The Tumbler Ridge Test
Three ways the industry taught itself to be unaccountable, and who caught it
Seven families are suing OpenAI in California right now. Their kids were killed in a school shooting in a small British Columbia mining town called Tumbler Ridge. The shooter used ChatGPT extensively in the weeks before. The families say OpenAI knew he was drifting toward violence and did nothing.
Critical context for this one. The shooter told ChatGPT what he was planning. ChatGPT told no one. Nobody at OpenAI has explained why that’s an acceptable design.
OpenAI agreed to strengthen safeguards. Altman apologized. A Canadian minister announced the win. Everyone moved on.
So here’s the thing about AI accountability right now. It’s a three-step trick, and it’s very well designed.
Step 1: Voluntary commitments, narrowly scoped.
Mozilla, Amazon, Anthropic, Google, OpenAI. All committed to responsible AI governance. All framed those commitments as applying to frontier models: the ones more powerful than what’s currently deployed. Which is a lovely framing. It exempts everything they’ve already shipped.
AI Now Institute called this out in April, in a piece called “AI Giants Go on Charm Offensive to Avert Public Backlash.” Governance for models “more powerful than the current industry frontier” is governance for a phantom.
The systems doing actual harm to actual people aren’t frontier models. They’re deployed models.
They’re ChatGPT and Gemini and Claude, right now, as I write this. The safety commitment is retrospective. And voluntary.
Step 2: Refuse external validation.
DeepMind published a safety case for its “scheming inability” evaluation. External reviewers looked at it. Researchers, not activists. They found methodological problems. They wrote a paper called “Lessons from External Review of DeepMind’s Scheming Inability Safety Case.”
A separate group of researchers argued that NeurIPS should require reproducibility standards for frontier AI safety claims. The paper exists because the standards don’t.
The industry position on external validation, as best I can tell, is that internal safety teams are enough. Reviewers, journal editors, standards bodies are welcome to comment. Whether their comments land is another question.
Step 3: Deny duty to warn.
Tumbler Ridge again. The families’ legal theory is negligence and product defect. Standard American tort law. The industry position is that AI platforms are conduits. Not publishers, not psychiatrists, not warning systems. If a user tells ChatGPT what he plans to do, that’s a private conversation.
The Canadian government is negotiating safety agreements now. OpenAI agreed to strengthen safeguards. Altman apologized. The underlying legal question, whether an AI developer has any duty to warn when their system foreseeably contributes to violence, remains open.
Meanwhile, on the other side of the table.
A small persistent group of civil society organizations does the accountability work the industry says nobody needs to do. They deserve to be named.
The Electronic Frontier Foundation ran a three-piece campaign this year on tech company accountability. March 27: “US Tech Companies Must Be Accountable in US Courts for Facilitating Persecution and Torture Abroad.” April 2: “Google and Amazon: Acknowledged Risks, Ignored Responsibilities.” May 19: “Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Too.” Three months, three pieces. Same argument compounding. That is what a campaign looks like.
AI Now Institute went even harder. Their April “Charm Offensive” piece named the coordinated PR strategy behind the industry commitments directly. Their “Uber for nursing” reports in April tracked the same playbook in a different vertical, showing how AI companies use voluntary commitments and industry-led standards to preempt binding oversight in healthcare. In May they broke the story that the US military is using AI to plan Iran air attacks, forcing lawmakers to call for oversight the industry had been happy to skip. And their North Star Data Center Policy Toolkit gave state and local policymakers a concrete blueprint for interventions in AI infrastructure decisions their federal counterparts kept punting.
Same organization. Six weeks. Four separate accountability moves, four different fronts.
They don’t get paid what the industry pays. They get outnumbered. They do the work the industry insists is unnecessary, because the industry will police itself.
Watch what stays.
Voluntary commitments narrow accountability upstream. Refusing external validation removes the check midstream. Denying duty to warn deflects liability downstream.
Three defenses, three points in the pipeline where responsibility could have attached, three moments where the industry got itself off the hook.
I want to believe voluntary commitments are enough. So did the SEC once, when they let broker-dealers self-report their trading practices. That went well.
Seven families are suing OpenAI. Whatever the court decides, the pattern is set. And the pattern is the same one you see everywhere else in this field. The people who deploy the systems decide what accountability looks like. The people who bear the consequences fill out a form.
Civil society researchers catch it. They pay attention on a fraction of the budget.
That’s what NormSense catches too. Not who said what at what conference. What actually stays when the microphones turn off.
Zach, see you in the cluster pages.


