From: Tom Weinstein <tomw@netscape.com>
To: Tim May <tcmay@got.net>
Message Hash: 5d2ce4a3772adc816585d81bcbe8283d7876ec3affbbda7e2c3aaf6e88929f4a
Message ID: <33A49D42.49741BF5@netscape.com>
Reply To: <v03020931afc8ee48fc8f@[139.167.130.246]>
UTC Datetime: 1997-06-16 02:13:46 UTC
Raw Date: Mon, 16 Jun 1997 10:13:46 +0800
From: Tom Weinstein <tomw@netscape.com>
Date: Mon, 16 Jun 1997 10:13:46 +0800
To: Tim May <tcmay@got.net>
Subject: Re: Homer on Terrorism
In-Reply-To: <v03020931afc8ee48fc8f@[139.167.130.246]>
Message-ID: <33A49D42.49741BF5@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Tim May wrote:
>
> At 5:11 PM -0700 6/15/97, Tom Weinstein wrote:
>> Tim May wrote:
>
>>> (What the Danes offered was a straight buiness deal, albeit made
>>> weirder and more frantic by the constraints of time, publicity, and
>>> worldwide attention. Still a business deal, though. When Collabra
>>> wanted X dollars to be acquired by Netscape, was this also
>>> "terrorism"? The term "terrorist" hardly applies in business
>>> deals.)
>>
>> If it was just a business deal, that would be okay. We would have a
>> right to not pay him. It becomes blackmail when he says "If you
>> don't pay me, I will try to damage you." That's what he did. He
>> said that if we didn't pay him, he'd time his press announcement to
>> coincide with DevCon in order to cause us the maximum damage, which
>> he did.
>
> It's still not "terrorism." Just ordinary high-pressure bargaining, as
> when a film star holds out to the last minute on a deal, knowing her
> value increases as the deadline approaches.
It's blackmail. IANAL, but I believe that blackmail consists of a
demand, and a threat to harm if the demand is not met.
If he had said:
"I'm going to go to the press on this date. You can buy the
information from me before that for X amount of money."
That would be an ordinary business transaction. Instead, what he said
was something like:
"Pay me lots of money or I will go to the press in such a way as to
damage you the most."
That is blackmail. It's clear that the money is to prevent the damage,
not just for the information.
> Or scads of similar examples, as when Netscape or Microsoft time their
> announcements for maximum impact.
>
> One can imagine people approaching a company with reports of a bug--as
> a certain math professor approached a certain chip company with
> reports of a strange FDIV problem--and being given the polite
> runaround. "Thank you for sharing. We'll have one of our QA engineers
> look into your report and maybe he'll get back to you."
>
> (I have no idea if Netscape reacted in this way, but I can imagine
> that the flow of bug reports may cause many to linger in the "In"
> baskets without action.)
As a matter of fact, we responded to him very quickly. The day after
we heard from him we had a phone call where Jeff Weinstein, Jim Roskind
(Java security), and I were present. We gave it serious attention as
we do with all security holes.
> By reporting the bug to PC Magazine and CNN-FN, the "value" of the bug
> information shot up rather dramatically. The Arrhus team may not have
> gotten any bucks from Netscape--and may not even get a free "Bugs
> Bounty" sweatshirt--but their consulting rates and business have
> probably both gone up.
He reported it to CNN because he was following through on his threat
when we refused to pay him not to.
> Browsers are big business, and high stakes poker. It's not surprising
> to me to see this kind of bluffing and "terorrism" (to quote Homer,
> with his rosy-fingered typing). What's surprising is that it hasn't
> happened more often, or at least hasn't gotten as much publicity.
"Terrorism" probably doesn't apply, since his aim was not political.
(Or doesn't terrorism have to be political?) I think blackmail is a
more appropriate term.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | tomw@netscape.com
transcending structure. -- The Tao of Programming |
Return to June 1997
Return to “Tom Weinstein <tomw@netscape.com>”