Cybertips--Liability for Poor Computer Security

15 August 2000
In this space just about a month ago, I asked, "Can you be 'sued' if a hacker uses your computer as a weapon in an attack against other computers?" I noted that I couldn't find a case finding liability in this type of situation.

I went on to say that, "My prediction is that courts will find liability against computer owners who negligently allow their computers to be a launching pad for attacks by hackers, terrorists and others. It's an area that's ripe for new law and you should be responsible for acting like a responsible computer owner." Since then, things have developed a bit.

In late June, Nike's website was hijacked and its traffic redirected from to servers at a Scotland-based hosting company called FirstNet. This was done by a group with a political statement to make calling itself "S-11." This unexpected Nike traffic swamped FirstNet's servers and hurt its ability to serve its real customers. FirstNet alleges that this traffic redirection caused it to lose money.

After Nike refused to pay FirstNet's bill for server use, FirstNet sued Nike.

FirstNet's position is that it's an innocent third party harmed by Nike not properly securing its domain. Nike's position is that responsibility lies with NSI, which actually controls the domain. Nike points out that it should not have been possible to redirect the domain without a password. NSI denies responsibility.

Undoubtedly, it will take some time to clarify the real facts in this case. Still, it will be difficult for FirstNet to prevail here because they will have to show that Nike was negligent in how it secured its domain. It's hard to see what more Nike could have done in this situation.

I mention the case because it's hot, newsworthy and makes the point that this is an area that's "ripe for new law"

You should heed the warning that this case provides. You must do everything commercially and technically reasonable to secure your computers. A hijacked computer is potentially a weapon of mass disruption and destruction. If you don't secure your system and it's used as a weapon, you may find yourself on the wrong end of a lawsuit too.

Mark Grossman's "TechLaw" column appears in numerous publications. Mark Grossman has extensive experience as a speaker as well. If you would like him to speak before your group or corporate meeting, please call (305) 443-8180 for information.

You can find a TechLaw archive at:

If you have any comments, please send them to

Disclaimer: The advice given in the TechLaw column should not be considered legal advice. This newsletter only provides general educational information. You must never rely upon the advice given here. Your individual situation may not fit the generalizations discussed. Only your attorney can evaluate your individual situation and give you advice.

Except as provided below, you may feel free to forward, distribute and copy the TechLaw column if you distribute and copy it without any changes and you include all headers and other identifying information. You may not copy it to a Web site.