Computer-Related Liability Problems

In late 2013 hackers obtained credit card, debit card, and additional personal infor­mation about 70 to 110 million customers of Target, one of the largest U.S. retail­ers. Target’s sales and reputation took an immediate hit from which it has still not completely recovered. Target says it has spent over $60 million to strengthen its systems. In 2015, Target agreed to pay $10 million to customers and $19 million to Mastercard. It has paid an even greater price through the loss of sales and trust.

Who is liable for any economic harm caused to individuals or businesses whose credit cards were compromised? Is Target responsible for allowing the breach to occur despite efforts it did make to secure the information? Or is this just a cost of doing business in a credit card world where customers and businesses have insurance policies to protect them against losses? Customers, for instance, have a maximum liability of $50 for credit card theft under federal banking law.

Are information system managers responsible for the harm that corporate systems can do? Beyond IT managers, insofar as computer software is part of a machine, and the machine injures someone physically or economically, the producer of the software and the operator can be held liable for damages. Insofar as the software acts like a book, storing and displaying information, courts have been reluctant to hold authors, publishers, and booksellers liable for contents (the exception being instances of fraud or defamation); hence, courts have been wary of holding software authors liable.

In general, it is very difficult (if not impossible) to hold software producers liable for their software products that are considered to be like books, regardless of the physical or economic harm that results. Historically, print publishers of books and periodicals have not been held liable because of fears that liability claims would interfere with First Amendment rights guaranteeing freedom of expression. The kind of harm software failures cause is rarely fatal and typically inconveniences users but does not physically harm them (the exception being medical devices).

What about software as a service? ATMs are a service provided to bank cus­tomers. If this service fails, customers will be inconvenienced and perhaps harmed economically if they cannot access their funds in a timely manner. Should liability protections be extended to software publishers and operators of defective financial, accounting, simulation, or marketing systems?

Software is very different from books. Software users may develop expec­tations of infallibility about software; software is less easily inspected than a book, and it is more difficult to compare with other software products for qual­ity; software claims to perform a task rather than describe a task, as a book does; and people come to depend on services essentially based on software. Given the centrality of software to everyday life, the chances are excellent that liability law will extend its reach to include software even when the software merely provides an information service.

Telephone systems have not been held liable for the messages transmitted be­cause they are regulated common carriers. In return for their right to provide tele­phone service, they must provide access to all, at reasonable rates, and achieve acceptable reliability. Likewise, cable networks are considered private networks not subject to regulation, but broadcasters using the public airwaves are subject to a wide variety of federal and local constraints on content and facilities. In the United States, with few exceptions, websites are not held liable for content posted on their sites regardless of whether it was placed there by the website owners or users.

Source: Laudon Kenneth C., Laudon Jane Price (2020), Management Information Systems: Managing the Digital Firm, Pearson; 16^th edition.