[Dshield] Consensus Question

Paul Marsh pmarsh at nmefdn.org
Thu Dec 4 18:34:36 GMT 2003

I think you're right, below is the response from my attorney when I
asked him what his take was on it.

I think it would be a good idea to draft a standard contract for your
company for several reasons.  First, it insures a contractual
arrangement so that if a customer failed to pay you for services
rendered you could easily recover monies due to you.  Second, you could
provide general info about changing account numbers, passwords, etc. and
advice about how better to protect their box in the future (which also
lessens potential liability).  Third, you include "hold harmless",
liability limitation and release language so that there is no way
someone can successfully sue you.  However, you must get the customer to
sign the agreement, simply providing it to them before or after the fact
is not enough.  

>You would be well advised to consult an attorney so that your service
agreements contain a "hold-harmless" and "limitation >of liability."
Whether the customer believes that their bank accounts and credit cards
are compromised or not, I would
>have the customer sign a hold-harmless and limitation of liability
agreement(s) which reads that you have discovered a
>malicious program that has the potential to cause serious injury to the
customer's financial and physical  well-being
>(Someone, using this information could show up at their address to rob
them - who knows what could happen) and that you
>will accept no liability for those potential damages. I mention this
because this is a litigious society and people do not
>understand our business. As a result, you could wind up being sued.

>Now, having said all that, I think that a customer would then be
motivated to change their account information after
>being presented with a "hold-harmless" and "limitation of liability"
contract by you.

More information about the list mailing list