Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!psuvax1!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: dmg@retina.mitre.org (David Gursky) Newsgroups: comp.virus Subject: RE: AIDS Trojan (PC) Message-ID: <0004.8912141301.AA29075@ge.sei.cmu.edu> Date: 13 Dec 89 14:11:26 GMT Sender: Virus Discussion List Lines: 22 Approved: krvw@sei.cmu.edu The AIDS Trojan Horse discussed by Alan Jay and John McAfee raises some interesting questions about accountability. Ignoring the issue that it is unlikely that the U.S. Government is unlikely to get cooperation from the Panamanian authorities in apprehending the culprits and bringing them to trial in either country, could the perpetrators be held liable under U.S. law for damages, when the licensing notice clearly states the program is not licensed to be used in the United States, and that damage will result if you attempt to do so. In the broader case, could the perpetrators be extradicted to one of the European countries that have better relations with Panama, and be held liable for damages even though the license says not to use the application without first paying for it. One consequence of this attack (although I find it unlikely legal authorities will be able to take advantage of it because of the situation in Panama) is that the perpetrators should be relatively easy to track. Someone rented the Post Office box in Panama. Hopefully someone is picking up the mail from that box, and from there it goes to the people behind it, somehow.