Should Developers Be Liable For Their Code? 517
Glyn Moody writes "They might be, if a new European Commission consumer protection proposal, which suggests 'licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions,' becomes law. The idea of making Microsoft pay for the billions of dollars of damage caused by flaws in its products is certainly attractive, but where would this idea leave free software coders?"
Stupid Idea (Score:5, Insightful)
The idea that code should be perfect is a stupid idea: consumers don't want that.
They want "good enough," not perfect. Perfect costs a great deal of money, probably 4X, and consumers will buy the good enough product, at 1/4 of that price, well beyond 95% of the time.
C//
Protecting the free software coders. (Score:0, Insightful)
I say that if someone is making software for profit that they should be liable for their code. This would protect the free software coders. Might give Linux a legitimate chance..
What if.. (Score:5, Insightful)
Say a developer uses a number of 3rd party libraries (ie. Boost, TinyXML, etc), who will be pay damages if the program crashes in a bad way? The developer for not trying to catch 3rd party crashes, or the 3rd party for writing in bad code?
Only if they get final say on release of the code. (Score:5, Insightful)
Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
How many companies push to get code out the door with *imperfections* - claiming they'll fix those in the first update?
Too many these days.
I'd say it's the management that controls the release schedules that should sign their names in blood on the bugs still known about (and unknown as testing probably wasn't allowed to complete).
This isn't a way to make software better.... (Score:2, Insightful)
Re:GPL (Score:3, Insightful)
Re:gpl comes with a license (Score:5, Insightful)
Sure, since that's a public health matter. If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.
To continue your analogy, if a soup kitchen gives you soup that is too cold, comes in a plastic bowl and is too small of a portion, you've got nowhere to turn with that and you should have nowhere to turn with that, it is gratis after all. On the other hand, if this happens in a restaurant that calls itself high quality and advertises the famous chicken soup from a master chef and you get the same treatment, then there are numerous consumer protection agencies in Europe at least to fine the given restaurant.
The word: Purchase (Score:5, Insightful)
When you buy software, for example a Linux distribution, you may expect that the distributor has tested the packages and that the software mostly works. Because you pay more for MacOS, you may just expect MacOS to work better.
Off course there has to come jurisprudence on all this, but I don't think that finding just one bug will entitle you to your money back. However, when the software won't work at all for you, the supplier can not hide behind EULAs and could be forced to compensate your damages... It will be a case-by-case balancing of responsibilities.
What a great idea. (Score:1, Insightful)
The one thing that has always pissed me off about this industry is no one is held responsible for their screwed up products. Unlike the Construction Industry where if you do shoddy work you get "Back Charged" for fixing you shitty work. The sad truth is if companies like Microsoft were held accountable for bad code we would not have the mess we have today on the Internet.
MS and others make too much money from the system being broken. Just think if MS had to pay YOU! ever time their system got infected or it died from bad code. There would be no more need for anti-whatever they would fix their system.
It all about hitting someone where it hurts. Since MS has no balls. Hit them in the pocket book.
Re:What if.. (Score:5, Insightful)
If my harddrive breaks within warranty period, I don't go to the company who manufactured the silicon or the ICs, I go to the retailer or Samsung, who sold me the drive.
Re:if you pay you get working stuff or a refund, (Score:3, Insightful)
If you get free food and it gives you food poisoning, the one that made the soup will still be viable. Same issue here.
Licensing and Accredidation (Score:4, Insightful)
If the software is developed by professional developers with licenses, it gets a big seal on it, and then people can choose to buy it or not based on the rep of the licensing body, and their risk tolerance.
Two versions (Score:2, Insightful)
The result will be two versions of software. One will be priced the same as today, with a detailed license agreement with you ultimately giving up those rights and a second version that sells for a million dollars a copy with those rights.
Re:This isn't a way to make software better.... (Score:1, Insightful)
ehh.. what?
In most european countries "X" is two.. supporting your software for two years is not unreasonable at all.. and what lawsuits are you talking about?
Are you saying this is what has happened to the world of physical goods? Since this would bring software products into the same playing field as those.
Re:EULA (Score:3, Insightful)
If they pass a law to protect consumers tho, eula cannot go against it. Those parts in the EULA would be just as null.
Thats how it works in some countries in europe aswell. For example most eulas try to prohibit you from making *any* copies of the software/game, but laws state that you can make yourself personal copies. Law goes on top of EULA, and if they differ law always wins.
Re:What a great idea. (Score:3, Insightful)
However theres a little bit of difference on complexity on programming and constructing something (I know, constructing requires knowledge aswell, but not on so wide scale and on the same level of complexity)
Re:That's one good thing about open source (Score:2, Insightful)
I am tired of these implicit assumptions that FOSS is better than proprietary/closed source. You assume that because you have an FOSS product that you automatically have more people testing your it.
A large company just released a RC for their new OS. It's a closed source and proprietary product and it's being tested for free by more people than your product is (admittedly). You should check it out.
Furthermore, open source only matters for testing when your testers are actually doing white box. Unless your free testers are staring at code all day trying to force defects, it's all in vein.
Re:Stupid Idea (Score:2, Insightful)
First of all, I would strongly disagree that most consumer software is currently 95%, more like 45% at best. I currently recommend people NOT use many of the consumer products with the highest market penetration, simply because it is nearly impossible to make them both safe and usable.
Second, we're paying far more than 4x for "good enough". Sure, the consumer goes and pays the "good enough" price, but that is FAR from the end of it. Consumers spend hundreds of billions every year fixing and securing "good enough".
Third, there are many more people affected than "consumers". All other markets including commercial, and government are affected. Corporations have to pay millions for AV, IDS, encryption, firewall, backup / recovery, and other related products because the core products are "good enough".
I would say the world has had it's fill of "good enough".
open source is still not liable (Score:5, Insightful)
Because the software is not purchased there is no contract. "permission to use" is not the same as a sale.
Re:gpl comes with a license (Score:5, Insightful)
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
If the law changes and requires software to offer a warranty then the GPL will be vulnerable. Even if the GPL didn't include that statement, a court could invalidated it because a contract that breaks the law is not legally binding.
Changing a license for a big project isn't always easy.
This will most likely hurt companies like Redhat, Canonical, Novell and other corporate open source contributors because they will have to stand by their products and you're bound to get a few cases where they have to pay up.
But it's not a law yet.
Re:if you pay you get working stuff or a refund, (Score:5, Insightful)
This is an issue that is more complicated that should developers be held liable for perfection. Is it good enough to work reliably in most cases? Was there a malicious or negligent intent to box and bunch of schlock? There are a lot of good questions that could be asked here when trying to define the responsibility and accountability of development companies.
The market for proprietary software and the community for open source software does function pretty good for weeding out the crapware.
Re:Not my fault (Score:5, Insightful)
Hmm, it would probably go like this:
Engineers: "It's the software!"
Developers: "It's the hardware!"
Both: "Why didn't the testers catch this?"
Testers: "That wasn't one of the use cases, so it's the designers' fault."
Designers: "The product wasn't meant to be used that way, so it's a documentation error if the tech writers didn't tell users not to do that."
Tech writers: "Don't look at me, I just write what you guys tell me to write."
Open Source Developer: Don't look at me. My users contribute design ideas, code, docs, testing, etc. So if there's a problem, it's their fault 4 times over for designing it, coding it, failing to test it, and failing to document it. ;-)
Re:gpl comes with a license (Score:3, Insightful)
But equally, people should be free to say what use their product is intended for.
As a number of people pointed out, there are exceptions to this. Basically, laws can restrict what types of agreements can be entered into. The most extreme example of this is that you can't enter into a contract to be a slave. A less extreme example would be a law that voids all "no warranty" clauses of software licenses.
I also fail to see how causing injury is comparable to alleged liability of Microsoft.
Law suits are a mechanism for recovering damages caused by the other party. You can't sue someone for wrong doing (that's what criminal laws are for). What you sue for is the damages that the wrong doing (or negligence or even plain stupidity as long as the counter party was actually the cause of it). The money you win in a law suit is meant to compensate you for the damages you suffer. In this respect both poisoning and bad software are similar.
the problem is loss caused by downtime
What if it's loss of data? Besides, time is worth money, too. And a car breaking down due to wear and tear is one thing. A car breaking down because of a faulty design is quite another. You can sue in the latter case but not the former.
Re:if you pay you get working stuff or a refund, (Score:2, Insightful)
This should have been done at least 10 years ago.
Well, yes. But like a great many technological issues the people who make the law have been completely ignorant that the issue even exists, let alone proactive enough to formulate a solution for it.
Re:car analogy (Score:1, Insightful)
An airbag has. And you fail to deliver a single argument why we should treat electronic controls different. And what about my TV? I shouldn't get a refund if it is the software that doesn't work?
It is quite simple. If you sell your software by promoting its functions you have to actually deliver these functions. Otherwise you are just a scammer. If your code contains bugs and doesn't work, no problem, just fix them and make it work as promised, or give a refund. Like every other vendor has to provide replacements for their broken stuff.
Re:if you pay you get working stuff or a refund, (Score:2, Insightful)
Not so fast cowboy, author of the work might be liable for damages, even RMS is aware of this. That what that whole:
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
of the GPL is for. I mean this EU law is utter bullshit from free software or commercial software point of view and would discourage developers, not to mention that it surely be misused against software vendors of any kind.
Re:if you pay you get working stuff or a refund, (Score:1, Insightful)
If you sell motor oil, someone puts it in their car and the car blows up, you would be responsible.
Now that I've used the mandatory car analogy, how is this different from selling well labeled software with major flaws in it?
Re:Not my fault (Score:5, Insightful)
Actually it'll probably work out like:
Providers: Yeah, it's broken, sorry. Contact our insurance company, and put in a claim.
Clients: Oh, you're insured for this? Great.
Providers: Yeah, of course. We're pros, and totally insured for this, like all the other pros. Why else do you think you couldn't get a two-page website for less than $12,000?
Re:Only if they get final say on release of the co (Score:3, Insightful)
I have mixed feelings on this.
This would only work if 'coders' gain the professional standing like doctors and lawyers. I would welcome the chance to have better qualified people in the field as well as bigger bucks.
On the other hand, all of software is design. It's hard to fault someone for breaking breaking standard protocol, when each piece of software is essentially designing something new. I heart surgeon doesn't invent a new heart procedure with each patient... By definition in software, everything is new as the compiler and CPU handle ALL the repetitive work.
Similarly, all products have a limited use. A company manufactures locks. Well with some kind of equipment, virtually all locks are breakable. IF a thief breaks into a my house can I sue the lock company? Well... only if the lock was defective I suppose... but what does defective mean? It means, it violated what a lock could reasonably stop. Normally by some specification (can withstand X amount of force, tension...). So what is it going to be with software?
They will have to list such specifications too which will basically amount to: this software will work as intended as long as you use it as we instruct. Take your care for example, if you are driving at 100 kph and put the car in reverse, which u can, you will blow up your engine. Yet in software, it is expected to take care of cases where the user pressed the wrong button at the wrong time... It should not crash. In most respects, software is remarkably reliable if you compare it to the rest of the world.
It's kind of pointless.
I think this is just more pointless European regulation. A body that has decided it doesn't want to do anything and just create an economy out of regulation and finance. Just my view anyways...
I say let the market handle reliability. I mean... amazing how Toyota does so well in the free market non? The market is the best structure to determine the trade off between price and reliability.
Re:gpl comes with a license (Score:3, Insightful)
If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.
But the proposed legislation is consumer protection, which is a totally different branch of legislation to that relating to B2B contracts. Yes, the software makers might end up liable, depending on the contract between the service provider and the software supplier, but they might not. There's a lot of Linux used in air traffic control in Europe, but I doubt anybody involved in Linux could end up liable in the event of an accident. Rather, the air traffic service providers have to make sure they have adequate protection against credible failure modes of the Linux element. (I've worked on quite a few safety cases arguing that such protections are adequate, so it's more likely that I'd be liable).
Re:Only if they get final say on release of the co (Score:1, Insightful)
Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
When say, Ford makes a car, do they make all of the parts that go into the making of the car? So, if you buy a car from Ford and the car won't start because the starter motor is defective, then Ford isn't responsible because they didn't make the starter motor?
Say you buy a Hamilton-Beach toaster. You open the box to find a piece of paper that says "By opening the box, you agree that Hamilton-Beach does not warrant that this toaster will actually toast bread." You plug in the toaster only to find that it doesn't work. Do you say "Oh well, I guess I'm out of luck"?
Such examples are patently stupid. Yet this is exactly what software EULAs say: the software is not warranted for any purpose, not even the purpose for which it was sold. Most jurisdictions have laws pertaining to merchantability and product liability. These laws work adequately (more or less, depending upon jurisdiction) for the sale of goods. The laws make distinctions between defects which do not hinder use, minor defects, major defects, and life-threatening defects. It all works (more or less) for cars and toasters; why shouldn't it be made to work for software.
Re:The word: Purchase (Score:3, Insightful)
Most EUropean countries have clauses in their laws that instruct the judge to take the price of the good into account when considering what would be a reasonable quality for a product. A corollary of that is when you give something away for free, the expected quality level is something like "not known harmful".
This is consumer protection law, not civil damages. The biggest practical upshot of this would be that if you buy a piece of software and it turns out not to be "fit for purpose", you have the right to a refund and maybe compensation for the cost of post and packing to return it. This is obviously moot if you downloaded the product for free.
Your point about price might, however, come into play if I bought a cheap Linux CD and wanted my money back because the Minesweeper implementation wasn't quite up to snuff.
If a product causes serious damage to property or persons and the victim wants to sue for big money, then that is a totally different kettle of fish - and not (AFAIK) what this is all about.
Re:gpl comes with a license (Score:3, Insightful)
Silica gel, yum yum!
Re:gpl comes with a license (Score:3, Insightful)
Both open source and closed source software typically include non-warranty clauses. If a new law were passed to void those clauses, it would affect both types.
GPL v4 (Score:3, Insightful)
The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to destroy you and leave you (and or your business) reeling in economic and personal obliteration*. That our software looks like it does something productive should not be mistaken for any intent to be useful in any fashion â"the software is free for all its users.
*The GPL or authors of software using the GPL license make no guarantees regarding the efficacy of said software's destruction potential.
Re:gpl comes with a license (Score:3, Insightful)
In the food poisoning case you've suffered pain and discomfort.
You don't sue because you've been wronged. You sue because something of yours was taken away without your consent. If the law removes your ability to consent to certain risks (such as the risks associated with using untested software), then you'll be able to sue for the losses you would incur as a result of using untested software.
Ask for a refund.
The amount of damage you suffer is not limited to the price of the product when it comes to recovering damages through law suits. You have $0 involved in a transaction with a car thief. But you can still sue him for the damage he caused to your car.
Re:gpl comes with a license (Score:3, Insightful)
Well, as somebody with an engineering degree, I know that we were taught that we were responsible for designs produced using software products. So, for example, if one used structural design software to design a building, and that software gave erroneous results, you are to blame, and not the software.
The real blame, ultimately lies with the deepest pockets.
Re:Two versions (Score:3, Insightful)
The result will be two versions of software. One will be priced the same as today, with a detailed license agreement with you ultimately giving up those rights
The purpose of the law would be to prevent license agreements taking those rights away. You already have them by default anyway (google "implied warranty of merchantability").