. >>> >>>In the case of TrueCrypt they're offering software that allegedly >>>secures data. If there's some flaw that makes this software insecure and >>>they DON'T make an acceptable effort to fix that flaw they're negligent. >>>Again, no matter what they're charging for the product. >>> >>>This is the cross ALL software authors must bear. If you don't want to >>>play the game, stay home. :) >>> >>> >> >>Nope, not so. If you're interested in legal folderol you might wish to >>read the Truecrypt Licence, and, more particularly, Section IV, Disclaimer >>of Warranties and Liabilities. > > > No disclaimer in the world will cover your tail if you're negligent. > You're simply wrong. I know you like the software and the people who write > it, I do too, but don't let that could your judgment. If TrueCrypt had not > addressed their problems in a reasonable way and someone lost data or had > something compromised because of the KNOWN flaw in their software they > could and maybe WOULD have been legally responsible. > > This is very basic business law. You can not disclaim away the > responsibilities normal people would have. Disclaimers do not relieve you > of those responsibilities. > > >>As a more practical matter, the authors are unknown, and this would make >>pursuing a claim more than a little difficult. (I speculate that they're >>also likely impecunious, too :-) > > > John Doe warrants are pretty common these days. Ask anyone who works for > RIAA or around the DMCA. Someone somewhere knows who they are, or has an > account of theirs with a credit card or bank number. Damages might be > collected even without knowing exactly who you're collecting from. At the > very least the software could have been removed from reputable download > sites. > > >>As for maintaining that the authors of a freeware program have a duty to >>update it - that is so preposterous as not to deserve further comment. > > > Fixing basic, functional errors in your programs isn't updating nemo, it's > being responsible. The authors have a right at any time to quit > developing, but they're offering a product that's advertised to do a > certain thing. If it fails because of their negligence they're > responsible. That's just the way the real world works. > > >>Caveat emptor. And all the more so when the "emptor" has paid nothing. >>No, I stand by my statement: no duty and no responsibility. And I say so, >>not just regarding reasonable jurisdictions, but even for the litigious >>lawyer- infested USA. > > > The entire WORLD is infested with money grubbing lawyers. I don't like it > any more than you. But what we like or dislike is irrelevant. We must deal > with what IS. The current state of "is" means that if you offer a product > no matter what the cost, you are responsible for that product. > > Do you think that Ford wouldn't be held responsible for flaws in their > automobiles if for some reason they decided to give them away with a "take > it or leave it" offer? If they did something that caused the brakes to > lock up and someone skidded over a cliff and died? > > Sure they would nemo, because that's what normal people are responsible > for. There's a difference between innocent mistakes and just saying > screwit. The TrueCrypt CBC thing was border line, but since they ARE > maintaining it they have a responsibility to do it properly. The "I don't > own you anything because I give stuff away" theory is real Utopian and > everything, but it just doesn't hold water in the real world. > Ford would not be responsible if you took the car and told you they did not warrant the vehicle from defects and that defects were possible. Perhaps the laws on freeware software differ somewhere. If you will notice the Microsoft license (big commercial company with a lot of money, nice fat target) and they too put in a disclaimer...sue away... No doubt you can make a case to its insecurity, and you even paid for that software.... Winged |
Re: Truecrypt 4.1
Winged <Winged@nofollow.com> wrote in
news:7253$438aa3c3$45493f2f$3481@KNOLOGY.NET: ..... > Ford would not be responsible if you took the car and told you they > did not warrant the vehicle from defects and that defects were > possible. > > Perhaps the laws on freeware software differ somewhere. If you will > notice the Microsoft license (big commercial company with a lot of > money, nice fat target) and they too put in a disclaimer...sue away... > No doubt you can make a case to its insecurity, and you even paid for > that software.... > > Winged Actually it's considerably more complicated. Let me point out just a few aspects. Strict product liability only applies where there is "blood" involved (i.e., personal injury) - economic loss still falls (in the US) under the UCC (Uniform Commercial Code). The standard then drops (in tort) to negligence. One other key aspect, a very tricky one, is that "product liability" only applies, reasonably enough, to "products." While there have been moves in some jurisdictions to try to extend the definition of product to include software, there are serious legal obstacles, such as that "products" are tangible goods, and it is highly questionable that software is tangible. This is particularly true, for instance, in the case of Truecrypt, where the only mode of distribution is downloading over the internet. No tangibility ==> no product ==> no product liability! One whole legal tower then collapses! Even if it doesn't quite collapse, it is seriously undermined. Also, for open-source software such as Truecrypt, a number of other legal principles come to bear. For instance one of the questions in product liability is the capability of the user to examine the product in detail. The rationale, for instance, for strict product liability, is based on there being an unfair burden placed on the consumer to do the technical anlysis of, say, GM's proprietary closed engineering and production processes. But with Truecrypt, an open-source program, the user can see all that the developer sees. Even if a particular user does not have the technical competence to analyze the program, it is still open to broad public scrutiny and comment. This goes a very long way to shifting the burden of assessing suitability for purpose to the consumer, and makes it much harder to complain about hidden defects. Also, because the program is free, the consumer can evaluate it in a low-risk situation as long and as intensely as he wishes - without financial commitment- while he makes up his own mind on suitability for purpose. If a user rashly and imprudently does otherwise, it's his ass. Another legal standard that bears on the split of responsibility between producer and consumer is the degree of professionalism and commercial commitment of the producer. To the extent that the producers can assert they are producing the software as a hobby or public-benefit pursuit and not as a commercial venture, they further deflect any claim of negligence on their part. The consumer has constructive notice that the standard of production and support for the program may well be expected to fall considerably below commercial standards (pitiful though those are!). There's lots more, but that gives some idea of how shaky any claim for product liability against failure to update a free open-source product would be. Regards, PS Now, aside from all the legal mumbo-jumbo, the practical fact, as things now stand, is that bringing a suit for even grossly buggy commercial software is very likely to be unsuccessful. At best, maybe, if you have the tenacity of a bulldog and mountains of money to spend on lawyers, you might get your purchase price refunded. Whoopee do! To move beyond this to pushing some claim against free open-source software hasn't a hope in hell. |
Re: Truecrypt 4.1
nemo_outis wrote:
> Winged <Winged@nofollow.com> wrote in > news:7253$438aa3c3$45493f2f$3481@KNOLOGY.NET: > > ..... > >>Ford would not be responsible if you took the car and told you they >>did not warrant the vehicle from defects and that defects were >>possible. >> >>Perhaps the laws on freeware software differ somewhere. If you will >>notice the Microsoft license (big commercial company with a lot of >>money, nice fat target) and they too put in a disclaimer...sue away... >>No doubt you can make a case to its insecurity, and you even paid for >>that software.... >> >>Winged > > > > Actually it's considerably more complicated. Let me point out just a few > aspects. > > Strict product liability only applies where there is "blood" involved > (i.e., personal injury) - economic loss still falls (in the US) under the > UCC (Uniform Commercial Code). The standard then drops (in tort) to > negligence. > > One other key aspect, a very tricky one, is that "product liability" only > applies, reasonably enough, to "products." While there have been moves > in some jurisdictions to try to extend the definition of product to > include software, there are serious legal obstacles, such as that > "products" are tangible goods, and it is highly questionable that > software is tangible. This is particularly true, for instance, in the > case of Truecrypt, where the only mode of distribution is downloading > over the internet. No tangibility ==> no product ==> no product > liability! One whole legal tower then collapses! Even if it doesn't > quite collapse, it is seriously undermined. > > Also, for open-source software such as Truecrypt, a number of other legal > principles come to bear. For instance one of the questions in product > liability is the capability of the user to examine the product in detail. > The rationale, for instance, for strict product liability, is based on > there being an unfair burden placed on the consumer to do the technical > anlysis of, say, GM's proprietary closed engineering and production > processes. But with Truecrypt, an open-source program, the user can see > all that the developer sees. Even if a particular user does not have the > technical competence to analyze the program, it is still open to broad > public scrutiny and comment. This goes a very long way to shifting the > burden of assessing suitability for purpose to the consumer, and makes it > much harder to complain about hidden defects. Also, because the program > is free, the consumer can evaluate it in a low-risk situation as long and > as intensely as he wishes - without financial commitment- while he makes > up his own mind on suitability for purpose. If a user rashly and > imprudently does otherwise, it's his ass. > > Another legal standard that bears on the split of responsibility between > producer and consumer is the degree of professionalism and commercial > commitment of the producer. To the extent that the producers can assert > they are producing the software as a hobby or public-benefit pursuit and > not as a commercial venture, they further deflect any claim of negligence > on their part. The consumer has constructive notice that the standard of > production and support for the program may well be expected to fall > considerably below commercial standards (pitiful though those are!). > > There's lots more, but that gives some idea of how shaky any claim for > product liability against failure to update a free open-source product > would be. > > Regards, > > PS Now, aside from all the legal mumbo-jumbo, the practical fact, as > things now stand, is that bringing a suit for even grossly buggy > commercial software is very likely to be unsuccessful. At best, maybe, > if you have the tenacity of a bulldog and mountains of money to spend on > lawyers, you might get your purchase price refunded. Whoopee do! To move > beyond this to pushing some claim against free open-source software > hasn't a hope in hell. > You are not getting any argument from me. Success of an ice cube in a very warm place is higher. I was trying to write to user proposed situ, and failed. Further, this is one of the few places where the law is correct. Winged |
Re: Truecrypt 4.1
"nemo_outis" <abc@xyz.com> wrote in message
> But suing Truecrypt for failing to update their > product? I'd rather sue the sun for shining too brightly - the chances > are better! > That remark made my day! Thanks. |
Re: Truecrypt 4.1
"Winged" <Winged@nofollow.com> wrote in message news:7253$438aa3c3
> > Perhaps the laws on freeware software differ somewhere. If you will > notice the Microsoft license (big commercial company with a lot of money, > nice fat target) and they too put in a disclaimer...sue away... No doubt > you can make a case to its insecurity, and you even paid for that > software.... > One defense that is often used is to assert that the service provider (in this case, the authors of TrueCrypt) could not, for the price charged, be expected to provide a product that is fool-proof. I once sat on a jury where a woman was suing Ford because her transmission slipped out of "Park" while she left the engine running and dashed into a bakery. She came out, found her car slowly rolling backwards toward a wall, she got in back of her car and tried to "push" it so as to keep it from hitting the wall, and she sustained injuries when she found that the car was more powerful than were her efforts to heroically stop it! When the judge instructed us in the law he made it clear that NO product was expected to be free of all problems, and that there was a clear distinction between gross negligence and an occasional malfunction. Also, the plaintiff's attorney argued that the vehicle's operating manual did not specifically warn against leaving the vehicle unattended with the engine running! We found Ford not to be at fault. The deliberations took no more than 15 minutes. |
Re: Truecrypt 4.1
On 27 Nov 2005 22:42:46 GMT, nemo_outis wrote:
>> No disclaimer in the world will cover your tail if you're negligent. > > > You're already guilty of begging the question (petitio principii). There > can be no negligence where there is no duty of care - and that remains to > be established. Perhaps where you live but in the USA, gross negligence is most often interpreted as unwaivable. -- Drop the alphabet for email |
Re: Truecrypt 4.1
"nemo_outis" <abc@xyz.com> wrote:
> I'd rather sue the sun for shining too brightly - the chances > are better! Or sue all the established churches and monotheistic religions on this planet for damages classed as "Acts of god"... ;-) Juergen Nieveler -- Man who scratch ass should not bite fingernails. |
Re: Truecrypt 4.1
Ari Silverstein <abcarisilversteinn@yahoo.comxyz> wrote in
news:ik6mn1ly7j72.irdy228yldfu$.dlg@40tude.net: > On 27 Nov 2005 22:42:46 GMT, nemo_outis wrote: > >>> No disclaimer in the world will cover your tail if you're negligent. >> >> >> You're already guilty of begging the question (petitio principii). >> There can be no negligence where there is no duty of care - and that >> remains to be established. > > Perhaps where you live but in the USA, gross negligence is most often > interpreted as unwaivable. Gross negligence? We've now leapt from Borky's merely silly negligence to the patent absurdity of gross negligence, have we? And my point remains, trenchant as ever, despite you leapfrogging over it: until you establish a duty of care (and the required standard) it is more than a little premature to speak of negligence - any form of negligence. Regards, |
| All times are GMT. The time now is 02:21 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.