LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Holding people responsible

Holding people responsible

Posted Sep 6, 2007 12:06 UTC (Thu) by kleptog (subscriber, #1183)
Parent article: Software liability laws: a dangerous solution

I'm not entirely sure that _someone_ has to be held responsible. Sometimes bad things happen, that's why we have insurance companies.

I think people shouldn't be targeting security breaches themselves, but the effects thereof. If some hacker gets credit card numbers, then that's what should be focussed on. Are the laws relating to insufficient protection of personal details strong enough? Are they being used?

I don't think software liability in and of itself is useful. Look at the effects, not the causes, to determine if there's liability.

(Log in to post comments)

Holding people responsible

Posted Sep 6, 2007 17:24 UTC (Thu) by smoogen (subscriber, #97) [Link]

The insurance companies hold people responsible by setting premium rates, refusing to insure, and setting out rules for what a company must follow to get coverage. They also have a mile-long list of things that they will say they will not pay on to avoid bankruptcy. And finally they will file suit against other 'agencies' via liability loaws to reclaim monetary losses.

The big issue is that the major insurance companies will not get into the business of insuring against software problems until there is liability laws. And there will probably not be liability laws until insurance companies get into the market.

Holding people responsible

Posted Sep 8, 2007 2:14 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

You could just have stopped at "by setting premium rates." That's what laws like this are about. There's almost always going to be insurance; the question is who buys it.

People like to think there's a morally correct person to charge for an accident, but there isn't. People buy insurance (or self-insure) and pass the cost around to others. A good liability law (or better: contract) is one that assigns liability to the party best able to control it. He works with his insurer to achieve the proper balance between cost of safety and risk of damage.

But the risk is almost always controllable from multiple angles. The user of software can control the risk by using it behind a firewall, or with proper backups, or with encryption, etc. So maybe he's the best one to buy the insurance.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds