January 17th, 2003, 02:15 PM
Proxy Liability Question
Our company (security related) wants to try to protect our customers when online via proxying. We have the means of setting up a dedicated proxy server with its own static ip. Its use would be limited (against payment) to our customers only (via identification). We would also use virus scanners, as well as filter out bad urls. My question is......
If the proxy is compromised (an unauthorized user manages to surf via our proxy) and does "bad" things to others (hiding behind our proxy), who is held liable. Do we have to follow some "standard" procedure as in a permission to setup a proxy (against money that is), and in case of a compromise, who's fault is it officialy. Ofcourse we will have logfiles and make them available to authorities if needed. But if the whole server gets compromised (as in deleting logfiles etc....), can we be held responsible in any way. Also, if a virus or any other harmful code does bypass our scanners/filters, and does harm one of our customers, up to what point are we liable? Thing is, i dont know what terrms im actually looking for to search via search engines. The other thing is, here in Greece, things are behind quite a bit, so the word proxy doesnt mean much to "most" authorities/ISP/users. Im sorry if this last statement sounds offensive to Greeks, no offense intended, but i cant express myself any other way. Any advice would be very welcome.
Cheers to all AO surfers.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
January 17th, 2003, 02:34 PM
I think the log files should be enough... Haxors use proxies all the time- it would be almost ridiculous for your gov't to hold you/your firm liable, esp. since they hacked into your proxy... That would be kind of funny if the gov't started prosecuting those who were hacked, lol...
Btw- I’m not a lawyer (def. not a lawyer in your country)… Look up the laws, but I would guess “no”!
yeah, I\'m gonna need that by friday...
January 17th, 2003, 02:40 PM
Would this be a compulsary measure for your clients, to connect to the www via this proxy?
Well i would guess, that because you are running the proxy server then you would be responsible for securing the server so that an unauthorised person could not compromise it!
Again if the user does not have to connect via the proxy then you are not liable, as this was the users choice to use the proxy!
Thats my opinion on this, but by no means am i up to speed on the legalities of this...