A New Era in Legal Culpability

by Loki der Quaeler — December 29, 2007

Common Law has a long history of preventing persons from being protected from criminal prosecution by the mantle of ignorance. It is likely that this notion has a much longer legal existence in human civilization, as Roman Law expresses the idea as “ignorantia legis non excusat” — “ignorance of the law does not excuse.” Over the past decade, first and second world societies have introduced an exception clause to this concept which should be taken as a warning sign of a potentially widening crack.

Let’s make up some nomenclature before proceeding much further; for the remainder of this article, we’ll refer to an object, whose technical workings are too complex for the randomly chosen person-on-the-street to comprehend, as a ‘complex object’.
Let’s further sub-divide the set of complex objects into two groups: those of use strictly in the workplace and/or research environments, and the rest. We’ll ignore the objects in the former group, since there is usually already a strict framework imposed by a government, as well as the business itself in the interest of marketplace image, which results in the education of the users in the usage of those objects.¹ As a result, all references to ‘complex objects’ will refer to non-business-place-only complex objects.
Lastly, as you’ve just seen, there will be occasional lapses and a person who uses a complex object will be referred to as a ‘user’.

It’s not terribly contentious to claim that humans began to be exposed to complex objects on a regular basis with the advent of the industrial revolution. From electricity in the home, to light bulbs, to telephones, to radios, and on and on: we have had a century and more of average people buying complex objects. With the introduction of complex objects to six-pack-Joes-and-Josephines, so came the forced birth of concerns of usability and user interface — the art of taking a process too complex for a person to use and transforming it so that the same person can make use of it. ² The user interfaces on these objects attempted to serve at least three purposes:

the user of an object is sheltered from having to know about the complex mechanisms working to provide the functionality of the object
the user of an object is heavily discouraged, if not outright prevented, from mucking with the complex mechanisms of the object
the user of an object is protected from performing an action with the object which would cause damage to the user or people immediately around the user

It is item #3 which is of the most interest to us here. This protection, on any item, can only do so much. A user intent on circumventing the protection could, for example, rig the door latch mechanism on a microwave so that the oven is able to radiate even with the door open, allowing the user to microwave their own head, foot, or what have you.
It’s relevant to note that, historically, the great majority of these complex objects could not be used to inflict damage on people other than the user, or others in the user’s immediate physical vicinity — existence of #3 or not. For objects in which this isn’t the case,³ when the user has caused harm to others society has, at least through the 1980s, uniformly sided with the ignorantia legis non excusat principle.⁴

Then along came personal computers with the 1990s. To be accurate, personal computers came along more than a decade before, but through the 1980s these devices were basically the sole bailiwick of the nerdy, the scientists and the academics. It is not that people of this ilk are infallible concerning the operation of their computers, but rather the personal computers themselves at that time were generally not largely networked nor capable of easily running processes of which the user was unaware.

What the 1990s brought for personal computers was more user friendly interfaces to their operating systems and access to the internet, and with those things so came the general public. Unfortunately both the user interface of the computer and the underlying internet failed our above-item-#3 — what neither the user interfaces did adequately, nor were the internet protocols which facilitate things like email and web traffic designed to do, was to protect stumbling users from themselves.
So then, circa 1998, we had a burgeoning mass of average folk who had enough knowledge of computers to allow them to write documents, play games, and dial-in to the internet for their, albeit slow, fix. Late, but ever welcome, to the party came the final ingredient: always-on-connectivity to the internet, in varied guises like DSL and cable.⁵ Recapping the guests at our 1998 party, we now had:

average shmoes in possession of
- complex objects with
  - user interfaces that did not protect the users from accessing the underlying complex mechanisms
  - the ability to be continually interconnected to other complex objects with similar user interface defects

The more nefariously shrewd people realized that by exploiting a user’s naiveté (“here’s an email with an attached hot movie of Angelina Jolie topless – i’m going to double click it!”) and/or those user interfaces which were not properly maintained by the user (“what’s a Windows update?”), that they could gain remote control of other people’s computers. Out of this, it wasn’t long before the world was introduced to both botnets⁶ and rampant personal financial data theft.

It is here, finally, that we’ve reached the place where our standards of culpability have gone awry; whether the problem is that the user clicked on a link to “re-verify their online banking login information”, or they double clicked on an email attachment which set up their machine as part of a botnet, or they forgot to patch their user interface against a long ago discovered vulnerability – a misstep which led to a key logger being unknowingly installed on their machine – all of these actions share one common theme, one common defense: the users claim of “I didn’t know any better.” What is distressing about these situations is that here we have, seemingly the first time in modern legal history, a free pass based on this claim.

The user’s computer is one of a large botnet involved in making a government network useless via a DDoS attack? That poor user was a victim too!
The user’s credit card information captured via a key logger is used to defraud several online shopping sites? That poor user was a victim too…

One conjecture is that this sentiment stems from a societal concensus that the complex object in this case really is too complex to be properly controlled by an average user; this would be troubling for a number of reasons:

it sends a message that it’s ok to be a legal participant of society but still callow
society, at the same time, appears to be making no efforts to curb the acquisition of the complex object by its members (this is an admittedly crappy and unfeasible solution to this particular situation which i wouldnt favour, but it would be at least an action of some flavor – as opposed to inaction)
it seems likely that the complexity of objects available to the average person is going to continue to increase at a pace which the user interfaces of these objects can not match – making this scenario reoccur with greater frequency
in those societies whose legal systems weight the notion of precedent, it potentially introduces reduced culpability in other situations

Whatever the underlying reason, we, as a society, need to reflect on whether we really want to endorse the concept that a person’s ignorance absolves them of their actions which inflict damage on others. Should we choose to endorse such a thing, it likely won’t be long before ignorance is advocated over intelligence as a general theme to individual existence.

For example: a nuclear reactor. [↩]
An example would be the modern automobile; in an automobile, a wealth of data which needs to be interpreted and acted upon is generated each second however the user interface of the car weeds out the information which needs to be definitely delivered to the user (ie. present speed) from the information which would befuddle the user (ie. oxygen content in the post-combustion gases). [↩]
Our favourite example again: the automobile. [↩]
For example, a defense of “I didn’t know that attempting to start my manual transmission car while it was in gear would make it lurch forward running over that child.” does not fly. [↩]
Yes, yes.. ISDN was available before this – but it was the price-point, and wider availability, of DSL, and then cable, which was the flash moment. [↩]
Groups of computers which were infiltrated to the extent that people could remotely command the computer to perform a given task. [↩]

Marked as: Law • Societal Policies • Technology — 3 comments (RSS)

3 Comments so far

FatalTwilight January 5, 2008 2:35 pm

Thats why I love Linux….lol
godhacks January 5, 2008 9:21 pm

Very interesting read. 🙂
I found this site about a year ago and bookmarked it. I’m glad to see it’s finally taking off. Congrats and good luck guys
seekue January 7, 2008 1:56 pm

The tide seems to be changing, with thanks to the MPAA and RIAA. The music and film lobby has in many cases convinced The Law that the ISP subscriber account holder is culpable for material originating from hir unique IP. If by way of your computer you become an unwitting participant in a p2p filesharing operation, or you leave the wifi settings of a router insecure and a person uses your bandwidth for p2p, you are no longer treated as a victim.
With the great economic reliance on internet bandwidth these days, it seems that soon those unwitting participants in DDoS attacks or spamhauses will be viewed in the same light, because of the negative economic impact such nefarious activities have on businesses.

If you would like to make a comment, please fill out the form below.

You must be logged in to post a comment.

THE PROCESS IS…

A New Era in Legal Culpability

Leave a Comment

Login

Editors

Latest Posts

Last Five Comments

Themes

Archives