×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

BBC Commentator Goes After Software Licensing

Zonk posted more than 8 years ago

Software 453

An anonymous reader writes "Bill Thompson, a regular commentator on the BBC World Service programme Go Digital, criticizes current software licenses (including the GPL) for giving developers 'freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private'." From the article: "A friend of mine is a children's writer. When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book. If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability. "

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

453 comments

Incredible (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13686421)

A first post!

WHY ISINT GEORGE BUSH IMPEACHED?? (1)

Dragoonkain (704719) | more than 8 years ago | (#13686435)

WHY??!?!?!?!

why!?!?!?!

Re:WHY ISINT GEORGE BUSH IMPEACHED?? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13686620)

WHY??!?!?!?!

"Jane you ignorant slut". -- SNL

You can't do anything? (-1)

Anonymous Coward | more than 8 years ago | (#13686440)

You can sue your bank, dumbass.

Yes! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#13686441)

Frost Pist

Bad analogy (2, Insightful)

pmike_bauer (763028) | more than 8 years ago | (#13686447)

Publisher is to Author as
Software User is to Developer
...BZZZZZT!

Re:Bad analogy (4, Informative)

kfg (145172) | more than 8 years ago | (#13686697)

Well, then it's a damned good thing he didn't use that analogy, isn't it.

In fact, he didn't use an analogy at all, since author is to author isn't an analogy. He merely brought up the indemnification of the publisher to illustrate that in fields other than software authors can be held accountable for what they write and publishers do not wish to be the "deep pockets" target of the accountability.

And software has publishers too.

KFG

About time (2, Interesting)

bruce_the_loon (856617) | more than 8 years ago | (#13686448)

It's about time that someone got up and did something about this. It's time we realized the customer comes FIRST and our comfort and legal safety POST.

Re:About time (1)

peragrin (659227) | more than 8 years ago | (#13686486)

It's a shame you can't sue MSFT when a worm works it's way across the net costing Billions to clean up after. Of Course according the the MSF eula you can't sue them, and they assume no responsiblity either.

I guess noone in the software industry actually cares about the customer.

Re:About time (1)

JohanV (536228) | more than 8 years ago | (#13686711)

It's a shame you can't sue MSFT when a worm works it's way across the net costing Billions to clean up after
I am not so certain you can't sue them. Is it their fault that some kiddy with too much time on his hands wrote yet another worm? Have they been negligent in developing unsafe software?
If you answered "yes" to any of these questions, you have reason to go to court in most Western countries. Consumer protection really goes that far and law trumps contract and overrules the EULA. The reason nobody does it is that for a consumer it just isn't worthwhile, not because it is impossible. (And those businesses that can get enough out of a lawsuit to reclaim their legal expenses don't enjoy consumer protection.)

And if you did not answer "yes" to any of these questions, then why is it a shame?

Yeah... (3, Insightful)

Anonymous Coward | more than 8 years ago | (#13686569)

Let's make all software developers totally legally responsible for their programs. That way, the only people who can afford to write software are huge companies, and even computer progamming for hobbyists ceases to exist because of the liability issues surrounding the creation of code. It'll be sort of like the doctors who have to buy really expensive malpractice insurance as protection against frivolous lawsuits, only the people who have to pay in this case won't be pulling down doctors' salaries.

malpractice caps do NOT decrease premiums (5, Insightful)

Travoltus (110240) | more than 8 years ago | (#13686781)

Just so you know, malpractice premiums do not decrease for doctors in states where malpractice awards are capped to $250,000. Most lawsuits are launched when doctors maim or kill patients due to negligence, not because of highly publicized frivolous reasons. Your analogy is flawed, to say the least.

Now let's get back on topic. It's wrong for people to make excuses for bugs in code which expose my personal information to hackers, stalkers and marketers. I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud. And no, I can't opt out of this dangerous system unless I stop driving (so much for being able to get food), close my bank account (yeah, hide my money under my bed so a thief has a reason to physically rob me and then kill my whole family to get rid of witnesses), declare myself dead (to retire my SSN - whoops, that's illegal, welcome to Club Fed! - or at least, welcome to joblessness) and practically move out of the country (well, actually that's a good idea if Canada is my destination).

Thanks to stupid programmers there's absolutely no way anyone can protect themselves from identity thieves. The only reason why someone hasn't hijacked you is that they don't care to.

Now please, come back after you find yourself having to fight for years to fix your credit after a hacker stole your personal information off Lexis-Nexis and then tell me they shouldn't stop the digital train for some major overhauls. Until you're a victim of the gaping flaws in the digital fortress you really don't understand the sharpness of that sword of Damocles that is swinging back and forth over your head.

I must disagree (0)

Anonymous Coward | more than 8 years ago | (#13686599)

With software, a lot of bugs are caused by interoperability problems, but it's very hard to tell who's at fault. The software manufacturer? The hardware maker? The operating system? The organization which wrote the drivers?

If someone wants to take responsibility for a complete package (for a fee), then that's fine, but otherwise nobody will write software for fear of liability beyond their control.

Re:About time (0)

Anonymous Coward | more than 8 years ago | (#13686643)

I wonder how long it will take until someone realises that you were going for a FIRST POST?
I dunno, it seems obvious, but then again this is /.

Re:About time (2, Funny)

xtracto (837672) | more than 8 years ago | (#13686650)

Landing On the Subject, when do you Expect it will be Realized that the EULAS are taking out our basic statutory rights?

Re:About time (4, Insightful)

Skye16 (685048) | more than 8 years ago | (#13686675)

I disagree. You don't like buying/using my software because I'm free from any responsibility if it runs amok and kills your family and makes love to your motorcycle? Don't use it. I'm not going to make you. If you don't feel comfortable dealing with those circumstances on your own if they happen, then I don't want you to use my software products (not that I actually have any, but still).

If you don't like it - write up a new license claiming responsibility for whatever it is your software may do. Write whatever software you want. Users will possibly flock to you just for the peace of mind they would get (or is it piece of mind? ;D).

Of course, so will the lawyers, but hey, it was your choice (as a developer) to release software under those conditions anyway.

Re:About time (0)

Anonymous Coward | more than 8 years ago | (#13686730)

Not when I write software as a hobby and give it away for free. Customers buy stuff.

GPL (5, Insightful)

Joehonkie (665142) | more than 8 years ago | (#13686456)

I bet his wife gives away her books for free, too. On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.

Re:GPL (2, Insightful)

s20451 (410424) | more than 8 years ago | (#13686702)

So you're saying that software companies (say, for example, Microsoft) are actually not responsible at all when they release buggy code, and buyer beware?

Re:GPL (0)

Anonymous Coward | more than 8 years ago | (#13686768)

It's all due to the consumer oriented society we have now. It annoys me to no end. People don't even want to go to the trouble to raise their own children anymore for example.

Re:GPL (2, Interesting)

gosand (234100) | more than 8 years ago | (#13686779)

On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.

Fear and greed, and a lack of compassion. That is what causes these things.

Let's say theoretically, someone goes to a restaurant, orders a cup of coffee, and the lid isn't put on properly. The person spills hot coffee all over themselves.

Which is more likely to happen:

the restaurant apologizes, helps the person clean up, and gives them their meal for free
OR

the restaurant denies any liability, and immediately asks the person to sign a form saying they aren't responsible. They refuse to even apologize, for fear it will indicate they are at fault. This angers the person, so they seek revenge. Lawyers get involved. The media gets involved. It turns into a ridiculous circus.

Companies are afraid to be sued, because people are greedy. Companies won't admit ANYTHING for fear it will demonstrate some sort of fault. People are greedy, and know they can sue pretty much anyone they want. There will always be a scumbag lawyer or two to help mix things up, because they always seem to win in situations like this.

Keyword (4, Insightful)

mysqlrocks (783488) | more than 8 years ago | (#13686459)

The keyword is that people agree to these license. If you don't agree, don't use the software. Or, you could buy more expensive software that comes such a guarantee. I can't think of any specific examples, but I'm sure the software that runs pacemakers has some sort of guarantee. However, it's very expensive.

No guarantees (4, Insightful)

winkydink (650484) | more than 8 years ago | (#13686534)

In many cases, there is no option for a more expensive software that comes with a guarantee. Yes, some software like hospital life support and air traffic control come with a guarantee, but that is why you will see many 'normal' sw mfgs license mention these applications by name and say that you should not use their product in these environments.

"life critical" (3, Insightful)

CarrionBird (589738) | more than 8 years ago | (#13686574)

Medial equipment, avionics, there's plenty of stuff that is specifically made for situations where failure is not an option. Consumer software is not such a thing.

Re:"life critical" (1)

xtracto (837672) | more than 8 years ago | (#13686669)

Yep, I remember someone posting that it is the main reason why the NASA is still using some quite old programs, because they are fully tested and work, and they can not afford any kind of BSOD or Kernel Panic on some of its critical missions

Re:Keyword (2, Insightful)

paranode (671698) | more than 8 years ago | (#13686657)

Not only that but his analogy ignores that an entirely separate entity actively and maliciously misused or exploited the software to gain access to his personal information. Suing the software company would be like suing the acid manufacturer for doing enough to make sure it wouldn't hurt children!

Re:Keyword (0)

Anonymous Coward | more than 8 years ago | (#13686708)

Where I work, all developers must disclose to legal when they use open-source code, the full text of its license and what the propriety alternatives are (if any). One of the notes in the e-mail was the typical anti-GPL argument that the license may require we open some of our software which management isn't willing to allow. The other more related point in the e-mail is our company is often willing to buy the propriety alternative if the vendor assumes liability for at least some of the code.

All she has to remember is... (5, Funny)

MrByte420 (554317) | more than 8 years ago | (#13686477)

Little Johnny was a boy. He isn't anymore. For what he thought was H20 Was H2S04

Re:All she has to remember is... (3, Funny)

Enigma_Man (756516) | more than 8 years ago | (#13686579)

Here lies the body of Johnathan Blake. He stepped on the gas instead of the brake.

-Jesse

Yet Another Epitaph (0)

Anonymous Coward | more than 8 years ago | (#13686646)

Here lies Lester Moore
Shot with four slugs from a .44
No Les, no Moore

Re:All she has to remember is... (1)

saskboy (600063) | more than 8 years ago | (#13686678)

Where can I get some of that H-Twenty water?

I'm not going to bug you about the non-subscript 2 and 4, but using a 0 for an O on a tech site demands a nit-picker like me to make a comment.

By the way good joke, I learned that rhyme too, but this version was more appropriate for me:
John was a chemist's son, but John, he is no more. For what he thought was H2O was H2SO4.

Sure thing, we'll get right on that (2, Insightful)

Rocko Bonaparte (562051) | more than 8 years ago | (#13686479)

Sadly, legislation is probably the only way to make software developers--or rather, their companies--more liable. What, you expect the free market to take this one on? Who here honestly expects a company to decide it's competitive to be more liable?

Re:Sure thing, we'll get right on that (0)

Anonymous Coward | more than 8 years ago | (#13686566)

All they need to do is disallow marketing that is in opposition to their licensing. If your license says "no fitness for any purpose" then you can't market that your product will serve any purpose. And instead of civil violations, make them criminal so that it's not just a matter of paying a fine.

you don't "license" use of a book (5, Insightful)

Yonder Way (603108) | more than 8 years ago | (#13686485)

The license is an agreement. If you don't like the terms, don't accept the license, and don't use the software.

There is a lot of crap out there about companies liking proprietary software because it gives them someone to sue when the software breaks catastrophically. That Microsoft has about a $40 billion dollar war chest, earned almost entirely through the sale of very broken software, pokes some big holes in that theory.

You're getting software for free. Don't bitch about indemnity in the license.

Re:you don't "license" use of a book (4, Insightful)

cowscows (103644) | more than 8 years ago | (#13686687)

Yeah, there are places that require much more stringent checks of their software. NASA doesn't just quickly throw together stuff and upload it onto the space shuttle, they test the hell out of it. And so they get high quality stuff written directly for their hardware. The downside to this is that development is slow, and it's expensive.

So basically, if you want software that's guaranteed, you're going to have to do a few things.
A) Pay someone a whole lot of money to write it.
B) Test the hell out of it before it gets put in place.
C) Realize that this is going to take a long time
D) Probably pick some very specific hardware for it to function with, and not have the option to easily upgrade in the future.
E) Make sure you get all the feature requests and whatnot right the first time, because patches and stuff are not going to be easy or cheap.

The market, for the most part, has opted for halfway broken software for a couple reasons. Upfront costs, freedom to grow/update/expand more easily, and because brokenass Windows was good enough for a lot of stuff. Hardware increases allowed significant boosts in productivity, and to a large degree, software was just sort of along for the ride. Now that commodity hardware offers so much power that the drive to upgrade is much less of a factor, it might make more sense to focus more on software quality.

Re:you don't "license" use of a book (1, Insightful)

Z4rd0Z (211373) | more than 8 years ago | (#13686722)

Bullshit. No one agrees to software licenses. No one signs a contract, and there is no one at the other end to reciprocate. All you do is click a button to continue, or enter a license key at best. There is no way you can call that an agreement.

Separate Coding and Liability (5, Insightful)

Renegade Lisp (315687) | more than 8 years ago | (#13686491)

To be held liable for every line of code that you write goes very much contrary to the free software / open source world, where developers often simply scratch their personal itch, or work out of a genuine interest in the matter. It is impossible for such individuals to get the financial backing (i.e. insurance) so that they can take this level of responsibility for their creations.

The solution, I think, is that the realms of coding and of liability need to be separated. Let the coders code and let service companies such as IBM work together with them to provide support and, if needed, liability for customers that need it. This is exactly what happens when IBM "sells" Linux to Wallstreet, for example. They sell the kind of responsibility for the software that individual developers could by no means provide.

Typical Big Government Response (3, Insightful)

geomon (78680) | more than 8 years ago | (#13686492)

I would hope that Mr. Thompson considered the alternative that people often hold others accountable for their own ignorant actions. Yes, a publisher is often held accountable for the stupid actions of a reader (who would be stupid enough to drink sulphuric acid?). But is that situation an indictment of the author, or the court system that allowed an ignorant person to use the courts to make whole an action that the claimant should be responsible for?

No, I do not believe that everyone should be left to fend for themselves without ANY regulation. If someone produces a medication and makes a claim that a patient considered reasonable, and they get more ill or die as a result, then the company should be held accountable. But to make every fucking business activity subject to error and omission insurance will wreak holy hell on our economy. E&O insurace requirements will guarantee that

1) software development will slow,
2) software for process control will halt due to liability questions,
3) make lawyers and insurance companies rich,

all without one single shred of evidence that any of these effects actually made software development any *better*.

When I install software, especially for the first time, I do NOT have it on my production machine. Why do people like Thompson like doing things like this? Why should a software publisher spend heavily to debug (and still not get EVERYTHING) in a manner that *assures* the E&O insurer that it will not delete Mr. Thompson's latest mp3?

Re:Typical Big Government Response (1)

ScentCone (795499) | more than 8 years ago | (#13686600)

Further, why should the software author be on the hook for anything other than the cost of the software? Meaning, most products that don't work as advertised may indeed result in the vendor having to refund money... but to be held liable for, say, loss of other business, or lost income, or other indirect damages is very rare. And it needs to be, because otherwise very few people would write another lick of commercial software, ever... unless it costs a bloody fortune to pay for the billions needed in insurance. And, rationally, that cost would simply be folded into the price charged for the product.

"Here's your new accounting software, Mr. Jones! We guarantee that you'll be able to run your four-person business without it causing you any inventory or tax slip-ups. That will be $2 million, please, up front. Thank you!"

Re:Typical Big Government Response (1)

Jerry Rivers (881171) | more than 8 years ago | (#13686609)

"1) software development will slow"

Hurray! This would presumably mean no more yearly (by the calendar I might add) cash-cow (and mostly useless) "upgrades" that force me to shell out thousands of dollars just so I can service the one or two customers who just happen to have bought the latest greatest version of InDesign or whatever.

Just think! After a few years almost everybody would be on the same version, there would be few if any serious bugs, and other developers could publish polished ancillary apps that aren't going to break every 12 months. Imagine the productivity!

Re:Typical Big Government Response (1)

geomon (78680) | more than 8 years ago | (#13686682)

If you are talking about chrun, then you obviously missed my point. Software produced just to make an older version obsolete will be around regardless of whether E&O insurace is required or not. In fact, because of the relatively modest changes between upgrades, the liability route will *guarantee* that more (not less) useless upgrades get published. It is the lowest risk route to publishing.

What I'd like to see...(or maybe not) (2, Insightful)

soft_guy (534437) | more than 8 years ago | (#13686631)

Can you imagine what the lawsuit would be like when some user says "Software X deleted some file" and the software company says "No, it didn't." How would you go about proving this either way? Or in the case where perhaps a virus or something performs an attack on your software like perhaps a buffer overrun attack and causes the file to be deleted? OMG this would be messy for both sides. I can't imagine trying to make a jury understand the issues involved! I think they would end up picking a winner rather arbitrarily based on the personality of the lawyers and witnesses.

Re:What I'd like to see...(or maybe not) (0)

Anonymous Coward | more than 8 years ago | (#13686666)

"I think they would end up picking a winner rather arbitrarily based on the personality of the lawyers and witnesses."

And you want me to finish this little joke?

Re:Typical Big Government Response (1)

Goalie_Ca (584234) | more than 8 years ago | (#13686694)

If a doctor screws up somebody dies. If an engineer screws up lots of people die. If a lawyer screws up bad news for the victim (or the defendee). If a web browser has a security flaw people may lose some money but nobody dies and it's easily preventable like you said.

Wonderful (1)

pureseth (917220) | more than 8 years ago | (#13686495)

This is great, really. Customers first. Personal information is very well.. personal. It's great to see that someone is standing up for this..

Wow (2, Insightful)

valeriyk (914993) | more than 8 years ago | (#13686498)

And shouldn't the companies that implement the code be responsible for the insecurities, instead of passing the buck onto the developer? If a company incorporates a piece of software, and does nothing to lock down the program, doesn't change passwords, doesn't configure it properly, shouldn't the company be responsible? A developer is responsible to a degree, but so is the user. It takes two to tango, and going back to the quote, if a kid drinks sulphuric acid, how did he get it? The parents are responsible for the kid... Just like the system is the responsibility of the owner/operator...

And... (2, Interesting)

Ooblek (544753) | more than 8 years ago | (#13686501)

....every software developer is supposed to know that a customer doesn't have people smart enough on staff to install software using anything other than the default install? There would be nothing but a blame game because much of commercial software depends on other software libraries, including those provided by the OS. If our courts can't figure out that P2P lawsuits are basically meritless, I'd hate to see them figure out who is to blame because someone installed a default option on IIS that had an exploit, yet wasn't required to run IIS with a vendor's software.

Don't get me wrong...bugs suck, but suing someone over it is as equally bad as releasing buggy software.

Perhaps he should try writing software once (0)

Anonymous Coward | more than 8 years ago | (#13686502)

Nothing complicated. A form-to-mail script perhaps. Let's see how he fares.

am I evil? (1)

Vodak (119225) | more than 8 years ago | (#13686508)

Software quality aside. I am glad the world hasn't gone lawsuit crazy with Software liability cases. No stupid cases about how joe idiot did something stupid and lost his job because he didn't back up.

Solution in the article (1)

GOD_ALMIGHTY (17678) | more than 8 years ago | (#13686512)

Consumers Bill of Rights, or rationalization that current statutes regulating trade uphold certian Subjective Rights, that may not be given away. In other words, the contract would be invalid, since it imposed illegal conditions.

Boring old institutional engineering is the answer once again.

"Ahh yes," counters the Industry, (4, Funny)

Shadow Wrought (586631) | more than 8 years ago | (#13686518)

"But see, if we had to ensure that everything worked all the time, it would take too long and nothing would happen. There would be no software."
"Oh, I hadn't thought of that," says the commentator whose argument proceeds to disappear in a puff of reality.
Meanwhile, Industry, rather content with itself, goes on to prove that black is white and white is black and is sued into oblivion by the DMCA.

Where do you draw the line? (1)

jxyama (821091) | more than 8 years ago | (#13686519)

Car manufacturers can be held liable if an accident is caused by a defect. If someone else runs into you, they are not liable. If someone breaks into your car, they are not liable. If there is a defect in the door locking mechanism, the manufacturer does nothing and your car gets broken into, then the manufacturer is liable. If the manufacturer offers recall or free repair to the locking mechanism and you opt not to follow up, hmm..?

Unlike cars, any given computer software is absolutely identical. So one defect will affect pretty much everyone the same way. We will need to be really careful in figuring out how far to hold the software company liable because of this.

Strict product liability and license negotiation (1)

glimt (717527) | more than 8 years ago | (#13686523)

All software still must meet strict products liability. That is, if your software causes users physical harm then the software developer is still liable. For example, if navigation software causes a boat owner to drive his boat onto a sandbar and someone is hurt or killed, the software make is still liable.

That said, you don't have to agree to the license. If you don't like the license, then pay more money for a piece of software that has a license that you agree with. As with all contract negotiations, you have to pay more if you expect the other party to accept more responsibility. If you look around, you will find plenty of software that does accept more liability. It is usually sold to the military, airlines, etc, but it does exist. If you want it in mainstream accounting software you will have to graduate from quickbooks, and negotiate directly with the company selling the software.

closed source software (0)

Anonymous Coward | more than 8 years ago | (#13686526)

Has anyone tried to sue MS or any other company that produces closed source software for their losses that happen when a "script kiddie" gets theyr money because of bad programming?
If so, how did it go?

Where do these people come from? (1)

rabeldable (851423) | more than 8 years ago | (#13686527)

Why so many people sitting on the sidelines just complaining? Come up with a better way and write an article about it or sit down.

I'll write my software and do what I want with it.

Thank You

Don't Forget (1)

MetalliQaZ (539913) | more than 8 years ago | (#13686533)

Dont forget, the entire point is the freedom to choose. You always have a choice not to use the software in question. Does he think that the guy who wrote did so in order to conduct business? I don't think so.

-d

Why? (1)

Professr3 (670356) | more than 8 years ago | (#13686539)

The key phrase here is "because I've agreed to a license that removes such liability." If you want software that won't be broken into by script kiddies, then don't buy the stuff that CAN be broken into. It's the law of supply and demand. If you don't want the software, you don't have to buy it or accept the license. Fact is, if you have a lab experiment that may be wrong, nobody's going to have children perform it if they have to sign a "you could die because we make mistakes" waiver first. The bottom line is, you get what you pay for, and if enough people want software without such licenses, then they'll have to stop buying software WITH such licenses. If you agreed to the license, you really have no room to complain about what happens afterwards :\

Just my two cents...

Re:Why? (0)

Anonymous Coward | more than 8 years ago | (#13686632)

Name one piece of software that can't be broken into? Come on, I dare you.... Just one, that's all I ask.

Re:Why? (0)

Anonymous Coward | more than 8 years ago | (#13686752)

Notepad? :P

Liability (1)

mrclark13 (812867) | more than 8 years ago | (#13686540)

I didn't RTFA, but from the summary, it sounds like he has a point. However, it also seems to me, that it is much harder to fool-proof software than it is to fool-proof books. For example, an author doesn't have to worry about readers interpret the book, but software designers have to code for all different types of hardware that it might be run on. It just seems like even the best programmer in the world will make honest mistakes, but it doesn't mean that they should be liable for it, especially if it is a result of poor implementation of the software.

Bad example (1)

gamer4Life (803857) | more than 8 years ago | (#13686542)

One causes bodily harm, the other doesn't. If some software that was written for a flight navigation goes haywire and the plane crashes, you can be the software company will be held liable.

Personal safety is held in much higher importance than financial loss.

Tally ho! (1)

Trails (629752) | more than 8 years ago | (#13686543)

I agree with Bill Thompson!!

We should definitely make this kind of thing actionable, so that every time my unpatched Win98 machine gets a virus I should be able to sue Microsoft.

Sure you can sue (2, Informative)

CKnight (92200) | more than 8 years ago | (#13686545)

You can always sue a service provider (bank, etc.) for such things as making your personal information public. They in turn however, cannot sue the software company (necessarily) because they (the bank) had an opt in. You can sue bacause you had no say in what systems the banks use, so you cannot be held accountable. You didn't agree to waive your rights and to accept liability.

Put yourself in the bank's shoe however. When you install an OS or any application that comes with a EULA, you have the choice to not use it if you don't agree. It's not ideal, and it puts you at risk, but you have a choice. That will always be the deffence of the software companies.

The argument can be made however that you actually DON'T have a choice, only the illusion of one. If you need to provide a service (or rather, have a service provided to you) and every product out there has a self indemnifying EULA then what option does a user have?

- I didn't spel chek

Insurance (1)

captaineo (87164) | more than 8 years ago | (#13686560)

If liability were mandatory, software companies would be forced to buy very expensive insurance policies to cover the potential costs of being sued, just like doctors in the US must buy malpractice insurance. The result would be the same as in the medical field - vastly higher prices.

Consumers complain about the poor quality of software right up until they walk into a software shop - then they buy the cheapest product.

EULAs do not provide any more protection (5, Insightful)

LightStruk (228264) | more than 8 years ago | (#13686561)

Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability.
That's exactly what you've done when you agree to a license from Microsoft.
From the Windows XP Home EULA [microsoft.com], with caps removed to get past lameness filter:
To the maximum extent permitted by applicable law, in no event shall Microsoft or its suppliers be liable for any special, incidental, punitive, indirect, or consequential damages whatsoever (including, but not limited to, damages for loss of profits or confidential or other information, for business interruption, for personal injury, for loss of privacy, for failure ot meet any duty including of good faith or of reasonable care, for negligence ...
and so on and so on.

With this amount of legal protection, I feel completely safe using Microsoft products!

Tiers of responsibility (1)

Stupendoussteve (891822) | more than 8 years ago | (#13686568)

Software is not going to be perfect. It is always going to have bugs, it is always going to have vulnerabilities. The level of danger in most cases depends on the administrator (or at least, the person running the software on the host end). If a person were able to break into your bank's software, then your bank is responsible. Your bank choose to use the software, your bank allowed for holes in their security.

Yes, the developer holds some blame for the vulnerability in the program, but they cannot be held responsible for a choice to use it and what may come of that. There is an exception though; contracted work. If you are contracted by a company to make a piece of software, if it fails then you are directly responsible. They did not "make the choice" to use something you had released, they asked you to make something for them to use.

If a robber was able to steal the contents of the safety deposit box at the bank, you would not hold the manufacturer of the safe responsible. If, however, the bank enlisted their own designers to make a custom safe, the bank could in turn hold those designers responsible (assuming they didn't leave the door open).

Re:Tiers of responsibility (1)

Stupendoussteve (891822) | more than 8 years ago | (#13686726)

Well my analogy at the end didn't work quite right. You could hold the manufacturers responsible if it was a defect in the product that allowed it to be tampered with (say, "hit the bolt with a hammer and it opens right up"). However, if it was left open by the bank then the bank is responsible either way... even if it was contracted. I guess, then, that the thing with contracted work is that you are also, hopefully, helping to correctly impliment it. In that case, a flaw should be attributed to you.

Not SoA book is either wrong or it's right. If it' (1)

N1ghtFalcon (884555) | more than 8 years ago | (#13686570)

A book is either wrong or it's right. If it's wrong, then it's wrong for everybody, and thus the author should be held accountable for the mistake that he or she could've found beforehand.

With software it's different. Just because some code works on a million machines, doesn't guarantee that it will work on one you try to run it on. Because software developer has no (or relatively little) control over the environment the software runs in, the best they can do is account for as many possibilities as possible. Even with that, if you make certain assumptions about the environment today and they are true, doesn't guarantee that the update installed tomorrow will keep it that way.

Just think about the fact that most people running windows probably have the installation in C:\windows. If you hard code that path into your code, you're software will be ok for 99% of the users. Then comes along someone who decided to install it on D for whatever reason. In best case, your software no longer works, in worst case, you seriously screwed up someone else's system. Simplistic example, I know, and it's easy to account for this type of thing, but my point is that there are thousands of examples just like this, and it's unrealistic to expect programmers to account for all of them. Sooner or later, every programmer will make some kind of an assumption about the system that their program will run on.

As a result I'm forced to conclude that lack of control over the system environment in which your software may run should relieve you of any responsibility for what happens when your program misbehaves due to non-standard circumstance.

Freedom of responsiblity? (1)

zwilliams07 (840650) | more than 8 years ago | (#13686572)

...for giving developers 'freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private'.

Yeah cause you know; gun manufactors are totally held responsible for each person shot or killed by each of their guns. Oh and of course Silverware makers are totally held responsible for stabbings with their utensils. Oh and bullet manufactorers are also held responsible for whatever their bullets are used for. Oh and lets not forget energy providers for providing electricity that can kill, or water and sewage system maintainers for people drowning and stuff. What a total load of crap.

What planet is this guy living on?

Re:Freedom of responsiblity? (1)

zwilliams07 (840650) | more than 8 years ago | (#13686653)

Wow, I guess I should also be held responsible for the improper spelling of "manufacturers" now too. Crap. I better get a good lawyer.

so... (1)

SolusSD (680489) | more than 8 years ago | (#13686573)

My car was broken into... Can I sue Pontiac for not making my windows thicker and my door locks stronger?

Market Conditions (1)

Richy_T (111409) | more than 8 years ago | (#13686578)

If there was a market for software where the developers indemnified their softwre, you would see such software. People just aren't willing to pay the price except in rare circumstances and then you're usually into the realm of bespoke software. Would the comentator be willing to pay $1000 for his web browser?

Rich

Legally (1)

SlayerofGods (682938) | more than 8 years ago | (#13686581)

Those stupid little EULA won't protect from claims of negligence.
If a software program tells you to go drink acid you better believe you can sue regardless of what you clicked on.
It's very similar to those stupid little signs on dump trucks. 'Not responsible for objects that fall off'
The hell they aren't. If something falls of the truck and hits your car you can be assured that stupid little disclaimer will offer no protection.

What nonsense (1, Insightful)

Morganth (137341) | more than 8 years ago | (#13686582)

Normally, I'd agree with the commentator in this article. If you sell software, you should be subject to the same liability as if you sold any other thing. For example, if you sell me banking software, it's assumed that this software is secure and won't easily let hackers steal my account information. If you sell a car, it better not explode every time it gets rear-ended, or have tires that explode when going over certain speeds.

But if you give me a car, or if my hobbyist mechanic friend builds me a car and then gives it to me, I can't really hold him responsible for it not functioning properly. Same thing if my programmer friend just gives me custom banking software he built. When you get something for free, it needn't be licensed in such a way. If it had to be, then no one would ever give anything away from free, which is bad for the public. The better solution is for people who are worried about this potential to simply not accept things which are given away for free.

We have such restrictions on sold goods because otherwise our market can be completely tampered with. Without them, it allows companies to claim goods perform a certain function safely and reliably when in fact they don't.

I do agree though--there was a general trend in EULA's for software developers to say, "Listen, what happens now that you've bought this software is YOUR problem. If it fries your hard drive, or sends all your most personal files to my friends, that's YOUR problem." Yea, that's bad. But the GPL simply doesn't enter into it. The GPL is a license about copying and redistributing software. If you start selling GPL software to a company, then maybe the company that sold it can be held a bit responsible for it not working well (they should, after all, be testing the configuration; otherwise, why are you paying them?).

Unfortunately, I don't think the "security" issue is really the critical one. After all, car manufacturers aren't held responsible for making car theft easy (even though it actually is quite easy). Software developers (especially open source ones) spend a lot of time on making software secure, but we can't possibly hold them responsible for every hack. No products, be they physical or in the software world, are really completely secure.

No Reason to Force Costs on Everyone. (1)

taj (32429) | more than 8 years ago | (#13686588)


Sure something could happen. Maybe firefox leaks personal information or your previous draft of an email to Ford reveals you are talking to GM too in a Word doc.

These are risks. If the risks are serious enough in your mind, you can buy insurance; often from someone backed by companies like Lloyds Bank that have expertise in such areas. But don't demand that everyone pay for insurance.

It is your freedom to decide if you want insurance or not. Don't try to dictate your wishes upon everyone. The costs will just be passed right back to you.

Typical journalist (1)

BenjyD (316700) | more than 8 years ago | (#13686592)

One argument against product liability for software is that it would destroy the industry by placing unacceptable costs on developers, and that it would wipe out the open source movement in its current form since there is no way an organisation like the Mozilla Foundation could distribute Firefox for free under those terms.

But nobody bought a copy of Firefox, did they? The only way you should expect to have consumer rights is if you actually bought the product. In fact, why even mention free software at all in the article?

apples to oranges (1)

mycroft822 (822167) | more than 8 years ago | (#13686594)

Comparing an author of a book to an author of a program isn't really a fair comparison. Don't get me wrong though, I agree with the article. It's just that you can't ever really predict what someone is going to do to break your design. Obviously most developers could do a better job of making their code secure, but by holding them accountable for the actions of someone with malicious intent would be more like holding Ford accountable for some kid going around and making people wreck by shooting their tires out or some sh!t like that.

Ownership with out the liablity... (1)

xiaomonkey (872442) | more than 8 years ago | (#13686595)

When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book.

Authors are typically also asked to sign ownership of the copyright over the publisher. So, it sounds like said publishers now want ownership of the IP with someone else essentially signed up to take all the legal liability.

For that latter, they could technically just go to an insurance company for that kind of thing. Buy, why bother, when you can essentially get someone else (the author), the bear this burden for no additional cost.

Childish reasoning (1)

Rotten (8785) | more than 8 years ago | (#13686614)

From the article...

"But if a system is unjust then it should not be supported, and an unwillingness to strip undeserved privileges from a group, however noble their cause, is not sufficient reason to maintain the current dispensation."

-

I guess every one of us choose wich privileges we want to "drop"....his argument agianst Open Source is quite handy against any other software license around...they keyword is "you have a choice" and I choose something else.

Analogy doesn't fit (1, Insightful)

Anonymous Coward | more than 8 years ago | (#13686626)

From the article: The point is not that we should encourage lots of lawsuits against software companies, or have unlimited liability for software. After all, I can't sue Toyota if my car doesn't start and so I miss an important meeting, although I can sue it if a design fault means I crash on the motorway.

This analogy would make sense except that you can void a warranty (and assumedly any liability) if you make any adjustments to the car that could negatively affect its braking system, etc. The same is true with software vendors only amplified a thousand times. Software vendors have no way of telling ahead of time what kind of hardware faults, existing programs, etc, are already installed that could interfere with the operation and security of the program.

Further, nobody holds a car company liable if someone finds a way to jimmy the lock and open your door, which would be the equivalent of a hacker in this case.

These kinds of liabilities only work in more closed systems.

Really? (0)

Anonymous Coward | more than 8 years ago | (#13686659)

So can I sue Mr. Thompson for every typo in his stories?

Slashdot EeziPost (TM) MK I.rc (0)

Anonymous Coward | more than 8 years ago | (#13686673)

Slashdot EeziPost (TM) MK I.rc

[ ] Another: [ ] Dupe [ ] Slashvertisment [X] WTF [X] $editor is a dork

[ ] Frist psot [ ] link to GNAA [X] Link to goatse [ ] $random_drivel

[X] I Haven't RTFA, but... $random_opinionated_comment

[ ] Slashdotted already!. I bet their server runs on $topic_item too

[ ] Soul_sucking registration required

[ ] Mod Parent [ ] up [ ] Down

[X] Fsck: [ ] SCO [ ] Micro$oft [ ] DMCA [ ] DRM [ ] MPAA [ ] RIAA [ ] Google [ ] Bush [X] BBC [ ] You all

[ ] I for one welcome our new $topic_item overlords

[ ] Imagine a beowulf cluster of those

[ ] In Soviet Russia, $topic_item owns you!

[X] Meh!

[ ] Netcraft confirms $topic_item is: [ ] dead [ ] dying

[ ] But have the inventors thought of what will happen if $random_amateur_insight

[ ] Once again the USA is clamping down on my [ ] Amendment rights.

[X] You insensitive clod

[ ] But people who download music from P2P networks are more likely to buy the album

[ ] Cue DVD Jon-type crack in 3..2..1

[ ] Torrent, anyone?

[ ] Here's a link to a patch: $random_linux_distro_url

[ ] Profit!!

[X] Still no cure for cancer

So what? (1)

RWerp (798951) | more than 8 years ago | (#13686695)

Everything has its price. Authors accept some responsibility, but they are paid far more than any OSS developer. Also, there are a lot more ways that software may malfunction than the reader may misread a book. Any book on chemical experiments contains a disclaimer "do them under you parent's supervision".

Trusted Solaris (1)

wumpus188 (657540) | more than 8 years ago | (#13686696)

Please correct me if I'm wrong, but I believe at one time Trusted Solaris used to have some (albeit limited) "will be liable" clauses in their license.

Why it's ok to steal software. (0)

Anonymous Coward | more than 8 years ago | (#13686699)

The same companies who declare in writing that their software is essentially worthless and is sold with no warranty, expressed or implied also scream bloody murder about software piracy.

I say you can't have it both ways. If you say your product is a worthless piece of shit then don't complain when I steal your worthless piece of shit.

Commercial Software's Niche (1)

Anm (18575) | more than 8 years ago | (#13686719)

If commercial softwarre ever wanted to prove their value over decentralized open source, this is it. Without a centralized authority and a large pile of money, open source can never provide the liability guarantee of a corporation. Very few open source projects have this backing, and very few capable backers would support open source. This could provide a balanced duality in the software world: either grab the software for free and accept the liability, or buy into commercial software with a gaurantee.

Such liability contracts should also promote pro-active testing, testing that actively tries to break the rules and testing logic that looks for problems at the source level. Most testing habits involve testing against the rules while ignoring the unexpected cases where most exploits occur. Being liable for such exploits would put some heavy pressure to change those habits.

Anm

Well, part of the problem.. (1)

Kjella (173770) | more than 8 years ago | (#13686723)

...is that a general purpose computer system is a complex combination of hardware, firmware, device drivers, operating system, libraries and application code. Even if I provided you with a warranty it would be in a "blessed" configuration, and even then I'd disclaim any liability for external influence causing my program to malfunction. For those that actually need it, they are better off getting a company to support the whole setup, and possibly with an insurance to cover their backs.

Not a chance (1)

digitalrevolution (904258) | more than 8 years ago | (#13686729)

That's nonsense. Just like you can't pilot that plane on the first day, you should be responsible for learning to use software before you can blame someone for the disruption in your life when you lose your data or crash your system. You always have a choice.

Let me get this straight... (1)

linuxhansl (764171) | more than 8 years ago | (#13686751)

the author wants to download software for free *and* be able to hold the author liable for any (direct or indirect) damages... Talk about free-loading.
Coding and liability are in principle independent.
When the author assumes liability that constitutes an extra service. What we need is the ability to get software for free, and the ability to get fitness and other guarantees - in exchange of a fee.

Trust Relationships (1)

SumDog (466607) | more than 8 years ago | (#13686758)

There is a HUGE difference when designing software. When you talk about massive monolithic pieces of software, close or open, it becomes very difficult to search for every possible error. People are going, for the most part, make software that works to keep their customer base, or in the case of Microsoft and Oracle, spend lots of money on advertising to get people locked into software that doesn't work.

The argument with the children's book is also a stupid argument. If I write something down and someone follows it, there is a trust relationship there. You have to trust the book, the author and that the book didn't get modified along the way. If someone slips in a new page before it gets delivered to you and you follow instructions that lead to your death...yea that's not gonna happen with a book, but it can and DOES happen with computer programs. That's why computer scientists use hashes, certificates and a wide variety of other tools.

There is a trust relationship between you and the software vendor. If you don't want to trust the software unless they take full responsibility, look for another piece of software (and be warned, it will cost you...a lot!)

Free software is worth well more than what you pay for it, but you do get what you pay for, and establishing a trust relationship with free software does have risks, as does trust relationships with comerical software. The fact is due to the sheer size and magnitude of the code base to most software products, it can be a daunting task to keep they free of bugs and security issues. If you want to hold free software programmers responsible for flaws, just ask for your money back, all $0 of it.

Books vs. Software (1)

digidave (259925) | more than 8 years ago | (#13686759)

If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare

The real difference is that it's nearly impossible to write any kind of complex software and have it free from bugs. Finding these problems isn't as easy as proofreading because code can function in vastly different ways depending on the context it's run in (where's the input coming from? etc).

I think software writers should be held responsible if they don't correct major bugs in software which they claim they are maintaining. When MS doesn't fix a security bug for a year after knowing about it and it then causes someone data loss, maybe MS should be held accountable. Same with OSS... Red Hat promises security patches for several kernel versions and they should be expected to provide them in a reasonable amount of time.

The problem with that is it's very subjective. What's a reasonable amount of time? What bugs are serious vs. not serious (especially when a bug thought to be not serious is exploited in an unexpected way to become serious)? What if the fix causes major compatibility problems?

It's easy to say "make software developers accountable", but not so easy to find a fair way to do that. Newspapers post corrections when they find errors, but are they held accountable for an error in a paper they printed last year? What if they printed a correction, but not everyone bought the paper with the correction in it?

Placing the Blame Somewhere (1)

Null537 (772236) | more than 8 years ago | (#13686760)

If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble.

This is that double-edged sword that tries to blame someone for personal mistakes, and actions. Crossreferencing is a very good idea when you're playing with chemicals. Obviously this is a specific incedent, but it holds true for everything, multiple sources are better than one. Yeah, script-kiddies can run some software that someone created, but some true hacker could write the same software and run it, then where does the blame get placed, on the compiler creator?

I think you would see less Open-Source software if there was full responsibility placed on the creator, because one hardware conflict that creates negative results could amount to blames of "lost productivity" etc, and then again, you have a person or company looking for someone to take the blame.

Licensing/responsibility tradeoff (0)

Anonymous Coward | more than 8 years ago | (#13686764)

I've long thought that there should be a fair middle ground when dealing with licenses to software that doesn't exist currently.

For real-world things, there is a well-established set of principles that describes what you can and can't do in a commercial transaction (lemon laws, right of first sale, Uniform Commercial Code, etc.). But for software, it is virtually impossible to find a product for purchase that doesn't present you with some sort of restrictive, by-breaking-the-seal-you-agree-to-abide-by-our-ter ms verbiage, after you've already paid for it and taken it home. There are many, many well-reasoned criticisms of this out there already.

Instead, here's how I think it should work:

  • If something is sold, lemon laws and the like should apply, and the seller is not allowed to globally disavow their limited responsibilities to the buyer, or to impose additional terms (by contract-of-adhesion) after the sale.

  • If something is given away for free (e.g. GPLed software), then the "seller" does have the right to demand adherence to licensing terms (e.g. no reverse engineering, etc. -- though that would be meaningless for GPLed stuff), and also has the right to disavow any responsibility (a la Clause 11 of the current GPL [gnu.org]).


In other words, roughly speaking, you get what you pay for. There needs to be, I think, a better balance between consideration (payment) and rights (both the seller's and buyer's) than there is right now.

-HJ
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...