[IAEP] Activity Authentication - Questions about legal liability
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sun Feb 8 13:46:19 EST 2009
On Feb 8, 2009, at 1:04 PM, Luke Faraone wrote:
> It may pose as a legal liability for Sugar Labs, however, as Ivan
> pointed out: Chains of trust represent also a chain of legal
> liability, and whoever is on top is painting a giant "sue me" target
> on their back if anyone below screws up, gives incorrect
> information, or information that's used incorrectly. Could ask your
> contacts at the SFLC to assess SL's liability in this situation?
Healthcare texts are illustrative. The risk is that, left entirely to
decentralized distribution with no integrity protection, it's hard to
prevent inadvertent or malicious editing or tampering with the written
material, and the subsequent redistribution of this altered form. This
is annoying if the material is a programming book, but dangerous to
life and limb _and_ lawsuit-inviting when the material is a book on
medicine.
To attempt to mitigate the issue, one might think of having a known-
good central site which performs basic due diligence on the healthcare
materials that are posted. It's not clear such a site should be
operated by Sugar Labs due to both liability and core competency
issues, but if it's indeed not operated by Sugar Labs, it's not clear
how the site's better-than-random trustworthiness can be communicated
to the end user.
Note that I'm not advocating any particular solution, as I don't feel
I've thought about the problem enough. It may be that a decentralized
model is fine, and purely social mechanisms can be relied on to
effectively spread information about the trustworthiness of certain
online information sources.
(One recent example of high-profile manipulation of health-related
information is <http://is.gd/iPKc> from two years ago.)
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
More information about the IAEP
mailing list