FRAMINGHAM (10/16/2003) - If someone breaks your Mustang's window and hotwires the ignition, can you sue Ford for damages? That's exactly what Marcy Levitas Hamilton of Los Angeles is trying to do. Except in her case, it's Microsoft Corp. that's on the receiving end of the lawsuit.
Hamilton's Social Security number was stolen electronically, which enabled her identity to be used fraudulently, costing her many thousands of dollars.We can all commiserate with Hamilton, but it's hard to see where Microsoft is legally at fault.
The suit has three premises. First, Microsoft operating systems are inherently vulnerable to attack. There is some truth to this, but - depending on what the attack was (and, incredibly, the suit does not specify this) - so are other operating systems. Her lawyer offers only anecdotal evidence.
The second premise is that the plaintiff, essentially, was forced to buy Microsoft software. This certainly will come as late-breaking news to all of the users of Macintoshes, NetWare servers, Unix and Linux hosts and desktops.
The final premise is that even though Microsoft has issued numerous security bulletins warning people about vulnerabilities, they are both too numerous and too hard to understand for the average computer user. Of course, if Microsoft hadn't issued the bulletins that fact would have constituted the third premise. Darned if you do, darned if you don't.
There are a number of people responsible for Hamilton's losses. First, of course, is the actual identity thief. This person committed a crime and should pay for it. The person probably doesn't have as much cash in the bank as Microsoft, though. Then there are the banks and others who accepted "proof" of identity without adequate safeguards to determine that the person presenting credentials really wasn't Hamilton. That's most likely gross negligence.
If the theft of identity occurred at a third-party site (ISP or commercial Web site), then that company bears some responsibility. But Hamilton has to shoulder some of the blame. The suit appears to admit that she didn't bother reading and following the security bulletins.
If I were the judge that would be sufficient cause to throw the suit out. I simply cannot believe that anyone who can operate a PC would have difficulty following instructions that said, in essence, "Download this file. Run it."
Hamilton's lawyer is seeking to make this a class-action suit. But of all the things this suit lacks, the most obvious is class.
Kearns, a former network administrator, is a freelance writer and consultant in Silicon Valley. He can be reached at firstname.lastname@example.org.