[flandry93]

Regardless of the apology, Adobe should not be allowed to simply dismiss that they deleted user files. In effect, due to Adobe negligence, they have destroyed user intellectual property. A signal and example needs to be made. Individual users can sue for damages -- lost value and opportunity -- illegal destruction of property.

The computer fraud and abuse act could also be applied for criminal charges -- Adobe misused and misappropriated their access to customer data and systems. Arguing that it was a "mistake" and "we are sorry" does not correct the damage done. If Adobe makes such a fuss over protecting their IP, then they should not be surprised when their customers do so also. There is a potential for a class action here as well. And Adobe is very profitable -- some legal team representing this case, even if pro bono, will be/become quite rich.

Moreover, telling people that they should have X, and Y, and Z, to protect themselves from the mistakes of rogue actors/apps, is simply a displacement of responsibility tactic.

Just because something illegal/damaging was "done with a computer" does not mean it was "ok" and "an apology is enough" -- now pay us for our services you miserable worm/user!

[Animats]

This happened on the user's phone. The issue is at what point negligent authorized access becomes unauthorized access. "Exceeds authorized access" is a criminal charge under the Computer Fraud and Abuse Act. A contract cannot override criminal law. This is really complicated, see [1]. An EULA, though, might not be enough to get Adobe out of this.

Especially if a third party, not a party to the EULA, owned the photo. If, for example, a news photographer for a newspaper had a photo lost, and the photographer, but not the employer, had agreed to the EULA, the newspaper might sue.

This is an important point. If a third party who is not bound by the EULA suffers damages, they can sue for negligence. The EULA binds only those who have agreed to it.

[1] https://shawnetuma.com/cyber-law-resources/what-does-cfaa-me...

[Silhouette]

A difficulty that has been pointed out on other forums is that after an unexpected delete bug that caused permanent data loss, during any subsequent legal action you may have no evidence to demonstrate what you have lost. If you do have a backup available from elsewhere to demonstrate the damage that was done to your device, you have also demonstrably limited that damage to a small inconvenience in having to restore the backup.

I support the principle that having permission to install updates should not grant carte blanche to have those updates do anything no matter how harmful, and indeed I would be in favour of much stronger regulation of technology in this area. However, I'm not sure how much that would help if there isn't some mechanism for regulators to assess statutory/punitive damages in some form. Even then, there's no way for a regulator to fairly allocate any financial compensation available to users who were, or claim to have been, affected. We're effectively trying to create a deterrent rather than trying to compensate for actual losses here, and with something like lost personal work, you can never make good the damage just with money anyway.

[gvjddbnvdrbv]

If someone steals from you you don't have to produce exhaustive evidence of your ownership in order to file a police report or claim your insurance. This works because saying you owned something you didn't is fraud and filing a false report is an additional crime.

The same principle could maybe be applied here?

(Usual disclaimer I am not a lawyer etc)

[petre]

What if you have timestamped file metadata l, but not tge data, or checksumed IDS records? Would that qualify as sufficient evidence?

[Reelin]

No. It's evidence that something was lost, but not a measure of the actual damages you suffered. Whose to say if you lost $100 or $100k? In the absence of the lost material there's most likely no way to demonstrate anything.

In this case some sort of statutory deterrent would probably be a much more effective solution. I honestly doubt that regulation is a good solution here though - bugs like this are so severe from a PR perspective that there's already a huge incentive to avoid them.

(This reminds me of that time that Steam on Linux ate every last user file on the system whole. https://github.com/valvesoftware/steam-for-linux/issues/3671)

[Thorrez]

Even with the images who's to say the images are $100 or $100k?

Microsoft paid "low six figures" for Bliss (the Windows XP desktop background) but only $300 ($45 to the photographer) for Autumn (a different desktop background)[1].

If you get physically injured and you successfully sue how do they determine the damages to award you? There isn't a dollar amount for physical pain. They can't test an alternate future where you aren't injured and see how much money you make. They just make up estimates. It would be the same here; they would estimate the monetary and emotional damage of losing the pictures.

[1] https://petapixel.com/2017/12/23/microsoft-xp-bliss-photog-p...

[tremon]

It's evidence that something was lost, but not a measure of the actual damages you suffered

That has never stopped those other knights of IP theft, the RIAA and MPAA

[Silhouette]

My impression of the SOP of those organisations, which I stress is based entirely on online hearsay so may be wildly inaccurate, is that they write to someone who they suspect has probably ripped something illegally, make a song and dance about the huge statutory damages that can potentially be awarded (under US law), and then rely on the fact that defending a suit will also (under US law) probably cost them thousands even if they win, so settling may work out cheaper even if they really have done nothing wrong?

The analogous organisations don't tend to try that kind of stunt here in the UK. Unless the copyright infringement is criminal, in a civil action our legal system currently only provides for actual damages to be awarded, and it's usual for the winning party to be awarded their legal fees at the loser's expense.

So unless there are some kind of statutory/punitive damages available for each lost photo in a case like this, it doesn't seem to be a comparable situation.

[ponker]

I don't think it's wise to push for expansion of criminal liability of software bugs. Civil courts provide enough remedy here.

[bonoboTP]

Software licenses always disclaim any warranty, implied or explicit, it's all "AS IS" and you accept it when you click that Accept button upon installation.

And honestly, it's good this way. If you want to secure your photos, make backups yourself or sign a contract with some company that will guarantee something. But once they are liable and can be sued, the service will be astronomically expensive.

[flandry93]

In proportion to the margin, the "service cost" is already astronomically expensive.

Moreover, the the click accept "contract" is not license for extortion -- does not make extortion legal. A mere contract does not make arson legal, even if accidental; does not make man-slaughter legal, etc.

The computer fraud and abuse act applies, regardless of contract. Adobe accessed user computers/hosts in a way inconstant with user defined permissions, usage policies, etc. I have a usage policy that you "signed" or did the equivalent of "clicked through": if you (Adobe) elect to install your automatic app update on my host hardware, you certify that you will not delete any data files stored on that hardware. Just because Adobe did not bother to read the language of my hardware usage policies, which has language that it "supersedes all other agreements between the hardware host owner and the app installer, does not mean that they/Adobe are "immune" and can simply ignore their liability for IP destroyed.

There has to be a way to get these $#%@#% -- enough is enough.

[bonoboTP]

If you want bulletproof software with guarantees (like the medical industry or aerospace or traffic light systems or banks) you'll get extremely conservative, boring old tech with no flashy new features all the time.

If the cost for breakage is too high they just won't make any changes unless absolutely necessary. But the market has spoken and people prefer flashy new features and updates instead of boring railroad control-like software that is works the same way for decades.

You can't have it both ways. If your data is important don't just store it on a single device. These photos were just stored on a single device that could break for any reason any day anyway.

Unless Adobe can be shown to have been criminally negligent or intentionally malicious I don't think there's a case here but ianal.

[JanisL]

If keeping my professional data safe from deletion means that I will as a result get more boring tech I think I'd make that choice most times in the course of my work. What I'm finding annoying in recent times is how I'm not able to actually make that choice as often as I'd like.

Also agree with your point about making backups if anything is significantly important, though I've also found a lot of products in recent times are deliberately making it harder to create backups (Slack comes to mind here)

[danielheath]

> If you want bulletproof software with guarantees (like the medical industry or aerospace or traffic light systems or banks) you'll get extremely conservative, boring old tech with no flashy new features all the time.

If users could actually evaluate the guarantees and have reasonable assurance that they would be upheld, I suspect this is exactly the direction the industry would take.

However, because it's unreasonably expensive to verify that those guarantees hold (relative to the value the software offers), end-users have no reason to prefer products that offer them to products which merely claim to be secure.

[bonoboTP]

You can verify it based on the legal warranty contract that you sign. The reason this is not offered is that consumers/prosumers would not be able to pay for it.

Turning a process/culture that works 99% of the time into 99.99% is often surprisingly expensive. For example currently as a company you may have some slightly less attentive engineers or less strict code review process for convenience and speed, or you may pursue lots of projects with tight deadlines etc. which can lead to a situation like this with non negligible chance, but usually won't. Most of the software you use doesn't routinely delete user data, it's an accident. To avoid it you need to hire higher quality engineers or more of them to give them breathing room and less workload, and have to give up on some new features and innovation, which is really not so easy in a competitive market.

[Silhouette]

But the market has spoken

It has? When was the market given a choice?

I, for one, would be absolutely fine with having fewer shiny new features but also not having software I rely on break all the time. The current culture of just shoving everything out, whatever condition it's in and regardless of the consequences of any potential failure, and saying you'll patch any problems later is toxic and quietly causing enormous damage to our society.

The culture of saying you can sell some hardware product with embedded software, or some software product that is hosted online or based on a subscription model, and then effectively force users who have already committed to that product to accept arbitrary changes whether they want them or not, is also toxic.

We don't know how to reliably write 100% bug-free software, but we do know how to write better software than much of what is produced today. Getting a significant increase in quality isn't even that expensive, since the long-term savings from reduced maintenance and increased productivity help to offset or even outweigh any additional costs during initial development. However, it does require hiring people with actual skill and knowledge to write the software instead of just assembling a cheap team of code monkeys. It also requires your leadership team to actually care about quality and plan to achieve it and provide resources accordingly.

IMNSHO, our industry would benefit from having more developers and leaders with these skills and mindsets, but until there is some form of pressure (and again, I couldn't disagree more that the status quo is a result of genuine customer preference) the economic drivers aren't pushing towards training up new software developers to be better and having leaders plan for good quality products in many cases. After all, why waste time and money doing something right if you can do it wrong but cheaper and still charge almost the same for it anyway? I think we're well overdue for genuine competition in the market and/or regulatory intervention to drive standards up.

[bonoboTP]

Everybody is ignorant, but smart, attentive people are expensive and are not rewarded. Managers get up the ladder by scheming and appearances and alliances, devs are rewarded for padding their CVs, project managers rewarded for introducing new stuff with a short term focus etc. In many cases people just either don't know better, or don't have the time and patience to provide different incentives. This includes the customer who also doesn't understand tech, doesn't see the value in robustness.

And again for an Adobe creative product all this is still fine. Not losing your data is a solved problem and it's called a backup.

I very very much doubt that a person who doesn't bother to back up their professional data (keeps it all on a single device that may break any day) will have the brains and mental models to understand an argument involving software quality and that they should pay premium for something so intangible and abstract as opposed to visible things like features and a modern look and feel/polish.

In some analogous cases with ignorant customers the state steps in and creates consumer protection regulation, but its usually only for really dangerous stuff that can kill you or make you sick, like food safety, not just delete your wedding pics.

[Silhouette]

And again for an Adobe creative product all this is still fine. Not losing your data is a solved problem and it's called a backup.

On this point, I just can't agree. Regardless of whether or not users have effective back-ups -- and we all know that for various reasons, sometimes they don't, even if they believed they did -- it simply isn't acceptable for someone to push out a software patch that destroys data incorrectly.

I don't think it's a trivial thing if someone loses data of great personal value, whether it's wedding photos, or a video of your child's first play at school, or precious footage of a friend or relative who is no longer with you, or just a personal project you've put a lot of work into. These things matter to people, and even if they didn't arrange for effective back-ups, it's not their fault that the data was destroyed in this case, it's 100% on Adobe for screwing up.

In some analogous cases with ignorant customers the state steps in and creates consumer protection regulation, but its usually only for really dangerous stuff that can kill you or make you sick, like food safety, not just delete your wedding pics.

I don't know where in the world you are, so maybe that is the case for you. At least here in the UK, and in Europe more widely, consumer protection laws tend to be quite strong and quite well regarded by the public, and they certainly aren't limited to life-or-death kinds of issues (though of course we have specialised safety regulations in those kinds of areas too).

[ta17711771]

> Unless Adobe can be shown to have been criminally negligent

Not having multiple site backups isn't criminally negligent when running a paid cloud service?

[Dylan16807]

They didn't lose the cloud data.

[ckrailo]

nope, not in the slightest... anywhere on earth as far as i know

[dragonwriter]

> Software licenses always disclaim any warranty, implied or explicit, it's all "AS IS" and you accept it when you click that Accept button upon installation.

Those disclaimers often have far less legal effect than the text would suggest, because jurisdictions often limit the effect of warranty disclaimers by sellers, and also because of product liability laws which are distinct from warranty protection (though similar to the lay understanding of warranty protection.)

[numpad0]

> Software licenses always disclaim any warranty, implied or explicit, it's all "AS IS"

In practice it’s fine, IF, files in the users’ hands is the master, cloud is a copy and format used is some sort of open standards.

Lets say I sent a mail, attachment got lost, but it’s a copy, besides it’s just a jpg, so send it again. Okay.

These cloud SaaS offerings are different: they tries to make the cloud as master, in proprietary format.

So local side is the xerox copy, and you have to go through complimentary conversion service to export the original if you sir insist, and they may cease access to the files on the cloud and copies on your computer but it’s somehow “your fault“ when they do that.

That doesn’t work! Either they assume full responsibility for content they hold, or we hold every rights, as we did, as we should.

I have multiple occasion where OneDrive thought it needs to steal my files from home directories, then change mind and don’t upload, but decides to reflect the reality that it’s not on the cloud. “Where are my files?” my ass you wiped another Desktop folder!

[flandry93]

In proportion to the margin, the "service cost" is already astronomically expensive.

Moreover, the the click accept "contract" is not license for extortion -- does not make extortion legal. A mere contract does not make arson legal, even if accidental; does not make man-slaughter legal, etc.

The computer fraud and abuse act applies, regardless of contract. Adobe accessed user computers/hosts in a way inconstant with user defined permissions, usage policies, etc. I have a usage policy that you "signed" or did the equivalent of "clicked through": if you (Adobe) elect to install your automatic app update on my host hardware, you certify that you will not delete any data files stored on that hardware. Just because Adobe did not bother to read the language of my hardware usage policies, which has language that it "superceedes all other agreements between the hardware host owner and the app installer, does not mean that they/Adobe are "immune" and can simply ignore their liability for IP destroyed.

There has to be a way to get these $#%@#% -- enough is enough.