First, Whoever you go with, read the terms and conditions before you sign up. They do differ, and if you're in the US, your protection against unfair contract terms is very weak indeed (by the standards I'm used to). A couple of hours patient and careful reading (using a photocopier to blow the small print up to A3 helps lots) and comparison will pay dividends. It's rarely harder to understand than source code, and usually a lot easier.
If there's anything you don't understand, that's what lawyers are for (and, incidentally, pitching up with a prepared list of questions will endear you no end to your lawyer and take quite a lot off the bill.).
Second, If you're in the UK, or for that matter anywhere in the EU that has already implemented the Data Protection Directive (I think everywhere has), then you have an obligation to make sure (no further than asking, nicely, for a warranty that this is so) that the card supplier has proper data protection in place.
I've had more than a couple of these across my desk in the last three months, and most of them refer to the last Data Protection Act (the 1984 one now nearly completely defunct) and none at all - prior my ministrations - spoke at all of the need for someone in the relationship to take care of the obligation to process data fairly.
As usual, this is general advice - and on the first point about as general and obvious as "don't forget to eat, sleep and breathe" - not specific recommendations for your circumstances (which I'm almost certainly not licensed to give in your jurisdiction). Anyone daft enough to rely on stuff they find on the web when making decisions that might cost them money or liberty is probably dim enought to try suing in spite of a clear disclaimer, so I'm not really sure why I bother with this.
Now I've seen the judgment (and how refreshing it is to be able to get at interlocutory judgments - they're not a matter of public record in the UK, more's the pity) I think the original news story was spin of a fairly pernicious sort.
Essentially, what Garbus was alleging was that the judge's former firm had acted for the plaintiff (and probably not at the time the judge was a partner there) and that the judge had heard a rumour about Garbus some years before he was appointed to the bench.
That last, I have to say, would disqualify two thirds of the judges in the world from hearing any case. Contrary to popular opinion, there aren't that many lawyers around. It's a small world and we squabble like cats in a sack: I could pass on rumours about half the senior counsel in London ranging from the mildly scurrilous to the outright defamatory (and the funniest one of all is absolutely true: I had it from the horse's mouth, albeit the version the Telegraph published was embellished to the point of libel)
The point is that the mere fact that a judge had heard a rumour about counsel doesn't matter a damn. In a few years, some college contemporaries of mine may well start making it to the junior end of the bench: am I to ask them to withdraw from a case because they happen to have seen me get drunk, throw up in the Cherwell and start singing Mam'zelle from Armentieres?
I will pass carefully over my opinion of the defence's conduct as disclosed in the recital of facts Kaplan prefaces his judgment with.
I think what's annoying people here is that the added links are not explicitly credited to the site: it would be easy to get the impression if not forewarned that the original poster had added that link.
This is OK as far as it goes, but some people don't want their names put to someone else's advertising, a reasonable enough desire. As I see it there are two ways around it:-
Put a message in big bold letters at the top saying that Deja has added some links and they're marked as such and the original author ain't responsible; or
Move the links into a TD at the side somewhere under a heading like "links we think you might want to follow after reading this" (OK, I'm a lawyer, not a copywriter)
The first would get them around the PR problem, and would probably bring the copyright problem into fair use (or at least near enough thereto to make it a dicey proposition to sue) and the second would get them round both at a slight cost in screen space and seamlessness.
There you're stepping from ethics into morality. The plain fact of the matter is that it wouldn't do a jot of good: anything I told the police would be inadmissible in evidence, albeit that it might well help prevent a crime. I have to wonder whether, though, just how serious a crime would have to be to outweigh the prospect of me and my three kids not having a regular salary coming in.
It's probably worth pointing out that if a client tries to involve me in a crime, he can't claim privilege at all, which is how the money laundering regulations get away with it.
I'm given to understand, as well, that family law practitioners are allowed to take discreet action to prevent harm to children, but since I don't practice in that field (nor, gods willing, will I ever, since it's harrowing stuff) I don't know the details.
On the same subject Lawyers *are* required to contact the authorities if their client has threatened to commit another crime...
Balls. Were I to violate client privilege in that manner, I would quite rightly have to hand back my practising certificate.
The correct form is to advise the client, strongly not to be so damned stupid, and if he persists, you are unable in proper professional conduct to defend him in any way that suggests he is innocent.
That is, you can attack the prosecution case to demonstrate that he is, by the high standard required of a criminal prosecution, Not Guilty, but you can't plead alibi, advance any evidence on his behalf tending to suggest that he did not commit the crime or take part in his giving evidence in his own defence.
If he insists that you do so, you apply to the court to come off the record stating that privilege prevents you from saying why: the judge gets the message even if he didn't by reason of the way the defence was going.
The reason journalists can't use this privilege absent statute (in the form of "shield laws") is that the common law of lawyer-client privilege was developed in the days before newspapers really got going.
Dunno what the New York Bar's like, but my rules of professional conduct wouldn't allow me to act for the employee on the employer's instruction if there was any possibility of a cut-throat defence (as in "Not Guilty, Yer 'Onner, on account of the other villain in court with me done it instead")
Maybe, just maybe, if there was an agreement between the employer and employee that the employer would reimburse my bill come hell or high water, and the employee was my client with no waiver of privilege in favour of the employer, we'd be OK.
But otherwise, Mr Penenburg needs separate representation.
As NMerriam puts it, there are rights but they aren't secured in all jurisdictions. Here in the UK there's some limited protection for journalists who don't want to divulge, but the main protection is the practical protection of not wanting to annoy several thousand professional dirt-diggers
IANAUSQL, but I had understood that there was some jurisprudence to the effect that a journalist wasn't a compellable witness in relation to his sources of newsgathering, on the grounds that making it difficult for the press to gather news (by reducing the willingness of sources to talk to the press) amounted to a breach of the First Amendment.
I've commented elsewhere under this heading about the forensic disadvantages of compelling a journalist to take the stand and swear as to the truth of a story without demanding he divulge his sources.
I do wonder why they want him to simply testify that his story is true. If a federal criminal courtroom works the way an english one does, the right to cross-examine accrues to the party opposing the one calling the witness. So where they get his article "read in" to the oral testimony (as otherwise it's inadmissible hearsay) it allows the defence to cross-examine and have a crack at his journalistic credibility. Not pleasant for friend journo, but damaging to the prosecution.
Maybe they're hoping to get him on the stand as a hostile witness, which allows the party calling the witness to question him as though cross-examining, with leading questions. In the course of which, of course, they destroy his credibility with the jury, since if the prosecution case has to rest on someone who plainly doesn't want to give evidence, the jury aren't going to like it.
And this is before the public-relations disaster incurred by hauling a journalist onto the stand in (real or virtual) irons.
No, what they're after is disclosure of his sources, and against that I believe (without for one minute knowing, since I ain't licensed to practice in any US jurisdiction, let alone a federal court) there is some protection in federal law.
He either needs a lawyer or to resign himself to journalistic martyrdom.
I'm surprised that the judge in question didn't step down immediately it was brought to his attention. As Kenrod states in other words, the principle is that justice must not only be done, it must be seen to be done: the least appearance of partiality on the part of the judge requires that he relinquish the matter to another tribunal.
Damn it, if a judge of the UK House of Lords has to step down from hearing Pinochet's case because he has a publicly-declared commitment to human rights, then a judge with known issues of conflict with one of the counsel appearing before him ought to relinquish the matter to some other member of the bench.
I'm not sure about the past retainer with Time Warner, though. I'd say that one was covered by the ordinary rules of the professional game: every judge in a common-law jurisdiction will have some kind of past practice, and unless he was in-house counsel, I don't think the retainer amounts to evidence of actual commitment to them. Is it alleged that he had conduct of matters for them, or was just a partner at the time?
It's not a question of converting anything into a legal document: it's a useful source of additional evidence, though, if the owners let it be used that way. Short of new legislation, though, they're under no positive duty to help someone trying to sue a site owner.
In practice (and this goes for more or less all of the legal world) you can get evidence of what was at a given site by traditional methods with only a little bit of technology. It's not outside the rules of evidence for a witness to stand up in court and say, on oath, that he saw such-and-such on a site one day.
Indeed, that's how nearly all documentary evidence goes in unless both sides agree it's kosher: someone has to stand up, swear in as a witness and say on oath that a particular document came into existence in the form it is in before the court on the date written at the top, etc..
Producing a hard-copy of the offending page with someone to swear he downloaded it on the date shown at the bottom and printed it out would be quite enough, without having to go pester someone who wasn't a party to the action.
And this is before you get discovery of the other side's HDD and run some undeleting software on it. That's been done in a couple of decided cases and certainly the UK courts are happy with it provided the party doing it wheels a geek in as expert witness (and you guys are among the cheapest expert witnesses going: sharpen up, OK?) to reassure the judge there's no jiggery-pokery involved. I've got a case on at the moment where we've done just that.
I'm told your version is the "laughter" test - if, at the first interlocutory hearing, the judge laughs at you, maybe you ought to revisit your pleading.
The motion you're talking about sounds like our own "Motion to strike out as disclosing no reasonable cause of action."
The new version, as of 26th April last year, is the CPR Part 24 application to strike out as "having no reasonable prospect of success at trial", which is washing a lot of speculative claims out of the system at a very early stage (my personal record is eleven weeks, and it would have been three weeks less if I hadn't gone on holiday in the middle of it).
I think at this point, though, we're in danger of using/. as a private email service to talk a completely different shop to the one that's actually intended here.
Roughly what I was thinking when I drew the Rylands v. Fletcher analogy (and you can tell the practitioner from the student here, can't you? I never cite a damned thing and you're still boned up with authorities for the exams).
Yes, the authorities on dangerous property all involve risks of physical damage. Put the DoS business before a judge and he's going to be acutely conscious that he's striking out for as-yet uncharted waters.
I'm after an approach to the problem that passes the "sniff test": that is, if I plead this in a case, would I, on taking someone like (say) Master Turner at the Royal Courts of Justice through that pleading at a case management hearing, hear, about halfway through my carefully-honed advocacy, that little judicial sniff that says more eloquently than any words could "I don't fancy your chances at trial with this, Mr. Dennis".
And, this being the UK, we don't have juries in civil trials. (In theory we can, but no-one's bothered since about 1935). And, if your jargon means what I think it means, the UK is a "joint and several liability" state. That is, liability between joint defendants as joint tortfeasors is joint and several and contribution is settled in proceedings to which the claimant isn't party - he can enforce against either for the full amount of the judgment.
What's a 3L Law Student? That is, I know what a Law Student is (I was one once) but what does 3L mean?
I hope they don't map the UK internet topology, that information is the property of the companies that set it up, and would be covered by the Data Protection Act 1998. Possibly.
Or possibly not. The DPA '98 covers information held by data controllers about data subjects or from which data subjects might be identified, where:
Data controllers are any persons or corporations who handle data, defined as any organised body of information whether held on a computer or not held other than for purely private purposes, and
Data subjects are, basically, anything with two arms, two legs, a pulse and a current or future right to vote. And, er, given current law on the franchise, the royal family and people currently sectioned under the Mental Health Act.
(The foregoing definitions are rather more colloquial than the ones the Act uses, but they'll do for present purposes).
Basically, mapping information on.uk net topology will not come within the Act unless information about individuals forms part of that (eg. as a result of copying scads and scads of whois info.)
For the record, I am a lawyer, and the foregoing is not offered as specific advice for your specific circumstances. This is: don't base decisions that could cost you money or liberty on/. postings. Take advice from a lawyer who's acting specifically for you.
Good points. On the other tentacle, what about the argument that script kiddies are like rats? A natural part of the web ecology, destructive and lacking in any moral sense (at least until they grow up, if they ever do)?
On that analysis their actions, being predictable consequences of poor security arising from creatures that are not moral agents, are something that the administrator of the compromised system should be responsible for preventing.
The argument about a scope-sighted rifle is a straw man. Nobody would expect someone to do that sort of thing to a domestic fuel supply; expecting the owner to guard against it is unreasonable. On the other hand, in a neighbourhood full of kids, it is reasonable to expect him to keep the thing locked up so the little buggers can't play with it. (Example from a real case: a bus depot didn't lock its gates at night, and had petrol lying about the place unsecured. Kids got in and began playing a game involving molotov cocktails, and dropping lit matches into buses' fuel tanks.)
Essentially, the argument is whether the risk of script kiddie attack is sufficiently foreseable that an owner ought to guard against it.
We've got something very similar in the UK as well, albeit that the Occupiers' Liability Acts rather negate the possible line of defence that the attractant wasn't visible from a lawful place.
Thing is, those occupiers' liability cases are more about the owner's liability where the kids get themselves hurt: what I want to get at is the owner's liability for what the kids do to others once they're in.
This, though, is probably a more useful analogy than my shot from the Rylands. v. Fletcher angle: rather than maintaining something dangerous, what we're looking at here is liability for something that attracts children of known propensity and capacity for damage. Since that risk is obvious, there ought to be liability for failure to take account of it? Discuss.
Good points. On the other tentacle, what about the argument that script kiddies are like rats? A natural part of the web ecology, destructive and lacking in any moral sense (at least until they grow up, if they ever do)?
On that analysis their actions, being predictable consequences of poor security arising from creatures that are not moral agents, are something that the administrator of the compromised system should be responsible for preventing.
Nice points, but it's worth considering that in at least one recent case (96, if memory serves), a landowner was held liable for poor physical security that allowed vandals to break in and open the valves on a tank of toxic chemical that proceeded to escape (they didn't have a proper bund around the tank either) and pollute a stream in, if memory serves, Wales.
Anyway, I think a distinction can be drawn between your analogy and the vulnerable box, and it's one that was used by the court in the pollution case I mentioned above.
It's this: residential burglary is a fairly rare crime, media scare stories to the contrary, and in breaking in and using the phone the burglar didn't get access to anything he couldn't have done in a public phone booth.
The important thing there is that your example is of a low-probability occurrence which doesn't significantly enhance the criminal's capability over what he would have had anyway.
The vulnerable box is going to get found by script kiddies. They can automate their search for vulnerable systems and they're like rats in a grain warehouse on the net: there's thousands of the little bleeders.
By cracking a system that's got special access privileges, or passwords and the like stored on it, they gain access to things they wouldn't otherwise have had. It's as if your hypothetical burglars broke in, found an unsecured firearm, and went out and shot someone with it.
Because the probability is high and the potential harm obvious, surely there ought to be some obligation on the owner of a system to make sure he was ratproof?
Perhaps Bert would be regarded as a victim, though, if he could show he was totally reliant on Al.
Thing is, you see, that there's pretty much no decided authority on this anywhere (or at least that I've been able to find) so until there is, we're both right.
What I'm trying to get at here is a "sniff test" - what answer "feels right" to the community as a whole?
OK, here's something to discuss, but first some background:
In the real world (ie. the UK - I understand the US follows this one mostly), if you have something dangerous on your land and it escapes to a neighbouring piece of land, you have to pay for the damage. The case that set this rule was Rylands v. Fletcher, in which the owner of a badly-maintained reservoir got taken to court by the neighbour he flooded out.
Also in the real world, if you sell a product that doesn't do something the customer can reasonably expect it to do, you're liable for some or all (depending on circumstances) of the harm that results.
Bearing in mind those radically simplified statements of the law, consider the following:
Al installs unspecified OS on Bert's box, which is connected to the net.
Bert's box now has all the security features of a public lavatory
When Script Kiddies Attack (coming soon on a low-rent cable channel near you!), Bert's box gets thoroughly reamed out in all manner of entertaining and costly-to-Bert's-business ways.
Having got into Bert's box, one of the Script Kiddies manages to use that route - either learning a password, or pretending to be Bert - to get into Charlie's (one of Bert's customers, or something) box, and plays merry hell with it in all manner of entertaining and costly-to-Bert's-business ways.
Got all that? Now, applying your skill and knowledge of what a responsible and prudent owner of a box-connected-to-the-net and a responsible and prudent installer of OSs and software on such boxes ought to know and do, give your opinion as to the following propositions:
By maintaining a seriously leaky box, Bert ought to be liable to Charlie on the same principles as the owner of the reservoir in Rylands v. Fletcher was, save that we're applying that principle to the net rather than the real world; and
Al is liable for the whole sorry mess as he ought to have made the system more secure to start with.
No, I don't have a case on these facts running at the moment. Yes, I think proposition 1. is more interesting - 2. is pretty much a no-brainer as far as I'm concerned - as it might be a stick with which to beat management into paying for better security.
Ignore license disclaimers for present purposes.
Other interesting background: failure to keep personal data adequately secured against unauthorised access is potentially a criminal offence here in the UK, and it can certainly get you on the wrong end of nastiness from the Data Protection Registrar.
Nah. OK, so they've got them of a size that means you don't need about fifteen just to make a decent hors d'oeuvre, but they're not going to taste any different.
Friend rodent, alas, invariably tastes too gamey for me, even if he's farm-reared. Although barbecued rabbit has its moments, and with enough tandoori paste you can eat anything.
Without wishing to endorse Mr Montoya's tone (although I get like that sometimes) I think there's a valid point there.
A properly-developed business budgets for the legal and administrative side of things: a business that tries to do it any other way is stuffed and mounted before it begins. The entire world of commerce works because it adheres to the rules of commercial law with its various local variations. If you haven't factored that into your planning - or hired someone to factor it in - any success you might achieve will be more by good luck than good management.
You might consider selling your product on a one-to-one basis as a consultant or team of consultants, charging for the service of going in and setting up the system with whatever modifications the client needs.
But before you do it, go back to your business plan (you have got a business plan, haven't you?) and reworking it to include some good advice.
How to get that advice? Well, most places there are small business advice centres (get in touch if you're in the UK and I'll give you some phone numbers) who offer free advice and sometimes grant funding. Use that to get yourself off the ground properly.
Otherwise, your local lawyers' professional association (state bar association in the US, Law Society in the UK, don't know about elsewhere) will be able to draw up a shortlist for you. Get competing quotes for prices from the lawyers, and take the decision based on how much the lawyer impressed you at first meeting rather than on price alone.
I'm a lawyer too. The above is entirely correct, and I endorse it (like hawk, I recommend you see a local lawyer if you want specific legal advice.
A point specific to UK law that Mr. Hawkins has missed, being a US lawyer: the Data Protection Act, and its parent legislation, the EU Data Protection Directive.
At least one of the dot.coms referred to was UK based (boo.com) and had (or ought to have had - I'm too idle to go check www.dpr.gov.uk) a Data Protection Register entry.
What the Act says is (gross over-simplification comin' up) that dealing in any data that can identify a human being without a registration, in breach of the limits to your registration or in breach of the principles of fair data processing is a criminal offence: this applies in the UK and in any part of the EU that has enacted the Data Protection Directive into law.
One of the principles of fair data processing is that the processing of data must be on the terms that were notified to the subject when the data were collected. In other words, in the UK privacy policies are binding.
(There are also civil remedies, but s.11 "Right to Prevent Data Processing for Direct Marketing" isn't in force yet. Damn.)
I much suspect that Action Will Be Taken shortly, albeit that this will amount to bolting the stable door with the horse accelerating toward the horizon.
It's the same here. Any damn' fool with a Claim Form can start an action at law, and frequently does.
The way it'll work is this:
Smith takes his claim form, bearing particulars of spurious claim, to the court office for issue.
Smith serves the resulting sealed Claim Form (we don't call 'em writs any more) on Nike.
Nike's lawyer falls off his chair laughing, doesn't trouble to draft a defence, and makes an application pursuant to Part 3.4/Part 24 of the Civil Procedure Rules that the claim be struck out as disclosing no reasonable cause of action, or having no reasonable prospect of success at trial. The court has power to strike it out of its own motion as well, but this is reserved for the people who (real example) sue Prince Phillip for telepathically projecting his libidinous thoughts into their heads.
Not less than 24 hours before the hearing, which will probably be listed within a couple of weeks or so, Nike's lawyer files a statement of costs at court, setting out in detail everything he's spent on the case so far. He also sends a copy to Smith.
At the hearing, Nike wins. Costs follow the event (ie., it's not just easy for a UK judge to order a losing party to pay the winner's costs, it's all but mandatory) and are assessed by the judge on the basis of Nike's statement of costs. Basically, Smith is ordered to pay Nike's legal costs less some small margin so's the judge (in practice, a district judge or practice master rather than a full judge) can crack on like he cared how much it cost.
Net result: Smith loses his case in somewhere less than three months (the record is, I believe, 9 days) and has 14 days to pay Nike what, for a no-brainer like this, should be around 1500 pounds sterling.
A lot of posters have been angrily pointing out that - in various ways - if the good lord had not intended consumers shorn, he would not have created them sheep.
While there is some truth in that, it's worth bearing in mind that dishonest marketing enables an unscrupulous trader to take market share from the decent and honest merchants that people of discernment, distinction and intelligence (such as are to be found posting here) would prefer to deal with.
Losing market share yet not wanting to sell at a loss, those decent and honest merchants must needs raise their prices in proportion to their loss of economies of scale.
Hence, what the FTC is doing is protecting you, the smart consumer, from the financial and market consequences of the stupidity of the herd.
"...Outrage greeted the announcement today of a mission entitled "Project Mayflower" to the so-called New World. Several experts came forward to point out that the Atlantic had already been crossed and re-crossed several times by the Portuguese and Spanish. Other commentators observed that with Europe recovering from recent bloody conflicts, the money might be better spent on relieving..."
... and so on, and so forth. Fair go to the Indians if they want to stretch their aerospace capabilities - whatever the wisdom of the particular mission selected.
Meantime, I can't help feeling that this particular development is being oversold - when all's said and done the actual news is of one group of (albeit senior) figures flying a kite to get some funding for a mission in maybe five years' time. They haven't even got as far as a formal proposal yet.
Slashdot Mirror
On two points:
First, Whoever you go with, read the terms and conditions before you sign up. They do differ, and if you're in the US, your protection against unfair contract terms is very weak indeed (by the standards I'm used to). A couple of hours patient and careful reading (using a photocopier to blow the small print up to A3 helps lots) and comparison will pay dividends. It's rarely harder to understand than source code, and usually a lot easier.
If there's anything you don't understand, that's what lawyers are for (and, incidentally, pitching up with a prepared list of questions will endear you no end to your lawyer and take quite a lot off the bill.).
Second, If you're in the UK, or for that matter anywhere in the EU that has already implemented the Data Protection Directive (I think everywhere has), then you have an obligation to make sure (no further than asking, nicely, for a warranty that this is so) that the card supplier has proper data protection in place.
I've had more than a couple of these across my desk in the last three months, and most of them refer to the last Data Protection Act (the 1984 one now nearly completely defunct) and none at all - prior my ministrations - spoke at all of the need for someone in the relationship to take care of the obligation to process data fairly.
As usual, this is general advice - and on the first point about as general and obvious as "don't forget to eat, sleep and breathe" - not specific recommendations for your circumstances (which I'm almost certainly not licensed to give in your jurisdiction). Anyone daft enough to rely on stuff they find on the web when making decisions that might cost them money or liberty is probably dim enought to try suing in spite of a clear disclaimer, so I'm not really sure why I bother with this.
Now I've seen the judgment (and how refreshing it is to be able to get at interlocutory judgments - they're not a matter of public record in the UK, more's the pity) I think the original news story was spin of a fairly pernicious sort.
Essentially, what Garbus was alleging was that the judge's former firm had acted for the plaintiff (and probably not at the time the judge was a partner there) and that the judge had heard a rumour about Garbus some years before he was appointed to the bench.
That last, I have to say, would disqualify two thirds of the judges in the world from hearing any case. Contrary to popular opinion, there aren't that many lawyers around. It's a small world and we squabble like cats in a sack: I could pass on rumours about half the senior counsel in London ranging from the mildly scurrilous to the outright defamatory (and the funniest one of all is absolutely true: I had it from the horse's mouth, albeit the version the Telegraph published was embellished to the point of libel)
The point is that the mere fact that a judge had heard a rumour about counsel doesn't matter a damn. In a few years, some college contemporaries of mine may well start making it to the junior end of the bench: am I to ask them to withdraw from a case because they happen to have seen me get drunk, throw up in the Cherwell and start singing Mam'zelle from Armentieres?
I will pass carefully over my opinion of the defence's conduct as disclosed in the recital of facts Kaplan prefaces his judgment with.
I think what's annoying people here is that the added links are not explicitly credited to the site: it would be easy to get the impression if not forewarned that the original poster had added that link.
This is OK as far as it goes, but some people don't want their names put to someone else's advertising, a reasonable enough desire. As I see it there are two ways around it:-
The first would get them around the PR problem, and would probably bring the copyright problem into fair use (or at least near enough thereto to make it a dicey proposition to sue) and the second would get them round both at a slight cost in screen space and seamlessness.
Thoughts?
There you're stepping from ethics into morality. The plain fact of the matter is that it wouldn't do a jot of good: anything I told the police would be inadmissible in evidence, albeit that it might well help prevent a crime. I have to wonder whether, though, just how serious a crime would have to be to outweigh the prospect of me and my three kids not having a regular salary coming in.
It's probably worth pointing out that if a client tries to involve me in a crime, he can't claim privilege at all, which is how the money laundering regulations get away with it.
I'm given to understand, as well, that family law practitioners are allowed to take discreet action to prevent harm to children, but since I don't practice in that field (nor, gods willing, will I ever, since it's harrowing stuff) I don't know the details.
Balls. Were I to violate client privilege in that manner, I would quite rightly have to hand back my practising certificate.
The correct form is to advise the client, strongly not to be so damned stupid, and if he persists, you are unable in proper professional conduct to defend him in any way that suggests he is innocent.
That is, you can attack the prosecution case to demonstrate that he is, by the high standard required of a criminal prosecution, Not Guilty, but you can't plead alibi, advance any evidence on his behalf tending to suggest that he did not commit the crime or take part in his giving evidence in his own defence.
If he insists that you do so, you apply to the court to come off the record stating that privilege prevents you from saying why: the judge gets the message even if he didn't by reason of the way the defence was going.
The reason journalists can't use this privilege absent statute (in the form of "shield laws") is that the common law of lawyer-client privilege was developed in the days before newspapers really got going.
Dunno what the New York Bar's like, but my rules of professional conduct wouldn't allow me to act for the employee on the employer's instruction if there was any possibility of a cut-throat defence (as in "Not Guilty, Yer 'Onner, on account of the other villain in court with me done it instead")
Maybe, just maybe, if there was an agreement between the employer and employee that the employer would reimburse my bill come hell or high water, and the employee was my client with no waiver of privilege in favour of the employer, we'd be OK.
But otherwise, Mr Penenburg needs separate representation.
As NMerriam puts it, there are rights but they aren't secured in all jurisdictions. Here in the UK there's some limited protection for journalists who don't want to divulge, but the main protection is the practical protection of not wanting to annoy several thousand professional dirt-diggers
IANAUSQL, but I had understood that there was some jurisprudence to the effect that a journalist wasn't a compellable witness in relation to his sources of newsgathering, on the grounds that making it difficult for the press to gather news (by reducing the willingness of sources to talk to the press) amounted to a breach of the First Amendment.
I've commented elsewhere under this heading about the forensic disadvantages of compelling a journalist to take the stand and swear as to the truth of a story without demanding he divulge his sources.
I do wonder why they want him to simply testify that his story is true. If a federal criminal courtroom works the way an english one does, the right to cross-examine accrues to the party opposing the one calling the witness. So where they get his article "read in" to the oral testimony (as otherwise it's inadmissible hearsay) it allows the defence to cross-examine and have a crack at his journalistic credibility. Not pleasant for friend journo, but damaging to the prosecution.
Maybe they're hoping to get him on the stand as a hostile witness, which allows the party calling the witness to question him as though cross-examining, with leading questions. In the course of which, of course, they destroy his credibility with the jury, since if the prosecution case has to rest on someone who plainly doesn't want to give evidence, the jury aren't going to like it.
And this is before the public-relations disaster incurred by hauling a journalist onto the stand in (real or virtual) irons.
No, what they're after is disclosure of his sources, and against that I believe (without for one minute knowing, since I ain't licensed to practice in any US jurisdiction, let alone a federal court) there is some protection in federal law.
He either needs a lawyer or to resign himself to journalistic martyrdom.
I'm surprised that the judge in question didn't step down immediately it was brought to his attention. As Kenrod states in other words, the principle is that justice must not only be done, it must be seen to be done: the least appearance of partiality on the part of the judge requires that he relinquish the matter to another tribunal.
Damn it, if a judge of the UK House of Lords has to step down from hearing Pinochet's case because he has a publicly-declared commitment to human rights, then a judge with known issues of conflict with one of the counsel appearing before him ought to relinquish the matter to some other member of the bench.
I'm not sure about the past retainer with Time Warner, though. I'd say that one was covered by the ordinary rules of the professional game: every judge in a common-law jurisdiction will have some kind of past practice, and unless he was in-house counsel, I don't think the retainer amounts to evidence of actual commitment to them. Is it alleged that he had conduct of matters for them, or was just a partner at the time?
It's not a question of converting anything into a legal document: it's a useful source of additional evidence, though, if the owners let it be used that way. Short of new legislation, though, they're under no positive duty to help someone trying to sue a site owner.
In practice (and this goes for more or less all of the legal world) you can get evidence of what was at a given site by traditional methods with only a little bit of technology. It's not outside the rules of evidence for a witness to stand up in court and say, on oath, that he saw such-and-such on a site one day.
Indeed, that's how nearly all documentary evidence goes in unless both sides agree it's kosher: someone has to stand up, swear in as a witness and say on oath that a particular document came into existence in the form it is in before the court on the date written at the top, etc..
Producing a hard-copy of the offending page with someone to swear he downloaded it on the date shown at the bottom and printed it out would be quite enough, without having to go pester someone who wasn't a party to the action.
And this is before you get discovery of the other side's HDD and run some undeleting software on it. That's been done in a couple of decided cases and certainly the UK courts are happy with it provided the party doing it wheels a geek in as expert witness (and you guys are among the cheapest expert witnesses going: sharpen up, OK?) to reassure the judge there's no jiggery-pokery involved. I've got a case on at the moment where we've done just that.
I'm told your version is the "laughter" test - if, at the first interlocutory hearing, the judge laughs at you, maybe you ought to revisit your pleading.
The motion you're talking about sounds like our own "Motion to strike out as disclosing no reasonable cause of action."
The new version, as of 26th April last year, is the CPR Part 24 application to strike out as "having no reasonable prospect of success at trial", which is washing a lot of speculative claims out of the system at a very early stage (my personal record is eleven weeks, and it would have been three weeks less if I hadn't gone on holiday in the middle of it).
I think at this point, though, we're in danger of using /. as a private email service to talk a completely different shop to the one that's actually intended here.
Roughly what I was thinking when I drew the Rylands v. Fletcher analogy (and you can tell the practitioner from the student here, can't you? I never cite a damned thing and you're still boned up with authorities for the exams).
Yes, the authorities on dangerous property all involve risks of physical damage. Put the DoS business before a judge and he's going to be acutely conscious that he's striking out for as-yet uncharted waters.
I'm after an approach to the problem that passes the "sniff test": that is, if I plead this in a case, would I, on taking someone like (say) Master Turner at the Royal Courts of Justice through that pleading at a case management hearing, hear, about halfway through my carefully-honed advocacy, that little judicial sniff that says more eloquently than any words could "I don't fancy your chances at trial with this, Mr. Dennis".
And, this being the UK, we don't have juries in civil trials. (In theory we can, but no-one's bothered since about 1935). And, if your jargon means what I think it means, the UK is a "joint and several liability" state. That is, liability between joint defendants as joint tortfeasors is joint and several and contribution is settled in proceedings to which the claimant isn't party - he can enforce against either for the full amount of the judgment.
What's a 3L Law Student? That is, I know what a Law Student is (I was one once) but what does 3L mean?
Or possibly not. The DPA '98 covers information held by data controllers about data subjects or from which data subjects might be identified, where:
(The foregoing definitions are rather more colloquial than the ones the Act uses, but they'll do for present purposes).
Basically, mapping information on .uk net topology will not come within the Act unless information about individuals forms part of that (eg. as a result of copying scads and scads of whois info.)
For further info, see The Data Protection Registry Site generally.
For the record, I am a lawyer, and the foregoing is not offered as specific advice for your specific circumstances. This is: don't base decisions that could cost you money or liberty on /. postings. Take advice from a lawyer who's acting specifically for you.
Good points. On the other tentacle, what about the argument that script kiddies are like rats? A natural part of the web ecology, destructive and lacking in any moral sense (at least until they grow up, if they ever do)?
On that analysis their actions, being predictable consequences of poor security arising from creatures that are not moral agents, are something that the administrator of the compromised system should be responsible for preventing.
The argument about a scope-sighted rifle is a straw man. Nobody would expect someone to do that sort of thing to a domestic fuel supply; expecting the owner to guard against it is unreasonable. On the other hand, in a neighbourhood full of kids, it is reasonable to expect him to keep the thing locked up so the little buggers can't play with it. (Example from a real case: a bus depot didn't lock its gates at night, and had petrol lying about the place unsecured. Kids got in and began playing a game involving molotov cocktails, and dropping lit matches into buses' fuel tanks.)
Essentially, the argument is whether the risk of script kiddie attack is sufficiently foreseable that an owner ought to guard against it.
We've got something very similar in the UK as well, albeit that the Occupiers' Liability Acts rather negate the possible line of defence that the attractant wasn't visible from a lawful place.
Thing is, those occupiers' liability cases are more about the owner's liability where the kids get themselves hurt: what I want to get at is the owner's liability for what the kids do to others once they're in.
This, though, is probably a more useful analogy than my shot from the Rylands. v. Fletcher angle: rather than maintaining something dangerous, what we're looking at here is liability for something that attracts children of known propensity and capacity for damage. Since that risk is obvious, there ought to be liability for failure to take account of it? Discuss.
Good points. On the other tentacle, what about the argument that script kiddies are like rats? A natural part of the web ecology, destructive and lacking in any moral sense (at least until they grow up, if they ever do)?
On that analysis their actions, being predictable consequences of poor security arising from creatures that are not moral agents, are something that the administrator of the compromised system should be responsible for preventing.
Nice points, but it's worth considering that in at least one recent case (96, if memory serves), a landowner was held liable for poor physical security that allowed vandals to break in and open the valves on a tank of toxic chemical that proceeded to escape (they didn't have a proper bund around the tank either) and pollute a stream in, if memory serves, Wales.
Anyway, I think a distinction can be drawn between your analogy and the vulnerable box, and it's one that was used by the court in the pollution case I mentioned above.
It's this: residential burglary is a fairly rare crime, media scare stories to the contrary, and in breaking in and using the phone the burglar didn't get access to anything he couldn't have done in a public phone booth.
The important thing there is that your example is of a low-probability occurrence which doesn't significantly enhance the criminal's capability over what he would have had anyway.
The vulnerable box is going to get found by script kiddies. They can automate their search for vulnerable systems and they're like rats in a grain warehouse on the net: there's thousands of the little bleeders.
By cracking a system that's got special access privileges, or passwords and the like stored on it, they gain access to things they wouldn't otherwise have had. It's as if your hypothetical burglars broke in, found an unsecured firearm, and went out and shot someone with it.
Because the probability is high and the potential harm obvious, surely there ought to be some obligation on the owner of a system to make sure he was ratproof?
Perhaps Bert would be regarded as a victim, though, if he could show he was totally reliant on Al.
Thing is, you see, that there's pretty much no decided authority on this anywhere (or at least that I've been able to find) so until there is, we're both right.
What I'm trying to get at here is a "sniff test" - what answer "feels right" to the community as a whole?
OK, here's something to discuss, but first some background:
In the real world (ie. the UK - I understand the US follows this one mostly), if you have something dangerous on your land and it escapes to a neighbouring piece of land, you have to pay for the damage. The case that set this rule was Rylands v. Fletcher, in which the owner of a badly-maintained reservoir got taken to court by the neighbour he flooded out.
Also in the real world, if you sell a product that doesn't do something the customer can reasonably expect it to do, you're liable for some or all (depending on circumstances) of the harm that results.
Bearing in mind those radically simplified statements of the law, consider the following:
Got all that? Now, applying your skill and knowledge of what a responsible and prudent owner of a box-connected-to-the-net and a responsible and prudent installer of OSs and software on such boxes ought to know and do, give your opinion as to the following propositions:
No, I don't have a case on these facts running at the moment. Yes, I think proposition 1. is more interesting - 2. is pretty much a no-brainer as far as I'm concerned - as it might be a stick with which to beat management into paying for better security.
Ignore license disclaimers for present purposes.
Other interesting background: failure to keep personal data adequately secured against unauthorised access is potentially a criminal offence here in the UK, and it can certainly get you on the wrong end of nastiness from the Data Protection Registrar.
Nah. OK, so they've got them of a size that means you don't need about fifteen just to make a decent hors d'oeuvre, but they're not going to taste any different.
Friend rodent, alas, invariably tastes too gamey for me, even if he's farm-reared. Although barbecued rabbit has its moments, and with enough tandoori paste you can eat anything.
Without wishing to endorse Mr Montoya's tone (although I get like that sometimes) I think there's a valid point there.
A properly-developed business budgets for the legal and administrative side of things: a business that tries to do it any other way is stuffed and mounted before it begins. The entire world of commerce works because it adheres to the rules of commercial law with its various local variations. If you haven't factored that into your planning - or hired someone to factor it in - any success you might achieve will be more by good luck than good management.
You might consider selling your product on a one-to-one basis as a consultant or team of consultants, charging for the service of going in and setting up the system with whatever modifications the client needs.
But before you do it, go back to your business plan (you have got a business plan, haven't you?) and reworking it to include some good advice.
How to get that advice? Well, most places there are small business advice centres (get in touch if you're in the UK and I'll give you some phone numbers) who offer free advice and sometimes grant funding. Use that to get yourself off the ground properly.
Otherwise, your local lawyers' professional association (state bar association in the US, Law Society in the UK, don't know about elsewhere) will be able to draw up a shortlist for you. Get competing quotes for prices from the lawyers, and take the decision based on how much the lawyer impressed you at first meeting rather than on price alone.
Or you could try yellow pages...
I'm a lawyer too. The above is entirely correct, and I endorse it (like hawk, I recommend you see a local lawyer if you want specific legal advice.
A point specific to UK law that Mr. Hawkins has missed, being a US lawyer: the Data Protection Act, and its parent legislation, the EU Data Protection Directive.
At least one of the dot.coms referred to was UK based (boo.com) and had (or ought to have had - I'm too idle to go check www.dpr.gov.uk) a Data Protection Register entry.
What the Act says is (gross over-simplification comin' up) that dealing in any data that can identify a human being without a registration, in breach of the limits to your registration or in breach of the principles of fair data processing is a criminal offence: this applies in the UK and in any part of the EU that has enacted the Data Protection Directive into law.
One of the principles of fair data processing is that the processing of data must be on the terms that were notified to the subject when the data were collected. In other words, in the UK privacy policies are binding.
(There are also civil remedies, but s.11 "Right to Prevent Data Processing for Direct Marketing" isn't in force yet. Damn.)
I much suspect that Action Will Be Taken shortly, albeit that this will amount to bolting the stable door with the horse accelerating toward the horizon.
A UK lawyer writes...
It's the same here. Any damn' fool with a Claim Form can start an action at law, and frequently does.
The way it'll work is this:
Net result: Smith loses his case in somewhere less than three months (the record is, I believe, 9 days) and has 14 days to pay Nike what, for a no-brainer like this, should be around 1500 pounds sterling.
A lot of posters have been angrily pointing out that - in various ways - if the good lord had not intended consumers shorn, he would not have created them sheep.
While there is some truth in that, it's worth bearing in mind that dishonest marketing enables an unscrupulous trader to take market share from the decent and honest merchants that people of discernment, distinction and intelligence (such as are to be found posting here) would prefer to deal with.
Losing market share yet not wanting to sell at a loss, those decent and honest merchants must needs raise their prices in proportion to their loss of economies of scale.
Hence, what the FTC is doing is protecting you, the smart consumer, from the financial and market consequences of the stupidity of the herd.
As such, their action is to be applauded.
... and so on, and so forth. Fair go to the Indians if they want to stretch their aerospace capabilities - whatever the wisdom of the particular mission selected.
Meantime, I can't help feeling that this particular development is being oversold - when all's said and done the actual news is of one group of (albeit senior) figures flying a kite to get some funding for a mission in maybe five years' time. They haven't even got as far as a formal proposal yet.
Mileage may, naturally, vary.
Copy M$ EULA? And have their *lawyers* do you for copyright violation as well?
The remainder of your points are insightful stuff, but I don't have any moderation points about my person at the moment. Hint.