CPSC 547 Liability Presentation

- part of CPSC 547 Presentation of Ethics, Training, Liability


The hardware and software and computer industry in general has the ability to cause damage to property and persons. The question is, who is liable and where does liability end?

The hardware side can be viewed as a product in most cases which makes it easier deal with liability. Software can be viewed as a product or a service. The legal system treats product and service liability differently.

Liability definition [1 p485]

Quality definition [1 p485]

Types of Liability

Information Liability

2 items to look at when considering information liability [1 p483]

  1. who is responsible for creating and providing accurate information

  2. to what extent is the creator and/or provider actually liable

Some legal aspects (based on US law)

Current technology can be divided into 4 categories [1]

  1. Librarian/information specialist malpractice of professional liability issues and risks

  2. Legal opinion, including case law, on database producers and database distributors liability for accuracy of information

  3. database quality as a conceptual issue

  4. database quality as a practical issue

Professional Liability

for information professionals

What do information systems professional do that can make them liable?

Pritchard & Quigley maintain that the fact that information professionals are "holding ourselves out as experts and being paid for the expertise ... creates the potential liability"[1 p492]

How do we try to solve this problem? One way is to license to generally accepted standards like CGA (accounting), Bar admission (law), AMA (doctors), APEEGA (PEng engineers), Canadian Information Processing Society (Calgary) - Information System Professional (ISP).

CIPS is currently working toward registering the ISP designation in Alberta and other provinces. To obtain the ISP designation you must be a CIPS member. See the CIPS home pages for more information.

Negligence defined (Black's Law Dictionary) "the failure to observe, for the protection of the interests of another per son, that degree of care, precaution, and vigilance which the circumstances justly demand, whereby such other person suffers injury."

Possible negligence sources of liability are

The most common defences of negligence are:

The plaintiff has obligation to limit damages, if he fails to mitigate damages, those additional damages are not recoverable

The best recommendation to avoid these problems is to have a written contract with clear disclaimers.

4 ways to avoid information malpractice lawsuit [1]

  1. be competent at what one does

  2. have good clients relations

  3. in a client contract, clearly state that "the accuracy and thoroughness of information provided by third parties" (that is information providers) is not warranted

  4. consider malpractice or errors-and-omissions insurance

Networks and Liability

The legal identity of a Bulletin Board System (BBS) is a computer BBS is most often likened to electronic publishers, e.g. PRODIGY , Private Information services, broadcast media, common carrier (transmission of information) or a secondary publisher.[3 p569-577]

Sysop Liability

A system operator (sysop) may be held liable for illegal activity that occurs on his Bulletin Board System (BBS) even if he is unaware of the activity.

example: May 16, 1984 Thomas G. Tcimpidis had his personal computer and data storage devices seized by Los Angeles police after the BBS he operated was found to contain a stolen credit card number. Charges were later dropped. [3 p558]

Larger BBS systems are treated slightly differently. A company provider - America Online tries to censor or reduce the amount of undesirable activity.

In December 1991, America Online subscribers were found exchanging child pornography as GIF files. The FBI said the traffickers NOT America Online were being investigated [3 p559]

There are other areas on a BBS could be held liable: defamation.

It comes from these possible sources

The problem can be helped by signing on new users and presenting a complete statement of services, policies and regulations and a statement of rights accorded to members of the BBS on policy and regulations shown to new members

Computer Viruses

Criminal statues for punishing creators of computer viruses are most effective as a means of deterring hackers, These statues give little to the victim regarding clean up costs, repairs, or security programs.

Some US states have criminal statutes that specifically for deal viruses and provide for civil liabilities.

Definition of a Computer Virus: "An unwanted computer program or set of instructions inserted into a computer's memory, operating system, or program that is specifically constructed with the ability to replicate itself and to affect the other programs or files in the computer by attaching a copy of the unwanted program of other set of instruction to one or more computer program or files." Texas Penal Code Section 33.01 [4]

Knowledge Bases & Artificial Intelligence

Knowledge bases & Artificial Intelligence differs from regular software in that it can change over its life as it is used by the 'customer'. The classification of knowledge bases as products or services is critical to the liability issue. In the attempt to classify knowledge bases, product/service considerations should focus on the nature of the applications intended performance as well as the user.

A knowledge base attempts to emulate the expert (knowledge source) when interacting with the user. This brings up the question, If expert is reputable, is the computer reputable? Can the computer be licensed after passing a test? (e.g. doctor)

A problem with holding a computer liable is that in event of computer malpractice, the computer has no assets to give up in compensation and can not be punished. Can the manufacturer or licensing group be held liable if the program self-modifies? The courts have yet to address physical and economic injury due to expert system errors in tort liability or contractual context (March 1991)

Reliability of Software and Hardware

Software Liability

Another possible source for liable claims comes from the software and hardware especially in critical systems such as process control at a chemical plant or nuclear power plant.

Reliability methods by which more reliable software systems can be produced

Design methodologies include: Software Quality Assurance (SQA) standards from IEEE covers software qualit y assurance planning, software reviews and audits, software verification and validation plans.

Testing includes: White Box testing, Control structure testing, Black Box testing

Debugging can be

Maintenance of code can also cause problems.

"As long as there were no machines, programming was no problem at all, when we had a few weak computers, programming became a mild problem, and now we have a gigantic computers, programming has become an equally gigantic problem." E W Dijkstra 1972 [5]

Software Correctness is concerned with the consistency of a program and its specification. A program is correct, if it meets its specifications; otherwise it is incorrect

Software Reliability may only be determined when the actual utilization of the software by the user is taken into consideration.

Software Robustness concept is used to investigate the relationship between the software and system reliability. [5 p9-12]

Hardware Liability

Hardware liability can occur through device failure, flaws in the original equipment, and from improper installation. Hardware devices are usually rated using Mean Time Between Failure (MTBF) which gives an expected time untill the device will fail.

The 'Pentium' problem

Intel recently was in the news over the 'Pentium' problem. Intel knew about the flaw in the floating point calculation part of the chip but continued shipping. When the flaw was publicised, Intel initially said an error would occur very rarely and the new chips had been corrected. Intel did not do anything about the flawed chips until pressured by some computer manufacturers.

If a chemical plant has an accident due to a calculation error, is Intel liable? May be not since the flaw has been disclosed.

Repetitive Stress Injuries

Another hardware liability is Repetitive Stress Injuries from keyboarding. The industry response has been to redesign the keyboard and put labels on their devices warning of the possibility of RSI.

Critical systems should be build to avoid disaster from device failure or other problems. Redundancy, backup systems and Uninterruptable Power Supply are but a few examples that can be built in to the design of the system.

Disclaimer of Liability

The information contained herein should not be considered as legal advice since laws in various parts of the world change with time and jurisdiction. This information should be used only aas a very general guide. If you attempt to use this in any court of law, you do so at your own risk.

In other words consult your local lawyer.


Other sources on the W3:

  • Legal Care for Your Software Home Page
  • Index of /pub/Publications/CuD/Law/
  • Electronic Frontier Foundation
  • Computers and Academic Freedom
  • Legal Issues
  • Legal Beat
  • CPSC 451 - Software Quality Assurance
  • PC/Computing's Web Map - Law
  • Back to Main page

    last updated 1995/04/03

    Back to report list