CNET también está disponible en español.

Ir a español

Don't show this again


Should we sue Microsoft if we're hacked?

If your car is stolen, does that give you the right to sue Ford? If your house is burgled, can you sue the window company?

A House of Lords science and technology committee has proposed software firms should pay up if their customers fall victim to e-crime. In other words, if a piece of software has security flaws that lead to you being hacked, having your identity stolen, or otherwise screwed over, you'd be able to sue its makers.

The peers' report says it is no longer "realistic" to expect Joe Public to be responsible for his own security because the conmen are too sophisticated and "outfox" them. Chairman Lord Broers explained: "We feel many of the organisations profiting from Internet services now need to take their share of the responsibility. That includes the IT industry and the software vendors, the banks and Internet traders, and the internet service providers."

I for one think it'll never work. The proposals are well-meaning, but there's not a 'kite mark' in the world that can make the Internet a completely safe place. If your credit card details are cloned it's very difficult to say whether that specific incident was the fault of your operating system, Internet browser, ISP, some random piece of spyware, or Joe Public simply giving them away to a Nigerian scam artist.

Think about it this way: if your car is stolen, despite having an immobiliser, does that give you the right to sue Ford? If your house is burgled, despite you having locked all the doors and windows, does that give you the right to sue the glazer? If you get mugged in the street, should you sue the police?

Don't get me wrong, I agree with the Lords on some level. IT companies should be held accountable if they willingly let users on to a system with known vulnerabilities, or if they fail to fix vulnerabilities quickly enough. But nobody in the world can guarantee that a piece of software is, and will stay, secure. As long as there are crooks in the world, there will be victims.

Personally, I think the key lies with education. Millions more should be spent teaching people about electronic identity theft and Web safety. Yes, software companies should be doing more to protect us, but safety starts at home.