Bernstein ruling meets the virus law
It should be interesting to see what happens when the Bernstein ruling (assuming it is further upheld as the court case and appeals proceed) meets the proposed law making the writing of virus code a crime. If crypto software is essentially speech, albeit in a non-traditional human language, then virus software is no different. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Fri, 19 Apr 1996, Timothy C. May wrote:
It should be interesting to see what happens when the Bernstein ruling (assuming it is further upheld as the court case and appeals proceed) meets the proposed law making the writing of virus code a crime.
If crypto software is essentially speech, albeit in a non-traditional human language, then virus software is no different.
I think the determination of whether virus software will be considered free speech (and thus legal) or speech needing limits (illegal) will be based entirely on whether that code is active in system memory or just sitting on a hard drive. The U.S. and many other countries already have laws that make it a crime to destroy or manipulate data in an unauthorized manner, which active viruses would qualify as doing. In comparison to someone shouting "I have a bomb," on an airplane, this type of speech is already illegal. However, I would have no problem with people having viruses or virus source code on their own computers or sharing this code with others as long as the receiver is aware of the infective nature of the software. My guess is that the law will probably pan out in this manner. Bruce Marshall
I think the determination of whether virus software will be considered free speech (and thus legal) or speech needing limits (illegal) will be based entirely on whether that code is active in system memory or just sitting on a hard drive.
In Canada, there is a law that makes "unauthorized use of computing resources" illegal. That makes both hacking and malicious virus spreading illegal with one law, without making it illegal to share virus information and source code. ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 | | -- Disclaimer: JMHO, YMMV, IANAL. -- | ===================================================================:)
On Sat, 20 Apr 1996, Steve Reid wrote:
In Canada, there is a law that makes "unauthorized use of computing resources" illegal. That makes both hacking and malicious virus spreading illegal with one law, without making it illegal to share virus information and source code.
Several other countries have very similiar laws. However, I had heard a somewhat unproven rumor that a U.S. state had actually made the writing of programs with malicious purposes illegal. Basically meaning that if you write a virus you have committed a crime. Like I said though, this was just a statement in a message so I can't vouch for the accuracy. Bruce Marshall
On Mon, 22 Apr 1996, Bruce Marshall wrote:
Date: Mon, 22 Apr 1996 08:50:21 -0500 (CDT) From: Bruce Marshall <brucem@wichita.fn.net> Subject: Re: Bernstein ruling meets the virus law
On Sat, 20 Apr 1996, Steve Reid wrote:
In Canada, there is a law that makes "unauthorized use of computing resources" illegal. That makes both hacking and malicious virus spreading illegal with one law, without making it illegal to share virus information and source code.
Several other countries have very similiar laws. However, I had heard a somewhat unproven rumor that a U.S. state had actually made the writing of programs with malicious purposes illegal. Basically meaning that if you write a virus you have committed a crime. Like I said though, this was just a statement in a message so I can't vouch for the accuracy.
But, define "malicious purpose." One man's low-level format is another man's desired application of the moment. I hate to paraphrase a tired line, but "self-replicating programs don't hurt computers - mean people do." The term "virus" connotes a pathogenic quality in the mind of many. Unfortunately, this tendency continues in the use of the word 'virus' within our community. While I understand that "intent" is something with which lawyers have to contend when they defend or prosecute a case, I don't think that the notion of intent to commit harm extrapolates correctly into the field of virus writing. ------------------------------------------------------------------------- | Liberty is truly dead |Mark Aldrich | | when the slaves are willing |GRCI INFOSEC Engineering | | to forge their own chains. |maldrich@grci.com | | STOP THE CDA NOW! |MAldrich@dockmaster.ncsc.mil | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich@grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | -------------------------------------------------------------------------
On Mon, 22 Apr 1996, Mark Aldrich wrote:
On Mon, 22 Apr 1996, Bruce Marshall wrote:
Several other countries have very similiar laws. However, I had heard a somewhat unproven rumor that a U.S. state had actually made the writing of programs with malicious purposes illegal. Basically meaning that if you write a virus you have committed a crime. Like I said though, this was just a statement in a message so I can't vouch for the accuracy.
But, define "malicious purpose." One man's low-level format is another man's desired application of the moment.
There usually is a pretty apparent line between authorized and unauthorized functions in regards to computer programs. I don't think that even Microsoft with their pages of disclaimers could release software that, unbeknownst to its user, destroyed data.
I hate to paraphrase a tired line, but "self-replicating programs don't hurt computers - mean people do."
I have heard AV people argue that regardless of its purpose (malicious/destructive or not) all viruses can be harmful. Whether this is simply running the computer out of memory or using bad system calls that result in data loss is irrelevant to them. I don't quite buy into that argument since we can find the same flaws to be inherent in any software we run. However, since you haven't really consciously allowed the program to do whatever it is doing, the person who infected your machine is typically to be held responsible for unauthorized access at a minimum.
The term "virus" connotes a pathogenic quality in the mind of many. Unfortunately, this tendency continues in the use of the word 'virus' within our community.
Personally, I can see many useful functions for viruses. But I find the viruses that simply destroy data--which tends to be the majority--to be quite boring and childish. A non-destructive and innovative virus is very interesting and comparable to any good software hack in my eyes.
While I understand that "intent" is something with which lawyers have to contend when they defend or prosecute a case, I don't think that the notion of intent to commit harm extrapolates correctly into the field of virus writing.
These were not my thoughts as I was only commenting on a alleged law that had been passed. I agree that we can't look into our crystal ball and see whether Mr. McViruswriter had really intended for his virus to wipe out part of the Secret Service's computer network. I would wager that if legislators did indeed pass such a law in the U.S., they probably were hammered with the same type of anti-virus propaganda that AV people always seem to be throwing out. Bruce Marshall
Bruce Marshall writes:
On Mon, 22 Apr 1996, Mark Aldrich wrote:
The term "virus" connotes a pathogenic quality in the mind of many. Unfortunately, this tendency continues in the use of the word 'virus' within our community.
Personally, I can see many useful functions for viruses. But I find the viruses that simply destroy data--which tends to be the majority--to be quite boring and childish. A non-destructive and innovative virus is very interesting and comparable to any good software hack in my eyes.
While I understand that "intent" is something with which lawyers have to contend when they defend or prosecute a case, I don't think that the notion of intent to commit harm extrapolates correctly into the field of virus writing.
O.W. Holmes suggested out in "The Common Law" that the law delineates a certain minimum level of competence in forseeing the outcomes of our actions which all members of society are expected to attain. We'll hold you responsible for actions a "reasonable person" should have avoided because of their danger. As such, persons with limited training in manipulating biological viruses are expected to avoid doing so. Individuals *with* training are expected to take adequate precautions to avoid their spread. I see no reason why electronic viruses shouldn't be treated similarly. If you're going to write them, you *better* take steps to prevent their release, or you are liable for the damages.
On Tue, 23 Apr 1996, Scott Brickner wrote:
Bruce Marshall writes:
On Mon, 22 Apr 1996, Mark Aldrich wrote:
The term "virus" connotes a pathogenic quality in the mind of many. Unfortunately, this tendency continues in the use of the word 'virus' within our community.
Personally, I can see many useful functions for viruses. But I find the viruses that simply destroy data--which tends to be the majority--to be quite boring and childish. A non-destructive and innovative virus is very interesting and comparable to any good software hack in my eyes.
While I understand that "intent" is something with which lawyers have to contend when they defend or prosecute a case, I don't think that the notion of intent to commit harm extrapolates correctly into the field of virus writing.
O.W. Holmes suggested out in "The Common Law" that the law delineates a certain minimum level of competence in forseeing the outcomes of our actions which all members of society are expected to attain. We'll hold you responsible for actions a "reasonable person" should have avoided because of their danger.
With you so far. (Though Holmes is by no means the litmus by which today's legal world tests its process).
As such, persons with limited training in manipulating biological viruses are expected to avoid doing so. Individuals *with* training are expected to take adequate precautions to avoid their spread. I see no reason why electronic viruses shouldn't be treated similarly. If you're going to write them, you *better* take steps to prevent their release, or you are liable for the damages.
Now you jumped the argument a bit. There is a difference in holding someone to a reasonable standard generally, and defining several standards based on the experience of the person to which the standard is being applied. This latter approach is often called (jokingly by some) the Objective Subjective Standard. (Objective standard being without consideration of the view of the individual being judged, subjective including that view, and object subjective being the consideration of what the general class of individual would do without consideration of the individual's specific view). (What would a reasonable virus writer do is distinct from what a reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from what a reasonable person might do). Many courts reject higher (or lower- there are arguments for this too) standards of care for experts than for lay persons or other non-experts in tort cases, prefering to impose the "reasonable person" (Reasonable man for those of you who went to law school before 1985) standard universially. If there is interest, I will post exerpts of the arguments on both sides of this issue with the header [Noise]. --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
Black Unicorn writes:
On Tue, 23 Apr 1996, Scott Brickner wrote:
O.W. Holmes suggested out in "The Common Law" that the law delineates a certain minimum level of competence in forseeing the outcomes of our actions which all members of society are expected to attain. We'll hold you responsible for actions a "reasonable person" should have avoided because of their danger.
With you so far. (Though Holmes is by no means the litmus by which today's legal world tests its process).
I know. I've no formal legal training, and picked up "The Common Law" to try to get an understaning of "lawyer-think", not to learn the law. You use what you know, though.
As such, persons with limited training in manipulating biological viruses are expected to avoid doing so. Individuals *with* training are expected to take adequate precautions to avoid their spread. I see no reason why electronic viruses shouldn't be treated similarly. If you're going to write them, you *better* take steps to prevent their release, or you are liable for the damages.
Now you jumped the argument a bit. There is a difference in holding someone to a reasonable standard generally, and defining several standards based on the experience of the person to which the standard is being applied.
I'd argue that I'm holding everyone to the same standard: either know the safe ways of handling viruses and follow them, or don't handle them at all. You seem to imply that I'd hold the untrained virus writer harmless. No way. He's reckless and *should* be liable. When one has training, it's no longer reckless to simply handle (or write) the virus, but disregarding safe procedures is negligent.
This latter approach is often called (jokingly by some) the Objective Subjective Standard. (Objective standard being without consideration of the view of the individual being judged, subjective including that view, and object subjective being the consideration of what the general class of individual would do without consideration of the individual's specific view).
(What would a reasonable virus writer do is distinct from what a reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from what a reasonable person might do).
Many courts reject higher (or lower- there are arguments for this too) standards of care for experts than for lay persons or other non-experts in tort cases, prefering to impose the "reasonable person" (Reasonable man for those of you who went to law school before 1985) standard universially.
I assume that a canonical example of the lower-standard case is the "Good Samaritan" laws which reduce the liability of a trained person performing rescue activities (e.g., administering CPR). It seems to me that the "reasonable person" isn't the real issue there. Someone with training ought to be expected to do the "right" thing. If you're trained to administer CPR, and you do it *wrong*, you shouldn't be absolved of liability -- you're negligent. If you don't know anything about CPR (except what you've seen on "Baywatch"), then we're back to what a "reasonable person" should do. If you're trained and you do it right, but the person is still injured by your actions, limiting your liability is society's way of encouraging you to use your training for the common good. In my mind, the difference between the objective standard and the subjective one marks the difference between recklessness and negligence. If an objective "reasonable person" wouldn't do it, it's reckless. If a subjective "reasonable person" wouldn't, it's negligent. Perhaps these aren't the "legalese" usages of the terms, but it seems reasonable to me.
If there is interest, I will post exerpts of the arguments on both sides of this issue with the header [Noise].
I'd be interested.
On Wed, 24 Apr 1996, Scott Brickner wrote:
Black Unicorn writes:
On Tue, 23 Apr 1996, Scott Brickner wrote:
As such, persons with limited training in manipulating biological viruses are expected to avoid doing so. Individuals *with* training are expected to take adequate precautions to avoid their spread. I see no reason why electronic viruses shouldn't be treated similarly. If you're going to write them, you *better* take steps to prevent their release, or you are liable for the damages.
Now you jumped the argument a bit. There is a difference in holding someone to a reasonable standard generally, and defining several standards based on the experience of the person to which the standard is being applied.
I'd argue that I'm holding everyone to the same standard: either know the safe ways of handling viruses and follow them, or don't handle them at all.
Now you have to get into the question of who is a trained virus handler. This is a subjective analysis. The court is going to have to do this case by case. And below in your message its clear you do not hold everyone to the same standard. The virus/CPR expert is held to a different standard in your example. It is the same standard in that you punish everyone if they "Do something stupid." But "stupid" is different for each person.
You seem to imply that I'd hold the untrained virus writer harmless. No way. He's reckless and *should* be liable.
I indicated only that the standards you had for trained and untrained virus writers were different.
When one has training, it's no longer reckless to simply handle (or write) the virus, but disregarding safe procedures is negligent.
See my above position. Three standards. One for those with training, one for those without and some kind of standard for determining what is 'enough' training. Given the traditional institutional costs of courts, particularly their 'catch up' chase with technology, I don't think I'd want courts doing these calculations.
This latter approach is often called (jokingly by some) the Objective Subjective Standard. (Objective standard being without consideration of the view of the individual being judged, subjective including that view, and object subjective being the consideration of what the general class of individual would do without consideration of the individual's specific view).
(What would a reasonable virus writer do is distinct from what a reasonable Bob Dwyer, Ph.D. Computer science might do is distinct from what a reasonable person might do).
Many courts reject higher (or lower- there are arguments for this too) standards of care for experts than for lay persons or other non-experts in tort cases, prefering to impose the "reasonable person" (Reasonable man for those of you who went to law school before 1985) standard universially.
I assume that a canonical example of the lower-standard case is the "Good Samaritan" laws which reduce the liability of a trained person performing rescue activities (e.g., administering CPR).
Yes.
It seems to me that the "reasonable person" isn't the real issue there. Someone with training ought to be expected to do the "right" thing. If you're trained to administer CPR, and you do it *wrong*, you shouldn't be absolved of liability -- you're negligent.
But the other argument goes that we have to give the people who know what they are doing more leeway because they will be judged by people who don't know about the subject and because if we want to encourage good samaritans the way to do it is not by increasing their liability. (You effectively do increase their liability above by implying that you would like to impose a stricter negligence standard for trained CPR types). Keep in mind that doing the "wrong" thing isn't always negligence either. Doing the wrong thing because you were careless, that's negligence. Also note that you can be negligent without harming anyone. It could be argued that it's folly to impose a lower standard on the CPR 'idiot' and thus encourage him to run out and do CPR. One can imagine a scene where the CPR trained fellow pulls an idiot out of the crowd and gives instructions for the idiot to preform the CPR so as to take advantage of both his increased knowledge and the idiot's limited liability (reasonable person standard, not reasonable CPR expert standard).
If you don't know anything about CPR (except what you've seen on "Baywatch"), then we're back to what a "reasonable person" should do.
That probably includes not trying to preform CPR... no?
If you're trained and you do it right, but the person is still injured by your actions, limiting your liability is society's way of encouraging you to use your training for the common good.
This begins to look like the partial abortion debate, where the argument goes something like this: Yes, it's criminal to preform the procedure, but you can absolve yourself after the fact by showing us (medical morons) that the mother's life was in danger. That's not encouraging in the least to doctors. (Which in the abortion example, is precisely the point). The trick is in your concept of "and you do it right." That's a subjective analysis.
In my mind, the difference between the objective standard and the subjective one marks the difference between recklessness and negligence. If an objective "reasonable person" wouldn't do it, it's reckless. If a subjective "reasonable person" wouldn't, it's negligent.
This makes it REALLY tough. Reckless usually means extensive punative damages are on the way. Simple negligence doesn't always trigger them. By using these terms on the same facts the idiot gets simple negligence, the expert gets expanded liability and potential punative damages. Because the expert will be at significant disadvantage at trial (if he's an expert, if he knew what he was doing, why did the victim get hurt) what you've done is moved closer to the realm of strict liability for all experts. (Strict liability simply eliminates the negligence calculation. If you were doing the activity, (CPR) and someone got hurt, you're liable. Period. No calculation of fault). What this system does is create something like a rebuttable presumption of negligence on the expert. That starts to look like strict liability.
Perhaps these aren't the "legalese" usages of the terms, but it seems reasonable to me.
It creates systemic problems though. (Like the burden of overcoming the assumption that the expert must have erred).
If there is interest, I will post exerpts of the arguments on both sides of this issue with the header [Noise].
I'd be interested.
In an economic sense you want a negligence rule that balances a few interests. First, you want to either encourage or discourage the activity. (Virus work or CPR by the side of the road have different calculations). Second, you want to give injured persons the chance to recover damages. Third, you want to decrease the total number of accidents or injuries as much as possible. A lot of the decision whether to apply strict liability or negligence is going to be based on where you believe the costs should be shifted. Strict liability shifts the costs onto the person engaging the activity. The actor will increase his own costs to the extent he can still conduct the activity and still reduce the number of times he is called into court and damages are awarded against him. He will, of course, take no more care than his damages might be. If the largest ever award for a CPR related injury is $500,000, no one is going to spend more than that in increased care. The same calculation will be made with negligence, but the costs will more often be shifted to the victim. "The defendant will just take those precautions that minimize the sum of accidents and the costs of their prevention, whether negligence or strict liability is in place." Epstein, Torts 5d., 166 (1990). What you really want to do, economically, is shift the cost onto the party most able to bear the cost. ("Least Cost Avoider"). This will allow the return of damages with the least economic impact after the fact, and increase the amount of care exerted by the next Least Cost Avoider ex ante. It's interesting to note the argument that in the age of insurance, it really makes no difference who you put the costs on as society as a whole ends up footing the bill anyway. While holding experts to a higher standard makes some sense where experts are holding themselves out to be experts for marketing and reputation, when they are preforming acts like CPR and such you have to consider the possibility that a careless expert is better than a competent layman. For full treatments, See e.g., Shavell, Economic Analysis of Accident Law (1987); Rosenbaum, The Degree of Skill and Care Legally Required of a Medical or Surgial Specialist, 49 Medico-Legal J. 85 (1932); Eddy, Professional Negligence (1955); D. Parlett, Professional Negligence (1985); Comment: Professional Negligence, 121 U.Pa.L.Rev. 627 (1973). --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
Black Unicorn writes:
On Wed, 24 Apr 1996, Scott Brickner wrote:
I'd argue that I'm holding everyone to the same standard: either know the safe ways of handling viruses and follow them, or don't handle them at all.
Now you have to get into the question of who is a trained virus handler. This is a subjective analysis. The court is going to have to do this case by case. And below in your message its clear you do not hold everyone to the same standard. The virus/CPR expert is held to a different standard in your example. It is the same standard in that you punish everyone if they "Do something stupid." But "stupid" is different for each person.
I don't agree with this. I expect everyone who handles viruses to know what they're doing and take precautions. By handling the virus at all you are effectively claiming such expertise, as I see it. The court needn't consider formal training at all. A "reasonable person" ought to know if his training is adequate, after all. The court may choose to examine this claim, and find it to be in error, thus making the handling of the virus reckless. If the court accepts the claim, then it should examine the actual procedures. If the procedures are found wanting, there is negligence (though I suspect my "non-legalese" usage of these terms has them reversed --- negligence is a worse fault, in my estimation: you had the knowledge but failed to act in accordance with it; recklessness means you acted without fully appreciating the consequences, and thus didn't know better.)
You seem to imply that I'd hold the untrained virus writer harmless. No way. He's reckless and *should* be liable.
I indicated only that the standards you had for trained and untrained virus writers were different.
I guess "trained" may have been inappropriate. How about "knowledgable"?
When one has training, it's no longer reckless to simply handle (or write) the virus, but disregarding safe procedures is negligent.
See my above position. Three standards. One for those with training, one for those without and some kind of standard for determining what is 'enough' training. Given the traditional institutional costs of courts, particularly their 'catch up' chase with technology, I don't think I'd want courts doing these calculations.
Formal training implies that one is knowledgable, but such knowledge may be acquired without formal training (or new fields would never come about). Certain actions are clearly acceptable for knowledgable people but are dangerous for those without the knowledge --- handling a biological virus is one of them. The court need to nothing more than determine whether the precautions were adequate.
It seems to me that the "reasonable person" isn't the real issue there. Someone with training ought to be expected to do the "right" thing. If you're trained to administer CPR, and you do it *wrong*, you shouldn't be absolved of liability -- you're negligent.
But the other argument goes that we have to give the people who know what they are doing more leeway because they will be judged by people who don't know about the subject and because if we want to encourage good samaritans the way to do it is not by increasing their liability. (You effectively do increase their liability above by implying that you would like to impose a stricter negligence standard for trained CPR types).
I'm not sure I'm imposing stricter negligence on trained CPR types, see my comments below. What I *am* doing is imposing a stricter recklessness standard on untrained types.
Keep in mind that doing the "wrong" thing isn't always negligence either. Doing the wrong thing because you were careless, that's negligence.
Doing the wrong thing willfully is reckless or even malicious.
Also note that you can be negligent without harming anyone.
But is it actionable? Doesn't the law have a sort of "no harm, no foul" interpretation? According to Holmes, if I believe that an enemy is trying to kill me, and I arrange things so that when he thinks he's shooting me, he's really shooting a mannekin, he has *not* committed attempted murder. Similarly, if a pickpocket puts his hand in my pocket, but there's nothing there, he hasn't committed a crime.
It could be argued that it's folly to impose a lower standard on the CPR 'idiot' and thus encourage him to run out and do CPR. One can imagine a scene where the CPR trained fellow pulls an idiot out of the crowd and gives instructions for the idiot to preform the CPR so as to take advantage of both his increased knowledge and the idiot's limited liability (reasonable person standard, not reasonable CPR expert standard).
The expert shouldn't get reduced liability for this. The 'idiot' is effectively a tool in the expert's hands. Too, the 'idiot' has no way of assuring himself that the supposed expert is, in fact, qualified. It's no more appropriate for him to administer CPR under the guidance of a stranger than to do it on his own judgement.
If you don't know anything about CPR (except what you've seen on "Baywatch"), then we're back to what a "reasonable person" should do.
That probably includes not trying to preform CPR... no?
Dunno. Is it "reasonable" for an untrained person to attempt CPR? That's for a court to decide.
If you're trained and you do it right, but the person is still injured by your actions, limiting your liability is society's way of encouraging you to use your training for the common good.
This begins to look like the partial abortion debate, where the argument goes something like this:
Yes, it's criminal to preform the procedure, but you can absolve yourself after the fact by showing us (medical morons) that the mother's life was in danger.
That's not encouraging in the least to doctors. (Which in the abortion example, is precisely the point).
The trick is in your concept of "and you do it right." That's a subjective analysis.
Actually, I'd say the error in this abortion argument is that there's a presumption of guilt, which runs counter to a basic tenet of common law. In the virus case, I'd expect the plaintiff/prosecutor to prove that the precautions were inadequate. Not merely that they were ineffective in the specific case, but that a "reasonable person" would have known the activity to be dangerous without adequate precautions, and that a "resonable expert" would have considered the precautions taken inadequate. Without such proof, the defendant need only indicate what precautions were taken, and claim that they are adequate.
In my mind, the difference between the objective standard and the subjective one marks the difference between recklessness and negligence. If an objective "reasonable person" wouldn't do it, it's reckless. If a subjective "reasonable person" wouldn't, it's negligent.
This makes it REALLY tough. Reckless usually means extensive punative damages are on the way. Simple negligence doesn't always trigger them. By using these terms on the same facts the idiot gets simple negligence, the expert gets expanded liability and potential punative damages.
I see it the other way around. The "objective" reasonable standard says "don't handle the virus unless you're and expert". Handling the virus and being found incompetent to do so (the idiot case) means you're reckless and subject to those punitive damages. Being found competent to handle them and found not to have taken adequate steps leaves you at least negligent, but reckless if it wasn't accidental. Competent with adequate precautions means you weren't even negligent.
Because the expert will be at significant disadvantage at trial (if he's an expert, if he knew what he was doing, why did the victim get hurt) what you've done is moved closer to the realm of strict liability for all experts. (Strict liability simply eliminates the negligence calculation. If you were doing the activity, (CPR) and someone got hurt, you're liable. Period. No calculation of fault). What this system does is create something like a rebuttable presumption of negligence on the expert. That starts to look like strict liability.
Precautions don't necessarily eliminate danger, they simply reduce it to acceptable levels. Licensed drivers are, in some sense, driving experts. Why do they get in accidents? Often because of liability, but often there are merely unpredictable circumstances --- junk in the road, sudden ice storms, etc. The burden of proving negligence must remain with the one claiming injury.
Perhaps these aren't the "legalese" usages of the terms, but it seems reasonable to me.
It creates systemic problems though. (Like the burden of overcoming the assumption that the expert must have erred).
It's a faulty assumption, and a common law court ought to stick to its philosophical origins --- innocent until proven guilty.
On Wed, 24 Apr 1996, Scott Brickner wrote:
Black Unicorn writes:
On Wed, 24 Apr 1996, Scott Brickner wrote:
I'd argue that I'm holding everyone to the same standard: either know the safe ways of handling viruses and follow them, or don't handle them at all.
Now you have to get into the question of who is a trained virus handler. This is a subjective analysis. The court is going to have to do this case by case. And below in your message its clear you do not hold everyone to the same standard. The virus/CPR expert is held to a different standard in your example. It is the same standard in that you punish everyone if they "Do something stupid." But "stupid" is different for each person.
I don't agree with this. I expect everyone who handles viruses to know what they're doing and take precautions. By handling the virus at all you are effectively claiming such expertise, as I see it. The court needn't consider formal training at all. A "reasonable person" ought to know if his training is adequate, after all. The court may choose to examine this claim, and find it to be in error, thus making the handling of the virus reckless. If the court accepts the claim, then it should examine the actual procedures.
As I understand it, your test goes like this: Is handler an "expert"? Yes? : Examine procedures to determine liability. No? : Handler is liable. That's two standards. One standard of strict liability (for the non-expert) and one of negligence (for the expert).
If the procedures are found wanting, there is negligence (though I suspect my "non-legalese" usage of these terms has them reversed --- negligence is a worse fault, in my estimation: you had the knowledge but failed to act in accordance with it; recklessness means you acted without fully appreciating the consequences, and thus didn't know better.)
Other way around. Negligence is milder. Negligence is merely the absence of due care. Recklessness: The state of mind accompanying an act, which either pays no regard to its probably or possibly injurious consequences, or which, though forseeing such consequences, persists in spite of such knowledge. Recklessness is a stronger term than mere or ordinary negligence... Black's Law Dictionary 6d., (1990).
You seem to imply that I'd hold the untrained virus writer harmless. No way. He's reckless and *should* be liable.
I indicated only that the standards you had for trained and untrained virus writers were different.
I guess "trained" may have been inappropriate. How about "knowledgable"?
Ok. The standards you have created for knowledgeable and unknowledgeable people are different. My key objection to your position was your view that it was 1> an objective determination and 2> a single standard. It is neither.
See my above position. Three standards. One for those with training, one for those without and some kind of standard for determining what is 'enough' training. Given the traditional institutional costs of courts, particularly their 'catch up' chase with technology, I don't think I'd want courts doing these calculations.
Formal training implies that one is knowledgable, but such knowledge may be acquired without formal training (or new fields would never come about). Certain actions are clearly acceptable for knowledgable people but are dangerous for those without the knowledge --- handling a biological virus is one of them.
The court need to nothing more than determine whether the precautions were adequate.
Adequate for who? You've already said that the court has to determine if someone is knowledgeable first. (And thus in your test bypass the automatic finding of liability). This is a very complicated test you're designing.
I'm not sure I'm imposing stricter negligence on trained CPR types, see my comments below. What I *am* doing is imposing a stricter recklessness standard on untrained types.
Above you say "Someone with training ought to be expected to do the 'right' thing." That sounds like a stricter standard on CPR types. i.e., someone without training ought not to be expected to do the right thing. In this good faith helper at the side of the road example, do you want to punish the CPR type for doing his best despite his ignorance? (You might, I'm just trying to clarify your position, which seems internally inconsistant to me).
Keep in mind that doing the "wrong" thing isn't always negligence either. Doing the wrong thing because you were careless, that's negligence.
Doing the wrong thing willfully is reckless or even malicious.
I didn't know you ment willfully. I don't see that anywhere.
Also note that you can be negligent without harming anyone.
But is it actionable? Doesn't the law have a sort of "no harm, no foul" interpretation?
No. Not exactly. It's more of a "wrong without a remedy" deal.
According to Holmes, if I believe that an enemy is trying to kill me, and I arrange things so that when he thinks he's shooting me, he's really shooting a mannekin, he has *not* committed attempted murder. Similarly, if a pickpocket puts his hand in my pocket, but there's nothing there, he hasn't committed a crime.
Both of those are crimes today.
It could be argued that it's folly to impose a lower standard on the CPR 'idiot' and thus encourage him to run out and do CPR. One can imagine a scene where the CPR trained fellow pulls an idiot out of the crowd and gives instructions for the idiot to preform the CPR so as to take advantage of both his increased knowledge and the idiot's limited liability (reasonable person standard, not reasonable CPR expert standard).
The expert shouldn't get reduced liability for this. The 'idiot' is effectively a tool in the expert's hands. Too, the 'idiot' has no way of assuring himself that the supposed expert is, in fact, qualified. It's no more appropriate for him to administer CPR under the guidance of a stranger than to do it on his own judgement.
The point is that allowing that disparity seems silly.
If you don't know anything about CPR (except what you've seen on "Baywatch"), then we're back to what a "reasonable person" should do.
That probably includes not trying to preform CPR... no?
Dunno. Is it "reasonable" for an untrained person to attempt CPR? That's for a court to decide.
But under your test it doesn't matter. He didn't know how to attempt CPR, he's liable.
If you're trained and you do it right, but the person is still injured by your actions, limiting your liability is society's way of encouraging you to use your training for the common good.
This begins to look like the partial abortion debate, where the argument goes something like this:
Yes, it's criminal to preform the procedure, but you can absolve yourself after the fact by showing us (medical morons) that the mother's life was in danger.
That's not encouraging in the least to doctors. (Which in the abortion example, is precisely the point).
The trick is in your concept of "and you do it right." That's a subjective analysis.
Actually, I'd say the error in this abortion argument is that there's a presumption of guilt, which runs counter to a basic tenet of common law.
And in your test there is a presumption of fault on the non-expert. If he did everything right purely by accident or from what he saw on "baywatch" and the victim dies anyway, under your test he's cooked.
In the virus case, I'd expect the plaintiff/prosecutor to prove that the precautions were inadequate. Not merely that they were ineffective in the specific case, but that a "reasonable person" would have known the activity to be dangerous without adequate precautions, and that a "resonable expert" would have considered the precautions taken inadequate. Without such proof, the defendant need only indicate what precautions were taken, and claim that they are adequate.
Woah. Ok. So you want a reasonable person determination of the activity and if the activity falls within a dangerous defintion. (This is called ultrahazardous activity in tort law). Then you want strict liability on a non-expert who engages in that activity, and a "reasonable expert" standard on the expert who engages in that activity? Putting aside for a moment my already voiced concerns, doesn't the idea of having a "reasonable person" standard on the classification of an ultrahazardous activity seem silly? Does nuclear physics seem dangerous to Joe Sixpack? What about Cold Fusion experimentation? Microwave repair? Seems there's a tremendous opportunity for error in that kind of standard. It also has the effect of making the scope of the definition of "ultrahazardous" very large. The larger it is, the more interference and common law regulation you're going to have on the economy. _Particularly_ so where you are imposing a strict liability standard.
This makes it REALLY tough. Reckless usually means extensive punative damages are on the way. Simple negligence doesn't always trigger them. By using these terms on the same facts the idiot gets simple negligence, the expert gets expanded liability and potential punative damages.
I see it the other way around. The "objective" reasonable standard says "don't handle the virus unless you're and expert". Handling the virus and being found incompetent to do so (the idiot case) means you're reckless and subject to those punitive damages. Being found competent to handle them and found not to have taken adequate steps leaves you at least negligent, but reckless if it wasn't accidental. Competent with adequate precautions means you weren't even negligent.
Just legally, an objective standard is when you hold everyone to a reasonable person standard. Everyone is Joe Blow. Would Joe Blow have done this that or the other thing. As soon as you start talking "experts" you're out of the objective field.
Because the expert will be at significant disadvantage at trial (if he's an expert, if he knew what he was doing, why did the victim get hurt) what you've done is moved closer to the realm of strict liability for all experts. (Strict liability simply eliminates the negligence calculation. If you were doing the activity, (CPR) and someone got hurt, you're liable. Period. No calculation of fault). What this system does is create something like a rebuttable presumption of negligence on the expert. That starts to look like strict liability.
Precautions don't necessarily eliminate danger, they simply reduce it to acceptable levels. Licensed drivers are, in some sense, driving experts. Why do they get in accidents? Often because of liability, but often there are merely unpredictable circumstances --- junk in the road, sudden ice storms, etc. The burden of proving negligence must remain with the one claiming injury.
Then why impose it without an examination into fault on non-experts? In your test the non-expert bears the burden of showing he's an expert if he wishes to prevail. The victim need only say "He was doing CPR, I got hurt, he's a non-expert." Wham, liability under your test. That's not a burden at all. It's certainly not a burden of showing negligence.
Perhaps these aren't the "legalese" usages of the terms, but it seems reasonable to me.
It creates systemic problems though. (Like the burden of overcoming the assumption that the expert must have erred).
It's a faulty assumption, and a common law court ought to stick to its philosophical origins --- innocent until proven guilty.
Or under your test, liable until proven expert. As for faulty assumptions, go to court someday. They are common. In designing systems one _must_ assume them. --- My preferred and soon to be permanent e-mail address:unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell@pacifier.com
Several other countries have very similiar laws. However, I had heard a somewhat unproven rumor that a U.S. state had actually made the writing of programs with malicious purposes illegal. Basically meaning that if you write a virus you have committed a crime. Like I said though, this was just a statement in a message so I can't vouch for the accuracy.
Hmm... "malicious purposes".... How would they determine that? Some viruses are clearly designed to be destructive, but some do nothing but replicate. Then there are viruses and worms (like RTM's) that crash systems, but may or may not have been designed to do that. Then there are trojan horses, which look useful, but are designed to crash your machine... Then there are programs that are designed to be useful, but have bugs that will cause your machine to crash. Things are only black and white in lawmaker's dreams. :-/ ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve@edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP Fingerprint: 11 C8 9D 1C D6 72 87 E6 8C 09 EC 52 44 3F 88 30 | | -- Disclaimer: JMHO, YMMV, IANAL. -- | ===================================================================:)
participants (6)
-
Black Unicorn -
Bruce Marshall -
Mark Aldrich -
Scott Brickner -
Steve Reid -
tcmay@got.net