[Cryptography] Yahoo is sued for gross negligence over huge hacking

John Levine johnl at iecc.com
Sun Sep 25 13:17:20 EDT 2016


>> Pretty sure Yahoo have disclaimer they are "gross negligent", so the
>> suing is doomed, unless the morons failed to make such disclaimer.
>
>Perhaps not; my attorney told me (maybe about 5 years ago or so) that
>in the state of Ohio at least, you cannot "waive tort", especially in the case of
>negligence.

Yahoo is in California, and their terms of service have always said
that you agree that California law applies.

In the peculiar way that the law works, Yahoo would probably point out that
they've had large breaches before, and even though this one was larger, it's
not qualitiatively different, and anyway the users waived all remedies when
they signed up, and since they didn't pay anything they have no damages.

>I think Yahoo's bigger problem is what is this going to do with their
>pending acquisition plans by Verizon?

I doubt VZ will back out, since for some stupid reason they think they
need content to make money, but I can easily believe that they will
try to negotiate the price down.  Delaware law is unsympathetic to
attempts to renegotiate on bad news ("you're big boys and girls, you
should have done your homework") so this likely will depend on how
much Yahoo management knew when they were in negotiation and what they
should have told VZ about it at the time.

ObCrypto: so how do you store info for half a billion accounts so the
users can get to it but it can't be stolen wholesale, and it scales
well?  Press reports say that Russian hackers were looking for about
40 Russian accounts, but while they were there they took everything
else.

R's,
John


More information about the cryptography mailing list