[linux-elitists] class-action fun

Rick Bradley roundeye@roundeye.net
Fri Sep 21 11:55:04 PDT 2001


I've been bouncing this idea off people in my local LUG-land and it's
generated some interest.  Basically it's an idea about a class for a
class-action suit and the basis for a negligence claim:

Form a class of people who:

A - use Microsoft products and lost data or incurred downtime due to 
   infections from CR*/Nimda


B  - do not use Microsoft products but incurred downtime or lost data 
   due to CR*/Nimda

Sue Microsoft for negligence.

"But they issued patches for these exploits," you say.

Yes, but they kept selling freshly pressed OS CD's that were still
defective.  I.e., they refused to recall and re-press product that
they acknowledged (presumably this is where the lawyer would argue
about "reasonable consumers" or some such) through patches and
advisories was defective.

This is akin to Ford recalling Explorers, providing replacement tires
to anyone who wants them, but putting Firestones on anything that
leaves the showroom.

Sounds like negligence to me (...hence the <IANAL> bracketing of the
whole message since I'm pretty much a moron).

Issues that immediately come to mind:

 - The shrink-wrap license on Windows is a get-out-of-jail free card.

    -> a class A suit would be testing the validity of shrink-wrap licenses

    -> a class B suit would completely dodge the shrink-wrap issue since
       they never agreed to the license terms

    -> this split would mean that a sickeningly vicious and dirty set of 
       class-action attorneys would have to argue the case (forgive me for 
       being redundant)

 - Such a suit would affect any software manufacturer selling shrink-wrap

   -> Yes, but only the negligent ones (sorry, and I write software for
      a living so I should know better)

   -> or:  Yes, but should manufacturers of software be exempted from pulling
      boxes off the shelves when auto makers, meat packers, and toy
      manufacturers have to issue costly recalls?

   -> Network-installed OS's don't have a recall issue.  This still leaves
      RedHat et al out to dry, but future shrink-wrapped installs could go get
      updates upon installation.  The attractiveness of a class suit against
      RH (e.g.) over current and past actions is much lower than that of an MS 
      suit (one advantage to riding the rocky road this far I suppose).

 - One could argue that the analogy between Firestones and Windows is faulty
   since Windows doesn't kill people (well, so long as they're not on a WinNT
   battleship or on Windows-based life support or ...).

   -> I would be surprised if it couldn't be successfully argued that a 
      product is defective even though noone dies from its use.

 - Is this or is it not a good precedent to set?

   -> Well, is it?

 - Another possible criterion for class membership would be expense incurred 
   due to bandwidth costs on bill/traffic lines 

   -> I've already encountered a few people who are in such situations and have 
      logs showing massive Nimda and Code Red traffic

   -> one guy has 55,000 logged Nimda hits on one of his colo'd servers, and I 
      believe that's unique combined hits (i.e., at ~16 requests per hit), easy 
      enough to verify).



 Mostly useless pseudo-random number: 839
 Rick Bradley - http://xns.org/=rick@eastcore.net  (94 F)

More information about the linux-elitists mailing list