Category Archives: Security

Who is Liable for Flaws in an Op-Ed on AI Liability?

A recent technologist op-ed piece in The Guardian on AI liability seems to miss the forest for the trees. Or, perhaps to stretch the metaphor for the lawyers who asked me to look at this, the trees themselves are individually flawed to the point where they could never grow into a forest.

First, perhaps most importantly, the post centers on an example where the customer is liable. It says liability follows whoever deploys the agent, and then it asks whether Visa will answer for an agent the customer deployed. This example contradicts the principle.

AI agents are agents of the person or organization that deploys them – and should be treated by the law as such. […] It makes no sense for a company to be able to honor its statements when it wants to and disavow them when it doesn’t.

Visa and OpenAI recently announced a partnership to build personal AI agents to, among other things, make purchases on our behalf. This is just one of many similar projects in the works, as companies race to provide us all with AI assistants. Will Visa take responsibility when its AI makes a purchase in your name that you don’t want? And if Visa won’t, why would anyone trust the system? Properly allocating liability is key to make this kind of thing work.

Are agents deployed by Visa, or they are deployed by the customer who owns a Visa agent, like they own and deploy a Visa card? The example kills the article. I can’t emphasize enough that if you are going to write an article about liability for errors, you shouldn’t dump a giant, steaming error on the page. Or at least that page should not work. A liability argument that can’t allocate liability in its own hypothetical, not only has no argument, it demonstrates the kind of lack of liability it argues against.

I believe this is called a mic drop. Shall I continue?

Failures in the op-ed actually have names in an old and established field of liability literature (Calabresi in 1970 on who should bear the cost, Shavell in 1980 on when liability backfires and in 1984 on when courts can’t do the job at all). That field settled these questions decades before this op-ed ran without mentioning any of them.

There’s a lot more wrong, after it fails its own premise, and leaves out the entire field it seems to want to reinvent, so I’ll continue here just for the sake of practicing integrity checking.

Second, the post predicts liability will fix Google and then flips itself and predicts liability will kill AI doctors. Same rule, two teams get opposite scores, meaning the author sees themself as a referee handing out the trophies before the game: Google jumps, shoots, wins, while AI doctors can’t dribble and go extinct. Based on what? No mechanism, no threshold, no reason the identical rule fixes one business and blocks the other. What is this FIFA? A referee who declares winners without transparency in the rules for scoring goals is just an integrity breach waiting to happen. I mean, come on, show the criterion, or admit that this theory predicts everything and therefore predicts nothing.

Third, a lawsuit is presented as the remedy. I’m not opposed to this, yet its own statistic is a rate of 16,000 erroneous summaries per second, with the post itself conceding most are benign. Nobody really sues successfully over a wrong restaurant summary. The author wants us to take harms so small and so frequent that courts could never hear them, in the same breath courts get prescribed to hear them as the fix. Flooding the courts with low-quality reports is the inversion of integrity. Anyone familiar with the AI-generated bug-bounty noise should already know this context. The authors must have put on a blindfold in order to propose this remedy that already doesn’t work.

Fourth, the post never says what counts as fault. Quality has a line. Failure has a line. Somewhere. Every liability regime in history starts by drawing it. “Liable for inaccuracies” is a standard that no doctor, lawyer, or newspaper (*cough* The Guardian *cough*) has ever faced. The post demands parity with human professionals and then quietly writes a rule far stricter than the one humans have today. See point one, above.

Fifth, I’m getting tired of making points. The post sees only the company’s temptation to hide behind an agent, and never admits that a customer has temptation to hide behind one. Full corporate liability for agent purchases means every regretted purchase becomes “agent fault.” The central Visa paragraph presents a question with an answer called… wait for it… both sides can cheat! Shocker, I know.

Sixth, are we still going? The post argues over a default rule between parties who already have a contract, and never notices the contract. The tension is kind of easy to imagine being resolved in the most usual way. Visa will wave its hand and move the liability claims to page one of the terms of service. When a huge firm simply writes around the objection, the magical remedy that a courtroom victory would bring instead gets written out of existence a minute after any case really threatens that outcome.

Seventh, the post expects a company facing unbounded per-error exposure to keep investing until the numbers come under control. Deep pockets facing unbounded exposure do the opposite and simply withdraw the feature. They can afford to throw it away and avoid liability because economics. The supposed happy path in the post is claiming a plausible outcome that its own numbers make the least plausible.

Whew. This is a lot wrong.

Back to the fundamental flaw that really caught my eye. If the authors’ say “deploy” to mean the infrastructure, then Visa deploys, and their own rule makes Visa the principal for purchases made in the customer’s name with the customer’s authority, a result that lawyers tell me agency law flatly rejects and that no court would reach. Yet if “deploys” means directs the agent to act for oneself, then the customer deploys, and their question “will Visa take responsibility” contradicts their own rule sitting directly above it.

There’s no third reading.

Google’s overview speaks for Google to users.

Air Canada’s chatbot speaks for Air Canada to passengers.

The AI doctor gives advice to the patient.

In every case presented the harm flows from the AI deployer outward, toward a third party. The Visa agent is the one example in the piece where the agent acts for the user, and the harm question (“a purchase you don’t want”) flows from the agent back to its own principal. See the logic trick?

The op-ed built a rule to flow one direction and then it applied that rule to flow the opposite direction. With that trick revealed, the best answer to “will Visa take responsibility” is not a simple hand wave.

  1. Visa answers for the tool’s defects (product-liability, agent malfunctions, agent execution failures)
  2. The customer answers for authorized transactions they merely regret (agency)

The piece never separates these layers when they say someone “deploys”. That’s an integrity breach.

And this is payment card 101 stuff for anyone familiar with how the networks have allocated liability for decades: zero liability for unauthorized transactions, chargebacks for defective ones, full responsibility for purchases the cardholder actually authorized, and loss shifted to whichever party skipped the required controls such as those specified under PCI DSS.

Bottom line, any one of the seven should be treated as an integrity failure of the post. It has so many, it becomes deeply ironic for a piece whose entire subject is liability design. It seems like the release process for the post didn’t have quality gates in place to catch basic flaws before it shipped. So now, really, who is liable? Is it the author, or was it their agent?

Silence for the Anthem of Nazism, Scrutiny for the Witness: From Orff to Koeppen

The New Yorker recently ran a book review that garnered a sharp letter from Dominique Haensell in Berlin. She presented the Koeppen curriculum debate to a US magazine audience. Germany conducted a national debate over whether 17-year-olds in Abitur preparation, the oldest and best-equipped students in the system, should encounter a novel written to indict postwar racism and amnesia unless it came with stronger critical framing.

Becca Rothfeld’s insightful review of Wolfgang Koeppen’s “trilogy of failure” deftly navigates the nuances of how the books were received in postwar Germany (Books, May 4th). A new chapter has been added to the story of their reception: Jasmin Blunt, a Black German teacher, recently initiated a petition to stop the first book in the series, “Pigeons on the Grass,” from being part of the final qualification exam in German secondary schooling.

The petition proves German institutions know how to hold this debate when they choose to, which makes Carl Orff presented to Grundschule children with no framing at all a choice, not an oversight.

An author who confronted the NS past was put under public scrutiny by a single teacher, while the composer who took the Mendelssohn replacement after Egk, Strauss, and even the antisemite Pfitzner had refused to touch it is still being handed to small German children through a false sole-authorship claim that intentionally erases his own collaborators and the Jewish pedagogues who built the field.

The obvious objection is that Koeppen has been mandated exam material while Orff is spread by teachers claiming him as “ordinary classroom culture”, so the cases differ. They do not. Paragraph 1 of the Berlin Schulgesetz binds every level of the school system, Grundschule included, to educate students to oppose NS ideology, and Berlin primary schools already teach this history from Klasse 1. Both texts sit under a mandate. Baden-Württemberg debated the one it assigned to its most prepared students.

Berlin ignores the same statutory duty where it owes it to its least prepared.

The letter from Haensell to the New Yorker explains how the Blunt petition asked for optionality and framing, not removal.

It is important to stress that the petition was not about banning or redacting an undeniably important novel. Rather, it sought to make reading it non-mandatory, allowing people—particularly Black students and teachers—the option to forgo a days-long discussion of a novel that features the German equivalent of the N-word about a hundred times, and that culminates in a pogrom-like attack on a Black jazz bar. More broadly, it was an attempt to acknowledge that German classrooms are diverse, that Black German perspectives exist within them, and that students should not be forced to engage with racist material presented without sufficient critical framing. This is arguably the most prevalent discourse surrounding Wolfgang Koeppen in Germany today.

The letter also calls Koeppen “despite good intentions, likely a product of his time,” a phrase that shows the apologia is a reflex formula rather than analysis, since it gets applied even to an author it cannot describe.

As for the reception of Koeppen, who was, despite good intentions, likely a product of his time…

Koeppen was writing in 1951 against the amnesia of his time, which is the exact opposite of being its product; the phrase is not just weak, it is backwards for this particular author. The reflex is cultural: German criticism is afraid of landing directly, and cushions its subjects so they can accept the judgment. Haensell pads Koeppen with unnecessary good intentions; the same padding around Orff has been protecting a record that does not survive without it. The apology is the German equivalent of an indictment, where other cultures would take anti-racism without so much sugar coating.

The Blunt petition modeled an obvious remedy of allowing context to appear instead of disappear, and it is the same one echtorff.org documents: a restoration of those being erased, a proper framing. Name Keetman on the cover she co-wrote. Name Mendelssohn in the lesson built on his banned score. Germany has run a debate for an author who told the truth, but it allows the composer whose success depended on erasure of Jews and lies after the war to be presented as a hero to young school children.

France Explains Win Over “Ugly” Paraguay

The emphasis in the game is reported as staying safe, given the officials refused to protect the players.

“We know how to play ugly football,” Mabppe said afterwards.

“They [Paraguay] thought we’d show up in tuxedos, but we were ready. Even at that game, we were better than them.

“That’s their style of football – there’s no right or wrong way to play the game. They tried to beat us that way, but we won.”

Deschamps, who is now the first coach to secure 10 World Cup knockout victories, revealed he had instructed his players to shield Mbappe in the closing stages as Paraguay searched for a way back into the game.

“I asked the two biggest lads to go and stand around Kylian at the end because they were going to chop him down,” Deschamps added.

[…]

But it went wrong for Ilgiz Tantashev.

Tantashev should have been fully aware of how Paraguay were likely to play – tough tackling and trying to limit France’s ability to play freely.

The Uzbek referee should have clamped down earlier, shown his authority and given the impression that the rough tactics would not be tolerated.

Instead, the referee apparently tried to penalize the team protecting itself, enabling the obvious aggressors.

Studying Paraguay in past matches shows disregard for rules

80 Years Since Kielce pogrom: When Poland Killed Holocaust Survivors

The history is tied to a child’s lie about being held in a basement. His father went to the police and they immediately rushed to start killing Jews, including Holocaust survivors.

…instead of protecting the people inside the house, militia members and soldiers shot at the Jews inside and dragged others out to where the crowd could beat them, sometimes to death. Men and women were thrown from second-floor balconies.

“The soldiers started shooting, but not at the attackers, at us,” Chil Alpert, who survived the pogrom, later testified. “The soldiers shot at our windows. Inside the house, the military murdered the Jews. They initially shot through the doors, then forced their way in, shooting at people, throwing the victims into the crowd where they were beaten to death.”

The massacre was triggered by a young boy who fabricated a story to avoid getting into trouble. Henryk Blaszczyk, who was either eight or nine at the time, had visited another village near Kielce but didn’t tell his parents and was gone for two days. His parents reported him missing.

To avoid getting into trouble, Blaszczyk said he had been lured into a trap by a Jew and held captive in a basement with other Polish children.

After his father reported the incident at the nearest police station, the boy went on a walk with police officers and identified a Jewish man, a resident of the house on Planty Street, as the alleged kidnapper. The child even pointed out the “Jewish House” as the place he was held captive, although later it became clear that could not have been true. The house does not have a basement.

The house had no basement.

You have to wonder about how an eight year old Polish child’s parents had raised him during the war, such that just 14 months after Nazi Germany was defeated, he’s confidently making up stories to kill all the Jews.

Poland to this day resists admitting their hands-on role in the Holocaust and pogroms after.

Krakow historian Julian Kwiek documented approximately 1,100 murders of Jews between 1944 and the end of 1947. “Violence against Jews was a widespread phenomenon,” Kwiek writes in his book “We Don’t Want Jews in Our Place. Hostility Towards Jews in 1944-1947.”

Polish cultural anthropologist Joanna Tokarska-Bakir says that the “blood libel” myth was revived after World War II and that this was a major cause of the various pogroms. But, she adds, disputes over property were also a driver of antipathy towards Jews, who returned home after the war and wanted their houses and apartments back.

It’s worth remembering that the “Pizzagate” conspiracy in America traded on the same narrative, about children abducted to “the basement of a pizza place in Washington DC“.

The earliest of these tweets, which was on November 8th, came from an account with the handle: Calvin Chambers. It also tagged Conservative Fox media personalities, Sean Hannity and Lou Dobbs.