Yeah, it's true. If somebody stole a gun from you, in most cases you could not be held liable if they killed somebody with it later.
But most states how have explicit laws that say if something happens involving an automobile, and the actual driver of the car cannot be found, then the owner can be held liable.
It's a bogus legal concept, and doesn't apply in almost any other circumstances... but they made an exception for automobiles. Their theory is that otherwise, it is too difficult to catch people who commit crimes with automobiles. But the canonical legal principle in the US is that difficulty of enforcing the law is not a valid justification for passing otherwise unjustified laws.
"And who is "liable" is absolutely irrelevant if the person being sued is you, regardless of blame, by a corporation with billions of dollars and far better lawyers than you can afford."
No, you are still confusing the two. The person who is "liable" is the person who ends up getting held responsible... the person who has to pay the fine, go to jail, or whatever. Being sued does not make you "liable". A judgment against you, however, does.
Also, a TOS from a major cable company is a "contract of adhesion"... you can't definitively say that somebody "agreed" to it, because it was an all-or-nothing proposition, and you (one of the interested parties), never had any say about the terms. Which makes it a weak sort of contract, and in some cases judges have ruled that they are not a proper contract at all.
GP was talking about a different situation. In the particular case this is all about, sure, the guy should be liable if he knows about it and lets it happen. But that's not what the post I was replying to said.
It depends on what you mean by having "your name on it". As courts have increasingly been ruling, an IP address is not enough probable cause for either a search or a lawsuit.
Of course, if they actually have evidence that YOU did it, they may have grounds to sue. I thought it was pretty clear GP was saying they could do all those things based on mere suspicion.
Is it? Again, I disagree. In surveys, a majority of router owners had no idea how to turn on encryption. I think that is changing, but slowly.
In contrast, everybody knows how to work a combination lock on a car.
And I don't see a darned thing wrong with the car analogy. Or rather, not analogy, but comparison. Because before you can judge what is "reasonable" or not, you also have to take into account the relative damage that might be done.
A stolen car can cause injury and death. A usurped wifi connection might cost some company (IF they lose any profit at all), maybe a dollar on any given day.
Also, I used to work as a locksmith. If you think off-the shelf (or in the case of a car) factory locks are "secure", then you don't know a damned thing about locks. Most of them are ridiculously easy to either pick or circumvent.
If you want to get a keyed lock for your front door that has some kind of actual "security" to it, you will have to spend upwards of $100-$150. Far different from the $30 locks you get at the hardware store, which can be bypassed in seconds.
"But where high BW digital scopes shine is the ability to find intermittent problems in digital circuits, where the "analogness" of the circuitry is actually the matter."
That is true. What I did not say was that my own use would probably be for lower-frequency, analog signals. I guess really the right combination -- for someone like me -- would be a decent analog scope for my hobbyist stuff, and a high-frequency digital for computer work.
"No, if you are spending a fortune, then you can get a very good digital scope with bandwidth of 100MHz or more for less than $2k these days."
But that was my point. As far as I am concerned, $2k is indeed a fortune to spend for a piece of hobbyist equipment. If you are using it professionally, that is another matter.
But that doesn't work, as I already explained. It's not that the idea is unreasonable on its face, but that there are too many negative consequences that may not be obvious at first. It raises too many problems, and would make trade impractical.
For example: it probably is reasonable to expect a potential customer, from some random part of the world, to find out what laws apply to transactions at the location of the company they want to buy from. On the other hand, it is NOT reasonable to expect a company that does thousands of transactions a day to be aware of the laws of any arbitrary community, anywhere in the world, where some customer might live. There are simply too many to keep track of, and if you try to make a company liable for obeying all local laws, everywhere, they simply would not be able to sell to you. At all.
So the only workable solution is to treat it as though you, the customer, are visiting their store, wherever it may be, when you engage in a transaction over the internet. No other method actually works.
Yes, I have already been scolded over this point. I was referring to the general case, not this specific one. Which made my comments somewhat out of context. But still applicable to many situations.
I agree. I have a tendency to discuss the generalities, but this is a specific case being discussed, and in this case this guy should tell his roommate to get his own internet connection, or stop the illicit activities, or both.
And setting policies is very good advice, for any commercial -- or even private -- shared arrangement.
I disagree. It is very much foreseeable that if you leave your keys in your car, it could be stolen. And courts have, in fact, ruled at times that people who left their keys in the car could have foreseen the outcome and shared liability for the consequences.
The problem here is in the word "reasonable". What is a "reasonable" duty of care?
If it isn't "reasonable" to demand that people have at least combination-lock security on their cars to prevent the remote possibility of unnecessary DEATHS, then it isn't reasonable to expect people to use advanced encryption technology to prevent the remote possibility of a few cents' loss of theoretical profit to some strange company you never even knew existed.
"Principles" are not necessarily related to actuality at any given time. Principles get violated all the time... that doesn't mean that they don't exist.
Yes, that's true. I was speaking of generalities but in the particular case described, the owner would have some liability because it can be said the use was authorized.
"You are giving the same definition as mellon but acting like you are contradicting him."
No, mellon was trying to contradict ME, when mellon was in fact wrong about my understanding of the word "liable". And to be honest, I am not sure mellon truly understands what it means, or he would not have used the word "blame", which is completely irrelevant to liability.
"... the right to not incriminate yourself is only for criminal cases and this would be a civil case..."
Actually, this is not true (see the Wikipedia entry on 5th Amendment).
You still have the absolute right to remain silent, and to not implicate yourself. HOWEVER, there are 2 important things to remember about this: (1) some civil cases are treated like criminal cases in regard to the 5th Amendment, and (2) in those that don't while you can still plead the 5th, it can be considered to be evidence against you.
On the other hand, presumed evidence is generally not as strong as actual physical evidence, so if you are guilty, you are probably still better off pleading the 5th.
"What good would full hard disk encryption do against a copyright lawsuit? The judge would order you to decrypt the data... "
No. The judge would not, because he has no legal power to do so. They can only do that when they ALREADY KNOW, beyond reasonable doubt, that there is illegal material in the encrypted data. They cannot force you to give up passwords or decrypt data for a mere fishing expedition or discovery.
Standard disclaimer: IANAL. But I do know something about this particular legal topic.
The only exception I am aware of so far in the US is one of a man who was going through customs while coming back into the United States. Note that customs inspections at the border are an exception to most search laws: they can do things they could not normally do to a citizen just going about his business elsewhere.
So, this man's computer was turned on but in a sleep condition. His encryption software was running, making an encrypted part of his disk accessible. When a customs agent checked the computer, he woke it up, looked at some files in the encrypted directory (which he is legally authorized to do... it was right there in the open), and found some child pornography. He showed his partner.
The man somehow gained physical control of the computer and turned it off, which of course also shut down the encryption software. When the computer was restarted, the encrypted area was not accessible without a password.
In this case -- and ONLY this case -- the judge ruled that the man had to turn over his password, because they already knew, beyond reasonable doubt, that there was illegal material in his encrypted data.
This parallels a situation in which, say, you have things in a strong, secure safe at home. Let's say, hypothetically, you are suspected of trading guns illegally with drug dealers in Mexico. The police come in with a warrant authorizing them to look for illegal guns. They find the safe and suspect that you have money, profits from your illegal gun trade, in that safe. But the safe is far too small to hold the kind of guns you are accused of dealing in.
The police do not have legal authority to force you to open that safe, nor does a judge have the legal authority to force you to give them the combination. It might, I suppose, be legal for them to guess the combination or to non-destructively open the safe some other way, but they cannot force you to give up the combination because that is a violation of the 5th Amendment, which states that you cannot be compelled to testify against yourself. And that is the difference.
You see, in the first case, the man could not be said to be incriminating himself for committing a crime... he had ALREADY been incriminated. In the second case, the man would be incriminating himself by giving up the combination to the safe... which the 5th Amendment says he cannot be compelled to do.
So, to summarize: unless they already have proof that you have illegal material in your encrypted data, even the courts cannot force you to decrypt it, or surrender your password.
That's what I said! Some (most?) states have declared that the owner of an automobile is liable for its use, IF the actual perpetrator cannot be found.
But that applies ONLY to automobiles, and as I said before, that concept is on pretty shaky legal grounds.
"It is reasonable that the owner of the internet connection had a duty of care to protect others from financial harm by his connection."
I think you have a pretty funny definition of "reasonable". How much difficulty should one have to go through, for example, to prevent someone from stealing your car and running over his ex-wife? If you leave the keys in the car, are you liable? How about an alarm with a combination lock? Would you count that as reasonable?
But wait... many people could not afford to have those put on their old cars, or know how to do it themselves. So is it actually reasonable?
But you are saying that somebody should be compelled to use advanced encryption technology in order to block the remote possibility that a neighbor would "borrow" the equipment, and cause the loss of A FEW PENNIES of profit to some company in a far-off state???
If someone breaks into my house and steals a gun from me, I am not liable for their subsequent use of that gun. If they murder somebody with it, it's their problem, not mine.
Otherwise, it's blaming the victim for the crime... which is 100% against the legal principles of this country.
That's still nothing but intimidation. They can't legally make you secure your router! Nor can they try to hold you responsible if there is reason to believe someone else did it... unsecured router or not!
They were bullying you. Nothing more. Nothing less. And you fell for it.
Yeah, it's true. If somebody stole a gun from you, in most cases you could not be held liable if they killed somebody with it later.
But most states how have explicit laws that say if something happens involving an automobile, and the actual driver of the car cannot be found, then the owner can be held liable.
It's a bogus legal concept, and doesn't apply in almost any other circumstances... but they made an exception for automobiles. Their theory is that otherwise, it is too difficult to catch people who commit crimes with automobiles. But the canonical legal principle in the US is that difficulty of enforcing the law is not a valid justification for passing otherwise unjustified laws.
But states did it anyway. Sigh. It figures.
"And who is "liable" is absolutely irrelevant if the person being sued is you, regardless of blame, by a corporation with billions of dollars and far better lawyers than you can afford."
No, you are still confusing the two. The person who is "liable" is the person who ends up getting held responsible... the person who has to pay the fine, go to jail, or whatever. Being sued does not make you "liable". A judgment against you, however, does.
Also, a TOS from a major cable company is a "contract of adhesion"... you can't definitively say that somebody "agreed" to it, because it was an all-or-nothing proposition, and you (one of the interested parties), never had any say about the terms. Which makes it a weak sort of contract, and in some cases judges have ruled that they are not a proper contract at all.
GP was talking about a different situation. In the particular case this is all about, sure, the guy should be liable if he knows about it and lets it happen. But that's not what the post I was replying to said.
It depends on what you mean by having "your name on it". As courts have increasingly been ruling, an IP address is not enough probable cause for either a search or a lawsuit.
Of course, if they actually have evidence that YOU did it, they may have grounds to sue. I thought it was pretty clear GP was saying they could do all those things based on mere suspicion.
Is it? Again, I disagree. In surveys, a majority of router owners had no idea how to turn on encryption. I think that is changing, but slowly.
In contrast, everybody knows how to work a combination lock on a car.
And I don't see a darned thing wrong with the car analogy. Or rather, not analogy, but comparison. Because before you can judge what is "reasonable" or not, you also have to take into account the relative damage that might be done.
A stolen car can cause injury and death. A usurped wifi connection might cost some company (IF they lose any profit at all), maybe a dollar on any given day.
Also, I used to work as a locksmith. If you think off-the shelf (or in the case of a car) factory locks are "secure", then you don't know a damned thing about locks. Most of them are ridiculously easy to either pick or circumvent.
If you want to get a keyed lock for your front door that has some kind of actual "security" to it, you will have to spend upwards of $100-$150. Far different from the $30 locks you get at the hardware store, which can be bypassed in seconds.
"But where high BW digital scopes shine is the ability to find intermittent problems in digital circuits, where the "analogness" of the circuitry is actually the matter."
That is true. What I did not say was that my own use would probably be for lower-frequency, analog signals. I guess really the right combination -- for someone like me -- would be a decent analog scope for my hobbyist stuff, and a high-frequency digital for computer work.
"No, if you are spending a fortune, then you can get a very good digital scope with bandwidth of 100MHz or more for less than $2k these days."
But that was my point. As far as I am concerned, $2k is indeed a fortune to spend for a piece of hobbyist equipment. If you are using it professionally, that is another matter.
But that doesn't work, as I already explained. It's not that the idea is unreasonable on its face, but that there are too many negative consequences that may not be obvious at first. It raises too many problems, and would make trade impractical.
For example: it probably is reasonable to expect a potential customer, from some random part of the world, to find out what laws apply to transactions at the location of the company they want to buy from. On the other hand, it is NOT reasonable to expect a company that does thousands of transactions a day to be aware of the laws of any arbitrary community, anywhere in the world, where some customer might live. There are simply too many to keep track of, and if you try to make a company liable for obeying all local laws, everywhere, they simply would not be able to sell to you. At all.
So the only workable solution is to treat it as though you, the customer, are visiting their store, wherever it may be, when you engage in a transaction over the internet. No other method actually works.
Yes, I have already been scolded over this point. I was referring to the general case, not this specific one. Which made my comments somewhat out of context. But still applicable to many situations.
I agree. I have a tendency to discuss the generalities, but this is a specific case being discussed, and in this case this guy should tell his roommate to get his own internet connection, or stop the illicit activities, or both.
And setting policies is very good advice, for any commercial -- or even private -- shared arrangement.
"IN the cases above they are not foreseeable."
I disagree. It is very much foreseeable that if you leave your keys in your car, it could be stolen. And courts have, in fact, ruled at times that people who left their keys in the car could have foreseen the outcome and shared liability for the consequences.
The problem here is in the word "reasonable". What is a "reasonable" duty of care?
If it isn't "reasonable" to demand that people have at least combination-lock security on their cars to prevent the remote possibility of unnecessary DEATHS, then it isn't reasonable to expect people to use advanced encryption technology to prevent the remote possibility of a few cents' loss of theoretical profit to some strange company you never even knew existed.
"Principles" are not necessarily related to actuality at any given time. Principles get violated all the time... that doesn't mean that they don't exist.
Yes, that's true. I was speaking of generalities but in the particular case described, the owner would have some liability because it can be said the use was authorized.
"You are giving the same definition as mellon but acting like you are contradicting him."
No, mellon was trying to contradict ME, when mellon was in fact wrong about my understanding of the word "liable". And to be honest, I am not sure mellon truly understands what it means, or he would not have used the word "blame", which is completely irrelevant to liability.
I understand. I simply meant to illustrate a real-world example of a "decrease in the rate of growth" being called an actual "decrease".
"... the right to not incriminate yourself is only for criminal cases and this would be a civil case..."
Actually, this is not true (see the Wikipedia entry on 5th Amendment).
You still have the absolute right to remain silent, and to not implicate yourself. HOWEVER, there are 2 important things to remember about this: (1) some civil cases are treated like criminal cases in regard to the 5th Amendment, and (2) in those that don't while you can still plead the 5th, it can be considered to be evidence against you.
On the other hand, presumed evidence is generally not as strong as actual physical evidence, so if you are guilty, you are probably still better off pleading the 5th.
"What good would full hard disk encryption do against a copyright lawsuit? The judge would order you to decrypt the data... "
No. The judge would not, because he has no legal power to do so. They can only do that when they ALREADY KNOW, beyond reasonable doubt, that there is illegal material in the encrypted data. They cannot force you to give up passwords or decrypt data for a mere fishing expedition or discovery.
Standard disclaimer: IANAL. But I do know something about this particular legal topic.
The only exception I am aware of so far in the US is one of a man who was going through customs while coming back into the United States. Note that customs inspections at the border are an exception to most search laws: they can do things they could not normally do to a citizen just going about his business elsewhere.
So, this man's computer was turned on but in a sleep condition. His encryption software was running, making an encrypted part of his disk accessible. When a customs agent checked the computer, he woke it up, looked at some files in the encrypted directory (which he is legally authorized to do... it was right there in the open), and found some child pornography. He showed his partner.
The man somehow gained physical control of the computer and turned it off, which of course also shut down the encryption software. When the computer was restarted, the encrypted area was not accessible without a password.
In this case -- and ONLY this case -- the judge ruled that the man had to turn over his password, because they already knew, beyond reasonable doubt, that there was illegal material in his encrypted data.
This parallels a situation in which, say, you have things in a strong, secure safe at home. Let's say, hypothetically, you are suspected of trading guns illegally with drug dealers in Mexico. The police come in with a warrant authorizing them to look for illegal guns. They find the safe and suspect that you have money, profits from your illegal gun trade, in that safe. But the safe is far too small to hold the kind of guns you are accused of dealing in.
The police do not have legal authority to force you to open that safe, nor does a judge have the legal authority to force you to give them the combination. It might, I suppose, be legal for them to guess the combination or to non-destructively open the safe some other way, but they cannot force you to give up the combination because that is a violation of the 5th Amendment, which states that you cannot be compelled to testify against yourself. And that is the difference.
You see, in the first case, the man could not be said to be incriminating himself for committing a crime... he had ALREADY been incriminated. In the second case, the man would be incriminating himself by giving up the combination to the safe... which the 5th Amendment says he cannot be compelled to do.
So, to summarize: unless they already have proof that you have illegal material in your encrypted data, even the courts cannot force you to decrypt it, or surrender your password.
That's what I said! Some (most?) states have declared that the owner of an automobile is liable for its use, IF the actual perpetrator cannot be found.
But that applies ONLY to automobiles, and as I said before, that concept is on pretty shaky legal grounds.
And that's only THEORETICAL loss, by the way. There is no proof that there would ever have been a sale, so even that is entirely speculative.
"It is reasonable that the owner of the internet connection had a duty of care to protect others from financial harm by his connection."
I think you have a pretty funny definition of "reasonable". How much difficulty should one have to go through, for example, to prevent someone from stealing your car and running over his ex-wife? If you leave the keys in the car, are you liable? How about an alarm with a combination lock? Would you count that as reasonable?
But wait... many people could not afford to have those put on their old cars, or know how to do it themselves. So is it actually reasonable?
But you are saying that somebody should be compelled to use advanced encryption technology in order to block the remote possibility that a neighbor would "borrow" the equipment, and cause the loss of A FEW PENNIES of profit to some company in a far-off state???
"Reasonable", my lily white ass.
You glaringly left out: authorized use.
If someone breaks into my house and steals a gun from me, I am not liable for their subsequent use of that gun. If they murder somebody with it, it's their problem, not mine.
Otherwise, it's blaming the victim for the crime... which is 100% against the legal principles of this country.
No, "liable" means you can be HELD responsible and accountable, no matter who did it. It has nothing to do with blame. Look it up.
That kind of attitude is EXACTLY what lets them get away with this intimidation and harassment bullshit.
If you don't want to stand up for your own rights, at least get the hell out of the way and let other people do it.
That's still nothing but intimidation. They can't legally make you secure your router! Nor can they try to hold you responsible if there is reason to believe someone else did it... unsecured router or not!
They were bullying you. Nothing more. Nothing less. And you fell for it.