Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999-q3

NFR Wizards Archives: Re: Legal Issues with hosting Ecommerce s

Re: Legal Issues with hosting Ecommerce sites

Christopher C. Petro (petroatypon.com)
Fri, 27 Aug 1999 15:06:00 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Paul D. Robertson: "(no subject)"
Previous message: Steven M. Bellovin: "(no subject)"

>>>
>> Hello, everyone. I am looking for information on regulation,statutes,
>> etc., that address a company's liability when providing a service
>> without adequate security.
>> For example, a Web-hosting company is hosting multiple commerce
>> servers for third-party companies. Does anybody have any idea of the

When you say Web-hosting, do you mean Virtual Domains on a
specific machine, or Co-located servers?

Those are IMO very different beasts.

>> liability incurred by the Web Hosting company should the servers
>> integrity be compromised and any financial losses occur? Any
>> resources, (links, whitepapers, etc...) would be greatly
>appreciated!

IANAL, but IMO if your "e-business" <spit spit!> is worth
anything, buy your own box, hire your own security and colo it.

Never trust someone else to protect your money. They don't
care nearly as much about it as you do.

>If the company hosting the sites were compromised, it would be a case of
>what was the breech in security, was it preventable with certain measures
>and what the companies disclaimer covers.

Or what the Judge and Jury decides their disclaimer covers.

>If the integrity of a hosting company were to be compromised, and I was the
>a customer, I would see if the breech was due to malpractice or not. But
>what is malpractice and what is necessary means of security, is a grade of
>shay darker than the question, what is adequate security?

There is no security problem on the internet. It was never
designed to be secure. The problem is people who think it is or can
be. (Someone famous said something very similar).
>
>I think e-commerce, security and other online laws need to be brought in
>with some tighter definitions.

We've already got enough laws. theft is theft. Trespassing is
Trespassing, and negligence is still negligence even on the net.

>As for references, you may need to seek a good lawyer (if you are the
>hosting company) ;-)

And hire an honest security company to audit you every couple months.

>Ensure that contracts are clear who is at fault if a breech in security
>occurs!

Can you use the words "Clear" and "Contract" in the same sentence?

>This '|' is not a pipe

This isn't english.

-- We have only come here seeking knowledge Things they would not teach us of in college.--The Police

http://www.atypon.com petroatypon.com

Next message: Paul D. Robertson: "(no subject)"
Previous message: Steven M. Bellovin: "(no subject)"

This archive was generated by hypermail 2.0b3 on Sat Aug 28 1999 - 03:27:35 CDT