[ballenf]

My take is this message was written by and for lawyers. As in, this is a coded message from Symantec to Google regarding the basis of damages upon which they will sue Google if Google doesn't backtrack.

The snarky comments were probably not meant as snarky, they just happen to be the basis upon which one can seek damages from a 3rd party for damaging your business or costing you customers.

I would guess that Symantec's lawyers and O-level execs are in deep discussions whether to sue regardless of Google's follow-up actions or retraction.

Not saying a lawsuit would help them, but they are laying the groundwork for it here to keep their options open. And send a message to Google's legal team.

Will be very interesting to see where this goes. Really hope for everyone's sake it doesn't go to court because it will just end up being a tax on users in the end (both Google's and Symantec's).

[bubblethink]

How would there be any grounds for a lawsuit ? The browser is free to implement whatever set of features it wants. Not trusting a specific CA is just a feature (or a bug), whichever way you look at it. A CA is just providing a service on the web. A service can't sue a browser for not supporting the service. Symantec is free to create its own browser that trusts its CA.

[otterley]

I could see a cause of action based on a libel theory or tortious interference with business affairs. Not sure it'd prevail, but there's possibly a prima facie case there.

[tankenmate]

The question is, was there a contract signed? A verbal contract? Is there an implied contract? Tortious interference?

[dadrian]

Antitrust

[rblatz]

Can Symantec really sue google for no longer trusting them after issuing fraudulent google certs? Additionally even if they didn't and google just didn't like Symantec and decided to no longer trust them, would Symantec have any real case if they sued? I'd think not, google owes Symantec nothing.

[lazulicurio]

IANAL, but it seems that one could make a passable argument for tortious interference[1]. Google isn't just affecting their B2B relationship with Symantec, they're using their share in the browser market to affect Symantec's relationship with Symantec's customers.

[1] https://en.m.wikipedia.org/wiki/Tortious_interference

[caf]

That cuts both ways, Symantec is using their share in the certificate market to affect Google's relationship with their customers.

[lazulicurio]

I'm supportive of Google in this fight, but I really don't think Google would have an argument to counter-sue. Tortious interference isn't just having an effect on the relationship, you also need to have an actual tort involved. In this case Symantec could argue that Google was exaggerating the negative PR, and Symantec would probably have an easier time proving damages (from customers leaving due to their certificates being phased out). I'm not sure what tort Google could claim in response that Symantec performed. Maybe issuing the unauthorized test certificates for Google's domains? (some sort of fraud?) But IM(NAL)O that's a tough sell.

[stordoff]

I'd argue that by advertising browser compatibility[1], meeting the browser trust requirements is implicitly part of the business relationship, thus Google enforcing them does not give rise to tortious interference. (FWIW, I studied English law, but that was some years ago and I am largely unfamiliar with tortious interference)

[1] "브라우저 호환성 99.9%" http://www.crosscert.com/symantec/02_0_00.jsp

[ryanmarsh]

If so I can't wait to see what comes out during discovery. My gut tells me Symantec will not come out smelling like roses.

[Manishearth]

It doesn't even really have to do with google certs per se, it has to do with certs in general and the situation probably would not be different if the bad certs had nothing to do with google.

There are rules for inclusion in Google's cert store, and those rules were broken IIRC.

[chillydawg]

Even if they sued and won, google could pay any damages out of petty cash. You'd have to be extremely sure of yourself to try and sue google.