Hidden Engines of Destruction: The Reasonable Expectation of Code Safety and the Duty to Warn in Digital Products

Privacy and Security

Article Snapshot

Author(s)

Andrea Matwyshyn

Source

Florida Law Review, Vol. 62, No. 1, pg. 138, 2010

Summary

This article states the need for better protection for consumers and puts forth a reasonable expectation of code safety.

Policy Relevance

Since digital products can pose harms to consumers through the vulnerability of code, there ought to be a “reasonable expectation of code safety.” This expectation is based on the “duty to warn” notion from tort law and it would be likely to overcome any First Amendment challenges.

Main Points

  • Digital code is susceptible to action or attacks that harm consumers. Functionality harm, which results in a computer crash or the loss of a device’s functionability, is one type of harm. Information harm, the exposure to information security crime, is the other major type of code harm.
     
  • These harms are exacerbated because there is very little transparency regarding digital products. Consumers do not know what is going on inside their product, and furthermore there are not adequate feedback loops to warn consumers when a security breach has occurred.
     
  • The fact that there is a great information imbalance between the consumers and the creators of digital products means that consumers are not aware of the danger that certain products pose.
     
  • Legislative efforts have been made to correct the information imbalance. Certain legislation, such as the Gramm-Leach-Bliley Act, has attempted to make warning labels more prevalent. However, this legislation targets commercial interests, an area where industry best practices already promote warning labeling.
     
  • It is frequently government and non-profit agencies that are the most susceptible to code harms. Unfortunately, legislation has not been as effective in the noncommercial sphere.
     
  • “A reasonable expectation of code safety,” encompassing a three-tiered duty to warn, inspect, and repair, that is based on the tort notion of a land owner’s duty to warn is a possible solution to code harms.
     
  • This system would require creators to categorize risks created by code harm and then act accordingly to mitigate the harm to consumers. This method would both protect consumers and also hopefully educate them so that they can make more informed judgments about digital products in the future.
     
  • A first amendment challenge to the requirements this new standard puts on creators is likely to fail. The requirements would be mostly content neutral and relating only to the incidental effects of the code. Moreover, any chilling of free speech that might occur would be counterbalanced by the threat that information security poses to our nation.
     

Get The Article

Find the full article online

Search for Full Article

Share