[LINK] Rampaging bugbear
bscott@gtlaw.com.au
bscott@gtlaw.com.au
Tue, 8 Oct 2002 11:46:46 +1000
> Brendan and other legal eagles, would that help the situation at all?
Well,
I think I have to say that this is the most debated (virulent?) thread I've
started so far...
In relation to imposing liability on software developers...
I think that you'll find that the more regulation you apply to things the
more you tend to favour companies with the resources capable of complying
with those regulations. In general this means larger companies have an
easier time of it all.
In terms of product liability for software, I think this is a problematic
area because software is more the output of providing a service rather than
a product per se, although legislatures have attempted to provide
mechanisms for developers to "productise" that output. The main difficulty
lies in the fact that software does what software does - it's hard to
identify commonly accepted standards in relation to software - what should
an email program do? What should a word processor do? Compare these to
"what should a screw driver do?" or "what should a toaster do?", each of
which admits of relatively clear and simple answers. The areas in which a
screwdriver or toaster can go wrong are relatively restricted and,
therefore, compliance or non compliance could be relatively easily
determined. The same is not true for software.
Another aspect of the liability discussion is whether or not companies
ought to be able to "contract out" of any obligations that ought to be
imposed. That is, to exclude liability as a condition of the provision of
the product. The effect of an inability to contract out will be to limit
the scope for vendors to manage their risk exposure - that is, all risk
management would need to be in quality assurance. The likely effect of this
would be to delay the release of software until it was fully quality
assured. Now, on the face of it, that seems like a good thing, except in
practice it will inflate software price by over testing the software (the
stricter the liability, the more testing). On what basis could people make
beta releases if they couldn't contract out of liability? If I'm a
consumer and I understand the risks, why shouldn't I be able to agree with
a vendor that their software isn't perfect, but I'm willing to use it
anyway and I'll take the consequences - probably in return for a greatly
reduced price?
Of course, if they *are* allowed to contract out of liability, then
companies with more market power will be better able to impose strong terms
without affecting their sales.
Perhaps the main barrier to secure systems is the absence of self help. If
someone sells me a cabinet which is not quite secure, I'm allowed to weld
some extra steel onto it to make it secure. Not so software. The
legislature permits the productisation of software development *without*
requiring disclosure of the source code for the software *and* by granting
a monopoly over further development to the original developer. Just
rewards arguments aside, this means that there is only one person (ie the
vendor) who is able to include security features in a program or audit it
for security compliance - and that person might have other priorities.
That said, the law of negligence measures negligence against an evolving
standard (of the reasonably skilled person carrying out the particular
task) and there is nothing inherent about the law which would prevent it
applying to software development.
My $0.02
Brendan
PS The bugbear emails I've received have decreased. They also seemed to
come out in bursts.
Jan Whitaker
<jwhit@PrimeNet. To: <dassa@dhs.org>
Com> cc: <link@www.anu.edu.au>
Sent by: Subject: RE: [LINK] Rampaging bugbear
owner-link@www.a
nu.edu.au
07/10/02 07:45
AM
At 10:09 AM 6/10/02 +1000, Dassa wrote:
>Why not go after all consultants and advisors also. I'm sure a number
>of link participants have been responsible for some of the
>infrastructure, both hardware and software, that is in use at some of
>the larger organisations around the country.
I don't think this is a fair assessment in this regard. We consultants
[SMEs mostly] are now more than not required to carry professional
indemnity insurance to cover just this type of problem, particularly if it
causes harm and action is taken against us. I guess the question is
really:
why are MS and other commercial products allowed to get away with licenses
that let them off the hook from non-performance or damages caused as a
result of using their products, when clients of consultants, especially big
organisation clients like government, require contracts that say us little
guys take the responsibility?
Maybe that is the change that should happen in corporate law, similar to
what is under consideration of the AG right now with the copyright act,
taking out the license language from online publishers that would nullify
fair dealing. Make contract law that says that buyer beware or liability
nullification is not allowed or if included, is not enforceable.
Brendan and other legal eagles, would that help the situation at all?
Frank said:
>It all comes down to a matter of disclosure. When I buy a piece of
>hardware, or a copy of an OS, or an application, the company concerned
>goes to pains to remove themselves from any liability via their
>'agreements' ... that are only available after I have opened the package.
>And basically the 'agreements' are a simply disavowal of ANY
>responsibility for product shortcomings.
I read the above in a later message. Similar to what I was saying
[above]. It reminded me that A Current Affair is having a story about
consumer warranty and guarantee issues interviewing people at the Consumer
Law Centre TONIGHT [Monday], one being Catriona Lowe who is a friend of
mine. The clip shows her saying something like "a car is supposed to 'go'
". My expectation is that the product is at least supposed to do what it
was purchased to 'do'.
Jan
JLWhitaker Associates
Melbourne, Victoria, Australia
jwhit@primenet.com -- http://www.primenet.com/~jwhit/whitentr.htm
----------
For Link list information see http://sunsite.anu.edu.au/link/
=======================================================================
This electronic mail is solely for the use of the addressee and may contain
information
which is confidential or privileged. If you receive this electronic mail
in error, please
delete it from your system immediately and notify the sender by electronic
mail or using
any of the following.
Brendan Scott
Lawyer
GILBERT + TOBIN Phone: +612 9263 4230
GPO Box 3810 Facsimile: +612 9263 4111
SYDNEY NSW 2001 Email: bscott@gtlaw.com.au
AUSTRALIA Website: http://www.gtlaw.com.au
Liability limited by the Solicitors Scheme approved under the Professional
Standards
Act 1994 (NSW).
=======================================================================
----------
For Link list information see http://sunsite.anu.edu.au/link/