Okay, so I'll advance the next lightning talk, which is about the second big legislative
effort that went on during the past, well, couple of years, really, smiling at one of
the people that worked on it in the European Commission, which is the Product Liability
Directive. And with us today is Rob Carolina, who is the General Counsel for ISC, Makers
of Bind, who's going to give you an introduction into product liability in five minutes, which
is...
So, take it away for Rob.
Martin's original idea was do the product liability thing in three minutes, and then
you can do some other stuff for two.
So what I'm doing here is giving you a reading test, and I'm trying to condense down to two
and a half minutes a topic that we spend about 40 to 60 hours on in law school.
So the reason that I'm giving you this reading test is because I want you to be familiar
with this fact pattern. I'm going to tell the story in reverse from how I usually do
it. This is a story about an automated car that hits a pedestrian in Ireland, Pat
Victim. That car has on board a piece of software called Bravo Drive, which has included within
it a piece of software called Open Sesame. The car was imported by Exotic Imports. The
car was manufactured by Einstein Motors in California. Einstein Motors got Bravo Drive
software from Bravo Bits BV in the Netherlands, and Bravo Bits VB got Open Source, Open Sesame
from Firefly APS in Denmark. Terry Dastardly hacked into the automobile because of a weakness
in the authentication package, provided a few inputs. And the next thing you have is
a car that runs over Pat Victim in Ireland. Don't worry about Terry Dastardly. He dies
or she dies in a horrible paragliding accident or without money or is run over by a bus.
Just take them out of the equation. The question that product liability seeks to answer is,
in a situation like this when we have an injured victim like Pat Victim, who pays for their
injuries. Two slides that look like this. This slide is designed to teach you the difference
between two different legal theories on how you sue people who manufacture things. The
left-hand side is the law of negligence, at least as it's practiced in common law countries.
I would not come to a civil law country and teach people about the Napoleonic Code. However,
I will talk to you a little bit about common law and suggest that the two are not worlds
apart. As you can see from the chart, when our victim tries to sue all these various
peoples, Johnson, exotic imports, Einstein, Bravabits or whatever, Victim is in a little
bit of difficulty because the people who manufactured and imported the car did everything reasonably.
They selected good components. They selected trustworthy producers of things. They did
not act rashly. Whereas the error in the situation came from a software vendor called Firefly
and maybe, just maybe we could establish that they owed what's called a duty of care to
the victim. If someone like Pat Victim was a foreseeable victim when someone wrote this
authentication package in Denmark, but as you can see, it's going to be difficult to
establish that. Now, in the reading test that I gave you one slide ago, I did put in there
that the folks at Firefly, they had a bad week. The problem with their package was because
someone made a coding error and the QA people were kind of asleep that week because we're
going to get that in a forensics report from an expert who's going to come to trial. The
right hand side of this slide is designed to teach you a different area of law that
was adopted in the U.S. in the 1960s and in Europe in 1985, which says what do we do in
situations like this where everybody acts reasonably but Pat Victim still has injuries?
And the answer is we don't look for people who did things unreasonably. We don't care
how careful they were, how cautious they were. We look for people who manufactured and put
into circulation a dangerous product. We tried really hard to make it safe. It doesn't matter.
If it's dangerous, it's called no fault liability for this reason. And as you can see, because
the automobile manufacturer and the importer, and this is the law as it exists today in
Europe under the 1985 directive, because they were dealing with a product that is dangerous,
they will be strictly liable, but the software vendors will not because software has not been
deemed to be a product. Enter the PLD, which changes things on the right hand side of this chart.
And as you can see, what happens here, one of the design characteristics of the PLD, and the
origin of these slides, by the way, was I did a talk at Etsy five years ago, which said this is
coming. So I keep using the same slides for five years, and they're still accurate, is that we
recharacterize software as a product, and now we can attribute liability to Firefly because they
distributed a dangerous product, a piece of authentication software that had been, that
didn't work properly. We'll just leave it at that for right now. And since we're running a few
minutes ahead, I have one last slide that I'll show you, and I'm just going to hold on this for
60 seconds while you read it.
If you're looking for a copy of this, I just posted it half an hour ago on X and on LinkedIn.
So whatever the answer is, depends on what questions we're asking. I know a question I'm
asking, I'm the guy on the left. It appears the questions on the right were the questions asked
by the European Commission. And that's how we have the answers that we're talking about today. Thank
you. Thank you, Rob.