Angela Walch, Associate Professor at St. Mary's University School of Law, has written a thought-provoking editorial where she argues that developers are in a position of trust, therefore, they must be burdened with responsibilities – including, perhaps, outright licensing requirements to ensure a certain standard.…
Angela Walch, Associate Professor at St. Mary’s University School of Law, has written a thought-provoking editorial where she argues that developers are in a position of trust, therefore, they must be burdened with responsibilities – including, perhaps, outright licensing requirements to ensure a certain standard.
Although the professor has many good points, the open source system is designed in such a way as to adequately minimize any negligence or oversight to a point where one can say that users do not need to trust any one developer, but all developers which can include anyone who can code.
According to Google’s definition, a fiduciary is in a position of trust “especially with regard to the relationship between a trustee and a beneficiary.” A simple example is a trustee in bankruptcy or a trustee of a recipient fund or company directors. All three cases involve control and direct power over assets that are not owned by the trustee. Instead, the owners have delegated responsibility for managing the assets to the trustee for the benefit of the proprietor. This is, therefore, in many ways, a contractual relationship. A wealthy man, for example, sets out certain terms in a will – say that one million is to be spent for the upkeep of Thames River – which the trustee accepts (in return for a fee of course).
Since this relationship is beneficial to society, the law recognizes this agreement and enforces it in a court of law with the most relevant aspect being that of negligence. Negligence is a common law concept created by judges to provide restitution in cases where individuals cause loss or injury to others through carelessness. It does not, however, apply in all cases, but only where there is a duty of care.
The concept of duty of care, according to a common law case, requires that: “Harm must be (1) reasonably foreseeable (2) there must be a relationship of proximity between the plaintiff and defendant and (3) it must be ‘fair, just and reasonable’ to impose liability.” In other words, it can be established by asking whether a reasonable man would say that there should be a duty of care.
When it comes to a doctor-patient relationship, the answer is, of course, yes. We all think doctors should take great care. Same for a lawyer, car driver, company director, but can we say the same for a journalist, teacher, an MP or Senate representative, the prime minister, or a judge?
The difference between them is that a doctor has a very limited expertise in that he is applying known facts to a scenario, same with a lawyer who applies known facts. Other doctors or lawyers can, therefore, judge whether the act/advice was reasonable. Although the medical and legal profession do evolve, they both have a significant corpus of knowledge with most aspects becoming routines as more experience is gained. Of course, we want our doctor/lawyer to be thoroughly familiar with the corpus of knowledge, therefore hold them responsible if they are not as the consequences can be drastic.
The further away we move from the application of knowledge to the application of judgment or the expression of opinion, the more difficult it becomes to set a standard and therefore a duty of care. Company directors are sort of borderline. It is well known in the legal profession that it is extremely difficult to find a company director has been negligent or has breached his duty of care.
For journalists, the concept applies in regards to negligently reporting false statements that impune upon someone’s character. In other cases, it’s hard to establish a duty of care, although, of course, there are codes of practice and ethical guidelines, but lacking any assumed responsibility or direct, special relationship close to a contractual relationship between reporters and readers, instances where one can say there should be a duty of care are extremely rare.
When we ask whether an MP or prime minister should have a duty of care, we will need to answer how we can judge whether they have breached such duty. Is an MP negligent for not taking up a cause, for example? Has the MP negligently prioritized something? Does an MP’s spinning of particular facts amount to a false statement that breaches their duty of care to constituents?
By answering yes to either of those questions, we need to consider the consequences. Since we live in a multi-party system with campaigns, especially in the U.S., often getting very heated, if we are to hold MPs to a legal duty of care standard, one can imagine they would all be locked up in daily court battles brought by their political opponents. Likewise, if we are to hold professors to a legal duty of care standard for statements they make, we can imagine students that feel they have been unfairly graded locking them up in court battles for a semester or more. Of course, we cannot possibly hold judges to a negligence standard for they would be sued by every single losing party.
That does not mean journalists, MPs, professors or judges are free to act negligently or should not take care as, of course, applies to every single human, or that there should not be other mechanisms to ensure reasonable behavior, but that is different from a legal duty of care.
The absence of a duty of care does not mean that there is no recourse or that participants can do whatever they wish. Journalists, for example, make their living from the trust of their readers who will very much judge them and/or stop providing their readership if they conclude there has been improper behavior. Moreover, many of them are members of non-binding, independent, journalistic bodies which set up guidelines and recommendations.
MPs, of course, would enjoy the front page papers if they acted negligently while professors would probably enjoy a nice lengthy discussion with their students as well as potential direct action from the Teachers Association or other bodies.
Likewise, open source developers would either be quickly corrected if they made a careless mistake during the review stage, long before users apply the code, or would enjoy a lengthy discussion where the question is not very clear cut. The open source system, therefore, is in many ways a combination of a non-governing body, peer-reviewed journal, public gathering/discussion, and a workplace.
In the case of The DAO hardfork, for example, although the professor says that “the core developers… and the powerful miners… have been the governing bodies of these so-called decentralized systems,” there was in fact dissenting opinion by core developers and by miners and these views were publicly communicated and debated.
To apply a legal duty of care to either developers or miners we need to ask how we establish a breach? Can a developer be negligently against or for a fork? If he is, can we say that his negligence causes harm? The answer to the latter question, where there is no hidden malicious code that somehow bypasses review, must be no because even if one developer is negligent, there are many other developers who would correct his factual statements.
If all, most or even half of developers are of a particular opinion whether on a factual or otherwise matter, unless there is a conspiracy in which case criminal law may apply, it is difficult, if at all possible, to see how one can say that half or more of the developers are negligent.
In regards to miners, the imposition of a duty of care would require the creation of a new concept. In most, if not all, negligence cases, the relationship is between an individual/entity and an individual/entity. For miners, the relationship would have to be 51 percent of the entire industry and an individual/entity. This is similar to holding half of the experts who opined for Brexit as legally liable if Britain goes into a deep recession.
Moreover, the fork has shown that miners have little to no power, as the other chain continues with its miners. It is exchanges as proxy for users that hold much influence. To impose a legal duty of care standard for the 90 percent of miners who moved to the fork chain, therefore, would be to hold them liable in a court of law for their opinion which, as the price currently shows, is favored by the overwhelming majority of ethereum holders with miners only mining the most profitable chain.
I cannot, therefore, see how a judge can hold the opinion of so many to be negligent. In fact, it is my view that a legal duty of care would be unreasonable, unfair, unjust, and unworkable.
Imposing a duty of care would be misguided on practical, conceptual, and public policy grounds. Practically, the concept does not apply due to the open source review process where other developers hold their fellow developers to a reasonable standard and if they fail then one can not say that the developer acted in a way no sane developer would have done for all reviewing developers would have likewise have to fail that standard. Conceptually, the duty of care would not apply to physical acts nor factual matters in that it would not be a doctor misapplying knowledge or a lawyer misstating the law, but it would instead refer to opinions over which the law has no say in free countries. On public policy grounds, the application of such duty opens developers to legal action from the entire world which ensures that all developers will constantly be locked up in courts from London to New York.
Nor do I think there should be any licensing requirements. Not only are such licensing requirements unworkable because, one hopes, our children will learn in school how to code just as they learn how to read and write, they also raise questions no different than if the suggestion of licensing publishers or newspapers was put forward.
Code is speech, and our speech is code. The state, so limited by written and unwritten constitutions formed on the principles of enlightenment will have to find legal basis for any power over code, including licensing, they may wish to exercise which would have broad ramifications for all industries and all parts of society thus demanding a lengthy parliamentary and public debate for consideration on whether they have or should have such authority to regulate non-malicious code before they can legally impose any licensing.
The state may, however, have a role to play. In my view, the industry needs a non-governing, independent body made of known industry participants and outside experts to set up best practices, codes of practices, general guidelines and perhaps quality reviews of businesses, exchanges, startups in this space. Ideally, the industry itself would join forces and set up such body so as to at least try and prevent another Bitfinex or DAO, but as there may be a commons problem, the state may be suited to do what it does best and provide funding/coordination, thus assisting in a way that is beneficial to both the public and the industry while retaining the innovative drive and energy in this space.
This, in my view, is a far better solution than any legal duty of care imposition or intrusive licensing requirements.
Featured image from Shutterstock.
Last modified: January 25, 2020 11:50 PM UTC