How responsible is the vendor of a crypto-enabled product?
Roy M. Silvernail
roy at scytale.com
Thu Feb 15 13:49:14 PST 2001
I got into an interesting conversation today. Here's the question: if
a vendor rolls out a net-enabled product that features a crypto-
secured interface, what kind of liability do they face if the interface
security is breached? In particular, we were discussing machine
controls and the recent incident where it was discovered that one
manufacturer was fielding a GPIB control card with TCP/IP
Ethernet and no security at all.
If a net-connected and secured machine were hacked and death or
personal injury resulted, does that make the manufacturer an
accessory to manslaughter? Would having a provably good (or
provably bad) security layer mitigate this?
--
Roy M. Silvernail
Proprietor, scytale.com
roy at scytale.com
More information about the cypherpunks-legacy
mailing list