[IAEP] Activity Authentication - Questions about legal liability

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Sun Feb 8 13:46:19 EST 2009

On Feb 8, 2009, at 1:04 PM, Luke Faraone wrote:
> It may pose as a legal liability for Sugar Labs, however, as Ivan  
> pointed out: Chains of trust represent also a chain of legal  
> liability, and whoever is on top is painting a giant "sue me" target  
> on their back if anyone  below screws up, gives incorrect  
> information, or information that's used incorrectly. Could ask your  
> contacts at the SFLC to assess SL's liability in this situation?

Healthcare texts are illustrative. The risk is that, left entirely to  
decentralized distribution with no integrity protection, it's hard to  
prevent inadvertent or malicious editing or tampering with the written  
material, and the subsequent redistribution of this altered form. This  
is annoying if the material is a programming book, but dangerous to  
life and limb _and_ lawsuit-inviting when the material is a book on  

To attempt to mitigate the issue, one might think of having a known- 
good central site which performs basic due diligence on the healthcare  
materials that are posted. It's not clear such a site should be  
operated by Sugar Labs due to both liability and core competency  
issues, but if it's indeed not operated by Sugar Labs, it's not clear  
how the site's better-than-random trustworthiness can be communicated  
to the end user.

Note that I'm not advocating any particular solution, as I don't feel  
I've thought about the problem enough. It may be that a decentralized  
model is fine, and purely social mechanisms can be relied on to  
effectively spread information about the trustworthiness of certain  
online information sources.

(One recent example of high-profile manipulation of health-related  
information is <http://is.gd/iPKc> from two years ago.)

Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

More information about the IAEP mailing list