RE: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 13 Aug 2001, Trei, Peter wrote:
I hate to say this, but until software developers are held (at least at the corporate level) in some way liable for their failures, there will be little or no improvement in the situation.
I think this is the wrong approach to the situation. Making people liable stifles innovation. The customers abundantly prove that they don't care. I know it, because I've talked to the customers. They might complain, but in a curiously perfunctory manner, their lips move, but their neurons don't spike. In the market, everybody is free to use more stable components for the mission critical systems. If they make a difference (apparently, not on the short run, if at all, since businesses are either operating in a largely brownian market, or are running in an irrational regime, since capable to afford very broad error margins), the marketplace will select for fitter products. If they do not, well, too bad. Where people's life are at stake the product as a whole is certified, and the producer is already liable. There's no point in introducing a Hippocrates oath for the code samurai in the field. There will be fewer programmers, the average programmer will be better, but you're paying by arresting progress. See small civilian aircraft for an illustration. If you're afraid of change, the customer eventually suffers. -- Eugen* Leitl <a href="http://www.lrz.de/~ui22204/">leitl</a> ______________________________________________________________ ICBMTO : N48 10'07'' E011 33'53'' http://www.lrz.de/~ui22204 57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
----- Original Message ----- From: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de> To: "Trei, Peter" <ptrei@rsasecurity.com> Cc: <cypherpunks@lne.com>; "Faustine" <a3495@cotse.com>; <jamesd@echeque.com> Sent: Monday, August 13, 2001 7:49 AM Subject: RE: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 13 Aug 2001, Trei, Peter wrote:
I hate to say this, but until software developers are held (at least at the corporate level) in some way liable for their failures, there will be little or no improvement in the situation.
I think this is the wrong approach to the situation. Making people liable stifles innovation.
I think 30+ years of active products liability jurisprudence might disagree with you. Just in the automotive world and off the top of my head: Automatic Breaking Systems, designed failure points (crumple zones), 6mph bumpers, "safety glass," shoulder belts, passive belts, air bags and a host of other technologies or innovations that may or may not have been developed "but for" litigation are most probably the result of strict liability in products liability cases. The effect is to make safety profitable- or more accurately, to make unsafety unprofitable. See generally Posner, Hallman and the "Chicago School of Law and Economics," an entire movement in legal thought centered on the idea that you are very wrong about the effect of liability on innovation. Now less I be misinterpreted, misworded, misquoted and misunderstood by the various misanthropic types here: Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No.
On 13 Aug 2001, at 9:42, Black Unicorn wrote:
----- Original Message ----- From: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de> To: "Trei, Peter" <ptrei@rsasecurity.com> Cc: <cypherpunks@lne.com>; "Faustine" <a3495@cotse.com>; <jamesd@echeque.com> Sent: Monday, August 13, 2001 7:49 AM Subject: RE: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 13 Aug 2001, Trei, Peter wrote:
I hate to say this, but until software developers are held (at least at the corporate level) in some way liable for their failures, there will be little or no improvement in the situation.
I think this is the wrong approach to the situation. Making people liable stifles innovation.
I think 30+ years of active products liability jurisprudence might disagree with you. Just in the automotive world and off the top of my head: Automatic Breaking Systems, designed failure points (crumple zones), 6mph bumpers, "safety glass," shoulder belts, passive belts, air bags and a host of other technologies or innovations that may or may not have been developed "but for" litigation are most probably the result of strict liability in products liability cases.
Well, nobody can say with certainty exactly what would have happened in contrary-to-fact situations, and litigation will probably encourage some innovations while discouraging others, but it seems to me that litigation is highly unlikely to encourage innovation overall; it seems to me that you are much more likely to lose a case if your product is hazardous in a way that distinguishes itself from the industry standard, even if it's safer overall, and in any case most potential innovations don't have anything to do with increasing safety. In a more or less unregulated market, consumers are free to value product safety as they choose. Legislation which, say, mandates air bags appears to assume that consumers tend to undervalue their own safety, a proposition I object to on philosophical grounds. Liability works more or less the same way.
The effect is to make safety profitable- or more accurately, to make unsafety unprofitable.
Right. Safety at all costs. The cost of safety is already too high in most industries IMNSHO.
See generally Posner, Hallman and the "Chicago School of Law and Economics," an entire movement in legal thought centered on the idea that you are very wrong about the effect of liability on innovation.
An entire movement dedicated to the idea that Eugene is very wrong? Now I'm jealous, I can be as wrong as him, wronger even.
Now less I be misinterpreted, misworded, misquoted and misunderstood by the various misanthropic types here:
Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No.
On behalf of my fellow misanthropes, thanks for the clarification. George
On 13 Aug 2001, at 9:42, Black Unicorn wrote:
----- Original Message ----- From: "Eugene Leitl" <Eugene.Leitl@lrz.uni-muenchen.de> To: "Trei, Peter" <ptrei@rsasecurity.com> Cc: <cypherpunks@lne.com>; "Faustine" <a3495@cotse.com>;
<jamesd@echeque.com>
Sent: Monday, August 13, 2001 7:49 AM Subject: RE: Traceable Infrastructure is as vulnerable as traceable messages.
On Mon, 13 Aug 2001, Trei, Peter wrote:
I hate to say this, but until software developers are held (at least at the corporate level) in some way liable for their failures, there will be little or no improvement in the situation.
I think this is the wrong approach to the situation. Making people
----- Original Message ----- From: <georgemw@speakeasy.net> To: <cypherpunks@lne.com> Sent: Monday, August 13, 2001 12:34 PM Subject: Re: Products Liability and Innovation. liable
stifles innovation.
I think 30+ years of active products liability jurisprudence might disagree with you. Just in the automotive world and off the top of my head: Automatic Breaking Systems, designed failure points (crumple zones), 6mph bumpers, "safety glass," shoulder belts, passive belts, air bags and a host of other technologies or innovations that may or may not have been developed "but for" litigation are most probably the result of strict liability in products liability cases.
Well, nobody can say with certainty exactly what would have happened in contrary-to-fact situations, and litigation will probably encourage some innovations while discouraging others,
Points all taken.
but it seems to me that litigation is highly unlikely to encourage innovation overall; it seems to me that you are much more likely to lose a case if your product is hazardous in a way that distinguishes itself from the industry standard, even if it's safer overall, and in any case most potential innovations don't have anything to do with increasing safety.
Points also taken.
In a more or less unregulated market, consumers are free to value product safety as they choose. Legislation which, say, mandates air bags appears to assume that consumers tend to undervalue their own safety, a proposition I object to on philosophical grounds. Liability works more or less the same way.
Think of it this way. The proposition that the strict liability doctrine makes is that certain activities are "ultra hazardous." One of these is product design. Strict liability- essentially the proposition that no showing of negligence is required for the plaintiff to prevail- is generally thought of as a mechanism to allocate the risk onto the market actor. Economically speaking this is intended to spur the innovator to "self insure" or to design safety (safety from litigation anyhow) into the product, or at least have a strong regard for it during the development process. This in contrast to the negligence standard- where the innovator has to have been shown to be willfully negligent in design and therefore a good portion of the risk of the product development is shifted back to the end user. The theory is that if your goal is to reduce accidents and claims you allow the market to incorporate that sort of risk (which in early innovation looks a lot like an externality) into the innovation process. Activities, it is argued, which cannot be made sufficiently safe to be economically viable in the market will not be undertaken because the market will not support such activities. Proponents of products liability point to this in justifying the policy. (Critics primarily point to the unfairness of assigning liability to actors who have not acted negligently). The showing for a plaintiff for products liability works something like this, although admittedly this is very simplified: 1. Plaintiff used the product according to directions. 2. Plaintiff was injured. That's pretty much it. This is why safety is a big deal in automobile design and why gun manufacturers have managed to duck major products liability issues for the most part (misuse). Since automobile design flaws of sufficient magnitude can cause death and big money law suits, the market has incorporated that component of the risk into the design cost of the product either ex ante (during the design process) or ex post (by compensating the aggrieved parties). Costs are shifted onto the market when they are passed on (ex ante or ex post) in the form of product cost. This is the way that strict liability specifically, and the legal process in general, tends to spur on innovation.
The effect is to make safety profitable- or more accurately, to make unsafety unprofitable.
Right. Safety at all costs. The cost of safety is already too high in most industries IMNSHO.
Well, I would argue that it is self adjusted by the market when we are talking about products liability. The market has put a price on safety by forcing producers either to design safe, and limit ex post costs incurred by litigation in favor of ex ante costs, or minimize safety spending and catch the costs ex post. Either way the costs are spread over the market and at least mostly linked to the actual effect of safety provisions in reducing harm/accidents/etc. If a mini-van is too costly to make "safe" then it will not be produced. That's the point of strict liability. Force the actor to spend more time evaluating the wisdom of the action. This often necessitates more R&D and hence more innovation. (Faster airbags, better seat belts, etc.) Saying "the cost of safety is already too high" is probably misplaced- at least in this isolated example of automotive manufacture. Mr. May says in a related post:
Bringing strict liability into the world of security and crypto would result in the usual market distortions. As an example, one might expect a "recommended security standard," decided upon by industry committees (with government, probably the NSA, involvement). Like airbags, this would then be mandated to be included in all Net connectivity and related products. Vendors would scramble to meet this requirement. And probably some form of escrow ("to help resolve disputes," "for the children") would be mandated-in. And of course it probably couldn't be "too strong."
Standards only really come into play in a negligence, as opposed to strict liability, setting. With strict liability standards are not part of the discussion. For software or security the strict liability argument by the plaintiff would go: 1. Plaintiff installed Firewall 1 correctly. 2. Plaintiff was hacked. Liability insues. (This is an obvious simplification, but not by much). All of Mr. May's other points are valid. Even the imposition of a general standard for negligence (the reasonable sysadmin standard?) would be a bit of a headache. I'm a little surprised we haven't seen more of this because it effectively means that the first big case where someone sues on infosec grounds will require the court to DEVISE a standard. That would be bad. Very bad. As it stands now big firms can blame their auditors. "But we DID a SAS70, what more could we have done" and probably get off scott free. As for strict liability, this would be an absolute disaster, which is why I don't expect to see it ever applied. (Stranger things have happened though). This liability issue has been batted around the list a few times over the last couple (many) years. I found this bit which I wrote about strict liability to the list back in 1996:
A lot of the decision whether to apply strict liability or negligence is going to be based on where you believe the costs should be shifted. Strict liability shifts the costs onto the person engaging the activity. The actor will increase his own costs to the extent he can still conduct the activity and still reduce the number of times he is called into court and damages are awarded against him. He will, of course, take no more care than his damages might be.
[...]
It's interesting to note the argument that in the age of insurance, it really makes no difference who you put the costs on as society as a whole ends up footing the bill anyway.
The more things change...
See generally Posner, Hallman and the "Chicago School of Law and Economics," an entire movement in legal thought centered on the idea that you are very wrong about the effect of liability on innovation.
An entire movement dedicated to the idea that Eugene is very wrong? Now I'm jealous, I can be as wrong as him, wronger even.
Now less I be misinterpreted, misworded, misquoted and misunderstood by
Well, in so far as he was standing for the concept that innovation was in no way ever connected to litigation, the Chicago School would disagree with him quite sternly. (The Chicago School is unamused?) the
various misanthropic types here:
Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No.
On behalf of my fellow misanthropes, thanks for the clarification.
Sure. Anything I can do to help further the understanding of misanthropes on the list, I am happy to do.
George
On 13 Aug 2001, at 13:33, Black Unicorn wrote:
The theory is that if your goal is to reduce accidents and claims you allow the market to incorporate that sort of risk (which in early innovation looks a lot like an externality) into the innovation process. Activities, it is argued, which cannot be made sufficiently safe to be economically viable in the market will not be undertaken because the market will not support such activities.
Strikes me as being a circular argument, since which activities are "sufficiently safe to be economically viable" depends on the size of the awards.
Proponents of products liability point to this in justifying the policy. (Critics primarily point to the unfairness of assigning liability to actors who have not acted negligently).
Less misanthropic ones, maybe. We more misanthropic critics are more likely to complain about being prevented from engaging activities which we know damn well contain an element of risk, a risk we are willing to assume because in our judgement the benefits outweigh the risks.
The showing for a plaintiff for products liability works something like this, although admittedly this is very simplified:
1. Plaintiff used the product according to directions. 2. Plaintiff was injured.
That's pretty much it. This is why safety is a big deal in automobile design and why gun manufacturers have managed to duck major products liability issues for the most part (misuse). Since automobile design flaws of sufficient magnitude can cause death and big money law suits, the market has incorporated that component of the risk into the design cost of the product either ex ante (during the design process) or ex post (by compensating the aggrieved parties). Costs are shifted onto the market when they are passed on (ex ante or ex post) in the form of product cost.
I had to read this about a dozen times before it made sense to me, here's why: there's an implicit assumption here that the "damages" awarded in liability lawsuits acurately reflects the actual damages suffered by the plaintiff. The impression I get is that awards tend to be orders of magnitude larger than they should be.
This is the way that strict liability specifically, and the legal process in general, tends to spur on innovation.
The effect is to make safety profitable- or more accurately, to make unsafety unprofitable.
Right. Safety at all costs. The cost of safety is already too high in most industries IMNSHO.
Well, I would argue that it is self adjusted by the market when we are talking about products liability. The market has put a price on safety by forcing producers either to design safe, and limit ex post costs incurred by litigation in favor of ex ante costs, or minimize safety spending and catch the costs ex post. Either way the costs are spread over the market and at least mostly linked to the actual effect of safety provisions in reducing harm/accidents/etc. If a mini-van is too costly to make "safe" then it will not be produced. That's the point of strict liability. Force the actor to spend more time evaluating the wisdom of the action. This often necessitates more R&D and hence more innovation. (Faster airbags, better seat belts, etc.) Saying "the cost of safety is already too high" is probably misplaced- at least in this isolated example of automotive manufacture.
I really don't think so. I think we're at the point where around 10-50 million dollars are spent per life saved, and I don't think most people are worth anything near that. I wouldn't even value my own life that highly; that is to say, I probably wouldn't take certain death for 50 million, because I'm not sure what I'd spend the money on if I were dead, booze and hookers would do me no good, but I'd probably take a 10% chance of death for 5 million. I suspect when you do the economical analysis, if you assume your damages awarded actually equal damages suffered, with strict liability you end up with the same products on the market and the same corporate profits as you would in a world where you assume no strict liability but that assume customers are able to correctly evaluate risks in their purchasing decisions, the main difference being that with strict liability the costs are smeared over all consumers and without it the costs are born solely by the ones that suffer mishaps. George
On Mon, 13 Aug 2001, Black Unicorn wrote:
Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No.
I would actually like to make a smaller point here. Broadly I agree with BU, but I'd like to analyze it a little. If software actually cost money per every unit produced, products liability would make more sense because then it could become "part of" the production costs. However, given that copying bits is in fact free (copyright issues aside), adding a real per-unit expense has the potential to *dominate* the production cost. Open-source software would become impossible to produce, because the whole open-source paradigm depends on copying bits being free. I think MS would like nothing better than having products liability attached to software in general; it would solve a massive problem for them by putting open-source stuff out of production. Even though the open-source stuff is better from a security standpoint, there is effectively no one who is making enough money from it to bear the costs of product liability. Some security consultants *do* bear the cost of product liability on software they install and configure; they are paid obscene amounts of money to take that risk and do the solid configurations that minimize it, and that is as should be. The effect of product liability on the industry as a whole would be to remove the only secure products available (open-source products), making it effectively impossible for security consultants to do their jobs. Bear
On Mon, 13 Aug 2001, Black Unicorn wrote:
I think 30+ years of active products liability jurisprudence might disagree with you. Just in the automotive world and off the top of my head: Automatic Breaking Systems, designed failure points (crumple zones), 6mph bumpers, "safety glass," shoulder belts, passive belts, air bags and a host of other technologies or innovations that may or may not have been developed "but for" litigation are most probably the result of strict liability in products liability cases.
Actually almost every one of these examples were DEVELOPED either 'out of the blue' by the industry or by the 'off-road/racing' groups, not by any factor related to litigation (though their ACCEPTANCE in the regular consumer market was - thought those are not the same beaties by a long shot). Most definitely these were NOT in responce to litigation. ABS - Road racing cars (ala Le Mans) Crumple Zones - Indy style racing and aircraft Safety Glass - invented in the 20's, in responce to accidents not lawyers Shoulder/passive belts - racing since the turn of the century Bumpers and air bags being the primary exception in your examples. -- ____________________________________________________________________ natsugusa ya...tsuwamonodomo ga...yume no ato summer grass...those mighty warriors'...dream-tracks Matsuo Basho The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
participants (5)
-
Black Unicorn -
Eugene Leitl -
georgemw@speakeasy.net -
Jim Choate -
Ray Dillinger