Mt.Gox and void trades: Force Majeure

[Horkabork]

Thank you for making this post, MagicalTux. You posting here and keeping dialogue open, even while being pestered by people and accused of either vile or hilarious things, is a great thing. It would be nice if you could hire someone to be a perpetual forum contact, because it relieves people to see constant interaction, even if if they disagree with you.

I've been a bit critical, but straddling the fence because I would personally stood to benefit from the rollback not happening and I am torn between logic and my greedy anger rearing up thinking of the hookers and blow that I could have bought with the profits. Okay that's a lie, I probably just would have bought a reuben sandwich, but I am terribly angry at this awesome reuben sandwich that you have stripped from my hands.

Dude, my lowest active order was for $2. Do you know how many ruebens I could have bought? At least 7, and not the crappy ones with processed corned beef and crappy americanized swiss cheese, but I'm talking pastrami and real, thick-cut corned beef.

Okay back to the subject. While it's great to see you posting, your argument is practically worthless because you're presenting your own legal reasoning. Never do that, even if you're a lawyer, because we don't know whether to believe you or not and, even if entirely true, you are stating something that is of benefit to you to a bunch of people who feel they were just screwed by you. (The people who don't feel screwed are not really posting very much... "critics have louder keyboards").

In other words, even if you're right, you're wrong. You probably are right, but you need someone else to say it while you sit back and field questions. This is what politicians do when the crap hits the fan.

[1714003052]

1714003052

[1714003052]

1714003052

[1714003052]

1714003052

[BubbleBoy]

Say the hacker redirects the mtgox site to an identical clone, duplicates everyone's $ balance and password, and post a price of 0.0000001 USD/BTC. If everyone rushes to buy a total of  1 billion bitcoins worth a total of 100$, do you think mtgox should be liable for the 18 billion USD "loss" the traders incurred at current market prices ?

As long as your money is in the mtgox system, it's their rules and their site. No contractual obligation exists if you simply saw some numbers on your computer screen that might have looked like you were suddenly rich. It might have been hackers, dead pixels, or ghosts. No one knows until you get the money in you bank account.

It's only from the kindness of their hearts that mtgox give you details about what actually happened with the site. For all you know, they could claim the story in the first paragraph: you were trading on a hacker site, domain system is not 100% reliable, we don't owe you nothing; sue ICCAN and ask for a better DNS system.

[bitcoinminer]

More importantly:

http://www.golflink.com/list_1703_play-as-lies-golf-rule.html

In the United States Golf Association's "Rules of Golf," Rule No. 13 is referred to as "Ball Played As It Lies." This rule prohibits improving the lie, the area intended for making a swing, the line of play or the area in which the ball is to be dropped or placed. In general, a golf ball should be played where it lands without any change to the overall situation. Besides the exceptions built into the rule, relief also may be granted by officials on a case-by-case basis.

Read More: The Official "Play It As It Lies" Golf Rule | GolfLink.com http://www.golflink.com/list_1703_play-as-lies-golf-rule.html#ixzz1Pu7DuueQ

Improving the Situation
The Rules of Golf forbid improving the situation in which a golf ball has come to rest. This includes "moving, bending or breaking anything growing or fixed," moving or pressing down the surface on which the ball lies, making or removing "irregularities" on the playing surface, or moving any form of water (including dew or frost).

Exception: Stance
If your ball lands such that you are not able to stand on playable ground--such as if your stance would be on a cart path or sprinkler head--you may move your ball one club length from the spot where it lies, but not closer to the hole.

Exception: Backswing
If you inadvertently move your ball while making your stroke or on your backswing, this is not considered improving your lie. The exception reads: "in making a stroke or the backward movement of (the) club for a stroke," as long as the stroke is made.

Exception: On the Tee
On the tee box--when beginning a hole--a player may improve the ground on which the ball is teed. For example, you may place the ball on a tee anywhere on the tee box and you may remove weeds, press down the grass around the tee or wipe away loose impediments. In addition, if the ball falls off the tee at or before address, you may re-tee without penalty.

Exception: On the Green
On the putting green, you may mark your ball and replace it at the spot where it landed. You may also repair the green in the line of your putt or remove any sand, dirt or other loose impediment.

Hazards
If your ball lands in a hazard, and you touch the ground or water while trying to prevent a fall or while removing an obstruction, there is no penalty as long as you do not change the lie of the ball. In addition, after taking a stroke in a hazard, a player may "smooth the sand or soil in the hazard" even if the ball is still in the hazard, as long as the lie of the ball is not improved.



Read More: The Official "Play It As It Lies" Golf Rule | GolfLink.com http://www.golflink.com/list_1703_play-as-lies-golf-rule.html#ixzz1Pu7IQC9b

[ius]

Unfamiliar with Japanese law (and you appear to be applying the law whilst not being a lawyer either), and there was no 'contract' between traders and MtGox, but I'll shoot anyway (this is taken from Wikipedia, based on French law).

In the text below, I'm taking two scenario's into account:
1. An external financial auditor was compromised and a copy of your database was stolen. Your lack of details on this subject makes me doubt the existence of said auditor.
2. Your site was compromised due to a throughout lack of protection against SQL injection

The understanding of force majeure in French law is similar to that of international law and vis major as defined above. For a defendant to invoke force majeure in French law, the event proposed as force majeure must pass three tests:

Externality
    The defendant must have nothing to do with the event's happening.

An obvious failure here, in both cases.

Unpredictability
    If the event could be foreseen, the defendant is obligated to have prepared for it.[3] Being unprepared for a foreseeable event leaves the defendant culpable. This standard is very strictly applied:

    CE 9 April 1962, "Chais d’Armagnac": The Conseil d'Etat adjudged that, since a flood had occurred 69 years before the one that caused the damage at issue, the latter flood was predictable.
    Administrative tribunal of Grenoble, 19 June 1974, "Dame Bosvy": An avalanche was judged to be predictable since another had occurred around 50 years before.

In case of 1: You could not have known the auditor would be compromised. Pass.

In case of 2: You willingly operated an insecure exchange. You had been notified of security vulnerabilities before the database was stolen. Thus, you could have expected someone would try to exploit any leftover vulnerabilities.

Irresistibility
    The consequences of the event must have been unpreventable.

In case of 1: You shouldn't have provided your auditor access to usernames, emails and passwords.
In case of 2: A thorough audit and proper rewrite/overhaul of the website would have liekly prevented the attack


Sorry, not 'force majeure' if you ask me.

[Superform]

MagicalTux dont listen to the haters, this sort of thing, although disruptive will only strengthen the markets in the future, as an active day trader for the last 12 years or so my one major concern when I first wanted to deposit money, was that the buying process looked really amatuer hour compared to the security I am used to trading shares.

It looks like a proper level of security and account verification will be coming to Mt Gox which in turn will only make others feel safer trading.

The sorts of things i'm used to when trading -

user name that is issued by you.
trading password which is snail mailed to the user - or perhaps sms trading token

[Superform]

and as a tip for Mt Gox.. get a ToS

[MagicalTux]

Let me quote a part of our generic terms of service about Force Majeure:

Tibanne Co. Ltd., agents, partners, ICANN, the central registry nor any person involved in the registration will be liable to the customer or any third party for any direct or indirect loss of profits, earnings or business opportunities, damages, expense, or costs resulting directly or indirectly from any failure to perform any obligation or provide service herunder because of any Force Majeure, or governmental acts or directives, strikes, riot or civil commotion, war, hacking, any natural desaster, equipment or facilities shortages which are beeing experienced by providers of telecommunication services generally, or other similar force or condition beyond Tibanne Co. Ltd.‘s reasonable control.

And another one:

For all services of Tibanne Co. Ltd. liability will be limited to intention and gross negligence.

We had no intention of getting this to happen, and we have followed every industry standard to make this secure. Despite this it happened. We have learnt new things (especially that lots of people want Bitcoin to disappear).

[bitsalame]

MagicalTux dont listen to the haters, this sort of thing, although disruptive will only strengthen the markets in the future, as an active day trader for the last 12 years or so my one major concern when I first wanted to deposit money, was that the buying process looked really amatuer hour compared to the security I am used to trading shares.

It looks like a proper level of security and account verification will be coming to Mt Gox which in turn will only make others feel safer trading.

The sorts of things i'm used to when trading -

user name that is issued by you.
trading password which is snail mailed to the user - or perhaps sms trading token

Not haters. We are lovers who became disappointed.
"Acts of God" are unpredictable, unforseeable, uncontrollable events that escapes our power to counter it, foresee it and/or prevent it.
The best example are when there is a blizzard and a plane can't take off: THAT'S FORCE MAJEURE, AKA. ACTS OF GOD there isn't anything in the power of the airline to prevent or stop a blizzard.
In those cases you can't do anything, and you aren't entitled to any compensation from the airline (no hotel, upgrades, no shit)
(But if it was forecasted blizzard but the airline forgot changing the schedule, it isn't Force Majeure anymore, it become negligence)

If the plane blows a tire and there is no spare left, even if in the maintenance log clearly stated that needed one.
THAT IS NOT FORCE MAJEURE. (Analogy: YOU KNEW YOU HAD BUGS, YOUR EMAIL WAS BEING FLOODED WITH MAILS REGARDING TO THE EXPLOITS)
In those cases you usually get a hotel night free, amenities, and even upgrades to first class.

If the airport didn't take enough measures to prevent a terror attack and failed in implementing basic security protocols, THAT IS NOT FORCE MAJEURE: THAT'S NEGLIGENCE.
In these cases you usually get millionaire compensations from the airlines.

Stop trying to save your neck, because your head is way into your ass.
YOU ARE WORSE THAN DISAPPOINTING: WITH THIS STUPID AND LOUSY ATTEMPT YOU BECAME PATHETIC.

PS: By the way, if you cited Force Majeure because it was suggested by your lawyer, I suggest firing him. Now thinking of it, better keep him, so we can butt rape you in court.

[Epinnoia]

photocopy of the police report would be appreciated. 

[Horkabork]

How would you like to be on the end of a civil lawsuit just for leaking personal data?  Let alone whatever financial malfeasance has gone on...

How would you like to be on the end of a civil lawsuit for libel for claiming that Mt. Gox leaked personal data, implying that they were complicit or involved with the theft? Surely you have no evidence to support this claim.

Yeah, that's a shitty thing to say, and I'm not defending Mt. Gox's lousy security practices, but I'm just pointing out how crappy your argument is by making a similarly crappy argument against it. Why? Because civil lawsuits like this are about money losses. Your libel almost surely more provably costs them more money than the monetary damages you faced by Mt. Gox, at worst, having insufficient security measures that allowed this data to be stolen easily. Even that is an uphill battle for you to prove, because they'll be compared against best industry practices rather than an impenetrable wall.

In the case that leaked hashes lead to your account being hijacked, sure, you are probably due your account balance. But if attempting to get money beyond that, any judge in the land is going to ask you first, "Why are you suing Mt. Gox for insufficient security when your own password was easily guessable?"

You can't blame your landlord alone for crappy locks if you leave the windows open. The blame is shared, as your expectation of security is diminished by your own lack of it. As for the argument that they should have had two-factor authentication, account address locks and such, well that's just like alcoholics who blame their families for not fighting the bottle from their hands. "God, why are you not stopping me from hurting myself?"

Your argument is as silly as my libel one, but have fun in the murky swamps of international law in suing for your hundred dollars. Even if you miraculously win more money than your provable monetary losses, so will everyone else as we all practically would have the same case, if it was valid. In other words, if you win, it'll be noncollectable.

Anyway, on with more armchair lawyering! Oh man I practically have a law degree, as I have this dictionary RIGHT HERE on this bookshelf behind me and it says this and this and this about force majeure that I'm going to cherry pick to support my anger. At least MagicalTux probably consulted a lawyer before making his assertion or writing his TOS.

Damn, as a level 10 armchair lawyer with action court battle pads, I have to say that practically any legal stance can be supported if you research hard enough and are allowed to choose from random crap on the internet rather than applicable laws, cases and precedents. Dude, with those crappy standards, I could churn out 10 pages easily on any outrageously wrong assertion, such as that child porn is not actually illegal, rape is a permissible act where only the woman is to blame, and black people are not due the rights of other humans. I've actually done crap like that, only not so disgusting, in opposition research papers that surely will prevent me from ever holding public office.

[MagicalTux]

"Force Majeure" is anything independ of us, not the same thing as "Act of God".

Please read what I say.

[bitsalame]

How would you like to be on the end of a civil lawsuit just for leaking personal data?  Let alone whatever financial malfeasance has gone on...

How would you like to be on the end of a civil lawsuit for libel for claiming that Mt. Gox leaked personal data, implying that they were complicit or involved with the theft? Surely you have no evidence to support this claim.

Yeah, that's a shitty thing to say, and I'm not defending Mt. Gox's lousy security practices, but I'm just pointing out how crappy your argument is by making a similarly crappy argument against it. Why? Because civil lawsuits like this are about money losses. Your libel almost surely more provably costs them more money than the monetary damages you faced by Mt. Gox, at worst, having insufficient security measures that allowed this data to be stolen easily. Even that is an uphill battle for you to prove, because they'll be compared against best industry practices rather than an impenetrable wall.

In the case that leaked hashes lead to your account being hijacked, sure, you are probably due your account balance. But if attempting to get money beyond that, any judge in the land is going to ask you first, "Why are you suing Mt. Gox for insufficient security when your own password was easily guessable?"

You can't blame your landlord alone for crappy locks if you leave the windows open. The blame is shared, as your expectation of security is diminished by your own lack of it. As for the argument that they should have had two-factor authentication, account address locks and such, well that's just like alcoholics who blame their families for not fighting the bottle from their hands. "God, why are you not stopping me from hurting myself?"

Your argument is as silly as my libel one, but have fun in the murky swamps of international law in suing for your hundred dollars. Even if you miraculously win more money than your provable monetary losses, so will everyone else as we all practically would have the same case, if it was valid. In other words, if you win, it'll be noncollectable.

Anyway, on with more armchair lawyering! Oh man I practically have a law degree, as I have this dictionary RIGHT HERE on this bookshelf behind me and it says this and this and this about force majeure that I'm going to cherry pick to support my anger. At least MagicalTux probably consulted a lawyer before making his assertion or writing his TOS.

Damn, as a level 10 armchair lawyer with action court battle pads, I have to say that practically any legal stance can be supported if you research hard enough and are allowed to choose from random crap on the internet rather than applicable laws, cases and precedents. Dude, with those crappy standards, I could churn out 10 pages easily on any outrageously wrong assertion, such as that child porn is not actually illegal, rape is a permissible act where only the woman is to blame, and black people are not due the rights of other humans. I've actually done crap like that, only not so disgusting, in opposition research papers that surely will prevent me from ever holding public office.

As I said, if his lawyer suggested Force Majeure, he must be drunk.
I really hope to see Mark in court, and don't forget to bring your real life version of Lionel Hutz.

[MagicalTux]

As I said, if his lawyer suggested Force Majeure, he must be drunk.
I really hope to see Mark in court, and don't forget to bring your real life version of Lionel Hutz.

Our ToS writes hacking as included in Force Majeure. If you didn't read it that's your own problem.

[Andrew Vorobyov]

scumbags. Your only interesting in saving your own skin.

force majeure is not intended to excuse negligence or other malfeasance of a party, as where non-performance is caused by the usual and natural consequences of external forces

scumbags

+1

[crackpotjim]

Our ToS writes hacking as included in Force Majeure. If you didn't read it that's your own problem.

At no point during registration was I asked to agree to a tos. I doubt there was a link to one anywhere on the site.

[bitsalame]

"Force Majeure" is anything independ of us, not the same thing as "Act of God".

Please read what I say.

For Force Majeure requires three conditions:

1) Externality: you must not be related to the event.
We don't know. You've been lying to us from the very beginning. You claimed that was only one account holding 500,000 BTC?
Show us the anonymous transaction blocks that prove this account existed. Maybe it is your account and you don't want to admit it?
Anyway, lets assume for the example that genuinely you are not related. You might pass here.

2) Unpredictability: The attacks must have not be foreseen.
If you knew you had a vulnerability and didn't fix it (for whatever reason) you are totally culpable.
You knew your site was vulnerable. You probably were sleeping like a baby every night: waking up every three hours.
You allowed the access of this "auditor" with "read only" privileges, YOU KNOW THE RISKS OF ALLOWING A THIRD PARTY TO YOUR BACKEND, DON'T YOU?
YOU KNOW THE RISKS OF HASHING WITH MD5, DON'T YOU?
YOU KNOW THE RISKS OF NOT FILTERING OUT WEAK PASSWORDS, ISN'T THAT STANDARD PROCEDURE?
You were receiving floods of emails about several exploits and vulnerabilities in your site.
Don't fuck with us, your lies are unsustainable. You fail miserably in this condition.

3) Irresistibility: basically proving that it wasn't preventable.
Any 18 years old experienced with programming would know how to prevent half of the vulnerabilities of your site.
I would have started by not using MD5 to hash the passwords and having a very simple Javascript filtering weak passwords.
Lets not talk about the potential casualties from the explotation of CSRF vulnerabilities.
The site had more holes than Swiss cheese.
90% of this damage was preventable? YES, IT WAS.

Force Majeur??, STFU!

[Epinnoia]

As I said, if his lawyer suggested Force Majeure, he must be drunk.
I really hope to see Mark in court, and don't forget to bring your real life version of Lionel Hutz.

Our ToS writes hacking as included in Force Majeure. If you didn't read it that's your own problem.

Until you prove that the result happened because of a hacker, you can't stand behind your Force Majeure clause.  You can easily provide a scanned copy of the police report, since you have publicly said that you have initiated criminal proceedings.  

The fact that you could ease people's concerns, and the fact that you haven't done so, is, to say the least, shady/suspicious.

Those of us who WANT to trust you are being given very little to work with from you.  Show us some proof that you have initiated the criminal proceedings you claim. 

[cypherdoc]

MagicalTux dont listen to the haters, this sort of thing, although disruptive will only strengthen the markets in the future, as an active day trader for the last 12 years or so my one major concern when I first wanted to deposit money, was that the buying process looked really amatuer hour compared to the security I am used to trading shares.

It looks like a proper level of security and account verification will be coming to Mt Gox which in turn will only make others feel safer trading.

The sorts of things i'm used to when trading -

user name that is issued by you.
trading password which is snail mailed to the user - or perhaps sms trading token

Not haters. We are lovers who became disappointed.
"Acts of God" are unpredictable, unforseeable, uncontrollable events that escapes our power to counter it, foresee it and/or prevent it.
The best example are when there is a blizzard and a plane can't take off: THAT'S FORCE MAJEURE, AKA. ACTS OF GOD there isn't anything in the power of the airline to prevent or stop a blizzard.
In those cases you can't do anything, and you aren't entitled to any compensation from the airline (no hotel, upgrades, no shit)
(But if it was forecasted blizzard but the airline forgot changing the schedule, it isn't Force Majeure anymore, it become negligence)

If the plane blows a tire and there is no spare left, even if in the maintenance log clearly stated that needed one.
THAT IS NOT FORCE MAJEURE. (Analogy: YOU KNEW YOU HAD BUGS, YOUR EMAIL WAS BEING FLOODED WITH MAILS REGARDING TO THE EXPLOITS)
In those cases you usually get a hotel night free, amenities, and even upgrades to first class.

If the airport didn't take enough measures to prevent a terror attack and failed in implementing basic security protocols, THAT IS NOT FORCE MAJEURE: THAT'S NEGLIGENCE.
In these cases you usually get millionaire compensations from the airlines.

Stop trying to save your neck, because your head is way into your ass.
YOU ARE WORSE THAN DISAPPOINTING: WITH THIS STUPID AND LOUSY ATTEMPT YOU BECAME PATHETIC.

PS: By the way, if you cited Force Majeure because it was suggested by your lawyer, I suggest firing him. Now thinking of it, better keep him, so we can butt rape you in court.

you sir, who just registered to the forum 2d ago, i doubt is a btc lover.  this fact and your nick; its highly unlikely u own or believe in btc but instead r just piling on for your own nefarious purposes.

[cypherdoc]

"Force Majeure" is anything independ of us, not the same thing as "Act of God".

Please read what I say.

For Force Majeure requires three conditions:

1) Externality: you must not be related to the event.
We don't know. You've been lying to us from the very beginning. You claimed that was only one account holding 500,000 BTC?
Show us the anonymous transaction blocks that prove this account existed. Maybe it is your account and you don't want to admit it?
Anyway, lets assume for the example that genuinely you are not related. You might pass here.

2) Unpredictability: The attacks must have not be foreseen.
If you knew you had a vulnerability and didn't fix it (for whatever reason) you are totally culpable.
You knew your site was vulnerable. You probably were sleeping like a baby every night: waking up every three hours.
You allowed the access of this "auditor" with "read only" privileges, YOU KNOW THE RISKS OF ALLOWING A THIRD PARTY TO YOUR BACKEND, DON'T YOU?
YOU KNOW THE RISKS OF HASHING WITH MD5, DON'T YOU?
YOU KNOW THE RISKS OF NOT FILTERING OUT WEAK PASSWORDS, ISN'T THAT STANDARD PROCEDURE?
You were receiving floods of emails about several exploits and vulnerabilities in your site.
Don't fuck with us, your lies are unsustainable. You fail miserably in this condition.

3) Irresistibility: basically proving that it wasn't preventable.
Any 18 years old experienced with programming would know how to prevent half of the vulnerabilities of your site.
I would have started by not using MD5 to hash the passwords and having a very simple Javascript filtering weak passwords.
Lets not talk about the potential casualties from the explotation of CSRF vulnerabilities.
The site had more holes than Swiss cheese.
90% of this damage was preventable? YES, IT WAS.

Force Majeur??, STFU!

hey jerk; go back to where u came from 2d ago!

[bitsalame]

MagicalTux dont listen to the haters, this sort of thing, although disruptive will only strengthen the markets in the future, as an active day trader for the last 12 years or so my one major concern when I first wanted to deposit money, was that the buying process looked really amatuer hour compared to the security I am used to trading shares.

It looks like a proper level of security and account verification will be coming to Mt Gox which in turn will only make others feel safer trading.

The sorts of things i'm used to when trading -

user name that is issued by you.
trading password which is snail mailed to the user - or perhaps sms trading token

Not haters. We are lovers who became disappointed.
"Acts of God" are unpredictable, unforseeable, uncontrollable events that escapes our power to counter it, foresee it and/or prevent it.
The best example are when there is a blizzard and a plane can't take off: THAT'S FORCE MAJEURE, AKA. ACTS OF GOD there isn't anything in the power of the airline to prevent or stop a blizzard.
In those cases you can't do anything, and you aren't entitled to any compensation from the airline (no hotel, upgrades, no shit)
(But if it was forecasted blizzard but the airline forgot changing the schedule, it isn't Force Majeure anymore, it become negligence)

If the plane blows a tire and there is no spare left, even if in the maintenance log clearly stated that needed one.
THAT IS NOT FORCE MAJEURE. (Analogy: YOU KNEW YOU HAD BUGS, YOUR EMAIL WAS BEING FLOODED WITH MAILS REGARDING TO THE EXPLOITS)
In those cases you usually get a hotel night free, amenities, and even upgrades to first class.

If the airport didn't take enough measures to prevent a terror attack and failed in implementing basic security protocols, THAT IS NOT FORCE MAJEURE: THAT'S NEGLIGENCE.
In these cases you usually get millionaire compensations from the airlines.

Stop trying to save your neck, because your head is way into your ass.
YOU ARE WORSE THAN DISAPPOINTING: WITH THIS STUPID AND LOUSY ATTEMPT YOU BECAME PATHETIC.

PS: By the way, if you cited Force Majeure because it was suggested by your lawyer, I suggest firing him. Now thinking of it, better keep him, so we can butt rape you in court.

you sir, who just registered to the forum 2d ago, i doubt is a btc lover.  its highly likely u own or believe in btc but instead r just piling on for your own nefarious purposes.

Can you just use your brain instead of becoming a conspiranoid?
I am striking both stupid users and mtgox.
Boths have their faults, but if you read my thread it is more than evident that MtGox is lying in front of our faces.

Something really embarrasing must have happened that they are trying to cover it with childish and unsustainable lies.
There is a very clear trend here: from denying any hacking happening in the site, from claiming that there wasn't any CSRF exploit "logged" (ORLY do they get logged?), and now their lousy attempt of using legal terminologies improperly trying to to exonerate themselves from any kind of liabilities.

You, sir, are responsible for the security and stability of the site.
You can't escape from that reponsability.
You are responsible for the stability of the site.
We trusted you with our money.
You are deepening the insult of your incompetence covering lies with more lies.

You-are-pathetic