[SystemSafety] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance

Steve Tockey Steve.Tockey at construx.com
Mon Oct 8 20:22:22 CEST 2018 

I also can¹t claim to be at all qualified to give definite legal opinion,
however here is what I understand to be true in the US:

*) If a typical professional (in any discipline, not just software) works
for a typical corporation then liability for product flaws is
automatically transferred to the corporation under something known as the
³Industrial Exemption²

*) The exception to this is a corporation that advertises to provide true
³engineering services² and has licensed professional engineers on staff.
In that case, the licensed engineer takes on personal liability for the
work they sign off on (³seal²). My youngest sister is a licensed Civil
Engineer and builds roads and bridges. She carries personal liability
insurance to cover the case where she would get sued personally for work
on any road or bridge

*) Licensing of at least one responsible engineer is legally required if
the company advertises offering true ³engineering services². If you offer
engineering services of any kind and yet do not have any suitably licensed
engineers on staff, you are open to legal action presumably mostly by the
relevant state licensing board.

*) If the work being done involves "threat to the health, safety, or
welfare of the general public² then a licensed engineer is required to
oversee and approve the work, and‹as a result‹take on personal liability.

This is my understanding having been peripherally involved in the effort
that led to ³Software Engineering² being allowed to be a license-able
profession in the US.


‹ steve





-----Original Message-----
From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de>
on behalf of Olwen Morgan <olwen at phaedsys.com>
Date: Monday, October 8, 2018 at 6:27 AM
To: "systemsafety at lists.techfak.uni-bielefeld.de"
<systemsafety at lists.techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Personal and corporate liabilities as a
consequence of safety, security and other mistakes of similar importance

All,

First: SORRY FOR ANY INADVERTENT DUPLICATION

My new email address has been misbehaving - AFAI can see owing to local
routing glitches in rural Wales -  so this might duplicate a reply that
I'm not sure has actually been sent. Here goes:

At least two questions in engineer liability can be identified:

(1)    Is the engineer an employee and thereby deemed to be acting under
the direction of his/her employer?

(2)    Is a plaintiff's legal case pleaded in contract or in tort?

If you are deemed to be acting under the direction of your employer,
it's unlikely that you'll be held liable for your work unless you have
misled him or otherwise failed to discharge a duty that could is
reasonably expected of an employee with your terms of employment. Even
then, the English courts are typically suspicious of employers who
appear to be offloading all responsibilities onto their staff.

If a case is pleaded in contract, it will turn on the terms of the
contract leaving out any that a court rules to be struck out or
otherwise to be ignored. If a case is pleaded in tort, the crux of the
matter is whether there has been negligence. An employee *can* get
caught here, since the categories of negligence are, from a legal point
of view, always open.

Matters are different where the individual is acting as a consultant,
where the potential liabilities are much more onerous. I've always had
professional indemnity cover for any work that I did directly for a
client under my own terms of contract.

As regards disclaimers of warranty (as in FOSS licenses) there are again
at least two considerations of which engineers are often unaware:

1.    Under what laws are the terms of the license to be construed, and

2.    Which courts have jurisdiction in any relevant legal action.

It is perfectly possible for a license construed under the laws of
country A to be the subject of an action in a different country B. This
can make outcomes of legal cases somewhat unpredictable in critical
cases. Moreover, disclaimers of warranty are often scrutinised by courts
to see if they are trying to limit the categories of negligence under
which an action may be brought. My own client contracts have always
specified explicitly that they are to be construed under the laws of
England and that any disputes arising thereunder were to be submitted to
the exclusive jurisdiction of the English courts.

Overall *tentative* conclusions:

In the UK, you're probably least likely to cop liability if you are an
employee with a contract of employment made under UK law and you are
following reasonably diligent customs and practices in your country and
firm. In any circumstances other than that, I'd assume that I
potentially had at least some personal liability.

CAVEAT: I'M NOT LEGALLY QUALIFIED AND THE ABOVE IS ONLY MY OPINION AND
NOT A SUBSTITUTE FOR PROFESSIONAL LEGAL ADVICE.

I have worked on projects as a consultant where, after consideration and
consultation with fellow professionals, I have advised clients that
their practices were negligent, unlawful or both. In each of these cases
I have given written notice of withdrawal from the project and informed
the relevant safety assessment bodies.


Olwen



On 04/10/18 12:23, Paul Sherwood wrote:
> Hi all,
> in recent discussions the topic of 'who goes to jail' has arisen in
> the context of fallout from software design/development/deployment
> mistakes.
>
> I'm hoping that I'm misunderstanding the situation, because the
> picture that is emerging for me seems to lead to a disconnect between
>
> - the need for evidence of what was done and
> - the need for people to be able to work in a safe environment,
> without fear
>
> It may be FUD, but I believe I heard recently that "any engineer
> contributing to an automotive project may ultimately be considered
> personally liable for impacts of their work". Impacts in automotive
> could include recalls and road accidents, obviously. If that's true,
> why would any sane engineer ever agree to contribute to an automotive
> project?
>
> And then there's the FOSS/public work consideration. I recently asked
> a colleague to contribute to a public project, and during spinup this
> question of liability arose, expressly phrased as
>
> "If I contribute, is there any possibility that I or Codethink might
> ultimately be liable for (say) harm resulting from road accidents?"
>
> In the ensuing discussion it was pointed out that:
>
> - if the contribution is to a project applying any of the common FOSS
> licences (Apache, MIT, ISC, GPL etc) then there is expressly NO WARRANTY
> - any subsequent application/distribution of that software by another
> party which attempts to enforce a warranty claim on the authors has
> expressly breached the licence, and has effectively stolen and misused
> the software
>
> While this reasoning is attractive, I'm not convinced it's enough to
> convince me that there's no potential liability for individuals.
>
> Are any readers able to guide me on existing literature/reasoning for
> this?
>
> br
> Paul
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list