First, you have no idea what the manufacturer needs to do to fix the problem, alert customers, do recalls and recertifications, and the like.
Second, you put yourself directly in the line of fire unnecessarily and for all the wrong reasons. You could find yourself on the end of all kinds of legal trouble, and on top of that you would be morally culpable for any harm.
Do it the right way: get a lawyer. The lawyer will know how to contact the vendors, the regulatory agencies, media if necessary, and customers if necessary.
Because this is the world we should want to live in? Where you must pay a member of the protection racket to mediate publishing knowledge of someone else's extreme wrongdoing?
That is terrible advice. Its road ends with TORified disclosures of weaponized automated exploits, because as pure info sec has shown, that's the only way the message ever gets across when you give people the insulation to not listen.
Publicly demonstrating these exploits to an amicable media is the best idea I've heard yet, as they have straightforward real-world effects that can be easily illustrated. If certain manufacturers choose to send goons after you rather than fix their buggy products, then the community-accepted custom for them can change to psuedonymous press releases accompanied by a video with a (mock) live human subject.
> Because this is the world we should want to live in? Where you must pay a member of the protection racket to mediate publishing knowledge of someone else's extreme wrongdoing?
Might be useful to distinguish between the ideal and the actual: in an ideal world, you of course shouldn't need a lawyer and the manufacturers should smilingly thank anyone who discovers an exploit and tells them. In this less-than-perfect world I'd suggest getting a lawyer and then going to the media.
Interesting how digital rights, when they apply to privacy and outrage about eavesdropping it's "just the USA", but when they refer to liability in an out-of-control justice system it's as if does work the same way in the entire world.
People say that because a lawyer can really, really help you in your cause. The law is byzantine and someone who can navigate it and act as an advisor could make a big difference.
Claiming a medical company's life-saving device will kill your family on national news will almost without a doubt land you on the receiving end of a libel lawsuit, warranted or not. Not having to use lawyers would be nice, but it's not happening in this paradigm. This is a naïve response.
The oft-recommended prudence of having a lawyer's advice for most any action in the public realm indicates a de facto protection racket.
Specifically, the above comment references having a lawyer handle (and moderate) what should be open technical communication with the manufacturer and regulatory agencies, the implication being that simply disclosing facts put you at grave risk from an endlessly complex legal system.
This situation isn't the same as a protection racket. In a protection racket, it's the racketeers themselves that hurt you when you don't pay.
In this case, lawyers are more like mercenaries. Yes, you can pay them for protection, as you can a racketeer. The differences are that they don't come to you demanding money, and if you don't pay they won't turn around and hurt you, nor will anybody they're directly working with.
Some other lawyers may cause you grief; however, they will be working on behalf of some other party, not the lawyers you didn't hire.
You could argue that the legal system as a whole is a racket, but that's a different sense of the word.
1) You really shouldn't have an open conversation about knowledge that can easily kill people.
2) I'm pretty sure that communication isn't the problem, the problem is that he want's to pressure them into fixing their mess, and that is exactly the point where things get messy from a legal perspective. I can hardly imagine a legal system in which a situation like this would be unproblematic.
"an open conversation about knowledge that can easily kill people"
This phrase and the article contain the same fallacy ( ("disclosing 0days when they can kill people"). I may be accused of semantic quibbling here, but I think it is important to state the issues clearly and accurately.
Information cannot kill anyone, nor exert any effects at all, ever. It is not causal. Actions using the information may be enabled by knowledge of the information, but they are human choices and not automatic.
This is not merely a matter of careless expression that does not affect the argument. In fact the fallacy is not only, or not exactly supposing that knowledge is causal, but rather in eliding the whole articulation of what happens between the revealing or acquisition of knowledge and the action that may or may not use it in some way.
The situation has a common element with the gun control issue: if someone has a gun, violence is easier, and this may be considered bad, but it does not excuse conflating the shooter's action with someone else's conduct of merely allowing that person to have a gun. It does not shift any responsibility from a competent adult actor to someone who merely allows a gun to be available.
Note also that the gun-possessor, or the person newly armed with knowledge, need not act on it at all, and those who confuse things by missing these distinctions manage to avoid the fallacy in those cases.
sigh. This will get boring quite fast because a sizable portion of people participating in threads like that find the idea revolting that actions can have, you know, consequences, but what the heck...
If you would find a recipe for a toxin that is deadly, untraceable and can be mixed together from common household items by a talented 14 year old, it's probably a bad fucking idea to post that to 4chan. The same goes for hypothetical weapon blue prints or martial arts techniques that would allow to kill with a microscopic risk.
>If you would find a recipe for a toxin that is deadly, untraceable and can be mixed together from common household items by a talented 14 year old, it's probably a bad fucking idea to post that to 4chan.
Does this count as a straw man argument? Wouldn't the actual scenario would be more like disseminating the information that a deadly toxin that is deadly, untraceable, and can be mixed together from common ingredients exists, not the recipe itself.
Don't forget vehicles, diseases, sudden deceleration, falls, drops and darwin award winning behaviour.
It's important that people be aware of the risks they face, and seeking to silence that conversation is not helpful. If anything, it will create an environment where any perpetators might go unpunished because it's just implausible they did what they did.
>1) You really shouldn't have an open conversation about >knowledge that can easily kill people.
I can easily kill someone with a rock. Just hit in the head, repeatedly.
Why that should be a secret?
I was about to ask something similar. Ever wonder how other people view us engineers or white hat hackers? Misunderstood by outsiders? Perhaps this is applicable to the legal profession as well.
It's right there on the form they sign in blood at their initiation ritual. I forget whether they use their own blood, or the blood of the sacrificial goat though.
I wonder if a lawyer really caring about his client wouldn't straight up say "just forget about it".
If the company you're criticising doesn't like critics, doesn't care about bad PR, and has to feed their lawyers, you won't have a good time any way you do it.
Some rare occasions you might be better off with a strong public opinion supporting you and people coming out of the bush to help your case, than trying to do it the sneaky way and still get caught in a hell of legal troubles that not much people really heard of, and you get cast as the little guy trying too pull money from the big corp because of the narrative sold to the media by your opponent.
Ah, excellent plan. That's a variation of a good old "you should write us an app / design a logo / sketch a website for free, just for all the exposure you get".
I see a lot of people on the Internet implying that there are plenty of lawyers just sitting around waiting for interesting and potentially high profile cases to take on for free. I've never seen any evidence of this, and I suspect there are very few.
Major pro bono matters, or smaller cases with great
human interest, are far more likely to receive extensive
coverage. Holland & Knight, for example, received highly
favorable and extensive coverage of its work in the
Rosewood case, including a glowing front page, above the
fold, article in the Wall Street Journal and People.
Hogan & Hartson, similarly, received a great deal of
play in the media concerning its representation of
African-American plaintiffs alleging that Denny’s
restaurants had discriminated against them. In both
instances, the firms undertook these time-consuming,
controversial cases because it was the right thing to
do. However, their creative, successful lawyering
became a front-page story.
First, you have no idea what the manufacturer needs to do to fix the problem, alert customers, do recalls and recertifications, and the like.
Second, you put yourself directly in the line of fire unnecessarily and for all the wrong reasons. You could find yourself on the end of all kinds of legal trouble, and on top of that you would be morally culpable for any harm.
Do it the right way: get a lawyer. The lawyer will know how to contact the vendors, the regulatory agencies, media if necessary, and customers if necessary.