The hardware and software and computer industry in general has the ability to cause damage to property and persons. The question is, who is liable and where does liability end?
The hardware side can be viewed as a product in most cases which makes it easier deal with liability. Software can be viewed as a product or a service. The legal system treats product and service liability differently.
Liability definition [1 p485]
Quality definition [1 p485]
2 items to look at when considering information liability [1 p483]
Some legal aspects (based on US law)
Current technology can be divided into 4 categories [1]
Professional Liability
for information professionals
What do information systems professional do that can make them liable?
Pritchard & Quigley maintain that the fact that information professionals are "holding ourselves out as experts and being paid for the expertise ... creates the potential liability"[1 p492]
How do we try to solve this problem? One way is to license to generally accepted standards like CGA (accounting), Bar admission (law), AMA (doctors), APEEGA (PEng engineers), Canadian Information Processing Society (Calgary) - Information System Professional (ISP).
CIPS is currently working toward registering the ISP designation in Alberta and other provinces. To obtain the ISP designation you must be a CIPS member. See the CIPS home pages for more information.
Negligence defined (Black's Law Dictionary) "the failure to observe, for the protection of the interests of another per son, that degree of care, precaution, and vigilance which the circumstances justly demand, whereby such other person suffers injury."
Possible negligence sources of liability are
The most common defences of negligence are:
The best recommendation to avoid these problems is to have a written contract with clear disclaimers.
4 ways to avoid information malpractice lawsuit [1]
The legal identity of a Bulletin Board System (BBS) is a computer BBS is
most often likened to electronic publishers, e.g. PRODIGY
, Private Information services, broadcast media, common carrier (transmission of information) or a secondary publisher.[3 p569-577]
Sysop Liability
A system operator (sysop) may be held liable for illegal activity that occurs
on his Bulletin Board System (BBS) even if he is unaware of the activity.
example: May 16, 1984 Thomas G. Tcimpidis had his personal computer and data
storage devices seized by Los Angeles police after the BBS he operated was
found to contain a stolen credit card number. Charges were later dropped. [3
p558]
Larger BBS systems are treated slightly differently. A company provider -
America Online tries to censor or reduce the amount of undesirable activity.
In December 1991, America Online subscribers were found exchanging child
pornography as GIF files. The FBI said the traffickers NOT America Online were
being investigated [3 p559]
There are other areas on a BBS could be held liable: defamation.
It comes from these possible sources
The problem can be helped by signing on new users and presenting a complete
statement of services, policies and regulations and a statement of rights
accorded to members of the BBS on policy and regulations shown to new members
Criminal statues for punishing creators of computer viruses are most effective
as a means of deterring hackers, These statues give little to the victim
regarding clean up costs, repairs, or security programs.
Some US states have criminal statutes that specifically for deal viruses and
provide for civil liabilities.
Definition of a Computer Virus:
"An unwanted computer program or set of instructions inserted into a
computer's memory, operating system, or program that is specifically
constructed with the ability to replicate itself and to affect the other
programs or files in the computer by attaching a copy of the unwanted program
of other set of instruction to one or more computer program or files."
Texas Penal Code Section 33.01 [4]
Knowledge bases & Artificial Intelligence differs from regular software in
that it can change over its life as it is used by the 'customer'. The
classification of knowledge bases as products or services is critical to
the liability issue. In the attempt to classify knowledge bases,
product/service considerations should focus on the nature of the applications
intended performance as well as the user.
A knowledge base attempts to emulate the expert (knowledge source) when
interacting with the user. This brings up the question, If expert is
reputable, is the computer reputable? Can the computer be licensed after
passing a test? (e.g. doctor)
A problem with holding a computer liable is
that in event of computer malpractice, the computer has no assets to give
up in compensation and can not be punished. Can the manufacturer or licensing
group be held liable if the program self-modifies? The courts have yet to
address physical and economic injury due to expert system errors in tort
liability or contractual context (March 1991)
Another possible source for liable claims comes from the software and hardware
especially in critical systems such as process control at a chemical plant or
nuclear power plant.
Reliability methods by which more reliable software systems can be produced
Design methodologies include:
Software Quality Assurance (SQA) standards from IEEE covers software qualit
y assurance planning, software reviews and audits, software verification and
validation plans.
Testing includes:
White Box testing, Control structure testing, Black Box testing
Debugging can be
"As long as there were no machines, programming was no problem at all, when we
had a few weak computers, programming became a mild problem, and now we have a
gigantic computers, programming has become an equally gigantic problem."
E W Dijkstra 1972 [5]
Software Correctness is concerned with the consistency of a program and its
specification. A program is correct, if it meets its specifications; otherwise
it is incorrect
Software Reliability may only be determined when the actual utilization of
the software by the user is taken into consideration.
Software Robustness concept is used to investigate the relationship between the
software and system reliability. [5 p9-12]
Intel recently was in the news over the 'Pentium' problem. Intel knew about
the flaw in the floating point calculation part of the chip but continued
shipping. When the flaw was publicised, Intel initially said an error would
occur very rarely and the new chips had been corrected. Intel did not do
anything about the flawed chips until pressured by some computer manufacturers.
If a chemical plant has an accident due to a calculation error, is Intel
liable? May be not since the flaw has been disclosed.
Critical systems should be build to avoid disaster from device failure or
other problems. Redundancy, backup systems and Uninterruptable Power Supply
are but a few examples that can be built in to the design of the system.
The information contained herein should not be considered as legal advice
since laws in various parts of the world change with time and jurisdiction.
This information should be used only aas a very general guide. If you attempt
to use this in any court of law, you do so at your own risk.
In other words consult your local lawyer.
Other sources on the W3:
last updated 1995/04/03
Networks and Liability
Computer Viruses
Knowledge Bases & Artificial Intelligence
Reliability of Software and Hardware
Software Liability
Maintenance of code can also cause problems.Hardware Liability
Hardware liability can occur through device failure, flaws in the original
equipment, and from improper installation. Hardware devices are usually
rated using Mean Time Between Failure (MTBF) which gives an expected time
untill the device will fail.
The 'Pentium' problem
Repetitive Stress Injuries
Another hardware liability is Repetitive Stress Injuries from keyboarding.
The industry response has been to redesign the keyboard and put labels on
their devices warning of the possibility of RSI.
Disclaimer of Liability
Back to report list