Slashdot Mirror
Contractor Folds After Causing Breaches
talkinsecurity writes "A single contractor, privately-held Verus Inc., has been traced as the source of no less than five hospital security breaches in the past two months — and those breaches have put the company out of business in a matter of weeks. Verus, which managed the websites of as many as 60 of the country's largest hospitals, has folded its entire business within the past few weeks, without a word to anyone. Apparently, a single IT error led to the exposure of at least five hospitals' patient data — at least 100,000 individuals' personal information — and caused Verus' primary investor to pull the plug. The hospitals, which initially reported their breaches separately, were left with no one to sue."
Nobody is held accountable for the actions of a corporation. The board of directors and all officers should be held personally liable.
(I happen to own a corporation, however as a professional engineer, I am also personally liable for everything which goes out the door.)
Is it just my observation, or are there way too many stupid people in the world?
The hospitals, which initially reported their breaches separately, were left with no one to sue."
I'd start with the ex-CEO. The 'company' did not make decisions, people did. They should be held accountable.
This is another of the many advantages of outsourcing...
It's never too late to stop doing something wrong, or to start doing something right.
You can outsource work but you can't outsource responsibility.
And if you think the supplier will always be around to sue later, and suing them is your only plan, you're a fool.
"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
Lots of people on slashdot extoll the virtues of un-fettered capitalism. "No need for government regulation, sue those who breach their contract!". Unfortunately, when the company folds protecting the stakeholders there is nobody left to sue! Oooops! There goes that darn accountability!
Blar.
HIPPA laws are no joke. There are serious fines and even criminal penalties for letting confidential patient records out. It's so serious that companies working with health care data often have special training programs for their employees that handle any sort of hospital data -- even for IT workers.
Verus probably folded to keep from getting heavily penalized and/or to prevent its directors from being criminally prosecuted under HIPPA.
My blog
"The hospitals, which initially reported their breaches separately, were left with no one to sue."
In this day and age, all I can say is BOO HOO.
I hate printers.
I would think that if Verus is referring people to an alternate service, there would be some sort of contractual agreement between the two. The investors might have to assume some liability for preventing legal redress of problems.
For that matter, I would the federal government would be all over it for violation of HIPA regulations.
"It is a miracle that curiosity survives formal education." -Albert Einstein
Read the article. It was a single mistake -- leaving a firewall down after performing a transfer of data from one server to another. But, why would you need to take down a firewall to transfer data? Set up a VPN, or better yet, use hard drives and old-fashioned sneakernet to transfer the data.
What the vendor really needed was a security audit by an external security firm. I bet you will see more of that in its competitors (or ex-competitors).
$nice = $webHosting + $domainNames + $sslCerts
The hospitals, which initially reported their breaches separately, were left with no one to sue."
OMG! Can we set up a paypal fund to help find someone for these hospitals to sue?
boo fricking Hoo. Even IF the guys were still in business they were more than likely a LLC which means that you can sue them all you want it wont do squat, you wont get squat.
I just love though how the summary makes it out how it's a horrible thing that the Hospitals cant sue anyone. Oh the Humanity!
Do not look at laser with remaining good eye.
The company is in India, or China, or Indonesia or.... you get the point.
Hold your information close to your chest - there's a reason you used to pay a guy, an in-house guy mind you, the BIG BUCK$ to keep your information straight.
But noooooo...
We gotta OUTSOURCE because it looks good on a quarteryly statement.
Stew in it boyos, STEW IN IT!
shock the monkey
I confess, I am not someone who works professionally in the IT field, so I may be off the mark here, but can someone explain a situation where a computer would need to have its firewall dropped totally merely to transfer data from one system to another? I guess it just sounds a little unusual to me. Is this a systemic flaw in the way these systems were being administered or is this someone leaving out an obviously crucial step in an otherwise routine operation?
Who would take a job where you could be held personally liable for any mistake your subordinates may do? You have a company where the size is small enough that you can check everything, I guess, or you wouldn't be taking that responsibility, but would you really want to be personally liable if you had 1500 employees? Would you be able to check all their work for flaws?
In my opinion, this company has already been punished for their mistake. They exist no more. The employees who made the mistake have already lost their jobs. What would be the purpose of suing? Revenge?
Personal accountability is great but in a company, that accountability is handled internally. If an external party has been harmed by the mistake, they sue the corporation and the corporation pays. Internally, the company may fire anyone and everyone they find responsible but they cannot and should not be able to take the money they lost from those people. The whole point of starting a corporation, for goodness sakes, is to create an entity that is separate from the employees and even the owners so that the employees and owners are NOT personally responsible.
Sorry if I'm not crying when there is no one left to sue.
Badgers, we don't need no stinking badgers! - UHF
Enron folded after some financial misdeeds. The investors still had someone to sue. There is always someone to sue.
The game.
The same standard IS applied. When an engineer is sued it is because his design was faulty, not because the building contractor used shitty concrete. If said contractor used shitty concrete, HE will be sued into oblivion.
Likewise, if the policies enacted by a companydirect actions defraud the public out of millions of dollars, they will be held acountable (see : Enron). If Joe Sixpack in accounting trafficks data all on his own, why should the CEO be held accountable?
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
I guess this technically still holds true. They didn't get fired, their company only went bust...
The hospitals, which initially reported their breaches separately, were left with no one to sue
Next time, theyll buy IBM, I guess.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
I would bet that even the investor did so only through an INC. It is this lack of responsibility that is occurring in incs and politics which are destroying society. IMHO, it would behoove the country (and perhaps countries) to re-do corporate laws in a fashion that holds boards/CEO, and even investors responsible.
One interesting side note about this is that corporations are suppose to have nearly all the same rights as humans. But they do not have the same responsibility. That is, they can not be jailed for 20 years or even executed. As I watch their actions, more and more they appear to be sociopathic. They operate with less care about the community and are more about making money for the CEOs (interestingly, not even for the investors rate that high).
I prefer the "u" in honour as it seems to be missing these days.
Would be interested if someone could find out more, TFA didn't have much in the way of details. Was this a server in a DMZ, completely internet facing; hardware or software firewall; was the the file sharing ports left open, or the everything? I've made a few mistakes in my time, but never that big, not to mention the fact that (and i'm saying this without real details) it's pretty sad if you have to mess with a firewall to do file transfers...
Any self proclaimed basement dwelling lawyers know if criminal charges can be files for HIPPA violations from individuals, or does the corporate liability umbrella going to save someone's ass.
An I.T. motto in the hands of an idiot is a dangerous thing...
...I do know a thing or two about corporate law, having served on a couple of corporate boards.
Granted this may vary a bit from state to state, but directors and executives of a corporation, and sometimes, depending on the circumstances, the investors, do not get total automatic blanket immunity from prosecution by virtue of incorporating. If the hospitals here can show there was willful negligence, and not simply "someone fucked up", they can go after the directors and executives for every penny they have, and the state(s) involved can go for criminal charges.
Enron is a perfect example of this. Willful negligence along with criminal activity. Several former execs are now forking out money and wearing prison uniforms.
This is the same as if someone forms a corporation for their business, and then goes to work with the attitude of "I don't have to watch what I do, I'm a corporation and can't be sued"...boom...they just lost legal protection if there is infact a problem with their work. Under most circumstances, the law does not allow one to be negligent in their work. Ignorant maybe, but not negligent.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
Just because a corp folds up doesn't mean there is no one left to sue. A corp doesn't just disappear into thin air when someone wants to "pull the plug." The corporation has assets, and those assets have to get distributed to somebody, and that process takes time. A corporation with no assets is in serious danger of losing the liability shield (meaning people can go after the individual shareholders and/or corporate officers). Also, any liability insurance policies in place when the corporation was operating would still be accessible to claimants.
At the very least, this corp is out of business and won't be making insecure web sites anymore, which is a good thing. With any luck, a smart customer will attach what's left of the assets so that nobody walks away with all the money scott free.
Yet another "deregulation" attack on America! As always, the conservative hatred of America strikes again!
Go Enron-style accounting!
Go War-on-Terra!
Go record shattering deficits!
Go investor bail-outs!
Go "Fiscal Conservatives"!
"....managed the websites of as many as 60 of the country's largest hospitals"
Which coutry might that be then, as I'm sure there's more than one country in the world.
Slashdot is not USA-specific.
I'd better shut up now before the World Police come-a-knocking.
#include <sig.h>
Of course the knee jerk reaction is to make corporations more accountable, raise the risks for the owners, etc. As others have pointed out, no one would want to run a corporation where they are liable not just for doing their job, but being sure that no mistakes were made by anyone else (like the IT worker turning off a firewall, or the janitor that doesn't put down a wet floor sign). Take the current executive pay and bump it up by a factor of 10. Honestly, all the barriers, rules, legal risk, etc are part of the reason big companies have gotten so big.
Also, lets not forget that if the executives really did something wrong, closing the business isn't enough. There's still a legal record of who owned the business when the breach occurred. What the hospitals are upset about is that the investors stopped putting money into the company which they could try to get their hands on. The investors already lost because the company folded, they never saw a return on their money, and probably lost their principle, too. As did the shareholders (stock=0), employees (no unemployed, a few of them rightfully so), executives (with a black mark on their record for something they didn't do), etc. Anyone who walks away from a folded company as a winner either did nothing wrong, scammed the system, or was really good and didn't get caught. None of which appears to have happened here.
If you want to be anti-big business, you need to cut down the barriers so that "locally owned" has a fighting chance against the "benefits of scalability".
Because it isn't like this sort of thing EVER happens with giant, inefficient, incompetent government bureaucracies (like the VA). The difference is that in this case--with a free market--the people who suck go out of business, while the VA just says "whoops" and continues to suck.
Okay, you may resume your blind faith-based, anti-capitalist religious babbling now. Chomsky told you to think something, so it must be true!
You're assuming that the person who wrote the article understands the distinction between a "firewall", an open port, or any number of other things.
One factor courts look at to determine whether a corporation's existence should be disregarded is whether the corporation was undercapitalized. That is, did the corporation have sufficient assets on hand to properly conduct its business and address liabilities that arise from forseeable business risks (including insuring over those risks). Closing up shop so quickly like this is a big indicator, to me at least, that someone is worried about personal liability.
Laws affecting technology will always be bad until enough techies become lawyers.
This RARELY happens. Enron is an anomoly. For every Enron (e.g. a corp that gets caught), there are literally several hundreds (if not thousands) of smaller corporations that regularly and routinely fuck over both their customers and investors, and not diddley-squat ever becomes of it. No criminal prosecutions (the cops and prosecutors say "sorry, that's a civil matter, not our job"), and no civil lawsuits either since every blood-sucking lawyer who might otherwise be inclined to take on a plaintiff's case knows there's not a snowball's chance in hell of getting enough useful evidence against them in the discovery phase since the target corp will have shrewdly avoided producing as much possibly evidence that could be used against them in the first place, or will destroy any last remaining shreds of paper-trail evidence they might possess since it's extremely unlikely anything will happen to them for doing so. This is "business as usual" in most of the larger "big business" cities of the USA, like Dallas, Houston, Chicago (where you may get real dead real fast for stirring up any trouble for a "corp"), Los Angeles, etc. (but not necessarily northeastern cities like Boston or NYC where things are run the old school, way not too unlike Chicago)
When I read that a single contractor was responsible for 60 hospital websites, I thought 'he must have been a busy chap.'
I think I'll go and lie down.
"Nobody is held accountable for the actions of a corporation. The board of directors and all officers should be held personally liable."
That's really not going to work too well in a country where you still have the death penalty. Who's going to want to be a director? You are going to have to go round executing a lot of CEOs every time bridges collapse, trains crash, etc. Mind you I suppose that's what happens in China.
Though I take the point you're making in spirit. We had some train crashes in the UK over the last decade and people are left with their husbands dead, while the top bosses just say sorry and take home another pay cheque. At worst they get sacked and instantly head hunted by other companies for another stupidly high wage. Maybe a few years in prison might not be a bad idea.
I disagree. Suing individuals for a mistake like this would be revenge and would serve no other purpose than giving some people a misplaced sense of "justice". My question (largely rhetorical in nature) was more regarding the intent of suing someone rather than the purpose of any legal system. The governmental branches mostly have very lofty purposes which just as often are corrupted by the public/politicians/coroporations.
Badgers, we don't need no stinking badgers! - UHF
They will reopen after changing their name to "Virus".
The hospitals, which initially reported their breaches separately, were left with no one to sue.
A US-ian's worst nightmare, no one to sue. Do you really exist if you've no one to sue?
What you describe is of course an undesirable (to say the least) turn of events. However, I find it unlikely that there is no failsafe for this. How do you "fold" a company and what is involved? Can you dissolve a company if you know a lawsuit is coming? At what point are you unable to dissolve a company so that you lose no money?
Otherwise this seems like the perfect failsafe for any corporation when a large lawsuit is pending. Dissolve the company, reconstruct it in a new name and continue business as usual. I would think that there must be some legal problems with this approach or it would be standard operating procedure.
Badgers, we don't need no stinking badgers! - UHF
There are still partnerships, the only thing we'd need to do away with is the whole limited liability thing.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Tom Lawry, the CEO of Verus, is someone I've known for over ten years. He used to work for our healthcare organization and was one of the first people to "get it" over the Internet. He pushed for the formation of our web services team and sold the organization on making an Intranet when the whole thing was seen as a big fad.
Afterwards he went on to form his own company, but still hung around as a consultant. He wasn't particularly technical, but was very good at navigating through the political issues that often come up with organizational change. For example, switching from paper to online job applications was fairly exciting, if only getting our various regions to agree on a single form.
In later years, we had our disagreements with Tom. I wasn't too happy on how he assisted with our Internet site (his organization was starting to get into the web design business). As a person, he was always kind and thoughtful, despite his various business endeavors. He'd talk about his kid, how expensive going out to a movie in Seattle was getting, or tell stories about the Sisters from his time working at our organization (we're a Catholic healthcare organization).
We were actually just starting to sign up to use his latest product (a clinic billing system). He was partnering with our medical record system vendor and it seemed reasonably good. Fortunately we didn't have any security breaches related to this incident, but it seems to have been blind luck to some degree.
I think it's impossible for any CEO, even if they have a technical background, to be aware of every technical issue within their organization. In any complex endeavor, there's just too much going on. At this point, it seems like Tom has suffered quite a bit already. He's lost the business he's spent a decade growing. Prosecutors are looking into criminal charges. I don't know how he'll recover professionally. I'm sure he'll spend the rest of his life second-guessing what he should have done better. Hired different people? Brought in an outside auditor?
For me, it was a reminder that everything can just disappear in a flash. Cherish what you've got.
So I take it that you aren't a big believer in the old sayings "The buck stops here" and "The captain goes down with his ship"? Aren't the leaders by default responsible for their organizations? They shouldn't be held to account for unforseen criminal behavior by employees but if, for instance, lax security due to cost cutting leads to damages then yes, they are personally responsible. If business owners and execs want to be able to claim big personal profits when things goes well then they should also be personally accountable when things go very wrong.
I hate to admit it, but a few years ago I did an update on a Fedora box which renamed protocol 50 from ipv6-crypt to esp or something of the sort. Due to this, the firewall rules failed to load at startup which left the outside portion of the network completely unfirewalled instead of nearly completely firewalled.
Now ordinarily this wouldn't be a huge problem as one should reasonably hope that even an unfirewalled system is secure. And indeed, the Windows 2000 webserver we had was reasonably secure. It was up to date with all the patches and running great. The ultimate attack vector had nothing to do with lack of patches but rather an ultra-weak password. You see, someone else had an account in the administrators group with a password of 121212. With the firewall being down this account could be used to log in to the SMB shares and thus execute anything with that account's privileges.
Fortunately, the webserver had absolutely nothing to do with the rest of the network which was behind a second firewall with a totally different authentication/directory system and a different set of usernames and passwords. So the attacker was able to get access to a webserver with nothing of any interest on it. It is at that point when I began to research how the hell he got in and realized that the firewall was not firewalling anything. Later on, we decided the 121212 password on an Administrators group account was the ultimate culprit.
This just goes to show you that a break-in can happen to anybody. Granted, in this story's case, taking down a firewall on purpose to transfer some data was probably not a good idea and could/should have been avoided. But that's a mistake, not an invitation to burn the perpetrator at the stake.
Ultimately, a security failure should result in a procedural change. In our case, checking that the firewall rules installed correctly at boot became part of the checklist of things to do when upgrading that server. We also changed the passwords on the webserver and implemented several new policies. Prior to the attack, the webserver passwords were a combination of knowable information like birthdate, hire date, and part of SSN. Their purpose was to secure read-only access to a site with company policy information so it wasn't thought they needed to be highly secure. Unfortunately, all of the users were full Windows users so for all we know it might not have been the weak password on the admin account but instead an disgruntled (ex-)employee coupled with a possible privilege elevation bug. Due to this, we changed all of the user's passwords to be random and moved all of the users out of the Users group and into a group that only allowed logins to the website and not on the console.
All that for a measily webserver with some simple read-only access to data that doesn't have to be all that secure. Now consider having a web application with critical data like patient reecords and several thousand users all from different hopsitals. That's basically an accident waiting to happen. If I were a company doing that, I'd be sure to have a huge insurance policy to cover the liabilities and/or make damn sure the contracts with customers indemnified the company against lawsuits for accidental breaches.
True. I work in healthcare IT, with a large outsourcing company interestingly enough, and I've been through no fewer than 7 different forms of HIPAA training specifically related to privacy of data. At my organization, the effects of HIPAA rear their ugly head every day, from disk encryption on our laptops, to requiring encryption on all patient data that leaves the premisis to not being able to email any PHI.
I haven't seen a lot of the way of enforcement yet, but that doesn't mean it doesn't exist.
While HIPPA and all the other regs apply to the US, the medical industry and insurance companies outsource tons of data services to cheap off-shore companies that don't adhere to the regs.
With a couple of dollars and a few phone calls you can get mountains of patient data from overseas.
Hope is the currency of fools
Don't tell me - that 'single IT error' was choosing Microsoft as an OS platform..?
This Hospital had 30,000 patients data exposed. There is no mention of it in an easy, quick to find location on their website . This is 30,000 patients exposed in a town of about 40,000 people... Our local newspaper had a very, very small article on it that looked like it was written by the hospital PR person.. Good god I hate small towns..
What are we going to do tonight Brain?
This is "business as usual" in most of the larger "big business" cities of the USA, like Dallas, Houston, Chicago (where you may get real dead real fast for stirring up any trouble for a "corp"),
You're a nut. "The Firm" was a movie. As anyone who reads a newspaper can tell you, stirring up trouble for a "corp" will probably result in a large legal settlement from the "corp". Go read www.overlawyered.com
A government regulator at a former job once told me that "You can outsource the work, but not the responsibility". Those are wise words that the managers of that hospital should heed.
Companies seem to think that if they hire someone else to do the work, they are not responsible for the quality of that work.
Take Mattel - they have Chinese companies building their products, but not inspecting their work. Thanks to their lack of vendor controls, kids are choking on parts, and getting lead poisoning.
Companies need to realize that in-house IT is the only way to ensure that your internal standards are met. Outsourcing has its place, but strict quality control / vendor management policies need to be in place to ensure the work is of good quality.
-ted
That's idiotic. The "limited liability thing" is what lets corporations raise capital. It's why they work. If there is a key concept that can be said to have driven the economic development -- not to mention wealth generation -- of the last 150 years, that's probably it.
You're talking quite literally about dismantling the cornerstone of modern civilization. Talk about a cure that's worse than the disease.
Without limited liability you couldn't have stock ownership and equities trading. You wouldn't have investment. The activities currently undertaken by corporations would only be done by the most wealthy of private individuals. You would create, overnight, an aristocracy of people rich enough to control large-scale enterprises without investment, and everyone else who would be unable to do anything with their money except stuff it in a mattress. The economy -- which is the beating heart of our society -- would collapse.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
There are lots of people who'd step on each other to get a job like that. Think of it as 'economic bodyguarding.' They get a fat paycheck for sitting there and doing what their master says, unless things go bad and then they take the bullet. I could think of ways to set it up so that they'd never even really know who they were representing.
You'd get someone to carve your pound of flesh from, but it probably wouldn't ever be the person you really want.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
There are many apps that behave this way, FTP is one - using a "control" channel to send a list of ports to the originator of the connection. Of course FTP has pretty much universally adopted PASV to work around this,
But the list goes on - Veritas Netbackup, Remedy, all of them bloated shiteware of course but nonetheless widely used.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
You're talking quite literally about dismantling the cornerstone of modern civilization.
That's what I'm actively conspiring towards, I don't know about the rest of you.
-1 Uncomfortable Truth
Don't forget who the Board of Directors of most companies are -- they're the major investors. They have a lot of wealth tied up in that company's stock (sometimes also its debt). If the company goes bankrupt, they're the last ones to get anything. Generally, their shares just turned into toilet paper.
However much they had invested in the corporation, that's how much they're now out. That's a major disincentive against just firing it up and doing it again.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
That's what I'm actively conspiring towards, I don't know about the rest of you.
So I guess you're OK with that AMD or Intel-based PC you're typing on. It'll be your last.
Yeah. Because people who don't participate in corporatist capitalism have never achieved anything. Like, say, going to space.
-1 Uncomfortable Truth
I think there are a few other concepts out there...
Blar.
I was in IT for two main hospitals in the area. Family and friends have worked at pretty much all of the others, covering most of the region in terms of the top tier of medical care. I can tell you with absolute certainty that IT infrastructure was one of the last considerations on their budgets. It was so bad at my first job that we had to scavenge parts from old servers to build new ones, or take in PCs from home to run as servers. These weren't for back-end reporting, these were for critical patient care information. Allergy databases and medical library info the doctors relied on to make decisions, that type of stuff. The second hospital I worked at was also frighteningly unconcerned with their IT infrastructure. 3500+ users on a single unpatched Exchange 5.5 server, DS and IS on the same local disk volume. It made no difference that they were way out of spec with Microsoft's recommendations, it just had to run and be as cheap as possible. These were hospitals with the absolute brand newest patient care facilities, and billed themselves as the top hospitals in the world. In talking with my old coworkers, none of this has changed. IMHO, the hospitals made their own bed. If they bought medical equipment on the same abysmal budget level that they purchased their IT contracting, they'd be sued into oblivion for bad judgement. This is no different. It will take this and more breaches like this to make them realize that.
Yeah. Because people who don't participate in corporatist capitalism have never achieved anything. Like, say, going to space.
ROFL. Take a look at the percentage of GDP that was consumed by the Soviet space program, versus ours. Were you planning on accomplishing anything on Earth at the same time, by any chance?
Oh, and take a look at the computers you get from a society where self-interest is punishable by exile. Instead of bragging about how many texture units your graphics card has, you'd be complaining about the number of vacuum tubes.
Don't worry, though. Once you're out of your parents' basement, things will look a little more realistic.
The whole company collapsed on them. Do you think that isn't some kind of punishment? This was a private company, so you can guarantee that the board of directors all had a big hand in getting the company started and were all heavilly invested in it (unlike public corps, which tend to just appoint CEOs of other corps to their boards). It collapsed, and they would have lost all chance of recovering that investment. When it folded, they probably had to liquidate everything in an attempt to pay off as many of the initial startup loans as they could, but odds are there was still a lot of debt to be paid off. You make it sound like these guys are Enron execs making off like bandits, when in reality there is a pretty good chance they lost money when it collapsed. And they also lost their primary investment vehicle for making more money... and all because some stupid IT guy at the bottom somewhere was careless. I'm glad they are protected by the legal entity of a corporation, because they probably poured their hearts and souls into starting that company and making it succeed, only to have it collapse through no fault of their own because of some idiot worker. That's pretty heavy punishment for people who knowlingly did nothing wrong and were trying to do things right.
Let's be clear here... you are not liable because you are a professional engineer who owns a corporation. You are liable because you are the professional engineer that DESIGNS the product or service being sold. If you just ran the corporation and didn't do design work and sign off on designs, you wouldn't be liable. These guys ran the corporation, but they weren't the ones designing products and turning firewalls on and off. They hired someone to do that, someone who was careless and didn't do his job right. If you didn't own the corporation but were a professional engineer employed by it who designed a faulty product, you would STILL be liable, because you did the shoddy work. In short, the fact that you are held personally liable for everything coming out the door has nothing to do with your company ownership, and shouldn't. It has everything to do with the fact that you are the one making designs that are supposed to be safe, and for that reason you are held liable. You should be calling for the head of the IT guy who dangerously left a firewall down, because like you, he was the one who was in charge of making the product safe, and unlike you, was negligent.
Beware of bugs in the above code; I have only proved it correct, not tried it.
More generally, litigation just isn't the answer. The law is a blunt instrument that, in the end, usually benefits only lawyers.
o This is why we have ridiculous labels on stuff ("don't stick your fingers in the toaster", "don't give this plastic bag to your toddler", "Danger Will Robinson, danger, danger!") that do absolutely nothing to prevent tragedies and simply drive costs up for everyone.
o This is why health care is so expensive. I wouldn't be a surgeon no matter how much you paid me. The only people getting rich are the lawyers.
o And so on.
I'm not sure I have the answer, in fact I'm sure I don't. But running around suing everyone is just not the answer. If corporate liability was lifted, nobody would start a business. What's the point? You'll just be sued.
How much was consumed in cold war spending?
It's not on me to get into a debate about the efficiencies of historical systems with different problems in different environments, the point is that these technological marvels are not the sole province of modern capitalism and the corporate structure, as you insinuated.
Do you believe that we've achieved Utopia, a state beyond our capacity to surpass?
Do you think there will not be a better system that isn't a stepwise refinement, but a replacement?
This whole system is optimized towards dealing with scarcity, it uses scarcity to provide the motive force to keep people industrious, and it destroys wealth with artificial scarcity to keep that going.
We've developed the tools necessary to destroy scarcity in a wide range of sectors, but our economic systems equate "plenty for all" with "utterly worthless". That needs to stop if we're going to progress.
That means new political-economic systems with supporting infrastructure, and it's not going to build itself, and no one motivated by the love of money is going to invest because it's going to devalue everything that they have built their power upon, but it's still going to have to be done.
And when it's done, and done right, things will be markedly better than they are now, and more efficient, not less. Any group who competes the old way will lose.
And I'll miss the wintel legacy not at all, I don't imagine.
-1 Uncomfortable Truth
Of course, corporatist forces are working to abolish
personal bankruptcy. It's started with making it so
credit card companies must get paid, even after
personal bankruptcy. I think that inherited debts
and debtor's prison must be next on their agenda.
My impression, which I'll admit in advance is ill-informed, was that only a very few went to jail, and that it wasn't at all certain that the fall-guys were the one's most culpable.
Where should I look to find out otherwise?
I think we've pushed this "anyone can grow up to be president" thing too far.
"The DOJ interpreted the "knowingly" element of the HIPAA statute for criminal liability as requiring only knowledge of the actions that constitute an offense. Specific knowledge of an action being in violation of the HIPAA statute is not required."
That means that you are in violation if you were aware that someone else did something, but not that it was a violation.
By the way, violations were interpreted by our compliance officer in some very strange ways, one of which had the effect of disallowing the IT department to work on computers that held client data.
I only go to buffets for the unlimited soft serve.
I am not even an economist so I leave the squabbles about corporate blame to you experts.
I just want to know this: how long was the "private" data visible on the web? Was any of it in a crawlable form? did any of it get indexed and now lurks in cached search engine repositories?
You're talking quite literally about dismantling the cornerstone of modern civilization.
That's right folks, you heard it here first! The abdication of personal responsibility is the cornerstone of modern civilization. No wonder the world is so fucked up.
Give me Classic Slashdot or give me death!
How much was consumed in cold war spending?
.sig line. (I doubt you'd be very happy if I stuck a gun in your back and demanded your information. Let's start with your credit card number and SSN, shall we?)
Doesn't matter. All that matters is, how much is left? In our case, quite a bit. In the Soviets' case, not so much.
It's not on me to get into a debate about the efficiencies of historical systems with different problems in different environments, the point is that these technological marvels are not the sole province of modern capitalism and the corporate structure, as you insinuated.
Um, yeah, they pretty much are.
Do you believe that we've achieved Utopia, a state beyond our capacity to surpass?
Nope, but I believe that we as humans have done a heck of a lot worse, just trying to achieve Utopia.
This whole system is optimized towards dealing with scarcity, it uses scarcity to provide the motive force to keep people industrious, and it destroys wealth with artificial scarcity to keep that going. We've developed the tools necessary to destroy scarcity in a wide range of sectors, but our economic systems equate "plenty for all" with "utterly worthless". That needs to stop if we're going to progress.
I have no argument with any of that.
That means new political-economic systems with supporting infrastructure, and it's not going to build itself, and no one motivated by the love of money is going to invest because it's going to devalue everything that they have built their power upon, but it's still going to have to be done.
That, I'm not so sure of. The people who built your computer, who built your house, who deliver your newspaper, who grow your food, and who sign your paycheck aren't trying to "build a political-economic system." In fact, if you look at history, you'll see that nothing worthwhile was ever accomplished by someone trying to "build a political-economic system."
And when it's done, and done right, things will be markedly better than they are now, and more efficient, not less. Any group who competes the old way will lose.
Possibly, especially if you succeed in carrying out the threat in your
And I'll miss the wintel legacy not at all, I don't imagine.
You'll sure as heck miss the process that gave it to you.
No, actually, they haven't. How do you think we got the capital to go to space, and who designed the systems used to get there?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
The company has gone out of business. Why is there a need to sue anyone? From my reading of the article, no-one was actually harmed as a result of the security breaches. On what basis would "damages" be awarded?
The White House where the rest of them got cushy "consultant" positions.
How succinctly put. *sigh* It seems so obvious, why don't more people see it that way?
Yes, that's a rhetorical question.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton