Hacking victims face legal threat

Or is it an insurance sales pitch?

Iain Thomson at the RSA Conference in San Francisco, vnunet.com 16 Feb 2005

Home computer users could be sued if they allow their computers to be taken over and used by hackers, legal representatives speaking at the RSA Conference in San Francisco have claimed.

A panel looking at the usefulness of insurance against cyber-crime discussed the likelihood of home users being sued if their computers were used to perform distributed denial of service (DDoS) attacks.

Home PCs infected by malicious code are often used in such attacks, sometimes by criminal gangs seeking to extort money from online retailers.

"The real driving force has been the ugliness on the internet with organised extortion and data theft," said Jon Stanley, who runs a private law practice specialising in cyber-crime.

"If a housewife in Tulsa takes part unwittingly in a DDoS attack, eventually someone is going to go after her. The model is the Recording Industry Association of America: it was told that it was useless going after individuals, but it proved the doubters wrong."

Some members of the panel predicted that this could lead to forms of computer insurance to protect against potential lawsuits. While companies often take out insurance against computer crime, there is no home market for such policies.

"It is like an inverse class action," said David Navetta, assistant general counsel at legal firm AIG eBusiness Risk Solutions Group.

"Recent shifts in events are implying that, if individual citizens' computers are used to attack a business, it may result in litigation being filed. But this is not established in law as yet.

Navetta pointed out that the biggest market for computer insurance would remain the corporate sector for the time being. However, some members of the panel believe that consumer computer insurance may become as commonplace as car insurance today.

See also: