ISP (Eircom) Wrongfully Sent 300 "First Strike" Letters To Innocents subscribers

poisonedstream wrote: »

Your comparision is in now way the same. Eircom did not know of the issue while releasing the modems and rectified it as soon as they found out. This is not life or death either. Coupled with the fact that the user is responsible for the security of their own network and have been since signing up your point is moot.

If users can't be bothered rectifying a well known security issue, at this stage it is their own fault.

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

CptSternn wrote: »

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

First of all, Issuing a re-call doesn't get rid of your responsibility, In fact it acknowledges it.

If you sell a defective product in the first place and someone gets injured from said product, The company is liable even if it issued a recall, They can't reach out to everyone who purchased the item.

Also, Eircom didn't manufacture the modems, Netopia did, Which means they to blame for the fault.

If someone hacks your wireless in general then is it the isp's fault for giving you a device that can be hacked. Just because it was easier to obtain the WEP code doesn't make it any bit different in the long run. They are not liable for any damages period! Mainly because they aren't the ones who hacked the device.

Does the alarm on a car stop someone from stealing it, NO!!! It just makes it a little bit harder!!

Fact is the encryption is there, If someone wants to get the code, Its extremely simple to do, The problem with the netopia router was that it was even easier then the normal methods.

CptSternn wrote: »

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

You honestly have no idea what you are talking about.

Hi All,
It is not utility company that takes it upon itself to falsely accuse ITS OWN customers of criminal activity try to imagine the ESB or the gas board or even greenstar making such accusations and then offering 50 euros for the mistake. Oh sorry for the liable accusation of criminal activity here is 50 euros, lets kiss and make up !!!!


Paul.

CptSternn wrote: »

If I received one of those letters I would be at my solicitors office right now hitting Eircom with the largest lawsuit they have ever seen. Since they have accused people of being criminals involved in criminal activity that can carry a prison sentence, it is slander. They have the proof in writing, a liable case would be dead easy to prove.

The fact they are allowing an outside 3rd party to monitor traffic on their network is distrubing enough. No one wants an illegitmate corporate police force with self appointed powers out there making arrests, which is what we are seeing now. The fact they have wrongfully accused hundred of people should be an eye opener.

If the Gards wrongly accused 300 people of being criminals, there would be no only an uproar, but lawsuits everywhere. These companies shouldn't get off easily because they are not the real police when in fact they have put themselves in a policing position. They must be held accountable just like the real police forces when they make easily foreseeable mistakes, as to keep them from engaging in such practices where it could happen again.

As Above

How long are you working for eircom now ??? ;)

dub45 wrote: »

Guilt and liability for what exactly?

Eircom made a mistake - they are guilty of that. Companies make mistakes all the time there is no law against it.

Liable for what? Public derision and criticism yes but what else?

They appear to have made a gesture to the customers affected so what? Lots of companies make mistakes and never make a gesture.

If we are going to have a discussion here about a system or a particular occurrence lets do our best to make it on grounds of substance and fact not on hysteria and fantasy

You have no concept of tort law and legal liability.

http://en.wikipedia.org/wiki/Tort

http://en.wikipedia.org/wiki/Legal_liability

http://en.wikipedia.org/wiki/Tort#Defamation

When Eircom sent out those letters they made the claim the customer receiving said letter was a criminal. It is not a 'crime', but it is a violation of civil law. If Eircom, or any other company or person, sends a letter to someone claiming they are engaged in illegal activity, then they under the law have to have solid proof which they can offer up in court as evidence else they are guilty of defamation.

Your own words above contradiction the very thing you seems to be arguing against. Eircom made a mistake, that is the very nature of tort law. It IS a violation and there ARE laws against it.

It is no different than if ESB sent you a bill stating you had been stealing electricity or if Bord Gáis sent you a letter claiming you had been stealing their gas or if your next door neighbor sent you a letter claiming your broke into his home. If it turns out to be a mistake or there is no evidence to back your claims it means the company/person which made the accusation is in an actionable position. That means they stand to lose in a civil suit when brought before the courts (i.e. civil action).

Thor wrote: »

First of all, Issuing a re-call doesn't get rid of your responsibility, In fact it acknowledges it.

If you sell a defective product in the first place and someone gets injured from said product, The company is liable even if it issued a recall, They can't reach out to everyone who purchased the item.

And that is what I said, and you are arguing this why?

Also, Eircom didn't manufacture the modems, Netopia did, Which means they to blame for the fault.

They were OEM modems, built to specs supplied by Eircom. The WEP keys and the original configuration were Eircoms idea and they are the ones who gave the order to manufacture them in this manner so the burden of liability rests with them.

If someone hacks your wireless in general then is it the isp's fault for giving you a device that can be hacked. Just because it was easier to obtain the WEP code doesn't make it any bit different in the long run. They are not liable for any damages period! Mainly because they aren't the ones who hacked the device.

Normally that is true, but in this case Eircom circumvented normal procedure to create a system in which security could be easily compromised. Their idea was to make a simple system where any tech who answered the phone could find the users WEP key. What they did was create a backdoor to their own systems and therefore they are the ones at fault here.

Does the alarm on a car stop someone from stealing it, NO!!! It just makes it a little bit harder!!

Apples and oranges.

Fact is the encryption is there, If someone wants to get the code, Its extremely simple to do, The problem with the netopia router was that it was even easier then the normal methods.

You bandy around the terms 'simple', 'easier', and 'normal'. For whom exactly are you refering? Can you take an average person with no IT experience off the street and in a short letter with only a few sentences teach them what WEP is, why it is important to change that key, and then instruct them in such a manner they can do it without issue?

Thats the issue here. Just because YOU found it 'simple' do you really think your Mother or even your Granny would be able to do it 'easily'? Would they even grasp the concept of why it is important? THAT is the test the courts use when establishing where liability lies, not can an IT/tech guy sort it out, but can the average person on the street who purchased said product be able to do it.