Are Hack authors liable for the use of their work
 

This thread is 'inspired' by comments made in the Super Admins can Read Private Messages hack thread by Floris.

To not polute the hack thread more, all posts on the subject of liability of the author/vb.org have been split and put in this thread.

Feel free to continue the discussion in this thread.

MarcoH64
As the author, you SHOULD warn people that the use of this hack without the proper disclaimers when a user signs up is considered a violation of many state and some federal laws (at least within the US).

That is simple fact, not an ethical discussion.

You can not expect that a coder have knowledge of the laws in all countries in the world. It is up to the site owner to know his laws.

Courts don't see it that way. They also assign responsibility to the developer. Why do you think Microsoft is having their arse handed to them in European courts for practices that are completely legal in the US.

For HIS protection, Floris should mention that use of the hack may be considered illegal in some states and/or countries. The HE is covered and anyone who downloads it assumes the responsibility. Without that warning, he also remains liable under many laws. Not only that, this site would also be considered culpable.

You job as a moderator and his as the developer should be to protect yourselves from any legal ramifications. Don't you guys have a legal advisor? Take it to him if you don't beleive me when I tell you without these disclaimers, VB.Org and Floris would be open to a lawsuit either by the user of any site running the hack that became offended at their PM being read OR by a web admin for not being sufficiently warned after he/she is sued.

May I point out that the private msgs are stored plain text in the database, and phpmyadmin also discloses these messages to the people with the user/pass .. or to the user through shell > using mysql interface? Or any other UI that can read out data from a database? This is just a means to an end for the product vbulletin.

Doesn't matter. That has been decided in court too. That arguement was used by mail administrators sued for reading email. The legal precedence is that the law is the only impediment necessary because regardless of how the messages are stored, it there is an action prompted by a conscious decision that results in the law being broke. It doesnt occur by accident or happenstance.

Just one last word of advice. By actively discouraging discussion about the legal ramification, you are actually making yourself the primary target of any litigation. It shows motive towards keeping the implementers of this hack in the dark concerning their legal liability.

Feel free. If you're not interested in protecting your site or your developers from lawsuits, why the hell should I care? I'm not trying to convince anyone, just trying to educate the ignorant. But as is usually the case, the ignorant don't care to be educated.

Delete them all for all the good its done. And show us the value of freedom of speech in Europe all at the same time.

Oh lookie!!

A dead horse!!!


Let's beat the snot out of it!!!!! :D

I would have thought that Hack authors are not liable for the use of their work - If a user chooses to download it, they accept any liability related to them using it...

By creating the 'read pms' hack, it does not break any privacy laws because Floris cannot view the PMs on your site or any other site that he does not have his own hack installed on, and I would imagine that any site he does have it installed on he has a policy about being able to read people PMs...

You are talking about a conscious decision to view them - It also takes a conscious decision to download the hack, and whether you understand what it does or not, ignorance is not an excuse...

Satan

So, vb.com team members now issuing commands about what can be discussed on vb.org - did I miss the takeover then ?

Seems to me this person is simply warning you (and others) to be careful, a perfectly reasonable thing to do. But as with the last case (about copyright ?) everyone connected with the site seems to go into some sort of fit when advice is given. Most bizarre reaction.

To play "devils advocate", if someone created a software that would download mp3s illegally, would that person be liable for piracy caused by their software?

PMs are completely different than email. We've bounced this through a couple of legal beagles and it's perfectly legal.

Paul, we're privately discussing the issue as it's a valid concern :)

Does the word "Napster" ring a bell at all? ;)

exactly.....

Hey, I am not saying I haven't used the hack as I have had a problem with banned members signing up and causing trouble.......


I am thankful to Floris for the code, I just don't want her to get in any trouble on my behalf.

Her?

I understand people's concerns, and the reason I didn't want it discussed in the hack-thread is because the hack-thread is about the hack, not about chit chat. There is no vbcom staff takeover on vborg here (yet: /me continues to plot evil plan)

I don't understand how this is different then any other available means to read prvimsgs, as they're stored in plain text in the database.

When you view the privmsgs using mysql, phpmyadmin, pm.php or by dumping the .sql table and doing a cat table.sql |more

This is just another way of making viewing them easier.

To be honest, I think you're all just overreacting.

So here goes:

I am not liable for you or anybody downloading or viewing the source code of this pm.php file, using it or using it against me or anybody else. In whatever country, whatever hour of the day, nor can it be used as a tool to cause harm upon me in whatever form or means. By connecting to the internet you automaticly agree to all possible scenario's that could harm me, a vborg user who just posted a resource on vborg, not even made by me :) And you also agree that I am never responsible for anything, even if I forgot to write or point out those law rules, or whatever.

Ok ok since I personally like you, I am willing to settle this out of court right now for :

• One 24 pack of mountain dew
• One vbulletin license

Good save, Floris! LOL

And now for my 3 1/2 cents worth on the subject ... As I bought my license and I own my board and I am paying for it all, not the users, what gets posted on my site is mine to do with as I wish. Not that I would really care to read a bunch of pms, but you have to remember, after Sept. 11th, we found out that alot of communications leading up to that were done on boards just like ours. It's nice to have the option in case we ever needed it, and I pray to God we never do. Think about it. ;)

To ask a serious question, what do we own? Do we own the posts unless stated that they are copyrighted? Do we own the images if not copyrighted by member?

Floris already kinda replied to this, but since i was the one splitting the conversation i feel i also need to reply.

Floris did ask in his hack thread, not to use the support thread of his hack to be used for discussion about the moral or legal side of this hack. As the poster of the hack and the thread starter, he is entitled to do so, regardless of his 'status'.

Since his request was ignored, i splitted the posts that where not about the hack itself into a new thread. Floris never had the intention to forbid the discussion, only was asking to keep his hack thread clean from it.

I understand that by splitting the thread, some of the remarks may seem out of context, but only i (and the one who choose to ignore his request) si to blame for that.

FASherman, I greatly respect your point on this privacy issue :up:

I do not know about the legality and the various international laws, but I think it is at least the ethical thing for admins to do, to let members know in advance that they should not assume privacy when using the Private Messages system, if the admins intend to read them.

At the same time, I think Floris's wish to discuss this elsewhere should be respected. Not because privacy is not a big issue, but because hack threads are for the support of that hack.

The thread split was right on target, and don't let that offend you and stop you from participating in this important discussion :)

There are a lot of legal issues surrounding various aspect of online forums, and most of us can't afford to pay enough to cover our bases.

What's even more confusing is that you have now deleted the post I referred to, so now my reply looks odd. Perhaps you should delete this whole thing and start again.

i guess the makers of phpmyadmin are also liable? puleeze
all this hack does skip the step of going into phpmyadmin to read pms

posts, pms, and threads are all content which is copyrighted to the webmaster which gives him exclusive rights to do whatever he wants with it. as long as there is no privacy agreement between you and your members regarding private messages then you have the legal right to read their messages. of course on the topic ethics i would not but sometimes it may be necessary on some boards due to certain users and their misuse of the private messaging system.

I don't think this is correct. Even posts belong to their posters. The site owner does not own any copyrights over those posts. The site owner simply has an implied permission to carrey that content (the post) on the website/forum.

But I am not a lwayer (IANAL), just repeating what lawyers say :)

Floris,
As a vbulletin team member, I think you did the right thing.
You should always lean towards the 'safer' side when dealing with privacy issues.

All comments, images, etc posted by member is 'owned' by member unless they specifically agree to turn over ownership.

Thanks for clearing that up.

Although I don't agree with the member owning posts or anything else they post on a site, it's still safer for arguments sake to cover any and all bases. ;)

You are now again jumping to wrong conclusions. I did not remove the post you where referring to, nor do i have knowledge of anybody else removing it.

I think you quoted out of a post made by floris, that was later edited by floris.

The only post that was removed from this thread was a post with only an animated image of some bestiality, totally unsuitable for this forum

Okay, time for me to post something...

A. If you code something that allows another person to break the law, you may be liable to be sued for damages by the entity that suffered the damage because of the use of your code. For example, the makers of kazaa, which deliberately used a non-central system to avoid problems suffered by napster, was still successfully sued by the music companies, as it made sharing pirated music a lot easier. On the other hand, if you code vBulletin, and it's used by terrorists to plot bombing attacks, it's doubtful that a court would find Jelsoft liable. What is the essential difference between the two? In the first case, everyone knows you usually use a file sharing script to share files like music or video that are copyright. It's common knowledge. The courts know this. In the second case, everyone knows that a forum script is used for legitimate purposes. The courts also know this. So courts it seems look at what the main purpose of the script is - is it for a legal purpose or illegal purpose. A bit like writing a worm - there is no other use for it except to cause problems. If companies suffer damage, they will look for the worm author.

When it comes to reading your user's PMs, the question you have to ask yourself is:

1. Is this breaching my member's privacy?
a. Do I call them "private" messages?
b. Do I have a privacy policy on my site explaining what I will or will not read?
c. If I do read PMs, do my member's know this explicitly?
d. If they know, do my members give consent?

2. If reading PMs is a breach of privacy, then the next question is, is this illegal? This depends on where you are, where your server is, and where your member is - the law gets complicated here. In general, it's where the server is, but courts may find the laws of the member's country apply.

Remember, just because PMs are in a database that you can access using phpmyadmin does not mean that this is consent given by your member's to read them. They are called "private" messages for a reason.

Similarly, just because your ISP has your emails in their database does not mean you give your ISP consent to read your emails. An ISP may have a privacy policy that allows them to do it under certain circumstances (e.g. law enforcement direction). But normally, you would not like it if you know an ISP employee is reading your personal emails.

Bottom line: Is Floris going to be liable if a member sues a forum owner for breach of privacy? Only if the member decides to sue Floris as well, or the forum owner joins Floris as co-defendant - it's not automatic. Would the member win? The member has to argue that he or she suffered some sort of damages or loss. If he or she can prove this, then the courts will look to see what the purpose of Floris' script is. If the script is primarily used for an illegal purpose, then he may be in trouble. That almost certainly would depend basically on an individual forum's privacy policy. On some forums, it would be fine, since the member has consent to his private messages being read. But on other forums, it may be seen as a breach of privacy by a member.

Personally, I won't be reading member's PMs myself as my privacy policy states that I respect my members' privacy. But you may have a different privacy policy on your site. An absence of a privacy policy (which is crazy in this day and age) does not constitute an absence of privacy.

B. Floris did the right thing by stopping the discussion of privacy in his thread. That thread is for support of his hack. Feel free to discuss this issue here though. It IS an important topic.

[Disclaimer: the above is not formal legal advice - speak to your own lawyer - they are just general principles]

thanks Erwin ... (as always very informative)

Erwin how do you feel about ownership of posts images posted ect?

What about gun makers? Is the death of someone their fault? Or the person who shot the gun?

Meh I think this is ridiculous.

I think everyone just wants free money. It is ridiculous when I can't read what I own because someone else typed it. Tonight I'm getting a Privacy Policy up for the future.

Copyright automatically belongs to the creator of the posts or images unless the right is waived either by consent or implication - again, depends on your TOS. But don't assume your members have waived their rights over their posts just because you have a TOS - they must have consented to it.

[Disclaimer: yada yada yada - you know this is not legal advice]

So what you are saying is that a banned member could ask for me to go and delete all of their posts and I must comply?

Also what about the images that are uploaded to the gallery section with my watermark?

Again I am asking an opinion which the keyword is opinion everyone.

Thanks Erwin.

No you needn't comply at all - If you put a disclaimer in the registration screen where you have to agree to the terms when you sign up, that you have the right to retain information stored on your server if the user breaks forum rules, then even legally they won't have a leg to stand on because they have accepted this ;)

As long as you make it clear to people in policies they have to agree to before they can do something, you are within your own boundaries to dictate what they do :)

Satan

Yes, you have to comply, since they own their posts and images.

But you can ask them to compensate you for your effort to delete their posts which they made on your forum, since it was they who posted/uploaded it.

I had this happen before. And I told the member that I will comply, but require the reasonable fee of $1 per post (he had a couple of hundred posts), Since I will need to split them from threads, to avoid deleting other people's copyrighted posts in those threads (cannot be done with queries to handle thread starter and quoted posts). I never heard from him again.

Actually wouldnt that only appy to those who agree to it in future registers?

Depends on your TOS, whether it will be considered a binding contract, and whether the poster waived his rights. It's not black and white and really, the law on this is still being made as not many cases get to court.