[Animats]

This happened on the user's phone. The issue is at what point negligent authorized access becomes unauthorized access. "Exceeds authorized access" is a criminal charge under the Computer Fraud and Abuse Act. A contract cannot override criminal law. This is really complicated, see [1]. An EULA, though, might not be enough to get Adobe out of this.

Especially if a third party, not a party to the EULA, owned the photo. If, for example, a news photographer for a newspaper had a photo lost, and the photographer, but not the employer, had agreed to the EULA, the newspaper might sue.

This is an important point. If a third party who is not bound by the EULA suffers damages, they can sue for negligence. The EULA binds only those who have agreed to it.

[1] https://shawnetuma.com/cyber-law-resources/what-does-cfaa-me...

[Silhouette]

A difficulty that has been pointed out on other forums is that after an unexpected delete bug that caused permanent data loss, during any subsequent legal action you may have no evidence to demonstrate what you have lost. If you do have a backup available from elsewhere to demonstrate the damage that was done to your device, you have also demonstrably limited that damage to a small inconvenience in having to restore the backup.

I support the principle that having permission to install updates should not grant carte blanche to have those updates do anything no matter how harmful, and indeed I would be in favour of much stronger regulation of technology in this area. However, I'm not sure how much that would help if there isn't some mechanism for regulators to assess statutory/punitive damages in some form. Even then, there's no way for a regulator to fairly allocate any financial compensation available to users who were, or claim to have been, affected. We're effectively trying to create a deterrent rather than trying to compensate for actual losses here, and with something like lost personal work, you can never make good the damage just with money anyway.

[gvjddbnvdrbv]

If someone steals from you you don't have to produce exhaustive evidence of your ownership in order to file a police report or claim your insurance. This works because saying you owned something you didn't is fraud and filing a false report is an additional crime.

The same principle could maybe be applied here?

(Usual disclaimer I am not a lawyer etc)

[petre]

What if you have timestamped file metadata l, but not tge data, or checksumed IDS records? Would that qualify as sufficient evidence?

[Reelin]

No. It's evidence that something was lost, but not a measure of the actual damages you suffered. Whose to say if you lost $100 or $100k? In the absence of the lost material there's most likely no way to demonstrate anything.

In this case some sort of statutory deterrent would probably be a much more effective solution. I honestly doubt that regulation is a good solution here though - bugs like this are so severe from a PR perspective that there's already a huge incentive to avoid them.

(This reminds me of that time that Steam on Linux ate every last user file on the system whole. https://github.com/valvesoftware/steam-for-linux/issues/3671)

[Thorrez]

Even with the images who's to say the images are $100 or $100k?

Microsoft paid "low six figures" for Bliss (the Windows XP desktop background) but only $300 ($45 to the photographer) for Autumn (a different desktop background)[1].

If you get physically injured and you successfully sue how do they determine the damages to award you? There isn't a dollar amount for physical pain. They can't test an alternate future where you aren't injured and see how much money you make. They just make up estimates. It would be the same here; they would estimate the monetary and emotional damage of losing the pictures.

[1] https://petapixel.com/2017/12/23/microsoft-xp-bliss-photog-p...

[tremon]

It's evidence that something was lost, but not a measure of the actual damages you suffered

That has never stopped those other knights of IP theft, the RIAA and MPAA

[Silhouette]

My impression of the SOP of those organisations, which I stress is based entirely on online hearsay so may be wildly inaccurate, is that they write to someone who they suspect has probably ripped something illegally, make a song and dance about the huge statutory damages that can potentially be awarded (under US law), and then rely on the fact that defending a suit will also (under US law) probably cost them thousands even if they win, so settling may work out cheaper even if they really have done nothing wrong?

The analogous organisations don't tend to try that kind of stunt here in the UK. Unless the copyright infringement is criminal, in a civil action our legal system currently only provides for actual damages to be awarded, and it's usual for the winning party to be awarded their legal fees at the loser's expense.

So unless there are some kind of statutory/punitive damages available for each lost photo in a case like this, it doesn't seem to be a comparable situation.

[ponker]

I don't think it's wise to push for expansion of criminal liability of software bugs. Civil courts provide enough remedy here.