Policy Building Blocks: What Do We Mean When We Talk About Liability
from the core-questions dept
In tech policy, as with any policy, we often talk about liability. Basically, should X liable to Y, why, and with what consequence? Figuring out good policy is often a matter of figuring out how those questions should be answered. Because sometimes it might be good for society if X could be held liable for certain actions – after all, if a harm has occurred, we might want it to be remediated, and one reason we have the legal notion of liability is to find a way to cause such remediation to happen. On the other hand, sometimes it might be bad for society if liability could too easily attach, because liability isn’t entirely about righting a wrong: it is often about deterring behavior through the fear of potential liability.
The trick there, though, is to only deter harmful behaviors and not beneficial ones, or otherwise chill any of the important freedoms a healthy democratic society depends on people confidently knowing they can exercise. Figuring out good policy generally requires looking carefully at how the prospect of liability shapes how people act so that we deter what absolutely needs to be deterred without also deterring the behaviors we would prefer to have, or might even want to encourage, along the way. And figuring out good tech policy, specifically, means looking at how this shaping effect intersects with the use and development of technology, including the use and development we like and would want more of.
But “liability” is a pretty general concept, and it can be hard to answer these questions well when we speak in such broad terms. And so the point of this post is to serve as a sort of brief roadmap for the policy building block of what we mean when we talk about liability in the tech policy space, because having that deeper understanding will be important for helping understand how it may apply to technology.
In America, when we talk about liability, we start with two basic kinds: civil and criminal. Criminal liability arises when someone has violated a criminal law, and as a result the government tries to impose some sort of punishment leading to the loss of liberty (ex: prison or probation) or property (ex: a fine) as a consequence. Cases where questions of criminal liability are adjudicated are generally captioned US v. Defendant, or State v. Defendant, because those are the two parties in the dispute: the person alleged to have done something wrong, and the government that gets to try to seek redress of that wrong on behalf of the entire public. Sometimes when we talk about tech policy we do speak in terms of what sorts of criminal laws are on the books that the government gets to directly enforce via this sort of liability (for instance, some, but not all, CFAA cases are about criminal liability for allegedly illicit hacking), but in many (if not most?) other tech policy situations we instead speak of civil liability.
For civil liability, the government is not a party (at least not in the same way that it is with criminal liability). Instead, cases alleging that someone has done something wrong are generally between the party alleged to have been hurt by someone else’s behavior, and that someone else. The government still does have a role here, though, because the government sets up the laws that let someone claiming to have been hurt attempt to seek redress for that injury, but that dispute itself is still between private parties and the question for the courts is whether someone did wrong to another in a way that the law would recognize as a remediable injury the wrongdoer needs to compensate the injured for.
But even in the civil context there are a lot of different sources for liability, although we can boil them down here into a few general types that manage to cover most situations involving parties potentially being liable to each other, at least in the tech policy space.
One big type is contract liability, which we see come up in tech policy (see, for instance, discussions around “terms of service,” which are largely construed as contracts). A contract essentially is an agreement between parties, and law recognizes that liability can accrue when a party has breached that agreement. Although there are occasions where law may articulate the implicit terms of an agreement (one such example is the Universal Commercial Code, which supplies some standard terms that are automatically applicable to certain commercial transactions in states that have adopted its provisions as part of their own laws), in most cases the law is silent about what people might have agreed to, or the consequences for a party failing to do what they promised. It’s also generally agnostic about what they could agree to, although there are some exceptions, where certain agreements would be considered “void under public policy” (for instance, California will not recognize a non-compete agreement as valid, having determined that this sort of restraint on labor is not something people should be able to bargain for), but for the most part people are free to contract for whatever they’d like. But then it is only the terms of the agreement that creates the legal obligations for each party. If, say, there had been an agreement where someone agreed to pay another $20 if that person did 20 jumping jacks, you are unlikely to find a law saying that someone must do 20 jumping jacks. Instead what law will do is help provide a framework for analyzing such questions as whether such an enforceable agreement establishing these legal obligations existed, whether there was a breach of that agreement, and what the consequences should be if a party is found to be liable for breaching it.
In general, liability in all its forms follows when one party has another obligation to another and fails to meet it. Contracts can define those obligations, but often there is no applicable contract, yet law can still recognize an obligation, along with a consequence for failing to meet it. In such situations tort law may be what creates that liability by articulating implicit obligations (or “duties”) people may have towards others, with liability following where that duty has not been met.
There is, of course, much, much more to say about tort law than will be covered in this post, particularly because this form of liability animates so many tech policy discussions, and also because there are so many types of tort liability. There are even several general species of it (ex: negligence, intentional torts, and strict liability), each of which requires its own careful attention, because all tort law basically exists to answer the initial question raised at the top of this post: when is it just to hold someone liable for a consequence of something they’ve done, and when is it not? Tort law exists to help us answer that question, and specific torts themselves are the vehicles we use to do it.
But moving on for now, a third type of liability is infringement liability, which we see come up in the copyright and patent context (but not necessarily the trademark context, although that, too, is a discussion for another day). This sort of liability behaves a little bit like tort liability, but with enough key differences in how liability is found, defended against, and allocated to need to be considered separately. And it does need to be considered, because this sort of liability also has a very significant effect on tech policy discussions. But at its core, infringement liability basically addresses whether someone did something that someone else had the exclusive right to do thanks to a copyright or patent. If so, then the first someone has “infringed” that copyright or patent and is so liable.
Finally, there is one other form of liability worth mentioning here, although it exists perhaps more informally than the other forms civil liability described above, which can be described as “administrative liability.” Sometimes administrative liability creates private rights of action, where private parties can sue each other, similar to how they would for other torts, over the alleged breach of a legal obligation an administrative regulation established. But the idea of such administrative liability frequently means that someone has gotten in trouble with the government (often via a government agency) for a breach of a legal obligation an administrative regulation established, only the government’s enforcement of this alleged breach is considered “civil” rather than “criminal.” It may feel criminal, because if the government imposes a fine, or somehow extracts an injunction, that sort of sanction seems like the sort of deprivation of liberty and property that generally defines how we understand criminal liability. But for various reasons, it isn’t the same, and thinking about those reasons for why we treat it differently can also be an important thing to consider when we think about tech policy and design law that empowers various governmental agencies to police technology in some way.
With that last comment, thus concludes a very, very basic roadmap of where we find liability when it comes to tech policy (or any policy, really), which can hopefully help inform the discussions about what aspects of technology use and development, if any, should tempt it. Whenever tech policy discussions raise the issue of liability it is important to fully understand the sort of liability at issue and where it comes from so that we can successfully anticipate and toggle its potential effects, both good and bad.
Nevertheless, the preceding hardly paints a complete picture of how liability works. For instance, we’ve barely answered the question of who law may find liable, nor did we discuss any of the possible and necessary defenses to liability. And these issues are just as important to public policy considerations about liability as any law that would impose it.
Filed Under: liability, policy building blocks, tech policy
Comments on “Policy Building Blocks: What Do We Mean When We Talk About Liability”
While all of the foregoing is well predicated and, in my opinion, well elucidated, there is one fact that remains unspoken, neither now or in the past few years. That is, technology is simply a tool. We discuss policy in regards to how people act (or react, in some cases) with each other, and the fact that they use tools is not at issue… or at least, it shouldn’t be at issue.
Tech is like automobiles of 125 years ago, where the common phrase of the day was “There ought to be a law!” But with the hindsight of 12 decades, we can see that all automotive laws were and are aimed at how people use those cars, not at the cars themselves. (Obvious exception – safety. ‘Cause some people refuse to “get it”, and need to be protected from themselves.) We aim laws at traffic, but traffic is composed simply of people moving about, the fact that they are using cars is ancillary to the discussion of policy creation and maintenance.
Ditto for the Internet. For every case brought forth regarding the Internet, we can safely point to the behavior of one or more parties, and along with that, we can point to laws that for the most part, already exist (ex. copyright laws). What I would hazard a guess as the main talking point is all about these days is that the Internet exacerbates all of the problems (regarding how the current laws should be applied) about a million-fold. And from that, we see the old chestnut “There ought to be a law!” returning to the fore.
Nope, it’s all about societal behavior. Regulating the Internet isn’t about the technology, it’s about how people use the tool called the Internet. Or rather, how they might misuse it, and therefore create a need for discourse on how best to disallow that misuse, with as little interruption as possible to valid uses.
We mean, blame it on someone else. 😉