Should Developers Be Liable For Their Code?

Glyn Moody writes "They might be, if a new European Commission consumer protection proposal, which suggests 'licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions,' becomes law. The idea of making Microsoft pay for the billions of dollars of damage caused by flaws in its products is certainly attractive, but where would this idea leave free software coders?"

Not my fault

[oh_bugger (906574)]

As a developer, I say that surely it's the tester's fault if there's flaws!

Re:Not my fault

[s_p_oneil (795792)]

Hmm, it would probably go like this:

Engineers: "It's the software!"
Developers: "It's the hardware!"
Both: "Why didn't the testers catch this?"
Testers: "That wasn't one of the use cases, so it's the designers' fault."
Designers: "The product wasn't meant to be used that way, so it's a documentation error if the tech writers didn't tell users not to do that."
Tech writers: "Don't look at me, I just write what you guys tell me to write."

Open Source Developer: Don't look at me. My users contribute design ideas, code, docs, testing, etc. So if there's a problem, it's their fault 4 times over for designing it, coding it, failing to test it, and failing to document it. ;-)

Re:Not my fault

[CarpetShark (865376)]

Actually it'll probably work out like:

Providers: Yeah, it's broken, sorry. Contact our insurance company, and put in a claim.

Clients: Oh, you're insured for this? Great.

Providers: Yeah, of course. We're pros, and totally insured for this, like all the other pros. Why else do you think you couldn't get a two-page website for less than $12,000?
 

Re:Not my fault

[sjames (1099)]

Insurance company: Did the contract specifically say you could use that menu item while wearing a green shirt?

Clients: Well no, not specifically, but...

Insurance company: DENIED!!!!!!!!!!!!!

Re:Not my fault

[koutbo6 (1134545)]

Good luck also untangling the dependency mess in software, I doubt it would be difficult to pin down who is really at fault.

Think of the mess when people start suing developers of web applications!

App Developer: Its the browser!
Browser developer: its the JavaScript library!
JavaScript library Dev: its the VM developers!
user again: Yeah lets sue Sun!
Javascript developer: JavaScript is not ...you know what ..your absolutely right! go for it

User can't find Sun and sues Microsoft for VBScript because its the closest thing to it.

Microsoft: Oracle bought Sun.
Oracle: Hell I knew I shouldn't have bought Sun, anyway, Java is OpenSourced so I have no control over it.
Java developers: JavaScript is not Java!
User: Why am I here?
Java developers: I don't know, but if there is anything wrong, its usually Microsoft's fault.
Microsoft: .... [chairs start to fly and hit user on the head]
Microsoft Lawyer: Lets counter suit the chair manufacturers for not anticipating our use case.

Fast forward to court date after every software and furniture manufacturer under the sun gets involved in the case....

User's lawyer: What do you mean you got windows off of pirate bay? You could have mentioned this small detail before I took on your case!
RIAA Lawyer: Don't worry, you can plead insanity, and I can take it from here.
TPB: Argh! We be hosting the tracker only mate! not the software! the software be hosted in china.

After a very long court proceeding which involved everybody under the sun and caused three world wars, two nuclear stand-offs, and countless bus parties... a strange group of people came crashing into the courthouse

Guys in red:Nobody expects the Spanish Inquisition!

and it starts to go downhill from here!

GPL v4

[earnest murderer (888716)]

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to destroy you and leave you (and or your business) reeling in economic and personal obliteration*. That our software looks like it does something productive should not be mistaken for any intent to be useful in any fashion â"the software is free for all its users.

*The GPL or authors of software using the GPL license make no guarantees regarding the effic

Re:Not my fault

[naoursla (99850)]

It worked on my box.

gpl comes with a license

[superwiz (655733)]

and no one to sue. and don't think the fact that you get it for free matters -- you can sue a soup kitchen if it gives you food poisoning.

Re:gpl comes with a license

[A beautiful mind (821714)]

you can sue a soup kitchen if it gives you food poisoning.

Sure, since that's a public health matter. If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.

To continue your analogy, if a soup kitchen gives you soup that is too cold, comes in a plastic bowl and is too small of a portion, you've got nowhere to turn with that and you should have nowhere to turn with that, it is gratis after all. On the other hand, if this happens in a restaurant that calls itself high quality and advertises the famous chicken soup from a master chef and you get the same treatment, then there are numerous consumer protection agencies in Europe at least to fine the given restaurant.

Re:gpl comes with a license

[Timothy Brownawell (627747)]

If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.

Actually it would probably be whoever decided that that software was OK to use in an aircraft. If I were to somehow get an aircraft and install Gentoo on some critical system, I'm pretty sure I'd be the one to get in trouble rather than the Gentoo or Linux (kernel) or Glibc people.

Aircraft software

[Okian Warrior (537106)]

I make software that goes on an aircraft for a living.

All such software is required to be certified by the FAA, which has elaborate requirements for development, documentation, and testing (the applicable document is DO-178B).

I'm told that the reason for certification is not safety, but culpability. If your software satisfies the requirements and passes review by the FAA, then your company will not be held liable if it causes problems.

In essence, certification represents "best effort" engineering practices and tries very hard to eliminate bugs in the final product.

By the time a software package gets on a plane, many people have combed over it looking for problems, and the testers have spent a massive amount of time running it. There is a safety/failure hazard analysis which asks all the "what if" questions, and the flight crew has written procedures in case it fails.

If a bug is found after deployment (this happens occasionally) and it is discovered that there was a flaw in the certification process, all hell would break loose. It would open up the FAA and the company to all sorts of lawsuits from injured parties. The people who signed off on the certification would essentially be screwed.

The FAA is generally a bunch of bureaucrats. The one thing they do well is look out for their own interests.

Oh, and I worked for the company that got Microsoft Windows certified to run in the cockpit as a map display. It's Posix compliant, dontcha' know!

Re:gpl comes with a license

[Stewie241 (1035724)]

Well, as somebody with an engineering degree, I know that we were taught that we were responsible for designs produced using software products. So, for example, if one used structural design software to design a building, and that software gave erroneous results, you are to blame, and not the software.

Re:

[Registered Coward v2 (447531)]

Well, as somebody with an engineering degree, I know that we were taught that we were responsible for designs produced using software products. So, for example, if one used structural design software to design a building, and that software gave erroneous results, you are to blame, and not the software.

The real blame, ultimately lies with the deepest pockets.

Re:

[Tablizer (95088)]

The bar for coding [engineered] things is so much more higher than for say writing a GMail Clone. If an email service goes down people typically arent going to die as a result.

What if somebody sent the message, "Don't eat that banana, it's poisoned". But your Gmail clone loses some words and the other side gets, "eat that banana" only?
   

Re:gpl comes with a license

[chill (34294)]

Except you just can't run anything for aircraft control. Read the fine print on software like Java, Windows and other items. You'll see it explicitly states you are not to use it for nuclear power plants, aircraft control and other life-critical applications. There are special rules for the super-critical stuff.

On the other hand, if this happens in a restaurant that calls itself high quality and advertises the famous chicken soup from a master chef and you get the same treatment, then there are numerous consumer protection agencies in Europe at least to fine the given restaurant.

That concept is so pathetic I don't know where to begin. Consumer protection agencies to fine a restaurant for poor quality and bad treatment? Are Europeans that big of pussies? What is wrong with "tell your friends they suck, don't eat there" and watch their business evaporate? You can't be serious that the government steps in for things like this!?

Re:gpl comes with a license

[h4rm0ny (722443)]

A good analogy is like a map that lets you see a wider view of the terrain. A bad analogy is like the wrong sort of petrol in your car.

Re:

[A beautiful mind (821714)]

I wonder where is BadAnalogyGuy [slashdot.org] when you need him :)

Re:

[digitig (1056110)]

If software controlling an aircraft crashes and causes the aircraft to crash too and that kills people, I'm pretty sure the software makers might end up liable too.

But the proposed legislation is consumer protection, which is a totally different branch of legislation to that relating to B2B contracts. Yes, the software makers might end up liable, depending on the contract between the service provider and the software supplier, but they might not. There's a lot of Linux used in air traffic control in Europe, but I doubt anybody involved in Linux could end up liable in the event of an accident. Rather, the air traffic service providers have to make sure they have adequa

Re:gpl comes with a license

[jabithew (1340853)]

Doesn't GPL have explicit anti-sue protection, with that whole section on lack of implied merchantability or warranty?

This program is free software: you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation, either version 3 of the License, or
        (at your option) any later version.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
        GNU General Public License for more details.

        You should have received a copy of the GNU General Public License
        along with this program. If not, see http://www.gnu.org/licenses/ [gnu.org].

From the GNU how-to [gnu.org].

Does anyone know how this would interact with the potential EU law?

Re:

[ClosedSource (238333)]

Both open source and closed source software typically include non-warranty clauses. If a new law were passed to void those clauses, it would affect both types.

Re:gpl comes with a license

[rackserverdeals (1503561)]

THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.

If the law changes and requires software to offer a warranty then the GPL will be vulnerable. Even if the GPL didn't include that statement, a court could invalidated it because a contract that breaks the law is not legally binding.

Changing a license for a big project isn't always easy.

This will most likely hurt companies like Redhat, Canonical, Novell and other corporate open source contributors because they will have to stand by their products and you're bound to get a few cases where they have to pay up.

But it's not a law yet.

Re:

[superwiz (655733)]

But equally, people should be free to say what use their product is intended for.

As a number of people pointed out, there are exceptions to this. Basically, laws can restrict what types of agreements can be entered into. The most extreme example of this is that you can't enter into a contract to be a slave. A less extreme example would be a law that voids all "no warranty" clauses of software licenses.

I also fail to see how causing injury is comparable to alleged liability of Microsoft.

Law suits are a mechanism for recovering damages caused by the other party. You can't sue someone for wrong doing (that's what criminal laws are for). What you sue for is the damages

Re:"May Contain Bugs"

[mfnickster (182520)]

> I'm looking at a silica packet that is labled, "Do not eat."

I followed those instructions and nearly starved to death!

My lawyer advised suing for "negligence causing anorexia."

Re:gpl comes with a license

[Pentium100 (1240090)]

I know a joke based on this:

If food makers used the same licenses as software makers, then in a opaque box, there would be a license agreement:

1. The manufacturer does not guarantee that this item can be used for food and is not liable if it is not suitable for eating.
2. The user is not allowed to examine the contents of this item (for example to look if it had rat tails in it).
3. The user has a right to use (eat) the product, but does not become its owner.
4. The right to use (eat) the product gets only one person.
5. The user does not have a right to sell of give away the product to third parties.
6. The manufacturer does not guarantee that the product is free of hazardous materials (for example, rat poison, dioxin etc).
7. The manufacturer is not liable for any health risk to the user because of the product.
8. The manufacturer guarantees that the box is made of high quality materials and, if there is a flaw in it, will replace the box. This does not extend to the product that is in the box.
9. By opening the box and reading this agreement the user automatically agrees to it.

Re:

[Hognoxious (631665)]

you can't sue someone if they sell you some substance, and you decide to eat it (especially if it has warnings not to eat it).

Silica gel, yum yum!

Re:

[superwiz (655733)]

In the food poisoning case you've suffered pain and discomfort.

You don't sue because you've been wronged. You sue because something of yours was taken away without your consent. If the law removes your ability to consent to certain risks (such as the risks associated with using untested software), then you'll be able to sue for the losses you would incur as a result of using untested software.

Ask for a refund.

The amount of damage you suffer is not limited to the price of the product when it comes to recovering damages through law suits. You have $0 involved in a transaction with a c

Re:

[superwiz (655733)]

I am pretty sure that the only reason you can sue for pain and suffering is on the theory that your ability to peacefully enjoy your life was taken away from you. Not sure that someone can give you cancer, but if you get hit in the balls and don't suffer any consequences beyond a few minutes of pain, then you law suit options will be very, very limited. You will be able to charge them with a crime though.

As to the moronic comment about the car thief, learn the difference between civil and criminal law and then come back, OK?

I am fully aware of the difference. Please, take your medication now.

if you pay you get working stuff or a refund,

[A beautiful mind (821714)]

if you get it for no price, you don't enjoy such priviledges.

If someone sells GPL based software, they are free to do so and pick up the tab on flaws in the product. Same goes for proprietary software.

This should have been done at least 10 years ago.

Re:

[sopssa (1498795)]

If you get free food and it gives you food poisoning, the one that made the soup will still be viable. Same issue here.

Re:if you pay you get working stuff or a refund,

[rliden (1473185)]

Do you really want to pay for perfect? There are risks associated with anything and buying perfect costs a hell of a lot of money.

This is an issue that is more complicated that should developers be held liable for perfection. Is it good enough to work reliably in most cases? Was there a malicious or negligent intent to box and bunch of schlock? There are a lot of good questions that could be asked here when trying to define the responsibility and accountability of development companies.

The market for proprietary software and the community for open source software does function pretty good for weeding out the crapware.

GPL

[neoform (551705)]

http://www.opensource.org/licenses/gpl-license.html [opensource.org]

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

Re:

[superwiz (655733)]

there is no warranty for this free software

every software license worth its salt has this clause. laws can make certain parts of agreements void. for example, you can't enter into a contract to be a slave.

Re:

[MeanMF (631837)]

Sure it's in the license now, and there are similar statements in the license agreements for most commercial software. But the license agreement is only valid if it's legal. So the question is what would happen if a law is passed that guarantees consumers certain rights regardless of what is in the license?

open source is still not liable

[voss (52565)]

Because the software is not purchased there is no contract. "permission to use" is not the same as a sale.

Stupid Idea

[Courageous (228506)]

The idea that code should be perfect is a stupid idea: consumers don't want that.

They want "good enough," not perfect. Perfect costs a great deal of money, probably 4X, and consumers will buy the good enough product, at 1/4 of that price, well beyond 95% of the time.

C//

Re:Stupid Idea

[rlseaman (1420667)]

The idea that code should be perfect is a stupid idea: consumers don't want that. They want "good enough," not perfect. Perfect costs a great deal of money

Your comment is "insightful", but it is beside the point. This is exactly the same issue with all engineering. An object manufactured to better standards than needed for the purpose is an overly expensive object. The question rather is the web of responsibility. If Microsoft or Google or even somebody's shareware makes a claim of suitability, certainly the consumer should have redress when it proves unsuitable.

There are many other dimensions of this issue. For instance, the software industry is well known for adding pointless complexity - features that nobody ever asked for. If GE added a can opener to a toaster, they would be liable for any unexpected risks this reveals, but Microsoft can make Word so complex that businesses using it accrue large expenses related to training, etc., and risks related to misformatted and delayed documents and so forth - and yet Microsoft currently faces no significant market pressure from liabilities associated with having broken their own product.

Re:Stupid Idea

[Anonymous Brave Guy (457657)]

Exactly. The problem with trying to enforce this kind of measure for software is that there is a cost/performance curve, and most people don't want to pay to be right up at the end of it.

Heck, no-one in the world knows how to get right up to the end of it. Even the guys at NASA, whose development process is awesomely effective at producing reliable software compared to the the commercial/home user industry, still get bugs. Given the nature of their work, their bugs can cost as much in a single mission as a bug in widely used home user software costs spread across the whole user base, potentially including a cost in human lives, so it's not like they're hiring stupid people or not trying to get everything perfect.

Re:Stupid Idea

[14erCleaner (745600)]

Perfect costs a great deal of money, probably 4X

With free software, it's even more than 4X. Maybe even 10X.

What if..

[Mastadex (576985)]

Say a developer uses a number of 3rd party libraries (ie. Boost, TinyXML, etc), who will be pay damages if the program crashes in a bad way? The developer for not trying to catch 3rd party crashes, or the 3rd party for writing in bad code?

Re:What if..

[A beautiful mind (821714)]

The one who sells the given product. This is all about sale.

If my harddrive breaks within warranty period, I don't go to the company who manufactured the silicon or the ICs, I go to the retailer or Samsung, who sold me the drive.

Only if they get final say on release of the code.

[GuyverDH (232921)]

Until the coders get total control of the project, from inception to completion, then no, they cannot be held responsible for bugs in the code.
How many companies push to get code out the door with *imperfections* - claiming they'll fix those in the first update?
Too many these days.
I'd say it's the management that controls the release schedules that should sign their names in blood on the bugs still known about (and unknown as testing probably wasn't allowed to complete).

Re:

[scamper_22 (1073470)]

I have mixed feelings on this.

This would only work if 'coders' gain the professional standing like doctors and lawyers. I would welcome the chance to have better qualified people in the field as well as bigger bucks.

On the other hand, all of software is design. It's hard to fault someone for breaking breaking standard protocol, when each piece of software is essentially designing something new. I heart surgeon doesn't invent a new heart procedure with each patient... By definition in software, everythin

The word: Purchase

[MathFox (686808)]

Most EUropean countries have clauses in their laws that instruct the judge to take the price of the good into account when considering what would be a reasonable quality for a product. A corollary of that is when you give something away for free, the expected quality level is something like "not known harmful".
When you buy software, for example a Linux distribution, you may expect that the distributor has tested the packages and that the software mostly works. Because you pay more for MacOS, you may just expect MacOS to work better.

Off course there has to come jurisprudence on all this, but I don't think that finding just one bug will entitle you to your money back. However, when the software won't work at all for you, the supplier can not hide behind EULAs and could be forced to compensate your damages... It will be a case-by-case balancing of responsibilities.

Re:

[itsdapead (734413)]

Most EUropean countries have clauses in their laws that instruct the judge to take the price of the good into account when considering what would be a reasonable quality for a product. A corollary of that is when you give something away for free, the expected quality level is something like "not known harmful".

This is consumer protection law, not civil damages. The biggest practical upshot of this would be that if you buy a piece of software and it turns out not to be "fit for purpose", you have the right to a refund and maybe compensation for the cost of post and packing to return it. This is obviously moot if you downloaded the product for free.

Your point about price might, however, come into play if I bought a cheap Linux CD and wanted my money back because the Minesweeper implementation wasn't quite up to s

Licensing and Accredidation

[iluvcapra (782887)]

If the EU wants higher-quality software, they should support an industry-wide system for the licensing and qualification of programmers, like we have for other engineering disciplines and professions. For example, they could require that all government software, or software for use in aircraft and life-critical functions. These developers wouldn't be "better" than anyone else, but they'd have taken an exam and be nominated by their peers, like a state bar.

If the software is developed by professional developers with licenses, it gets a big seal on it, and then people can choose to buy it or not based on the rep of the licensing body, and their risk tolerance.

Unworkable

[StormReaver (59959)]

This is an unworkable plan. Personal computers, by their very nature, require the end-user to tamper with them. The moment the end-user installs some 3rd-party software, or swaps out any piece of hardware, the environment the software runs under changes. This new environment will frequently produce a permutation that is impossible to predict and test against.

Additionally, many mainstream hardware manufacturers are TERRIBLE at producing hardware that conforms to the standards to which software developers target their code. Software developers can do everything right, but still see their programs malfunction due to circumstances beyond their control.

If this brain-damaged statute passes, the European Union will witness a steady exodus of consumer software, both closed and Open Source, from its member nations. There are just too many intermediaries between the software producer and software consumer to make this kind of liability feasible in any way, shape, or form. The price of even simple software would also rise to that of a small skyscraper, as a deluge of lawsuits would be filed by users for problems they caused themselves, but blamed on the software.

The cost to the European Union would be devastating.

Re:Where would this idea leave free software coder

[superwiz (655733)]

Going to medical school.

umm... to avoid being sued?

Re:

[sopssa (1498795)]

If they pass a law to protect consumers tho, eula cannot go against it. Those parts in the EULA would be just as null.

Thats how it works in some countries in europe aswell. For example most eulas try to prohibit you from making *any* copies of the software/game, but laws state that you can make yourself personal copies. Law goes on top of EULA, and if they differ law always wins.

Re:

[sopssa (1498795)]

However theres a little bit of difference on complexity on programming and constructing something (I know, constructing requires knowledge aswell, but not on so wide scale and on the same level of complexity)

Re:

[ljw1004 (764174)]

Sure it's all in the license at the moment. The question is whether we as a society are happy that these are valid licenses.

We don't let doctors do surgery with the EULA-like conditions that "anything they do is at the users own risk and the doctor isn't held to any standards."

We don't let engineers build bridges with the EULA-like conditions that "the bridge is delivered as is and people drive over it at their own risk."

Why do we allow software to get away with such a cowboy attitude when we're more rigoro