See Amendment 7: "In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.".
Interestingly enough, while a jury's decision as to the facts can't be questioned in civil cases, no such language is present in Amendment 6 dealing with criminal cases.
It's only a matter for the jury if a reasonable finder of fact could find either way. If there's only one conclusion a reasonable finder of fact could come to, then the judge is allowed to rule on it.
Now, in this case the activity in question involves the digital equivalent of setting up a stand on the street-corner and offering free copies of a copyrighted work to anybody who passes by and asks for it. Making copies for yourself of something you own, that's almost certainly fair use. Handing out one or two copies to a couple of friends, that may be fair use. Making copies for complete strangers, in wholesale quantities? Not anywhere near anything traditionally considered fair use. So the judge is on solid legal ground by saying "No reasonable jury could possibly conclude this was fair use, so I'm just going to take it off the table.".
The only way fair use could have been used as a defense is by arguing "I asked my local geek to set up something so I could get at my own music from my other computers. I didn't intend it to be publicly accessible, I didn't realize he'd made it publicly accessible, and I corrected the problem as soon as I became aware of it.". But at this point making that argument's impossible.
There is in fact another: don't distribute the implicated code. If you aren't redistributing then you don't need the rights the GPL grants you merely to use the code yourself (copyright law itself grants you all the rights you need).
Replication isn't useful for backup. Having a copy of the current data is utterly useless if that data's been damaged. Replication will simply have insured that the replica is also damaged. Replication lag doesn't improve the situation either. Half of the point of backups is to be able to go back and get the data as it was 4 days, or 4 weeks, or even 4 months ago, and to be able to pick reasonably close to any arbitrary point in the past. A good backup solution will let you simultaneously deal with the file someone deleted this morning by retrieving yesterday's copy and with the software configuration change you made 2 weeks ago that now is turning out to be a nightmare and messing up your data and you need to get your old configuration back plus take the data from right before the change and re-apply the last 2 weeks' work to it.
When the carriers trot out arguments in favor of exclusivity, or ideas like this, I have just one question for them: if exclusivity is such a great incentive for innovation, when are we going to see all the neat phones with the great features that're already on the market in Asia? There and in Europe they not only don't usually have exclusivity, they don't even have the SIM-locking that US carriers make standard. Yet, in both Europe and Asia you can buy better phones with more features enabled than is typical in the US.
Well, decimal version numbers in their current form go all the way back at least to MS-DOS, so that would be 1982 (if not earlier). It used X.Y version numbers, eg. 2.1, 3.0, 3.1, with the now-common interpretation of the major versio number meaning significant new features were added and the minor version meaning fixes or enhancements to existing features but nothing major new or changed. I'm pretty sure the convention wasn't new with DOS, it probably goes back even further to the mainframe world.
They could, except that then other lienholders could scream "Preferential treatment!" and delay things or force Wells Fargo to give them preferential treatment too. Remember that if WF succeeds in this action, all those other subsidiary lienholders will end up holding worthless paper, and WF doesn't want to give them anything they can use against WF. If WF treats itself exactly the way it treats the others and follows exactly the same procedures, that takes away one thing those other lienholders can use to try and derail the proceeding.
Conventional "strong" passwords protect against someone trying to guess or brute-force the password. They're really good at this.
The problem is, few attackers try to guess or brute-force passwords anymore. It's too time-consuming and too readily detected. Most of them will try to get you to tell them the password by one means or another. Phishing e-mails, keyloggers, traffic sniffing, man-in-the-middle attacks, the whole point of all of them's to get your password directly without having to figure out what it is. And against that sort of attack, "secret" is precisely, exactly as secure as "wkL3jfo*Zle". To guard against those attacks you need to strengthen things other than the password itself. And part of what you have to harden against attack is the user themselves, which makes it unlikely you'll succeed.
I suspect this one'll get knocked down on the same grounds as the last one: it places the decision of guilt or innocence in an administrative body that isn't following judicial rules, and just handing selection of the sentence over to a judge isn't sufficient to cure that flaw. I think the only way HADOPI will fly is if their either hand the determination of guilt over to a real court or make the administrative body follow all the procedures of a real court including the presumption of innocence and placing the burden of proof on the complaintant. The proponents of HADOPI aren't going to do either, because those are exactly what HADOPI is intended to bypass.
MS's idea is nice, but it's not going to help a lot of things very much. It'll help when plug-ins and helper apps go runaway, being in a separate process they won't be able to block the browser itself. But from a security standpoint the problem isn't that those embedded objects are in the same process, it's that they have access to the same page and the DOM elements in it and the data structures of the browser itself. And that won't be solved just by putting them in their own process, not without isolating them from the rest of the page and browser to a degree that'll break a lot of Microsoft's technologies.
And what happens to SSH, VPNs, e-mail and anything that's not a Web server when Comcast sends them to Comcast's hosts instead of reporting NXDOMAIN? Simply put, the majority of the Internet relies on being told a host doesn't exist when that host doesn't exist. Comcast is breaking this.
Identification != authentication. Failure to understand that is the problem.
Take your e-mail account. Your username identifies you. Your password authenticates you. Your provider (and everyone else in the world) use your username or e-mail address to identify you or to identify who they're sending their mail to. But when you go to log on to read your mail your provider doesn't just assume that if you know who you are that you're authorized to read your e-mail. They ask for your password (which you don't give out to anybody else) to authenticate that you're really who you're claiming to be.
The basic problem is that a lot of businesses want to verify your identity, but they want to do it fast and not waste time or resources actually authenticating you. So they've taken shortcuts. And now it's biting them, and they want someone to make the problem go away. Note: they do not want to fix the problem. To quote someone, "When the users say "When I drop this bowling ball on my foot it hurts. Make it stop hurting.", they mean just that. They don't want to stop dropping the bowling ball on their foot. They want you to make it not hurt when they do.".
Not news to anyone who knows how SSN assignment works. The first three digits (region code) have always been assigned based on state (with a few exceptions for things like Railroad Retirement and military uses), and since a new region code's only assigned to a state when the old one's nearly exhausted there's usually only a short period when there's 2 regions in use for a state. The middle 2 digits (group code) have always been assigned in a strict order as groups are exhausted. And SSNs are generally only assigned at 2 times: birth, or the first time someone gets a job and has to pay taxes (usually in high school). So if you know the state and date of someone's birth and where they went to high school, it's long been known that you can narrow it down to only a small handful of possible region and group codes. The only thing this research does is extend that into the last 4 digits, and I'm not surprised they found those assigned in some order over time. If I had to guess, frankly I'd've guessed that the last 4 digits were just assigned in order starting from 0000 with a new group code being assigned around 9900.
I think Mr. Hasselton made a fundamental error in his analysis. When you ask people to self-rate how good they are at a subject, you first need to read Unskilled and Unaware of It. The research can be summed up simply: people who are not very good at X are more likely to rate themselves highly than people who truly are good at X.
Actually I think IBM's corporate continuity goes back to the late 1800s. Tabulating Machine Company was formed in 1896, and the Bundy Manufacturing Company (another of the 4 that merged to form CTR Corporation, which eventually became IBM) was founded in 1889.
Double-jeopardy protection would apply. The whole point of double-jeopardy is to prevent exactly that: a prosecutor simply repeatedly trying charges until they find one that'll stick. I heartily approve of that idea. Yes, it means people walk away when the prosecutor screws up. The problem there isn't that the people walked away, it's that the prosecutor couldn't or wouldn't take the time to sort through the case and figure out what charges really did apply before going ahead with it.
The question is, where does Amazon do business? With an insurance company, there's a salesman physically present there to sell the insurance. Phone, mail-order and now Internet you don't have a salesman there, you don't have a physical store there. So where does the sale occur? We talk about "going to" a Web site to buy, does that mean that in our view the customer goes to the site the same way they go to a store? In that case the sale would be occurring where the selling company's located, same as when someone goes to a store here in San Diego they owe city sales tax even if they live out in the county where city sales tax doesn't apply. Or is it the opposite, does the site come to the buyer in the privacy of his home? In that case there's a lot of legal questions raised. If the person isn't leaving the privacy of his home for the transaction, then the government needs warrants and probable cause for a lot of things they don't need now. The whole basis for allowing recording of things like connection IP addresses is based on the theory that it's all done in public, but if it's not then the government doesn't have nearly as many rights to monitor it without a warrant. And things like regulating gambling sites go right out the window, since if the site's located in the gambler's home then most of the laws regulating it wouldn't apply (they're based on laws regulating gambling over phone wires).
It's not just keeping track. An on-line shop is different from a brick-and-mortar store in one way: the brick-and-mortar store is only concerned with the sales tax at it's particular location. If someone from out-of-town comes into the store to buy things, the sales tax is based on where the store is, not where the buyer lives or where they're going to take the goods. The whole problem here is that the states are demanding that on-line shops not act like brick-and-mortar stores, that they care not about where they are but about where the buyer is. Imagine the havoc for a brick-and-mortar store if they had to play by the same rules, determine where the buyer lived and apply the sales-tax rules based on the buyer's address, not where the store was located. And the same issue would come up: how would you reasonably expect that store to keep track of all the sales tax rules for every place a buyer could potentially live so they can correctly calculate the tax they have to collect under those conditions?
No, it's exactly the same argument. You're saying that because I can pay a private party to calculate the sales taxes, that the government doesn't need to tell me how to calculate the sales taxes it says I'm required to remit. Even for withholding, the government will tell the company how to calculate the withholding. Most companies pay a payroll service to handle it, but the company can get all the information it needs to do it itself if it wants.
"You're required by law to pay income tax. But as the government, we're not going to show you the tax tables. We're not going to let you get the Form 1040 you're required to file. We're not going to tell you how to calculate your taxes. You'll need to pay H&R Block to do your income taxes for you. And if you object to paying them, well, you're still legally obliged to pay your taxes so tough."
IMO it's not reasonable for the government to require paying a private party to let you comply with the law. You should be able to if you want, but you should never be required to. If the state wants you to pay taxes, then the bare minimum the state is obliged to do is tell you how much tax you're required to collect and remit. If they can't do that much, then they haven't met their duty to inform you of what the law you're required to follow is.
Well, there's 50 state sales tax rates, plus thousands of county and tens if not hundreds of thousands of city sales tax rates. Plus special districts. And not all of them line up on ZIP code boundaries, in many places part of a ZIP code's inside a city (subject to city sales tax) and part is outside (exempt from city sales tax). And then you have the fun of exactly what items are taxable (and it's not binary, in many places items are classified differently by the different taxing authorities so just because an item's subject to state sales tax doesn't mean it's neccesarily subject to city sales tax). And those rules change, so just because the rules say one thing this week doesn't mean they'll say the same thing next week.
So how does a business get an authoritative answer (one it can rely on in a court of law) for any arbitrary address? And how does it get notified by all those taxing authorities when the rules it needs to follow change? One of the principles of law is that the people who have to obey the law must be able to know what they need to do to obey it, and while I see all these states making lots of noise about businesses being obligated to follow the law I don't see them setting anything up to tell those businesses what the law actually says. And it's the responsibility of the goverment involved to tell the businesses what the law requires, it's not the business's responsibility to guess at it.
And are those states going to hold Vertex/Taxware/etc. liable if they give me incorrect information? I don't think so. If the states want to require use of those third parties then the information provided should at least be legally binding on the states (ie. if Vertex gives me the wrong rate, it's Not My Problem), which as far as I can tell the states won't go fo. Plus there's the whole philosophical issue of being required to pay a private party to comply with the law because the state making the law doesn't/won't make the information available.
This is the basic reason for the traditional state of sales-tax law: that I should always be able to know what I have to do to comply with the law. Where I've got a physical presence at a location, it's reasonable to assume I know what laws apply to that location. But let's apply your proposed rule to a physical store. Is it reasonable to require that a store with only one location be required to know what the tax rules are for every location a customer may live, and to collect and remit the taxes based on the customer's home? Remember that the store doesn't do any business over the phone or by mail, but they've no way of stopping tourists from coming in while they're visiting. If it's reasonable for Internet shops, it should be equally reasonable for physical shops since they've access to exactly the same resources an Internet or mail-order operation would. And I'm sure it'd help California's budget quite a bit if every time a Californian went out-of-state on vacation CA could get the sales tax (at California rates) on everything they bought. Unreasonable you say? Why not?
And Vertex costs how much? I have a philosophical objection to a government requiring companies to pay private entities merely to enable the company to comply with the law. The law isn't like private policies, it's not something you can just decide not to follow. You should be allowed to pay someone to help with the details if you want, but you should be able to comply with the law without outside help.
If a state wants to require companies that have no physical presence in that state to collect and remit it's sales taxes, then IMO that state should be required to make available from a single location/point-of-contact the exact correct sales tax rates for every location within that state, and those rates will be deemed to be true and accurate rates in the event of any dispute.
OK then, riddle me this: what is the sales tax rate for any address in the US? Note that you can't stop at the city plus ZIP code level, in San Diego County there are ZIP codes that're partly in a city (where city sales tax applies) and partly outside the city (where city sales tax does not apply). Where can a company go to find out authoritatively what the sales tax rate is for a customer address? I don't know of any, and it's just not reasonable to require a company to pay sales tax without giving them a way to find out how much sales tax they're supposed to collect.
Slashdot Mirror
See Amendment 7: "In suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any court of the United States, than according to the rules of the common law.".
Interestingly enough, while a jury's decision as to the facts can't be questioned in civil cases, no such language is present in Amendment 6 dealing with criminal cases.
It's only a matter for the jury if a reasonable finder of fact could find either way. If there's only one conclusion a reasonable finder of fact could come to, then the judge is allowed to rule on it.
Now, in this case the activity in question involves the digital equivalent of setting up a stand on the street-corner and offering free copies of a copyrighted work to anybody who passes by and asks for it. Making copies for yourself of something you own, that's almost certainly fair use. Handing out one or two copies to a couple of friends, that may be fair use. Making copies for complete strangers, in wholesale quantities? Not anywhere near anything traditionally considered fair use. So the judge is on solid legal ground by saying "No reasonable jury could possibly conclude this was fair use, so I'm just going to take it off the table.".
The only way fair use could have been used as a defense is by arguing "I asked my local geek to set up something so I could get at my own music from my other computers. I didn't intend it to be publicly accessible, I didn't realize he'd made it publicly accessible, and I corrected the problem as soon as I became aware of it.". But at this point making that argument's impossible.
There is in fact another: don't distribute the implicated code. If you aren't redistributing then you don't need the rights the GPL grants you merely to use the code yourself (copyright law itself grants you all the rights you need).
Replication isn't useful for backup. Having a copy of the current data is utterly useless if that data's been damaged. Replication will simply have insured that the replica is also damaged. Replication lag doesn't improve the situation either. Half of the point of backups is to be able to go back and get the data as it was 4 days, or 4 weeks, or even 4 months ago, and to be able to pick reasonably close to any arbitrary point in the past. A good backup solution will let you simultaneously deal with the file someone deleted this morning by retrieving yesterday's copy and with the software configuration change you made 2 weeks ago that now is turning out to be a nightmare and messing up your data and you need to get your old configuration back plus take the data from right before the change and re-apply the last 2 weeks' work to it.
When the carriers trot out arguments in favor of exclusivity, or ideas like this, I have just one question for them: if exclusivity is such a great incentive for innovation, when are we going to see all the neat phones with the great features that're already on the market in Asia? There and in Europe they not only don't usually have exclusivity, they don't even have the SIM-locking that US carriers make standard. Yet, in both Europe and Asia you can buy better phones with more features enabled than is typical in the US.
Well, decimal version numbers in their current form go all the way back at least to MS-DOS, so that would be 1982 (if not earlier). It used X.Y version numbers, eg. 2.1, 3.0, 3.1, with the now-common interpretation of the major versio number meaning significant new features were added and the minor version meaning fixes or enhancements to existing features but nothing major new or changed. I'm pretty sure the convention wasn't new with DOS, it probably goes back even further to the mainframe world.
They could, except that then other lienholders could scream "Preferential treatment!" and delay things or force Wells Fargo to give them preferential treatment too. Remember that if WF succeeds in this action, all those other subsidiary lienholders will end up holding worthless paper, and WF doesn't want to give them anything they can use against WF. If WF treats itself exactly the way it treats the others and follows exactly the same procedures, that takes away one thing those other lienholders can use to try and derail the proceeding.
Conventional "strong" passwords protect against someone trying to guess or brute-force the password. They're really good at this.
The problem is, few attackers try to guess or brute-force passwords anymore. It's too time-consuming and too readily detected. Most of them will try to get you to tell them the password by one means or another. Phishing e-mails, keyloggers, traffic sniffing, man-in-the-middle attacks, the whole point of all of them's to get your password directly without having to figure out what it is. And against that sort of attack, "secret" is precisely, exactly as secure as "wkL3jfo*Zle". To guard against those attacks you need to strengthen things other than the password itself. And part of what you have to harden against attack is the user themselves, which makes it unlikely you'll succeed.
I suspect this one'll get knocked down on the same grounds as the last one: it places the decision of guilt or innocence in an administrative body that isn't following judicial rules, and just handing selection of the sentence over to a judge isn't sufficient to cure that flaw. I think the only way HADOPI will fly is if their either hand the determination of guilt over to a real court or make the administrative body follow all the procedures of a real court including the presumption of innocence and placing the burden of proof on the complaintant. The proponents of HADOPI aren't going to do either, because those are exactly what HADOPI is intended to bypass.
MS's idea is nice, but it's not going to help a lot of things very much. It'll help when plug-ins and helper apps go runaway, being in a separate process they won't be able to block the browser itself. But from a security standpoint the problem isn't that those embedded objects are in the same process, it's that they have access to the same page and the DOM elements in it and the data structures of the browser itself. And that won't be solved just by putting them in their own process, not without isolating them from the rest of the page and browser to a degree that'll break a lot of Microsoft's technologies.
And what happens to SSH, VPNs, e-mail and anything that's not a Web server when Comcast sends them to Comcast's hosts instead of reporting NXDOMAIN? Simply put, the majority of the Internet relies on being told a host doesn't exist when that host doesn't exist. Comcast is breaking this.
Identification != authentication. Failure to understand that is the problem.
Take your e-mail account. Your username identifies you. Your password authenticates you. Your provider (and everyone else in the world) use your username or e-mail address to identify you or to identify who they're sending their mail to. But when you go to log on to read your mail your provider doesn't just assume that if you know who you are that you're authorized to read your e-mail. They ask for your password (which you don't give out to anybody else) to authenticate that you're really who you're claiming to be.
The basic problem is that a lot of businesses want to verify your identity, but they want to do it fast and not waste time or resources actually authenticating you. So they've taken shortcuts. And now it's biting them, and they want someone to make the problem go away. Note: they do not want to fix the problem. To quote someone, "When the users say "When I drop this bowling ball on my foot it hurts. Make it stop hurting.", they mean just that. They don't want to stop dropping the bowling ball on their foot. They want you to make it not hurt when they do.".
Not news to anyone who knows how SSN assignment works. The first three digits (region code) have always been assigned based on state (with a few exceptions for things like Railroad Retirement and military uses), and since a new region code's only assigned to a state when the old one's nearly exhausted there's usually only a short period when there's 2 regions in use for a state. The middle 2 digits (group code) have always been assigned in a strict order as groups are exhausted. And SSNs are generally only assigned at 2 times: birth, or the first time someone gets a job and has to pay taxes (usually in high school). So if you know the state and date of someone's birth and where they went to high school, it's long been known that you can narrow it down to only a small handful of possible region and group codes. The only thing this research does is extend that into the last 4 digits, and I'm not surprised they found those assigned in some order over time. If I had to guess, frankly I'd've guessed that the last 4 digits were just assigned in order starting from 0000 with a new group code being assigned around 9900.
I think Mr. Hasselton made a fundamental error in his analysis. When you ask people to self-rate how good they are at a subject, you first need to read Unskilled and Unaware of It. The research can be summed up simply: people who are not very good at X are more likely to rate themselves highly than people who truly are good at X.
Actually I think IBM's corporate continuity goes back to the late 1800s. Tabulating Machine Company was formed in 1896, and the Bundy Manufacturing Company (another of the 4 that merged to form CTR Corporation, which eventually became IBM) was founded in 1889.
No, it prevents you from (among other things) being charged twice for the same act: "DOUBLE JEOPARDY - Being tried twice for the same offense; prohibited by the 5th Amendmentto the U.S. Constitution. '[T]he Double Jeopardy Clause protects against three distinct abuses: [1] a second prosecution for the same offense after acquittal; [2] a second prosecution for the same offense after conviction; and [3] multiple punishments for the same offense.' U.S. v. Halper, 490 U.S. 435, 440 (1989)."
Double-jeopardy protection would apply. The whole point of double-jeopardy is to prevent exactly that: a prosecutor simply repeatedly trying charges until they find one that'll stick. I heartily approve of that idea. Yes, it means people walk away when the prosecutor screws up. The problem there isn't that the people walked away, it's that the prosecutor couldn't or wouldn't take the time to sort through the case and figure out what charges really did apply before going ahead with it.
The question is, where does Amazon do business? With an insurance company, there's a salesman physically present there to sell the insurance. Phone, mail-order and now Internet you don't have a salesman there, you don't have a physical store there. So where does the sale occur? We talk about "going to" a Web site to buy, does that mean that in our view the customer goes to the site the same way they go to a store? In that case the sale would be occurring where the selling company's located, same as when someone goes to a store here in San Diego they owe city sales tax even if they live out in the county where city sales tax doesn't apply. Or is it the opposite, does the site come to the buyer in the privacy of his home? In that case there's a lot of legal questions raised. If the person isn't leaving the privacy of his home for the transaction, then the government needs warrants and probable cause for a lot of things they don't need now. The whole basis for allowing recording of things like connection IP addresses is based on the theory that it's all done in public, but if it's not then the government doesn't have nearly as many rights to monitor it without a warrant. And things like regulating gambling sites go right out the window, since if the site's located in the gambler's home then most of the laws regulating it wouldn't apply (they're based on laws regulating gambling over phone wires).
It's not just keeping track. An on-line shop is different from a brick-and-mortar store in one way: the brick-and-mortar store is only concerned with the sales tax at it's particular location. If someone from out-of-town comes into the store to buy things, the sales tax is based on where the store is, not where the buyer lives or where they're going to take the goods. The whole problem here is that the states are demanding that on-line shops not act like brick-and-mortar stores, that they care not about where they are but about where the buyer is. Imagine the havoc for a brick-and-mortar store if they had to play by the same rules, determine where the buyer lived and apply the sales-tax rules based on the buyer's address, not where the store was located. And the same issue would come up: how would you reasonably expect that store to keep track of all the sales tax rules for every place a buyer could potentially live so they can correctly calculate the tax they have to collect under those conditions?
No, it's exactly the same argument. You're saying that because I can pay a private party to calculate the sales taxes, that the government doesn't need to tell me how to calculate the sales taxes it says I'm required to remit. Even for withholding, the government will tell the company how to calculate the withholding. Most companies pay a payroll service to handle it, but the company can get all the information it needs to do it itself if it wants.
OK then, how does this scenario sound:
"You're required by law to pay income tax. But as the government, we're not going to show you the tax tables. We're not going to let you get the Form 1040 you're required to file. We're not going to tell you how to calculate your taxes. You'll need to pay H&R Block to do your income taxes for you. And if you object to paying them, well, you're still legally obliged to pay your taxes so tough."
IMO it's not reasonable for the government to require paying a private party to let you comply with the law. You should be able to if you want, but you should never be required to. If the state wants you to pay taxes, then the bare minimum the state is obliged to do is tell you how much tax you're required to collect and remit. If they can't do that much, then they haven't met their duty to inform you of what the law you're required to follow is.
Well, there's 50 state sales tax rates, plus thousands of county and tens if not hundreds of thousands of city sales tax rates. Plus special districts. And not all of them line up on ZIP code boundaries, in many places part of a ZIP code's inside a city (subject to city sales tax) and part is outside (exempt from city sales tax). And then you have the fun of exactly what items are taxable (and it's not binary, in many places items are classified differently by the different taxing authorities so just because an item's subject to state sales tax doesn't mean it's neccesarily subject to city sales tax). And those rules change, so just because the rules say one thing this week doesn't mean they'll say the same thing next week.
So how does a business get an authoritative answer (one it can rely on in a court of law) for any arbitrary address? And how does it get notified by all those taxing authorities when the rules it needs to follow change? One of the principles of law is that the people who have to obey the law must be able to know what they need to do to obey it, and while I see all these states making lots of noise about businesses being obligated to follow the law I don't see them setting anything up to tell those businesses what the law actually says. And it's the responsibility of the goverment involved to tell the businesses what the law requires, it's not the business's responsibility to guess at it.
And are those states going to hold Vertex/Taxware/etc. liable if they give me incorrect information? I don't think so. If the states want to require use of those third parties then the information provided should at least be legally binding on the states (ie. if Vertex gives me the wrong rate, it's Not My Problem), which as far as I can tell the states won't go fo. Plus there's the whole philosophical issue of being required to pay a private party to comply with the law because the state making the law doesn't/won't make the information available.
This is the basic reason for the traditional state of sales-tax law: that I should always be able to know what I have to do to comply with the law. Where I've got a physical presence at a location, it's reasonable to assume I know what laws apply to that location. But let's apply your proposed rule to a physical store. Is it reasonable to require that a store with only one location be required to know what the tax rules are for every location a customer may live, and to collect and remit the taxes based on the customer's home? Remember that the store doesn't do any business over the phone or by mail, but they've no way of stopping tourists from coming in while they're visiting. If it's reasonable for Internet shops, it should be equally reasonable for physical shops since they've access to exactly the same resources an Internet or mail-order operation would. And I'm sure it'd help California's budget quite a bit if every time a Californian went out-of-state on vacation CA could get the sales tax (at California rates) on everything they bought. Unreasonable you say? Why not?
And Vertex costs how much? I have a philosophical objection to a government requiring companies to pay private entities merely to enable the company to comply with the law. The law isn't like private policies, it's not something you can just decide not to follow. You should be allowed to pay someone to help with the details if you want, but you should be able to comply with the law without outside help.
If a state wants to require companies that have no physical presence in that state to collect and remit it's sales taxes, then IMO that state should be required to make available from a single location/point-of-contact the exact correct sales tax rates for every location within that state, and those rates will be deemed to be true and accurate rates in the event of any dispute.
OK then, riddle me this: what is the sales tax rate for any address in the US? Note that you can't stop at the city plus ZIP code level, in San Diego County there are ZIP codes that're partly in a city (where city sales tax applies) and partly outside the city (where city sales tax does not apply). Where can a company go to find out authoritatively what the sales tax rate is for a customer address? I don't know of any, and it's just not reasonable to require a company to pay sales tax without giving them a way to find out how much sales tax they're supposed to collect.