Computer Ethics

Class Notes for October 19, 2007

Class 11 - Risk & Reliability: Who Should be responsible for software?


Computer Risks

  1. Hardware / Software Design Flaws.
  2. Programming Errors
  3. Cybersecurity Vulnerabilities:
    a) Data
    b) System
    c) Network

Who should be responsible for reducing these risks?

Perspective on Computer Risks

  1. Are we too dependent on computers?
  2. Risk - is notice and consent enough?
  3. Making trade-offs when perfection is not an option?

Responsibility (general definition)
a) Person’s state of being the cause of or intending to cause a consequence.
b) Distinguished from the non-moral context of causality (“thunder storm is responsible for the power surge that knocks out the computer system”)

Responsibility (ethical definitions)
1. Moral Responsibility
a) Attributes blame or praise to a person.
b) Legal liability does not need to result.

2. Legal Liability
a) Does not always require direct causality.
b) Typically applies to corporations and property owners.
c) Requires compensation

3. Accountability
a) Does not necessarily attribute moral blame.
b) Applies to persons or groups
c) Someone is answerable (beyond mere liability).

Responsibility Analysis: AOL's AIM Vulnerability

September 25, 2007.
“A critical flaw in the way that the AOL LLC's instant messaging client displays Web-based graphics could be exploited by criminals to create a self-copying worm attack, security researchers are warning. . . AOL's servers are now filtering instant messaging traffic to intercept any attacks, but the company has yet to patch the underlying problem in its client software, security researchers said Tuesday.” (from news report on PC World, available at: http://www.pcworld.com/article/id,137678-page,1-c,virusesworms/article.html).


1. Moral Responsibility
a) Hackers
b) AOL programmers, designers, managers
2. Legal Liability
a) Probably none.
3. Accountability
a) AOL

Responsibility Analysis : Therac 25

(see Textbook for facts)


1. Moral Responsibility
a) Software Developers, Project Managers
b) Technicians?
2. Legal Liability
a) Atomic Energy of Canada Limited (AECL)
b) Hospitals?
3. Accountability
a) AECL
b) Hospitals
c) U.S. Federal Drug Administration

Responsibility Analysis: Software Generally
1. Moral Responsibility
a) Software Developers, Project Managers
b) User?
2. Legal Liability
a) State / Federal Law implies liability.
b) Implied liability can be changed by written Software License.
3. Accountability
a) Companies (eg Microsoft, AIM, Apple)
b) Institutional Users (eg hospitals, airlines)
c) Government Agencies

Legal Liability for Software Manufacturers -
Role of Law and Regulation
Civil liability
Contracts - private agreements between people or entities.
Negligence - liability for breaching standard of care that is imposed by law.
Regulatory - liability for violating standards set by government agencies (eg FDA, FTC).
Criminal liability - violations of state and federal criminal laws.

Software Licenses are usually written with standard clauses:
Grant - “license” not “sell” software (because of copyrights)
Warranty - promise as to functionality and quality of performance
Limitation of Liability - limits responsibility otherwise imposed by law.
Limitation of Remedy - limits what licensor will do if problem happens.

Shrinkwrap Software Licenses usually seek to minimize the licensor's legal liability:
1. Limited guarantee of the integrity of the software
a) “will perform in accordance with the documentation”; or
b) “As is”.
2. Limited remedy for failure of guarantee
a) “will replace defective media”;
b) “will refund purchase price”.

Software Licenses reflect the ethical dilemma raised by this complex product:
Trend -- Software licensor:
1. demands maximum protection of property rights; but
2. Denies legal liability and accountability to the extent possible.

1. Licensors argue that risk should be with the User:
a. Software can never be 100% defect-free.
b. User has notice and has given consent to the risk.
c. Software would cost too much if licensor had to be legally liable for all defects.

2. Software Users and advocates argue that the risk should be with the Licensor:
a. US laws hold manufacturers of other complex products legally liable (for example, autos).
b. Users cannot determine defects prior to purchase.
c. The cost of better design, programming and testing is outweighed by the loss to the aggregate of users.

Last updated: August 9, 2007. Computer Ethics is a course taught in the CS/IS Department at Kennesaw State University, Kennesaw, Georgia. Opinions expressed on this Web site are those of the author, Ann K. Moceyunas. Certain Portions Copyright © 1996 -2007 Moceyunas P.C. All rights reserved. Have Questions? Contact Ann Moceyunas at ann@moceyunas.com.