Over on the ongoing comment thread about IT Security: Unnatural Industry (which started on Schneier on Security and is also on Spire Security Viewpoint and 1 Raindrop), Pete Lindstrom asked a question I hadn’t yet answered:

Why didn’t people sue their banks for fraud? Why did congress need to write a law about behaviour that is already covered by contract law and fraud?

Well, I think that’s mostly a question about personalities, customs, and precedents.