|
I think the "leaving the windows open" argument is wrong. As far as what's right and wrong is concerned, I should be able to leave the door wide open if I so choose. It's my car. If someone comes along and steals my car, however, I would call that wrong and the thief is at fault. Obviously, I don't want my car stolen (because I need its utility) so I take preventative insurance measures to avoid the potential burden of losing use of my car, talking to the police, and hunting down the thief. But, imho, that's my choice and I don't think I'm actively causing others harm by leaving my windows down. To add some genderism to the fire: if a woman choses to wear clothes that some would consider "provocative" is it her fault that she gets raped because she was inviting undue male attention? Is she simply "asking for it"? I don't think so. And I think it's a human's right to freely express him or herself as s/he choses. If I want to leave the window to my car down, that's up to me, the owner of the car. If someone steals my car, that's their fault. As far as software security is concerned, I think there are definitely reasonable and unreasonable steps that can be taken in the development of it. But I don't expect the developers of the software I use to be on the edge of their seats watching the internet for the every single security exploit that pops up so that they can instantly apply a patch. I do expect them to take reasonable steps to reasonably secure the software, and when something becomes obvious, to deal with it. When I entrust the storage of my personal details with a website, I have certain expectations about how that information is handled, but I don't expect it to be 100% impervious to attack. I also think there lies some responsibility with the user to choose to use software they trust (trust being a spectrum, not a binary distinction). For example, I wouldn't expect a lot of security from some kind of seedy porn software, and would actually expect the software to actively compromise my system. If I chose to install such software, I think I'd be partly liable for installing something that is obviously insecure. But I have different expectations from my banking software. I think those expectations, which are relative to particular industries and markets, and which are fuzzy and ill-defined, are partly a user's responsibility (but not wholly... I still expect my bank to reimburse me if someone breaks into their database and steals my money). My point is that liability in software security, to me, is a fluctuating grey area, and that the areas are defined differently for different kinds of software which should, at least partially, be apparent (and avoidable) to the end user. I'm not trying to defend Snapchat or say that you should leave your car unlocked, just that I think these kinds of issues are not black and white, nor that one party is 100% wrong and another party is 100% right. |