Keeping a Weakness SecretHow to form a company in the US while keeping founder information private?Would the...
CLR Stored Procedure on Azure SQL Managed Instance error on execution: "Assembly in host store has a different signature than assembly in GAC"
Physics of Guitar frets and sound
Plausibility of Ice Eaters in the Arctic
How do we avoid CI-driven development...?
sed delete all the words before a match
How do I explain to a team that the project they will work on for six months will 100% fail?
SQL Minimum Row count
Ex-contractor published company source code and secrets online
Why can I log in to my Facebook account with a misspelled email/password?
Word or idiom defining something barely functional
Why are physicists so interested in irreps if in their non-block-diagonal form they mix all components of a vector?
Does this Foo machine halt?
How would I as a DM create a smart phone-like spell/device my players could use?
Is this cheap "air conditioner" able to cool a room?
Atari ST DRAM timing puzzle
Why couldn't soldiers sight their own weapons without officers' orders?
Team goes to lunch frequently, I do intermittent fasting but still want to socialize
Did WWII Japanese soldiers engage in cannibalism of their enemies?
Best gun to modify into a monsterhunter weapon?
During the Space Shuttle Columbia Disaster of 2003, Why Did The Flight Director Say, "Lock the doors."?
English - Acceptable use of parentheses in an author's name
Can a College of Swords bard use Blade Flourishes multiple times in a turn?
Is TA-ing worth the opportunity cost?
In Pokémon Go, why does one of my Pikachu have an option to evolve, but another one doesn't?
Keeping a Weakness Secret
How to form a company in the US while keeping founder information private?Would the terminally ill Star Wars fan who was granted an early viewing of 'The Force Awakens' have been legally bound to keep the plot a secret?Is seed sharing/keeping/libraries illegal?Trade secret and NDA not signedowning firearms but keeping them out of stateWhat to do with Grandad's Top Secret documentsTheft of Trade Secret ProsecutionOpposing trademark registrationUnder what circumstances may companies require consumers to agree to secret terms?The order of operations for getting a trade secret document signed
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
If a company invents a padlock with some obscure weakness that most
criminals would not guess, is there anything the company can do
(before or after selling it to the public, or within some "user
agreement" contract) to legally prevent people from publishing the
details of that weakness?
For example, this video exposed a weakness, thereby hurting all
owners of the padlock:
https://www.youtube.com/watch?v=RxM55DNS9CE
In principle, the company could now sue the video's owner for negligence,
but I doubt that the company would win, so I'm here asking if there is
anything the company could have done beforehand to improve its
chance of winning. Suppose the company and all customers are in
Los Angeles, California.
united-states contract-law california negligence
add a comment |
If a company invents a padlock with some obscure weakness that most
criminals would not guess, is there anything the company can do
(before or after selling it to the public, or within some "user
agreement" contract) to legally prevent people from publishing the
details of that weakness?
For example, this video exposed a weakness, thereby hurting all
owners of the padlock:
https://www.youtube.com/watch?v=RxM55DNS9CE
In principle, the company could now sue the video's owner for negligence,
but I doubt that the company would win, so I'm here asking if there is
anything the company could have done beforehand to improve its
chance of winning. Suppose the company and all customers are in
Los Angeles, California.
united-states contract-law california negligence
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago
add a comment |
If a company invents a padlock with some obscure weakness that most
criminals would not guess, is there anything the company can do
(before or after selling it to the public, or within some "user
agreement" contract) to legally prevent people from publishing the
details of that weakness?
For example, this video exposed a weakness, thereby hurting all
owners of the padlock:
https://www.youtube.com/watch?v=RxM55DNS9CE
In principle, the company could now sue the video's owner for negligence,
but I doubt that the company would win, so I'm here asking if there is
anything the company could have done beforehand to improve its
chance of winning. Suppose the company and all customers are in
Los Angeles, California.
united-states contract-law california negligence
If a company invents a padlock with some obscure weakness that most
criminals would not guess, is there anything the company can do
(before or after selling it to the public, or within some "user
agreement" contract) to legally prevent people from publishing the
details of that weakness?
For example, this video exposed a weakness, thereby hurting all
owners of the padlock:
https://www.youtube.com/watch?v=RxM55DNS9CE
In principle, the company could now sue the video's owner for negligence,
but I doubt that the company would win, so I'm here asking if there is
anything the company could have done beforehand to improve its
chance of winning. Suppose the company and all customers are in
Los Angeles, California.
united-states contract-law california negligence
united-states contract-law california negligence
asked 9 hours ago
bobuhitobobuhito
3811 gold badge3 silver badges10 bronze badges
3811 gold badge3 silver badges10 bronze badges
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago
add a comment |
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago
add a comment |
1 Answer
1
active
oldest
votes
On the one hand, there are statutes that prohibit the delivery of instructions which distort or circumvent the official/intended use or safety of a device. For a somewhat related example of this, see MCL 750.540c(1)(3).
On the other hand, the company/manufacturer is unlikely to prevail under contract law no matter how clearly and conspicuously its EULA prohibits the disclosure of discovered weaknesses. That is because the prohibition in the EULA is outweighed by the severe vulnerability to which all other unsuspecting customers are subjected.
From the standpoint of public policy, people's awareness of the discovered vulnerability is certainly in the public's best interest. The disclosure will warn both (1) potential customers not to purchase a product that fails or misses its primary purpose, and (2) current customers to adopt precautions now that the product's reliability has been disproved. Thus, the effectiveness of broadcasting the discovery of such weakness is in stark contrast with the technical deficits and managerial politics that typically hinder a company's ability (or its will) to respond to the issue.
If the weakness was known to the manufacturer prior to the disclosure, the release of that product would constitute fraudulent misrepresentation. The details of the demonstration in the video supports the argument that the manufacturer knew --or should have known-- about that weakness, since a padlock design is supposed to pass all kinds of tests of breakability and not be disabled by a screwdriver.
It is hard to deny that the notion that "the padlock is secure" induces customers to purchase the product. As such, the misrepresentation violates the contract law principle that a contract --such as a purchase-- be entered knowingly. See Restatement (Second) of Contracts at § 161-167. With respect to the publisher of the weakness, that misrepresentation renders the EULA-prohibition void. See Restatement at § 164(1).
Regardless of whether or not the manufacturer incurred misrepresentation, the manufacturer's decision to sue the publisher is only likely to backfire by bringing more attention to the poor design of the product.
In all, the manufacturer's best option is to do a product recall ASAP and enhance the design.
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "617"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f43569%2fkeeping-a-weakness-secret%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
On the one hand, there are statutes that prohibit the delivery of instructions which distort or circumvent the official/intended use or safety of a device. For a somewhat related example of this, see MCL 750.540c(1)(3).
On the other hand, the company/manufacturer is unlikely to prevail under contract law no matter how clearly and conspicuously its EULA prohibits the disclosure of discovered weaknesses. That is because the prohibition in the EULA is outweighed by the severe vulnerability to which all other unsuspecting customers are subjected.
From the standpoint of public policy, people's awareness of the discovered vulnerability is certainly in the public's best interest. The disclosure will warn both (1) potential customers not to purchase a product that fails or misses its primary purpose, and (2) current customers to adopt precautions now that the product's reliability has been disproved. Thus, the effectiveness of broadcasting the discovery of such weakness is in stark contrast with the technical deficits and managerial politics that typically hinder a company's ability (or its will) to respond to the issue.
If the weakness was known to the manufacturer prior to the disclosure, the release of that product would constitute fraudulent misrepresentation. The details of the demonstration in the video supports the argument that the manufacturer knew --or should have known-- about that weakness, since a padlock design is supposed to pass all kinds of tests of breakability and not be disabled by a screwdriver.
It is hard to deny that the notion that "the padlock is secure" induces customers to purchase the product. As such, the misrepresentation violates the contract law principle that a contract --such as a purchase-- be entered knowingly. See Restatement (Second) of Contracts at § 161-167. With respect to the publisher of the weakness, that misrepresentation renders the EULA-prohibition void. See Restatement at § 164(1).
Regardless of whether or not the manufacturer incurred misrepresentation, the manufacturer's decision to sue the publisher is only likely to backfire by bringing more attention to the poor design of the product.
In all, the manufacturer's best option is to do a product recall ASAP and enhance the design.
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
add a comment |
On the one hand, there are statutes that prohibit the delivery of instructions which distort or circumvent the official/intended use or safety of a device. For a somewhat related example of this, see MCL 750.540c(1)(3).
On the other hand, the company/manufacturer is unlikely to prevail under contract law no matter how clearly and conspicuously its EULA prohibits the disclosure of discovered weaknesses. That is because the prohibition in the EULA is outweighed by the severe vulnerability to which all other unsuspecting customers are subjected.
From the standpoint of public policy, people's awareness of the discovered vulnerability is certainly in the public's best interest. The disclosure will warn both (1) potential customers not to purchase a product that fails or misses its primary purpose, and (2) current customers to adopt precautions now that the product's reliability has been disproved. Thus, the effectiveness of broadcasting the discovery of such weakness is in stark contrast with the technical deficits and managerial politics that typically hinder a company's ability (or its will) to respond to the issue.
If the weakness was known to the manufacturer prior to the disclosure, the release of that product would constitute fraudulent misrepresentation. The details of the demonstration in the video supports the argument that the manufacturer knew --or should have known-- about that weakness, since a padlock design is supposed to pass all kinds of tests of breakability and not be disabled by a screwdriver.
It is hard to deny that the notion that "the padlock is secure" induces customers to purchase the product. As such, the misrepresentation violates the contract law principle that a contract --such as a purchase-- be entered knowingly. See Restatement (Second) of Contracts at § 161-167. With respect to the publisher of the weakness, that misrepresentation renders the EULA-prohibition void. See Restatement at § 164(1).
Regardless of whether or not the manufacturer incurred misrepresentation, the manufacturer's decision to sue the publisher is only likely to backfire by bringing more attention to the poor design of the product.
In all, the manufacturer's best option is to do a product recall ASAP and enhance the design.
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
add a comment |
On the one hand, there are statutes that prohibit the delivery of instructions which distort or circumvent the official/intended use or safety of a device. For a somewhat related example of this, see MCL 750.540c(1)(3).
On the other hand, the company/manufacturer is unlikely to prevail under contract law no matter how clearly and conspicuously its EULA prohibits the disclosure of discovered weaknesses. That is because the prohibition in the EULA is outweighed by the severe vulnerability to which all other unsuspecting customers are subjected.
From the standpoint of public policy, people's awareness of the discovered vulnerability is certainly in the public's best interest. The disclosure will warn both (1) potential customers not to purchase a product that fails or misses its primary purpose, and (2) current customers to adopt precautions now that the product's reliability has been disproved. Thus, the effectiveness of broadcasting the discovery of such weakness is in stark contrast with the technical deficits and managerial politics that typically hinder a company's ability (or its will) to respond to the issue.
If the weakness was known to the manufacturer prior to the disclosure, the release of that product would constitute fraudulent misrepresentation. The details of the demonstration in the video supports the argument that the manufacturer knew --or should have known-- about that weakness, since a padlock design is supposed to pass all kinds of tests of breakability and not be disabled by a screwdriver.
It is hard to deny that the notion that "the padlock is secure" induces customers to purchase the product. As such, the misrepresentation violates the contract law principle that a contract --such as a purchase-- be entered knowingly. See Restatement (Second) of Contracts at § 161-167. With respect to the publisher of the weakness, that misrepresentation renders the EULA-prohibition void. See Restatement at § 164(1).
Regardless of whether or not the manufacturer incurred misrepresentation, the manufacturer's decision to sue the publisher is only likely to backfire by bringing more attention to the poor design of the product.
In all, the manufacturer's best option is to do a product recall ASAP and enhance the design.
On the one hand, there are statutes that prohibit the delivery of instructions which distort or circumvent the official/intended use or safety of a device. For a somewhat related example of this, see MCL 750.540c(1)(3).
On the other hand, the company/manufacturer is unlikely to prevail under contract law no matter how clearly and conspicuously its EULA prohibits the disclosure of discovered weaknesses. That is because the prohibition in the EULA is outweighed by the severe vulnerability to which all other unsuspecting customers are subjected.
From the standpoint of public policy, people's awareness of the discovered vulnerability is certainly in the public's best interest. The disclosure will warn both (1) potential customers not to purchase a product that fails or misses its primary purpose, and (2) current customers to adopt precautions now that the product's reliability has been disproved. Thus, the effectiveness of broadcasting the discovery of such weakness is in stark contrast with the technical deficits and managerial politics that typically hinder a company's ability (or its will) to respond to the issue.
If the weakness was known to the manufacturer prior to the disclosure, the release of that product would constitute fraudulent misrepresentation. The details of the demonstration in the video supports the argument that the manufacturer knew --or should have known-- about that weakness, since a padlock design is supposed to pass all kinds of tests of breakability and not be disabled by a screwdriver.
It is hard to deny that the notion that "the padlock is secure" induces customers to purchase the product. As such, the misrepresentation violates the contract law principle that a contract --such as a purchase-- be entered knowingly. See Restatement (Second) of Contracts at § 161-167. With respect to the publisher of the weakness, that misrepresentation renders the EULA-prohibition void. See Restatement at § 164(1).
Regardless of whether or not the manufacturer incurred misrepresentation, the manufacturer's decision to sue the publisher is only likely to backfire by bringing more attention to the poor design of the product.
In all, the manufacturer's best option is to do a product recall ASAP and enhance the design.
edited 7 hours ago
answered 7 hours ago
Iñaki ViggersIñaki Viggers
13.8k2 gold badges22 silver badges36 bronze badges
13.8k2 gold badges22 silver badges36 bronze badges
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
add a comment |
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
OK, all sounds reasonable for the Youtube example, thanks. But, I guess if I reworded "weakness" to "intentional backdoor in case of accidental user self-lock-out" (and it really could be justified by engineers as the best method given technical trade-offs like power consumption), your first paragraph would apply and the company might have a little hope in legally keeping the details secret - It would help me to try to find the boundary where a "weakness" becomes a "backdoor", but maybe there is no good backdoor precedent here since using a backdoor is an unlikely company strategy.
– bobuhito
41 mins ago
add a comment |
Thanks for contributing an answer to Law Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2flaw.stackexchange.com%2fquestions%2f43569%2fkeeping-a-weakness-secret%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Possibly related: RDBMS companies like Oracle and Microsoft ban publication of performance tests without approval in their license agreements. stackoverflow.com/questions/12115397/…
– mkennedy
9 hours ago