Groups

Group 1, OS Maker Industry Association

1. Jason Liss
2. Nevin Kamath
3. Chris Johnson
4. brando
5. Ed Roggenkamp
6. Harry Lewis
7. Tyler Tassin
8. Matan Shacham

Our recommendations can be summarized as the following:

1. Keep federal involvement to a minimum, except where it helps us! - grants for security development - recommendations on developing secure software - farming out the security testing apparatus (saves us money) - would be against federal purchasing requirements

2. We are against piracy - Would like greater enforcement/resources against cybercrimes involving piracy because it can dilute the security value of the platform, among other things - Pro-DRM?

3. Would have positions on a variety of legal mechanisms: - Give us no OS liability, or at least a strong voice in such a debate - Greater support for venue selection (dont' want to be sued everywhere) - Support efforts to contract around liability (EULA's) - Sheild OS manufacturers from class actions, give us a monetary cap

4. In the heterogeneity debate, it depends on who we are - If we are MS, then no way! - If we are Ubuntu Linux, then yes please.

Group 2, Software/Applications Industry Association

1. Lindsay Kitzinger
2. Bradley Hamburger
3. Nika Engberg
4. Anna Volftsun
5. Dara Glasser
6. Tom Seivert
7. Samantha Lipton

Thoughts:

• Software people will obviously want the end user license agreements enforced and to avoid any liability if possible
• If under pressure, they will probably want to focus on self/industry regulation rather than statutory or outside regulation. Software makers might be open to establishing industry standards and best practices for coding, cooperative groups to work on security issues, and accreditation for coders. In order to do this you would need some sort of enforcement mechanism.
• Will want any liability to be based only on gross negligence because the current industry model is to release initial software and then allow fixes to be created as bugs arise. Will dislike comparisons presented between cars and other physical objects and software because of the differences in how problems are discovered and solved. Software people will argue strongly against use of the existing product liability standards because they impose strict liability for problems that are hard to discover.

Group 3, Internet Service Provider Industry Association

1. Arjun Mehra
2. Savith
3. Jen
4. Renat
5. Deepa
6. James

Group 4, Consumer Interest Group (Ralph Nader)

1. Eryck Kratville
2. LT Ciaccio
3. Vanessa Hettinger
4. Alexis Caloza
5. Kelly Hoffman
6. Kevin Parker

Consumer Interests

Primary concerns:

• Faster
  
• Cheaper
  
• Safer / More reliable

Possible solution:

Greater liability for software providers (debate between a strict liability and a product-liability negligence regime)

Peripheral concerns:

• Customizability
  
• Unfairness of smart consumers subsidizing naïve consumers
  
• Worry about quelching innovation

Another way to go about this might be to disallow the shrink-wrap agreement for out-of-the-box software available at Best Buy, but to allow a form of price discrimination by companies through different distribution channels whereby more web-savvy consumers can acquire a more experimental, more customizable version of the software that will be peer-reviewable and offered at a lower price but with lower liability for the provider.

For ISPs – Duty to disclose the identity of bad actors when prompted (through some channel that squares with the constitution), but no duty to actively police the data passing through its network.

Group 5, Plaintiff-side Lawyer in Texas

1. Josh Feasel
2. Kim Everitt
3. Dan Kahn
4. Ken Grose
5. Nate bryant
6. Kerry Lee
7. Mai

Thoughts:

• Our main interest is having someone to sue (and being able to win). This has several dimensions:
  1. Standard of liability
     • We'd certainly prefer strict liability, as a negligence standard will be hard to prove.
  2. Who is liable?
     • Holding only the bad actors liable is unsatisfactory: they can hide their identities and they don't have much money.
     • Holding software makers liable may dry up the market somewhat.
     • OS makers have deeper pockets and won't easily be deterred.
     • But ISPs are probably the best target. They have deeper pockets, aren't easily deterred, and have a significant ability to control activity on their service (in theory, at least).
  3. Most of these suggestions would work against generativity.
  4. Our considerations will change somewhat based on the claim at issue (IP, fraud, privacy, etc.)

Group 6, Ombudsman

1. Meika Vogel
2. Doug
3. Will Adams
4. Christina Seif
5. Will M
6. Xixi
7. Kira Stanfield

Other Potential Stakeholders:

1. Hardware Makers: PC makers, backbone. Backbone – financial stake because of overload in traffic. Hardware: pressure on reconfiguring; potential liability for security features; also, the more data that flows, the more they sell. Appliance Makers (cell phones).

2. Professors: Books to sell, classes to teach.

3. Countries / Government: Different countries have different needs / desires based on what services they provide (India – services, Nigeria – spam, China – free speech issues). National Security/Terrorism concerns.

4. Law Enforcement: specificity v. broad language in the law; workload.

5. Corporations: as users; IT Departments at corporations; retailers (like Norton, other corporations that depend on secure transactions like Amazon); software makers; corporations that have intellectual property at stake (whether they have a competing technology or they have copyrighted material that might be stolen).

6. Benevolent Hackers: hacking your iPhone for useful purposes, counting the number of computers on the Internet.

7. Insurance industry: because they may incur liability either through contract or extra-contractual or implied contractual liability by the courts).