Legal Liability for Bad Code and Insecure Data Storage

When it comes to digitalization, laws and policies are still lagging behind years, if not decades. Digital products are not put on the same pedestal as their analog counterparts, causing all kinds of problems for the average end-user of software; from operating system to mobile app.

During and after the construction of a building, it gets checked for safety standards and its general quality is asserted. If the building does not meet the regulatory standards, it can’t be used, needs to get renovated or torn down to the cost of the investor. These standards ensure that no building falls apart after a few years, killing its inhabitants.

For digital products, there is no equivalent policy. There is no legal liability for bad code in a commercial product. Microsoft does not get sued if their operating system is exploited and data gets destroyed or stolen, with Day Zero exploits that have been reported for weeks or months. Companies sell their broken software without being legally held accountable for it. Bad code is the standard in an industry with no incentive for secure and reliable code.

The same goes for storage of personal information. There is no liability for insecure data storage; no punishment when personal records and profile databases are getting leaked: when Facebook databases appear on the internet, exposing personal details of hundred-thousands of users.

Legal liability for the software sold and private information stored has to be a cornerstone in the digital age, promoting secure software and secure storage of personal information for the end-user.

More info: https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal