Groups

From Cyberlaw: Internet Points of Control Course Wiki
Revision as of 17:07, 16 January 2008 by JoshuaFeasel (talk | contribs) (→‎Group 5, Plaintiff-side Lawyer in Texas)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Group 1, OS Maker Industry Association

  1. Jason Liss
  2. Nevin Kamath
  3. Chris Johnson
  4. brando
  5. Ed Roggenkamp
  6. Harry Lewis
  7. Tyler Tassin
  8. Matan Shacham

Our recommendations can be summarized as the following:

1. Keep federal involvement to a minimum, except where it helps us! - grants for security development - recommendations on developing secure software - farming out the security testing apparatus (saves us money) - would be against federal purchasing requirements

2. We are against piracy - Would like greater enforcement/resources against cybercrimes involving piracy because it can dilute the security value of the platform, among other things - Pro-DRM?

3. Would have positions on a variety of legal mechanisms: - Give us no OS liability, or at least a strong voice in such a debate - Greater support for venue selection (dont' want to be sued everywhere) - Support efforts to contract around liability (EULA's) - Sheild OS manufacturers from class actions, give us a monetary cap

4. In the heterogeneity debate, it depends on who we are - If we are MS, then no way! - If we are Ubuntu Linux, then yes please.

Group 2, Software/Applications Industry Association

  1. Lindsay Kitzinger
  2. Bradley Hamburger
  3. Nika Engberg
  4. Anna Volftsun
  5. Dara Glasser
  6. Tom Seivert
  7. Samantha Lipton

Thoughts:

  • Software people will obviously want the end user license agreements enforced and to avoid any liability if possible
  • If under pressure, they will probably want to focus on self/industry regulation rather than statutory or outside regulation. Software makers might be open to establishing industry standards and best practices for coding, cooperative groups to work on security issues, and accreditation for coders. In order to do this you would need some sort of enforcement mechanism.
  • Will want any liability to be based only on gross negligence because the current industry model is to release initial software and then allow fixes to be created as bugs arise. Will dislike comparisons presented between cars and other physical objects and software because of the differences in how problems are discovered and solved. Software people will argue strongly against use of the existing product liability standards because they impose strict liability for problems that are hard to discover.

Group 3, Internet Service Provider Industry Association

  1. Arjun Mehra
  2. Savith
  3. Jen
  4. Renat
  5. Deepa
  6. James

We want limited liability.

  1. Inspecting Data
    • We want the option to offer protection for a premium (liability insurance) - a specifically secure, separate network that subscribers can pay a bit more for.
      • Liability then arises only for malicious packets that get by.
    • Privacy Concerns
  2. Requiring Sub-user Filtering
    • Isolating those who are most susceptible.
  3. Effect on Barriers to Entry
    • Tier 1 ISPs want high barriers to entry, Tier 2 ISPs want low barriers.

Group 4, Consumer Interest Group (Ralph Nader)

  1. Eryck Kratville
  2. LT Ciaccio
  3. Vanessa Hettinger
  4. Alexis Caloza
  5. Kelly Hoffman
  6. Kevin Parker


Primary concerns:

  • Faster
  • Cheaper
  • Safer / More reliable


Possible solution:

Greater liability for software providers (debate between a strict liability and a product-liability negligence regime)


Peripheral concerns:

  • Customizability
  • Unfairness of smart consumers subsidizing naïve consumers
  • Worry about quelching innovation


Another way to go about this might be to disallow the shrink-wrap agreement for out-of-the-box software available at Best Buy, but to allow a form of price discrimination by companies through different distribution channels whereby more web-savvy consumers can acquire a more experimental, more customizable version of the software that will be peer-reviewable and offered at a lower price but with lower liability for the provider.


For ISPs – Duty to disclose the identity of bad actors when prompted (through some channel that squares with the constitution), but no duty to actively police the data passing through its network.

Group 5, Plaintiff-side Lawyer in Texas

  1. Josh Feasel
  2. Kim Everitt
  3. Dan Kahn
  4. Ken Grose
  5. Nate bryant
  6. Kerry Lee
  7. Mai

Thoughts:

  • Our main interest is having someone to sue (and being able to win). This has several dimensions:
    1. Standard of liability
      • We'd certainly prefer strict liability, as a negligence standard will be hard to prove.
    2. Who is liable?
      • Holding only the bad actors liable is unsatisfactory: they can hide their identities and they don't have much money.
      • Holding software makers liable may dry up the market somewhat.
      • OS makers have deeper pockets and won't easily be deterred.
      • But ISPs are probably the best target. They have deeper pockets, aren't easily deterred, and have a significant ability to control activity on their service (in theory, at least).
    3. Most of these suggestions would work against generativity.
    4. Our considerations will change somewhat based on the claim at issue (IP, fraud, privacy, etc.)

Search Engine Stuff - Our Concerns:

  • cost
    • seems pretty costly to do a good job here
    • but you can probably do a not-so-great job of keyword-filtering without much cost
    • but the rest of the requirements (meetings, monitoring, reporting) will probably be somewhat expensive
    • and we might have to do similar things in other countries, multiplying the costs
  • feasibility
    • can we actually filter all new information for bad stuff?
    • can we figure out what is “bad info”?
  • evil?
    • corrupts corporate mission
    • tracking user IP addresses seems pretty bad...
    • but blocking sites seems not quite as bad
      • users may be able to find sites anyway
        • or maybe not, especially with the coordination with other search engines
    • sets a bad precedent:
      • might lead other countries to push for similar regimes
      • might lead to further regulation (say, acting as a proxy for all traffic)
  • profits
    • we could probably make a lot of money in China
    • how much would it hurt our profits/reputation in other countries?
  • business autonomy
    • don't want gov't officials digging around in our algorithm or our business activities
    • don't want to exchange info with other search engines

Group 6, Ombudsman

  1. Meika Vogel
  2. Doug
  3. Will Adams
  4. Christina Seif
  5. Will M
  6. Xixi
  7. Kira Stanfield

Other Potential Stakeholders:

1. Hardware Makers: PC makers, backbone. Backbone – financial stake because of overload in traffic. Hardware: pressure on reconfiguring; potential liability for security features; also, the more data that flows, the more they sell. Appliance Makers (cell phones).

2. Professors: Books to sell, classes to teach.

3. Countries / Government: Different countries have different needs / desires based on what services they provide (India – services, Nigeria – spam, China – free speech issues). National Security/Terrorism concerns.

4. Law Enforcement: specificity v. broad language in the law; workload.

5. Corporations: as users; IT Departments at corporations; retailers (like Norton, other corporations that depend on secure transactions like Amazon); software makers; corporations that have intellectual property at stake (whether they have a competing technology or they have copyrighted material that might be stolen).

6. Benevolent Hackers: hacking your iPhone for useful purposes, counting the number of computers on the Internet.

7. Insurance industry: because they may incur liability either through contract or extra-contractual or implied contractual liability by the courts).

Retrieved from "http://cyber.harvard.edu/ipc/?title=Groups&oldid=2716"