In the 13th century, pondering the question of whether a business could be sued, Pope Innocent IV concluded that such a pursuit was futile because, as inanimate objects, corporations could not feel the sensation of being punished. That concept found another voice in the 18th century when an English judge reportedly lamented the fruitless results of suing a corporation because it had “no soul to damn and no body to kick.” By the 19th century, however, as a growing number of workers were injured in an increasingly industrialized Europe, they were finally allowed to sue the corporations that employed them. Even then, the objects of lawsuits were not the companies that made the machinery that harmed workers, but the companies that owned and used the machines in their factories.
Similarly today, in a world that is thoroughly interconnected and utterly dependent on information technology, the likelihood, scope and impact of large-scale technology failures are increasing and with that the possibility of cataclysmic consequences. Flawed software can prevent a cardiac device from operating properly or cause an unstaffed commuter shuttle to derail, a stock exchange to collapse, or an entire municipal power system to shut down. The increased possibility of, and exposure to, such failures must inevitably lead to regulation of the software industry.
An industry cannot forever increase its reach and power without at some point accepting greater responsibility. The multitrillion dollar IT industry’s status of freedom from liability for consequences of product and service failure is historically unique and extraordinary – and it is nearing its end. In the United States and elsewhere, at least where life and limb are not involved, it is technology users, not providers, that are regulated and it is often the users and not the providers who become the targets of public ire when things go awry.
Technology providers have benefited as well from quickly settling lawsuits out of court to avoid unfavorable precedent setting; the reluctance of corporate users to “rock the boat” of their installed bases of IT; and also avoiding early steps towards a de facto IT industry “self regulation” of quality, such as Microsoft’s Trustworthy Computing initiative. But even these strong inhibiting factors will not prevent calls for eventual industry regulation as software failures increasingly disrupt ordinary people in their day-today activities. Calls for regulation will gather momentum as financial losses, injuries or deaths create public relations disasters.