Software (and service) liability is a huge and complex issue, just like automobile safety was in the 1960s. It is unlikely to be fixed by a single over-arching Directive that assigns liability unequivocally to vendors, any more than car safety was. An attempt to make Microsoft liable for all the harm caused by vulnerabilities in its systems would be strongly resisted, not just by the company but by the US Government. It would raise many broader issues. The history of the twentieth century teaches that it’s a bad idea for governments to intervene in private contracts without good reason; markets are generally more efficient and the main justification for regulatory intervention is market failure. Examples of grounds for intervention are the protection of consumers, who frequently lack both information and the bargaining power, and monopoly. We will return to consumer protection shortly. 6.2 Competition policy As for monopoly, had this report been written two years ago, we might have been con- cerned about the dominance of Cisco in the router market and Symbian in the market for mobile-phone operating systems. As Cisco sold most of the routers used in the Inter- net backbone, there was a potential critical-infrastructure vulnerability: if a flash worm had come round that damaged Cisco equipment, the Internet backbone could have been taken down, causing considerable economic damage. However, recently Cisco’s prices have evoked competition from Juniper and others, so that the situation is improving. In general, contracts work fine for businesses where there’s competition, and so it would seem to be reasonable at this time to deal with liability issues on a sectoral basis. Europe has more competitive communications service providers than the US (hence net- work neutrality isn’t as acute an issue here as it is there) but more concentrated financial services (the US Glass-Steagall Act of the 1930s left America with many small banks rather than the handful of large ones in a typical Member State). For example – moving from software liability to systems liability – one problem in several Member States is that banks don’t compete very vigorously to acquire credit card transactions from merchants; in the UK, which has only three large acquirers, there have been repeated findings by the competition authorities against the banking industry in this regard (see for example ). The effects of this are both financial (merchants pay more to process credit-card trans- actions) and on liability (UK banks make merchants liable for cardholder-not-present transactions). This risk dumping may be partly to blame for the continuing rise in online fraud against UK cardholders; we hope that once comparable figures are available across Europe, policy effects like this will become clearer. However, despite its relevance for online crime, the contracts between banks and merchants are fundamentally a matter for financial and competition-policy authorities.
You've reached the end of your free preview.
Want to read all 114 pages?