%0 Journal Article
%T Security in Cyberspace: Combatting Distributed Denial of Service Attacks
%A Jennifer A. Chandler
%J University of Ottawa Law and Technology Journal
%D 2003
%I 
%X [Abstract] This paper selects one aspect of the cyber security problem for close analysis, namely that of distributed denial of service attacks ("DDOS"). The positive externality problem of cyber security investment is posed fairly clearly in this context, and the many types of parties implicated in some way in a DDOS attack offer numerous possible objects of legal or regulatory pressure. Having explored the possibility of applying legal pressure to the various types of parties involved in a DDOS attack, the paper concludes that it is likely most efficient to address the problem by focusing on software insecurity. One way in which to encourage improvement in software security is to impose liability in negligence for software that is unreasonably insecure. The victim of a DDOS attack would be a good plaintiff in such an action as the DDOS victim is not open to charges of contributory negligence in the way that an end-user who failed to install patches would be. The proposed tort claim must overcome judicial reluctance to award damages in negligence for pure economic loss. It must also establish that there is a sufficiently close relationship between software manufacturer and DDOS victim to justify a finding of a duty to protect the plaintiff against the deliberate harmful conduct of third parties - a ground of negligence that is recognized, inter alia, within the landlord-tenant relationship. Can it be said that a quasi-monopolist vendor of key Internet-related software is an "architect" or "landlord" in cyberspace? *****[R¨¦sum¨¦] Cet article passe au peigne fin un aspect du probl¨¨me de la s¨¦curit¨¦ informatique, celui des attaques de refus de service distribu¨¦ (RdSD). Le probl¨¨me de l¡¯externalit¨¦ positive de l¡¯investissement dans la s¨¦curit¨¦ informatique se pose assez clairement dans ce contexte. Vu la diversit¨¦ des parties en cause d¡¯une fa on ou d¡¯une autre dans une attaque de RdSD, il y a maintes raisons d¡¯exercer des pressions juridiques et r¨¦glementaires. Examinant les pressions possibles en droit contre les diverses parties en cause dans ce genre d¡¯attaque, l¡¯auteure conclut qu¡¯il est peut-¨ºtre plus efficace d¡¯aborder le probl¨¨me sous l¡¯angle de l¡¯ins¨¦curit¨¦ des logiciels. Une fa on d¡¯encourager l¡¯am¨¦lioration de la s¨¦curit¨¦ des logiciels serait d¡¯imposer une responsabilit¨¦ en n¨¦gligence pour les logiciels qui n¡¯offrent pas de s¨¦curit¨¦ raisonnable. Les victimes d¡¯une attaque de RdSD seraient bien plac¨¦es pour porter plainte, car elles sont ¨¤ l¡¯abri des accusations de n¨¦gligence concurrente comme le serait en bout de ligne l¡¯utilisateur qui omet d¡¯in
%U http://www.uoltj.ca/articles/vol1.1-2/2003-2004.1.1-2.uoltj.Chandler.231-261.pdf