Those excuses are wearing thin - if they ever were valid.
The consequences will be "interesting" to say the least - if attempts at new on-line specific legislation fail and off-line law - from the Bills of Exchange and sale of Goods Act onwards - is applied.
It will be even more interesting if courts continue to narrow the "innocent carrier" and "software is a product not a service" defences for that which is sold as fit for family or small firm use.
We have many allegations as to what the law is - and out of court settlements for those who have the expertise or funds to challenge those interpretations.
On Friday the EURIM Security by Design group reviewed the first draft of a paper that attempts to address some of the consequences if (or perhaps when) innocent carrier and other liability avoidance defences crumble.
It was a surprisngly constructive meeting. Those who raised problems all agreed to draft short-order material to address the problems they raise. Whether they deliver is another matter, but the sense of urgency was encouraging - or should it have been worrying?
P.S. I now have provisional answers to the five questions I raised in my blog "How real is the threat of e-crime?" They are:
1) Probably not
2) Perhaps
3) No
4) Possibly
5) Maybe
I leave you to match the answers with the questions.
A sixth question has been suggested.
6) Is it sufficient for them to seek to mandate security by design/default in new systems and in the products and services the procure?
The answer is "probably" - but sign are that many suppliers will pay lip service while activley resisting "because it is too difficult" - until forced to succumb by the pain in their wallets as customers migrate.
