This is once again proving that, while I understand the language, probably shop the same things, the USA is a strange place for me. This 'just sue' culture seems weird. It seems that the whole point is to run to the court and claim 'He did something wrong. Please spend a lot of time to check that I actually have a point and if I'm lucky, please define a grossly exaggerated sum in damages'.
I _know_ I'll take flak for this, but it warps my mind. The nation that always, even if it hurts, defends the right of free speech, seems to severely limited elsewhere. It sure looks like you can _say_ anything, but _doing_ anything could lead to a nightmarish jungle (political correctness/discrimination, braindead users don't get the concept of 'hot coffee' and it's your fault, chocolate eggs with toys inside are mightily dangerous) of potential problems.
Reality matters. Details matter. You seem to have lost focus on them:
- Did Dropbox promise its customers that it had very good security?
- Did Dropbox thereby gain an advantage over its competitors?
- Did customers, trusting Dropbox, put private data on their servers?
- Was some of that data quite valuable, and was there quite a lot of it?
- And did Dropbox open a gaping security hole in their systems and then leave one hundred percent of that data exposed for hours? And did that constitute negligence?
From what little I know I'd say the answer is yes on all counts. But I'll concede that reasonable people might disagree, especially after a detailed investigation. Fortunately we have a mechanism for adjudicating significant disputes among reasonable people by conducting detailed investigations: It's called a court.
Now, what I don't know is: Do these events rise to the level where a legal remedy is called for? How big should the remedy be? And are Dropbox's terms of service, which every customer presumably clicked through at some point, going to protect them from being held liable for negligence? Heck if I know. I'm not a lawyer. Fortunately, lawyers are lawyers.
I can't understand why you've picked this particular case to freak out about. Why are you so alarmed to see a company which was, by all appearances, negligent and in breach of contract getting sued for negligence and breach of contract? What kind of surprise is this? It's like water flowing downhill. If a company "accidentally" appears to break a contract, the company has to explain itself. If it "accidentally" breaks the law, it gets taken to court to plead its case. And if it is found to have "accidentally" committed negligence, it gets held liable.
Yes, I know that it seems like an understandable mistake that could happen to any engineer. I feel for those folks. But this is the big leagues, and excuses are not what engineering is about. Engineering is about anticipating mistakes and designing safeguards, and when real engineers (as opposed to fake "software engineers" like myself) screw up a project badly enough a negligence suit is often the least of their problems. They lose licenses and sometimes even go to prison.
Fortunately, nobody appears to have been seriously injured and perhaps nobody will even lose their job. A corporation has been sued, and maybe it will pay. In the meantime, it will re-prioritize its backlog to include better automated testing. ;) This happens. Don't take it so personally. This is what being a corporation is all about. This is why corporations exist.
Somehow this thread of mine got larger than I imagined.
I don't think I've lost my touch on reality. Details? Maybe. I'm also not proposing that Dropbox didn't do something stupid.
But why would you sue? Because someone told you that your data ~could've~ been potentially accessed? I'm not against calling a lawyer in general. But these kinds of (class action) cases regularly look like [Note: Still firmly anchored in reality here. Maybe just in a different culture..] witch hunts to me personally. Like angry/annoyed mobs.
Again: Note that I don't say "these people have no right to sue" nor "the people in this particular case are equivalent to a medieval party of farmers with torches and improvised weapons". This whole thread is mostly "Why oh why?" and less "You're doing it wrong".
In the end I really like edw's comment further down in this thread:
"I think there's no question that Dropbox seriously dropped the ball, but as programmers we should be extremely concerned about the prospect of companies being held liable not just for actual damages but theoretically possible and potentially non-economic yet non-existent damages."
we should be extremely concerned about the prospect of companies being held liable not just for actual damages but theoretically possible and potentially non-economic yet non-existent damages
Well, perhaps if they are held liable for unreasonable sums, and that decision survives appeal, I'll be concerned. But nobody has held anything yet. The issue has gone to court.
Witch hunt? Angry mob? The issue is in court. That is the complete opposite of an angry mob.
How, exactly, are people supposed to seek redress if they have signed a contract with Dropbox, the contract was breached, and they were dissatisfied with the response? If they shouldn't go to court and file suit, what should they do? Bribe the czar's ministers? Recruit their relatives and start an old-fashioned Kentucky feud, complete with snipers and ambushes? Start an astroturf campaign of character assassination on Twitter?
And, again, this isn't some patent troll seeking a quick settlement.
Sometimes they are witch hunts (or maybe "money grabs" is a better term). But there are also many instances where they have effected real change for the better.
A potential settlement in this Dropbox case could be: Dropbox pays off the lawyers (of course) but also agrees to hire a Chief Security Officer and submit to quarterly security audits by an outside company for the next year.
In the absence of a strong government consumer protection bureau, the class action lawsuit is one of the primary ways Americans force corporations to take responsibility for their actions.
People and companies, in the United States, and many other common law countries, have certain duties to other people. If McDonald's serves coffee, they have a duty not to serve it so hot and make it so difficult to open that it can spill on you.
That case is just a terrible example of frivolous lawsuits because it had plenty of merit. Actually the vast majority of lawsuits labeled as frivolous, with huge judgement, tend to skim over the details and make it look like the plaintiff hit the lottery with a mild inconvenience: "Oops, she spilled coffee and became a millionaire!"
While our legal system could certainly use a lot of improvements, lawsuits that actually go to trial are being vetted quite a bit.
>braindead users don't get the concept of 'hot coffee' and it's your fault
The coffee was served hotter than it should have been, and wastely hotter than it would have been if it had been taken from the machine at home, it was served in a cup that was so difficult to open that the customer had to put it between her legs, and when the coffee was spilled she suffered 3th degree burns to her crotch.
And she only asked that they payed her medical expenses. It was the jury who gave her all those millions.
Okay, okay. I don't claim to be an expert on that case.
But: If you buy coffee, it's hot enough to hurt you (or it's crap. There's a range of temperatures that are decent, and personal factors determine what is deemed too hot as well).
I don't buy the 'had to put between the legs to open the cup' thing. In that case don't do it near your private parts, open it properly. Not between your legs, probably sitting in a car. Why is there no applied concept of common sense?
Leaving the whole cause of the accident aside, the next part was really emphasized my point:
The jury gives you millions for 'damage'. Let's not discuss if the problem was the person sueing, but what you have to think about is this:
What message are you sending out, if someone suing a company for (arguably only) slightly irritating service (a couple degrees ~too~ hot, usability issues with a coffee cup, both probably annoying but didn't completely destroy the tiny rest of that company's customers..) could get you the FU money this community is often obsessed about? If you asked for the money on day one of the trial or made the jury feel so sorry for you that they drown you in money at the end is not relevant.
Which leads to my first post again: A culture of fear for being sued, with damages completely out of proportion [1].
1: In a large area of the world. I understand that it can seem completely normal if you limit your view to the area where this is happening.
It was hot enough to melt her genitals and cause serious disfigurement. If she had spilled it anywhere, she would have been seriously injured...
The coffee was scalding hot. The temperature of the coffee was from a corporate order intended to save a few bucks on having to re-brew coffee. The McDonald's corporation was negligent.
In this case, Dropbox was horribly negligent. Releasing all of the data in my Dropbox folder to everyone is not a 'minor inconvenience'. It is a big fucking deal, particularly if I had no idea it could happen so easily, and I am paying them under the assumption that their service is relatively secure.
I think there's no question that Dropbox seriously dropped the ball, but as programmers we should be extremely concerned about the prospect of companies being held liable not just for actual damages but theoretically possible and potentially non-economic yet non-existent damages.
How do you heat liquid water to more than 100°C? Coffee is supposed to be just below 100°C when you brew it, or it is not good. Goes for home made or McD coffee. Whatever, maybe in some parts of the world, the laws of physics don't apply and liquid water does not lose energy though evaporation...
Back on topic: Dropbox is telling everybody that they are "encrypting" stuff on their drives. How do they decrypt without a password? This case is a much different from the "stupid McD coffee customer" case, because details on cloud storage technicalities are not common knowledge, whereas "boiling water may be hot" kinda is.
"hot liquid" and "liquid so hot that it will burn my skin" are not necessarily the same thing. Unless you think that people should feel afraid of a hot bath or a hottub (or even going to a hot spring).
In more precise terms, 'boiling' is a subset of 'hot.'
If you increase the atmospheric pressure, you can raise the boiling point of water well beyond 100°C. Of course, that has little to do with brewing coffee.
So you bring the water to a boil, and then let it sit for a minute, then pour it over the grounds. Then as the coffee steeps, the liquid further cools down. It is just below 100 when you brew it.... not when you drink it. It is much cooler when you drink it, (65 to 80 C).
> Which leads to my first post again: A culture of fear for being sued, with damages completely out of proportion [1].
There had been more than 700 previous cases, where McDonald had settled with the victims for a total of more than US$ 500.000, but hadn't changed their practice. The wast majority of the damages in this case was not "compensatory damages", intended to compensate the victim for her injury, but "punitive damages", intended to be large enough that McDonald would change their business practice. The punitive damages were set to be equivalent to two days worth of coffee sold at McDonald.
We can argue whether McDonald should be forced by law to lower the serving temperature. A UK court came to the opposite conclusion in a similar case. However, if we accept that as a premise, the size of damages doesn't seem out of line.
> If you buy coffee, it's hot enough to hurt you (or it's crap. There's a range of temperatures that are decent, and personal factors determine what is deemed too hot as well).
McDonald's keeps coffee at >82°C, which is much hotter than any coffee served elsewhere.
No, that's not true - it depends on where you buy it from and what their policy on coffee temperature is.
And I don't know if you bought coffee from McDonalds, but at some point they used to serve coffee in containers made out of a thick layer of cellulose (from what I could see) which wasn't leaking any heat; giving you absolutely no clue whatsoever to how hot or cold the coffee was just by holding it. Think about that for a second - when you're holding a glass with hot tea or coffee, you can feel it in your hand. But what if that glass was cold as if holding iced tea?
Yes, I got burned too, but not as badly as to suffer 3rd degree burns and I still buy coffee from McD. But I imagine I would get pretty pissed too above a certain threshold.
Here's a good recent documentary that goes into detail about the famous hot coffee case. It was eye-opening for sure. I never thought that I would going in, but I came away thinking McDonald's was woefully negligent in that case.
Where is the logic there? Something is difficult to open so the immediate response is to put it between your legs? And it's a hot beverage? Sorry...that's idiotic. Zero dollars. Stop wasting the court's time. It doesn't matter what McD did or did not do. You are primarily responsible for your own well being. Nobody tricked her into thinking the coffee was iced tea. Nobody told her that she must use her thighs (?!) to open it.
Sure that doctor gave you the wrong medicine, but you're responsible for your own well-being. How hard is it to Google the name of the medicine and see that it has nothing to do with your condition? How hard is it to remember that the medicine that the doctor told you he was writing a prescription for and the one that he actually wrote on the paper aren't the same? Stop wasting the court's time. Zero dollars.
Not the same logic at all.
Being given the wrong medicine is entirely different due to the relationship between patient and doctor. That is a relationship defined by the position of trust the doctor has. It is a privileged relationship. And a Doctor is known to have years of training and experience behind his belt.
The relationship between a customer and a minimum-wage worker employee is entirely different. You don't expect them to have the years of training and experience behind them to help ensure everything runs smoothly.
You step into someone's hot tub and the water was (actually) boiling. Now you have second degree burns from the waist down. But you should have known better. It's called a hot tub, right? You knew there was a risk that you would be burned by the water. You're just an idiot for assuming that you could just jump in. Stop waisting the court's time. Zero dollars.
(There is no 'position of trust' with a 'hot tub operator,' nor do you require years of training to own/operate a hot tub).
In addition to lambada's response about the doctor-patient relationship, there is also an expectation of common knowledge. You are not expected to know anything about the medicine given to you since that is the doctor's responsibility, but you are expected to take it as instructed. You are expected to know that if you do anything unusual with it you may be putting yourself in danger.
If you do something idiotic like crush it up into powder, then snort it at five times the dosage, that's on you. If you then go into shock and suffer a stroke, guess what.... zero dollars, stop wasting the court's time, you are an idiot.
> political correctness/discrimination, braindead users
> don't get the concept of 'hot coffee' and it's your
> fault, chocolate eggs with toys inside are mightily
> dangerous)
All this looks like vicious circle to me: more and more common sense, simple thinking and moral judgement is "outsourced" to laws and people not bothering to think for themselves are becoming weaker and weaker at making this kind of decisions themselves :(
PC for some reason irritates me greatly, I am not even sure why. Society moving towards total PC looks like Universe moving towards thermal death.
In many cases it seems absurd. For some reason people believe that if something bad happens, someone is at fault. They expect 0% probability of anything bad happening and if they don't get that, they may sue.
I don't think anywhere in the world is like this. It's completely unrealistic. It's impossible.
And yet, at the end of the day, perhaps it forces our society to always be improving. Maybe our country is where it is today because we demand the impossible.
Whoa! Stop the horses! I understand that Europe is moving to a mono-state, but we still have very separate jurisdictions in the USA. She sued in CALIFORNIA by finding some class-action lawyer junkie. That suit would have been thrown out in the other 49 states because she is suing on laws/grounds that simply don't exist there. On top of that, the suit may go nowhere in California too, because she didn't suffer any damages ... her account wasn't compromised. She just heard that other accounts were. That's a joke.
At some point in the last 50 years the US has developed a significant subculture of lawyer-worship. It's not unusual to see commercials hourly on TV asking for people who might have suffered in one way or another to contact a law firm for a lawsuit. Lawyers find "little people" who have been wronged, sue in court, pocket millions, then go on to the next case. Effective lawyers make a killing at this business, and don't be mistaken: it is a business.
The little folks, seeing other people make all the bucks, aren't stupid. They look for ways in which they might have been wronged and contact lawyers. For many, "winning the lottery" and "having a big lawsuit" are the same thing -- a way to easy money. The lawyers are all too willing to play along, setting up mills where good cases are sorted from bad ones. They take part of the profits to advertise for more. It becomes a feedback loop, which is sad, because there are a lot of people who have been really wronged and need legal help.
What we need is tort reform, but every time somebody brings it up they're called either an apologist for big evil corporations or a heartless bastard who could care less for the downtrodden. So the cycle continues.
The commercials aren't there because people worship lawyers! I think most Americans aren't actually all that fond of lawyers. They're there because there is a lot of money at stake. When each new client can bring you tens or hundreds of thousands of dollars, you can afford to take out TV ads.
It's the same reason "mesothelioma" was the most expensive keyword on Google.
"Mesothelioma" is a lucrative keyword because anyone who has mesothelioma has most likely been grievously injured by some commercial entity. I'm sure there's lots of scams revolving around it, but it's hard to imagine a clearer-cut justification for suing a company than that company negligently giving you terminal cancer.
These two parent comments --- unintentionally, I'm confident --- give the impression that "mesothelioma" is a get-rich-quick scheme for plaintiffs. But if a plaintiff actually has mesothelioma, I don't think it's anything to snark about.
I happen to think the conduct of the asbestos industry is a strong argument for a corporate death penalty. And executives who knowingly exposed workers to dangerous materials should be in jail.
My point was that legal ads are prominent because there is a lot of money at stake, not because everybody loves lawyers.
Don't apologize; I'm not taking you to task. And sure, there's a lot of ads because there's a lot of money at stake. But that's also in some ways a good thing: it ensures that everyone harmed by (say) asbestos is aware that there are remedies available to them.
The U.S. has made a choice not to have any effective regulation of such things. Perhaps in another country, there are data security regulations with a regulatory agency in charge and when you have such a breach, you get a call from the government which is annoyed with you. The regulator imposes some sort of fine, demands an action plan to fix the problem, and generally fixes things and reduces the chances of them happening again.
The public, being satisfied that things are now fixed and realizing they weren't really harmed, declines to litigate.
Or there's the U.S. model. Since there is no regulator fixing things, the only way of effecting change is to litigate. The regulatory role has been outsourced to the courts. Of course, the courts are poorly equipped to be regulators, but it's like using a hammer when you really need a wrench: you haven't GOT a wrench, so the hammer must make do. So the courts make do and in general it costs more and regulates worse than a proper regulator would, but hey: you haven't GOT a wrench.
This is once again proving that, while I understand the language, probably shop the same things, the USA is a strange place for me. This 'just sue' culture seems weird. It seems that the whole point is to run to the court and claim 'He did something wrong. Please spend a lot of time to check that I actually have a point and if I'm lucky, please define a grossly exaggerated sum in damages'.
I _know_ I'll take flak for this, but it warps my mind. The nation that always, even if it hurts, defends the right of free speech, seems to severely limited elsewhere. It sure looks like you can _say_ anything, but _doing_ anything could lead to a nightmarish jungle (political correctness/discrimination, braindead users don't get the concept of 'hot coffee' and it's your fault, chocolate eggs with toys inside are mightily dangerous) of potential problems.