Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re: OT: Software & Liability

by mojotoad (Monsignor)
on May 20, 2002 at 20:45 UTC ( [id://167955]=note: print w/replies, xml ) Need Help??


in reply to OT: Software & Liability

Isn't the onus on the customer to define what sort of contract they enter into with a manufacturer (software included)? Lumping every bit of code under "software" serves to obscure the different circumstances under which expectations are met, much as would referring to "machine parts" without considering the application of such parts.

Examples:

  1. An person's OS crashes and causes me to lose last week's bank transaction records.
  2. The accounting software for a corporation fails, backups have been destroyed in a fire, months of bookkeeping are lost and millions are spent correcting the mess.
  3. An air traffic control subsystem suffers from a buffer-overrun and redundant backup systems fail, indirectly causing a mid-air collision where hundreds die.
  4. The firmware of a dialysis machine goes haywire, causing the hospitalization of a patient who incorrectly believed his blood was being scrubbed.
  5. The guidance subsystem of an experimental army missile goes haywire, the self-destruct failsafe does not work, the missile rips through the middle of a suburban apartment building 500 miles away, killing 10 people.

Let's just say that all of those examples involved a software licensing agreement along the lines of "authors of this software are in no way liable for any harm resulting from the use thereof" etc.

Example 1 is the throwaway example, because this is one of the most common cases that the market will bear. The individual in question probably has no recourse, assuming he could even reliably prove that the software vendor was at fault. This is a broad-based software market, and in this case the market seems to be willing to bear lax responsibilities on the part of the manufacturer.

Example 2 is more grey. Should the corporation in question have demanded a more stringent contract with the vendor of the accounting software? Probably. If they are publicly traded then they might very well be punished via their stock evaluation due to gross mismanagement. If it's a smaller company the fiasco would probably just be swept under the rug of hard knocks. Smaller companies, in particular, are subject to bullying by the likes of monopolistic software providers who simply refuse to do business with any entity that does not accept the boilerplate contract.

All of the remaining examples are cases where the purchaser of the software would under normal circumstances be fully expected to hammer out a contract that clearly defined levels of responsibility and liability. These are areas of application where you should be run out on a rail for accepting any agreement where the vendor throws up his hands and says anything along the lines of "we think we know what it does but you can't sue us if it doesn't".

None of this changes for "open source" solutions. As much as I hate to say it, I'm not sure I'd really want any military contractors using open-source guidance systems, for example, because normally there are more stringent requirements in the development cycle for such systems.

So it does a disservice to the whole issue by lumping all software into the same wad of potential litigation without paying attention to the associated risks for the areas of application. No blanket solution will work without taking into account risk analysis.

The markets can decide what sort of contract they are willing to accept. What we need to be on the lookout for is silly laws that legitimize broad-based EULA's in consumer software.

If you'll excuse me, I must now return to my open-source ocean liner thrust-vectoring and collision avoidance control software. It's generating a lot of interest in the ocean liner hobbyist circles.

Matt

Replies are listed 'Best First'.
Re: Re: OT: Software & Liability
by jepri (Parson) on May 21, 2002 at 03:05 UTC
    The guidance subsystem of an experimental army missile goes haywire, the self-destruct failsafe does not work, the missile rips through the middle of a suburban apartment building 500 miles away, killing 10 people.

    It may interest you to learn that this nearly happened in Australia (Darwin, I think). It was widely reported in newspapers at the time that someone's ute was destroyed by a missile seconds after he parked it and got out. The story goes that an air force plane was starting to land when a 'software glitch' 'released' one (and only one) of the missiles it was carrying, which fell into a populated area. The Air Force offered no further explanation. However I'm guessing that they write their own software.

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]
Re: Re: OT: Software & Liability
by cjf (Parson) on May 20, 2002 at 21:29 UTC
    Isn't the onus on the customer to define what sort of contract they enter into with a manufacturer (software included)?

    Have you tried arranging a meeting with Microsoft to change the contract a copy of Windows is licensed under? Did you have to check with your car manufacturer to make sure the car doesn't blow up when it hits 20km/h?

    Lumping every bit of code under "software" serves to obscure the different circumstances under which expectations are met

    How else would it be done if they're all licensed under a 'software licensing agreement along the lines of "authors of this software are in no way liable for any harm resulting from the use thereof".' It seems the difference here (if software manufacturers were no longer protected) would be how much the manufacturer is liable for.

[reply]
      Have you tried arranging a meeting with Microsoft to change the contract a copy of Windows is licensed under? Did you have to check with your car manufacturer to make sure the car doesn't blow up when it hits 20km/h?

      This was partly my point, though perhaps not clearly stated. All else equal, suppose that everyone actually had artificial hearts and that what we were buying from Microsoft was control software for these devicies. The dynamic for ridiculous EULA's would instantly change, because on average the stakes have just shot through the roof. The market would no longer be as willing to forgive the risks.

      Granted, this can be abused in monopolistic environments, but I think people would also pay a hell of a lot more attention to what they were actually buying if it literally made their hearts tick.

      The point of the other examples was illustrating that when you're in high-risk business you are less likely to accept foolish terms from a vendor. Regardless of your clout -- if there is a market there, competition will arise. Since you are (hopefully) aware of the nature of your risky endeavor, you go the extra mile to actually read a contract.

      With operating systems for individuals today, there is not enough risk associated with purchasing an inferior product, therefore better options remain in a niche market. The market bears the ridiculous EULA's.

      Matt

[reply]

        Excellent points.

        The dynamic for ridiculous EULA's would instantly change, because on average the stakes have just shot through the roof. The market would no longer be as willing to forgive the risks.

        What if software manufacturers were protected under law and could not be found liable? A smart software company would talk big, say their product is the most safe but make no promises. Granted, as soon as one company steps forward and changes the agreement, the whole situation changes, but who would risk such liability?

        So what if no software vendor stepped forward? I'm betting there would be a lot more people calling for legislation to be passed. Sort of similar to the current situation, isn't it?

        With operating systems for individuals today, there is not enough risk associated with purchasing an inferior product

        This is debatable. Having your systems compromised can be very expensive. But what other options are there? How many companies are in a position to demand a different licensing agreement? Just because software is open source doesn't mean it's superior than closed source. So where does that leave you?

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://167955]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2024-04-23 16:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found