This document discusses software and product liability. It examines whether software manufacturers should be held strictly liable for software defects or if negligence standards should apply. It analyzes arguments for and against strict liability, including encouraging risk spreading, compensation of injured parties, and potential negative impacts on innovation. The document also discusses issues like contributory negligence, distinguishing manufacturing vs design defects, liability for security updates, autonomous systems, and open source software. It provides examples of legal cases involving software liability.
This lecture include introduction to software contracts. Before starting development companies prepare agreement document to deal with conflicts afterwards.
Frame Work of Employee Relation Law , Lahore Garrison Universitytouseefaq3
Employee relations consist of all those areas of human resource management that involve relationships with employees-directly or through collective agreements where trade unions are recognized.
Employee relations practices include formal processes, procedures and channels of communication.
This lecture include introduction to software contracts. Before starting development companies prepare agreement document to deal with conflicts afterwards.
Frame Work of Employee Relation Law , Lahore Garrison Universitytouseefaq3
Employee relations consist of all those areas of human resource management that involve relationships with employees-directly or through collective agreements where trade unions are recognized.
Employee relations practices include formal processes, procedures and channels of communication.
discuss about System system analysis, system design, system analyst's role, Development of System through analysis, SDLC, Case Tools of SAD, Implementation, etc.
What is professional software development and definition of software engineering. Who is a software engineer. Difference between Computer Science and Systems Engineering
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
Accountability And Auditing In Professional PracticeSyed Hassan Ali
Accountability And Auditing In Professional practice
what is accountability
what is auditing
pillar of accountability
types of auditing
internal auditing
external auditing
example of auditing
real life example of auditing
real life example of accountability
why we use auditing
the main purpose of auditing
Legal Liability for IOT Cybersecurity VulnerabilitiesPriyanka Aash
There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.
The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.
This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.
Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.
discuss about System system analysis, system design, system analyst's role, Development of System through analysis, SDLC, Case Tools of SAD, Implementation, etc.
What is professional software development and definition of software engineering. Who is a software engineer. Difference between Computer Science and Systems Engineering
This presentation speaks about the ethics regarding information security research. It includes responsible disclosure, vulnerability life cycle and applicable laws and regulations with regard to Sri Lankan context.
Venue: WSO2 Jaffna
Date: 22nd of September 2016
Time: 1800h (Local time)
Speaker: Milinda Wickramasinghe (Software Engineer | WSO2 Platform Security)
Accountability And Auditing In Professional PracticeSyed Hassan Ali
Accountability And Auditing In Professional practice
what is accountability
what is auditing
pillar of accountability
types of auditing
internal auditing
external auditing
example of auditing
real life example of auditing
real life example of accountability
why we use auditing
the main purpose of auditing
Legal Liability for IOT Cybersecurity VulnerabilitiesPriyanka Aash
There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.
The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.
This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.
Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.
Liability Issues in Autonomous and Semi-Autonomous SystemsJohn Buyers
A presentation given to the ITechLaw World Conference in Miami, May 2016. This looks at how liability issues in AI systems can be handled by current liability frameworks and how such issues might be dealt with in the future. Accompanying paper also available.
Module 4: Software Development and Information Technology
Strategies to Engineer Quality Software-Key Issues in Software Development- The impact of IT on the Standard of Living and Productivity -Industry 4.0 standards and applications in areas like Food, Water, Energy and Health care
View this ondemand webinar here: https://pages.bugcrowd.com/7-bug-bounty-myths-busted-ondemand-webinar
About the content:
Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this recorded webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world.
After viewing this presentation and ondemand webinar you will:
1. Learn if a bug bounty program is right for your organization
2. Understand if a bug bounty encourages hackers to attack your systems
3. Explore the real benefits of bug bounty programs – and find out if they actually work
4. Get insight on whether these programs are too hard and costly to manage
2015 saw continued growth for open source software across many dimensions, a trend expected to continue in this coming year and a range of interesting developments that we reviewed in the last webinar.
In this webinar, the panelists will discuss:
- Open source and application security
- Community-centered compliance as reflected in OpenChain and SPDX
- The explosion of company involvement in collaborative projects
- The direction of the VMware case and other topics we anticipate being hot this year
Register now to join Black Duck, Mark Radcliffe and Karen Copenhaver on to discuss the hot topics generating buzz in the year to come.
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
Developing programs that are inherently immune to attack requires sound software engineering practices. This session looks at the overall software engineering lifecycle and the critical points at which software security is a specific consideration. From the requirements for third-party suppliers to in-house development, your process must offer a level of confidence that the software functions as intended and is free of vulnerabilities. The presentation shows how using threat models, code pattern analysis tooling, targeted reviews, and more enhances Java security.
Ethics and TechnologyACM Code of Ethics Project Guidelines.docxSANSKAR20
Ethics and Technology ACM Code of Ethics Project Guidelines
Spring 2018
(from course syllabus)
100 points – Code of Ethics Project
A summary description of five cases in computer ethics that violate five different parts of the Association for Computing Machinery (ACM) code of ethics, picking out the appropriate, relevant parts of the code and applying them to the cases of ethics violations. More details TBA.
This final project is intended to have your apply the code to five ethical issues we have considered this semester. Students are to articulate five distinct, separate issues in three “Parts”: articulate the “Ethical Issue,” relevant pats of the code, and “Applying the Code” to the issue, where a resolution grounded in the code is made. Each of the five examples should first describe the issue, then list the relevant parts of the code, and finally concluding how one should respond, applying the code to the issue. This process should have students cut and paste relevant parts of the entire code.
Example: Volkswagen Software Developers and Beating the Emissions Test:
Part 1: Ethical Issue: Software developer for VW and are asked to sign off on software designed to detect and pass emissions testing
Part 2: Relevant Parts of the Code1.1 Contribute to society and human well-being.
“An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health and safety.”
“When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and will avoid harmful effects to health and welfare.”
“In addition to a safe social environment, human well-being includes a safe natural environment. Therefore, computing professionals who design and develop systems must be alert to, and make others aware of, any potential damage to the local or global environment.”
1.2 Avoid harm to others.
"Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts.
1.3 Be honest and trustworthy.
2.3 Know and respect existing laws pertaining to professional work.
ACM members must obey existing local, state, province, national, and international laws unless there is a compelling ethical basis not to do so.
Part 3: Applying Code to the Issue
The ACM code would condemn the actions of the VW software developer, as this software designed to avoid emissions tests. The resulting software violates 1.1 (doesn’t contribute to society and well-being, is not socially responsible, and against a safe natural environment. It violates 1.2 as it has unwanted environmental impacts, violates 2.3 as it violates emissions laws.
Grading will be based on comprehensiveness, choosing controversial ethical issues, citing most relevant parts of the code to the issue involved in a concise manner. Answers are due posted to ...
Developing programs that are inherently immune to attack requires sound software engineering practices. This session looks at the overall software engineering lifecycle and the critical points at which software security is a specific consideration. From the requirements for third-party suppliers to in-house development, your process must offer a level of confidence that the software functions as intended and is free of vulnerabilities. The presentation shows how using threat models, code pattern analysis tooling, targeted reviews, and more enhances Java security.
Originally presented at JavaOne 2013 San Francisco
Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...ALIAS Network
Drones (namely RPAS) have been chosen as case study to test the Legal Case, the novel methodology, developed by the ALIAS Project, to proactively address liability of new aviation technologies. This presentation shows how the methodology has been applied to address liability issues of drones. It presents the step 1 of the Legal Case process, dealing with the human factors analysis of drones. This intends to define task allocation between the remote pilot and the drone in order to derive task responsibilities of all actors involved in drones operations.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
2. Strict liability vs negligence
• should software manufacturers be held strictly liable for
software defects?
• If computer software is deemed to be a service, then a
manufacturer is generally not liable in tort, absent some negligent
behaviour or intentional misconduct.
• If computer software is deemed to be a product, then a
manufacturer may be liable under strict liability or
negligence.
• "aeronautical chart" cases
• To date, there are no reported decisions in the United States
holding a software vendor liable under a strict liability
theory (Scott 2008).
3. Strict liability (1)
• Software manufacturers should be held strictly liable
because:
• strict liability would encourage risk spreading
• strict liability would encourage the manufacturer to purchase products liability
insurance, thus passing the cost of the insurance onto the users of the
product. (issues: insurance is not easy to obtain, higher prices)
• liability under a negligence theory may be unavailable
• the injured party, in a negligence action, faces the burden of showing that there was a
lack of due care in the design or manufacture of the computer software.
• in the more complex and advanced computer software, it may be extremely difficult for a
consumer or user of the computer software to identify the lack of due care by the
manufacturer which was responsible for the defect.
4. Strict liability (2)
• Software manufacturers should be held strictly liable because:
• strict liability forces manufacturers to take precautions before
marketing their product
• Manufacturer are in the best position to know all potential defects and potential harms that
their products might cause. Forcing manufacturers to pay for personal injuries created by
software defects will encourage them to be more careful.
• injured party will be adequately compensated
• the application of strict liability to computer software defects would ensure that injured
plaintiffs receive adequate compensation for their injuries, especially in fields such ATM,
where defective computer software may result in serious personal injury or death.
• manufacturer makes a representation of product safety
• implicit in a product's presence on the market is a representation that the product will safely
do the jobs for which it was built. By placing the computer software on the market, the
computer software manufacturer should be forced to assume liability for any injury caused
by the computer software which was unreasonably dangerous
5. negligence
• Software manufacturers should NOT be held strictly liable
because:
• strict liability will cause an undue burden upon computer software
manufacturers
• it is essential to balance the need for the adoption of softwares and automation with
the risk involved in their malfunctions. In balancing the need versus the harm, it is
crucial to look at the costs and risk of damage had the computer program not been
used, and if there are other efficient and safe methods of carrying out the same
function.
• strict products liability would hamper innovation
• Implementation of strict products liability would discourage the research and
development of potentially life saving / safety enhancing / efficient software. If
computer software manufacturers were to face strict liability for defects in computer
software which they did not know about and could not prevent, many manufacturers
would discontinue "cutting edge" ventures
6. Contributory negligence
• Contributory negligence or victim fault should be
recognized in all cases of liability, both fault and strict:
• An efficient liability rule would require that the operator bear the
cost of avoidable harm, (avoidable by due care), excluding those
harms that victims can prevent more cheaply (Calabresi
-cheapest cost avoider)
• If contributory negligence is not a defense, then any liability rule
is potentially inefficient (Bergkamp)
7. Manufacturing defects vs. design defects
• is a software bug a manufacturing defect or a design defect?
• A manufacturing defect is one that differs from the intended result of
the manufacturer or from other identical items of the same
production line (production flaw)
• A design defect, instead, exists where the product is designed in
such a way that it carries an inherent risk of harm in normal use.
• Strict products liability is equally applicable to both
manufacturing defects and design defects, although it is often
easier to apply strict products liability to a manufacturing
defect.
• Design defect has higher burden of proof (reasonable alternative
design, level of expected safety)
• State of the art defence
• "risk/utility” test (B < PL)
8. software liability in relation to patches and updates
• Is there a responsibility for failure to check adequately for bugs?
• manufacturers’s responsibilities would include carefully formulating the design of the
software to prevent vulnerabilities that can be exploited by hackers and other third
parties, properly implementing the design in code, thoroughly testing the code to expose
any vulnerabilities, and revising the code to remove the vulnerabilities before releasing
the software to the public.
• Is the developer responsible for providing a patch/update? Is there a user's
contributory negligence?
• Usually, many of these errors are discovered only after the software has been distributed.
Three software liability policies has been investigated (in relation to security):
2. Loss Liability Policies, where the software vendor/manufacturer is liable to partially or
fully compensate users’ losses incurred in case of attack/damage
3. Patch Liability Policies, where the software vendor/manufacturer is held liable to
compensate patching costs incurred by users if a vulnerability/error is discovered before
the damage is produced
4. Security Standards Policies, where regulation enforces a certain standard of security to
be achieved by the vendor/manufacturer during software development to mitigate
security vulnerabilities.
9. liability and autonomous software
• In certain circumstances, when a damage is caused by the use
of defective autonomous software/automated systems, human
operators (e.g. pilots) should be shielded from liability because
they are relying on automated systems to fulfill their tasks (e.g.
GPS/autopilots to guide them to the correct destination).
• However, if no design/manufacturing defects are detected,
the user would be responsible under (a sort of) vicarious
liability, rather than liability of the custodian.
• Therefore, in analogy with vicarious liability, when software's
performances are below a certain standard, the user would be liable
even if he was not negligent.
• In this scenario, what would be the appropriate standard to be taken
into account? Maybe, the level of care that would be expected from a
human being executing the same task delegated to the autonomous
system.
10. liability for open source software
• The peculiar characteristic of open source software is that it is
distributed under the form of source code, while the distribution
of the executable code is only optional.
• In such a case, should liability be framed as liability for
misleading/inaccurate/wrong information?
• In the US, providers of items containing certain forms of
“information” have been exempted from strict product liability,
even in cases where the item in question has been mass
produced (Book Cases).
11. Law and economics analysis
• Law and economics models help us to
analyse the effect of liability on incentives
• whether to engage in activities
• how much care to exercise to reduce risk when
doing so
• Cost internalization theory:
5.It creates incentives to prevent damages taking care
(preventive measures to reduce risk)
6.It would further risk (or loss) spreading
7.It would cause the price of activities to increase,
resulting in lower activity levels
12. Liability for accidents (Shavell): optimal care
• Let x be expenditures on care (or the value of effort devoted to
it) and p(x) be the probability of an accident that causes harm h
(p decreases when x increases).
• Assume that the social objective is to minimize total expected
costs, x + p(x)h, and let x∗ denote the optimal x.
• under both forms of liability, strict liability and the
negligence rule, injurers are induced to take optimal care
(x∗ ).
• a regime of strict liability with contributory negligence induces
the socially optimal level of care by both parties.
13. Liability for accidents (Shavell): level of activity
• Let z be the level of activity
• Let b(z) be the injurer’s benefit from the activity, (b increases when z
increases)
• z(x + p(x)h) is the total cost of care and expected harm given z
• Under strict liability, an injurer will choose both the optimal level of
care x∗ and the optimal level of activity z∗, as his objective is the same
as the social objective, to maximize b(z) − z(x + p(x)h)
• Under the negligence rule, an injurer will choose optimal care x∗, but
his level of activity z will be socially excessive.
• The explanation for the excessive level of activity is that the
injurer’s cost of raising his level of activity is only his cost of care
x∗ , which is less than the social cost, as that also includes p(x∗ )h.
• Open issue: burden of proof
14. Software liability
• intrinsic software (user does not interact directly with the
software, e.g software embedded in planes or automobiles)
• extrinsic software (pc application)
• intrinsic and extrinsic software may be key to a socially efficient
liability regime, because the economic theory of product liability
law prescribes the assignment of liability to the party who
controls the risk
• strict liability rule may not be socially optimal for extrinsic
software, because it would not induce the consumer to exercise
due care in the installation, operation, and use of the software
15. Software liability in ATM: Überlingen (1)
• First Instance Court N. 34 of Barcelona, Spain (2010)
• plaintiffs representing thirty-one (31) of the Russian passengers (Bashkirian
Airlines Flight 2937)
• Defendants: The manufacturers of the TCAS, Honeywell International, Inc.
(“Honeywell”) and Aviation Communication & Surveillance Systems
(“ACSS”)
• the Spanish Court found that two alleged defects of the TCAS had not been
proven: (1) the alleged fault in the RA Reversal system; and (2) the alleged
existence of a new version of TCAS software available to correct the
claimed problems of the earlier version that defendants had failed to
implement.
• However, the Court did find that plaintiff had proven a third alleged
defect, i.e., that the TCAS II Pilot’s Guide failed to clearly set forth the
priority of TCAS advisories over conflicting air traffic control orders.
16. Software liability in ATM: Überlingen (2)
• Product Liability
• "[T]he lack of adequate instructions and warnings in the defendants’ TCAS
Pilot’s Guide […] contributed towards the Tupolev pilot’s error that caused
the accident and, accordingly, we can conclude that this information defect
contributed substantially to the damage, being part of one of its causes. For
this reason, the defendants shall be liable for the damages caused."
• The Court rejected plaintiffs’ claims for survival damages. The Court also
rejected plaintiffs’ claims for punitive damages.
• The Court found that Honeywell was not liable for non-monetary damages
• ACSS was liable for non-monetary damages ($5,991,501)
• plaintiffs were awarded a total of $10,459,810.50 in damages for the deaths
of 30 persons, including $6,723,639.45 as to ACSS and $3,736,171.05 as
to Honeywell13 – an average of $348,660.35 per decedent. The decision is
currently subject to appeal.
17. Software liability in ATM: Überlingen
• “Forum shopping”
• 22nd Convention on the Law Applicable to Products Liability, signed in The
Hague on October 2, 1973
• currently in force in 11 European countries (Spain, France, the Netherlands,
Croatia, Finland, Luxembourg, Montenegro, Norway, Serbia, Slovenia, and
FYROM) (6 of them are also party of Rome II)
• Article 6 applies the law of the manufacturer's principal place of business unless
the claimant bases his claim on the law of the place of injury.
• Article 11 establishes that there is no requirement for the Convention to have
been adopted by the country to whose law Articles 6 points.
• On these grounds judges applied apply Arizona law for ACSS and New
Jersey law for Honeywell.
Editor's Notes
The manufacturer is held liable under the risk-utility test if the probability of injury times the gravity of injury under the current product design is more than the cost of an alternative reasonable design plus the diminished utility resulting from modifying the design.
(other EU states: rome II) EU Regulation 864/2007 on the Law Applicable to Non-Contractual Obligations (&quot;Rome II&quot;) which is now in operation and would designate the law applicable to non- contractual obligations arising out of torts (Article 4) or damage caused by products (Article 5). As a general rule, Article 4 in respect of torts applies the law of the country in which the damage occurs, whilst Article 5 for product liabilities applies the law of: (1) the habitual residence of the person suffering damage, provided the product was marketed there; or, failing that (2) the country in which the product was acquired, provided the product was marketed there; or failing that (3) the country in which the damage occurred, provided the product was marketed there. Whilst the Convention takes precedence over Rome II for the 6 EU countries party to both, Rome II's choice of law provisions promisingly appear to increase the chances of US-based manufacturers avoiding being subject to US law before a European court.