Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law.
Commissioners Viviane Reding and Meglena Kuneva have proposed that EU consumer protections for physical products be extended to software. The suggested change in the law is part of an EU action agenda put forward by the commissioners after identifying gaps in EU consumer protection rules.
A priority area for possible EU action is "extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content", according to the commissioners' agenda. "Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions."
EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.
"If we want consumers to shop around and exploit the potential of digital communications, then we need to give them confidence that their rights are guaranteed," said Kuneva. "That means putting in place and enforcing clear consumer rights that meet the high standards already existing in the main street. [The] internet has everything to offer consumers, but we need to build trust so that people can shop around with peace of mind."
The Business Software Alliance (BSA), which represents the interests of software makers including Apple, IBM and Microsoft, criticised the proposals.
"Digital content is not a tangible good and should not be subject to the same liability rules as toasters," BSA director of public policy Francisco Mingorance told ZDNet UK on Thursday. "Unlike tangible goods, creators of digital content cannot predict with a high degree of certainty both the product's anticipated uses and its potential performance."
Read this
Could 'quality patents' end software wrangles?
The concept of fewer but better-quality software patents is being touted as a way to resolve many of today's intellectual-property problems
Mingorance said the performance of a piece of software depends on the environment it operates in, how the code is updated, whether it is possible to adapt and modify the software, and whether the code is attacked.
According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.
Right now, under the current EU Sales and Guarantees Directive, physical products are expected to carry a guarantee of two years. Extending those terms to software would have the effect of limiting customer choice, as contract terms would have to be extended to a minimum of two years, Mingorance added.
"Extending the scope would force the businesses to maintain update services for such contracts beyond the contractual term and ultimately limit the choice of offers," the BSA director said. "It is like renting your house for a summer month and being then obliged to extend the rent for another 23 months."
In addition, Mingorance said that extending consumer regulation to software could lead to less interoperability between software products, as manufacturers might decide to limit how far third-party developers could access their code.
Software companies have long argued against accepting responsibility for the security and efficiency of their code. Linux kernel developer Alan Cox in 2007 told a House of Lords Committee that neither proprietary nor open-source developers should be held accountable for their code.
Talkback
There needs to be a change in the way unfair EULA's are forced onto paying customers of software from large corporates.
Open source, however, isn't paid for, so forcing guarantee's would just stifle progress considerably. In fact, any free software could become very hard to find. This would not be a benefit to 'the consumer', especially in the current economic climate.
Any businesses considering the shift to open source right now would probably reconsider if this proposal becomes law. Better quality of proprietary software, and limited progression of open source.
Makes me wonder.
I have long been an advocate of software companies being held responsible for their code. Will it happen? I doubt it. OS makers in particular should be accountable for the security of their product. Imagine if windows had any concern for security with WIN95, and forward. We probably would not have as many trojans, viruses, malware, or adware, as we do now. How many people have lost their identity because of windows? The money spent in trying to start over again is enormous, and yet you have no recourse, because you accepted a EULA that relieved the manufacturer of any and all responsibility. Plus the fact you were forced to buy the OS, pre-installed on your computer purchase. You were screwed from the start.
There should be one uniform liability rule for all commercial transactions - the lack of that is what has messed up fields like medicine where what would be considered criminal irresponsibility is the rule and good practice the exception.
As long as the software makers can specify what it is they are guaranteeing, yes, they should be held to a guarantee.
Of course the bureaucrats who have never worked a day in their life want to torment the software companies by specifying the guarantee for them, but the EU's collapse into a writhing mass of bureaucracy is a separate problem. Even bureaucrats can get it right sometimes. People who sell a product or service need to be legally accountable that it work as advertized if any semblance of free market economics is going to work. Just because a bunch of programmers who act like 13 year olds don't want accountability or responsibility doesn't mean they should get carte blanche to sell dysfunctional garbage and keep their ill gotten gains.
The bureaucrats are right, for once, the adolescent twits who became programmers instead of growing up are wrong.
The devil is in the details, of course, which is to keep the bureaucrats from hijacking this idea to cover a lot of unrelated nonsense, and to keep the programmers from doing what the medical profession has done and water down the standards so far that nothing is ever 'wrong.'
One question, are you a software developer? I would guess not.
Anyone who writes software for Windows will now how hard it is to make software run on all possible software/hardware configurations. This is why anyone who sells software will have a license agreement which states “If it does not work on your system, don’t blame me” or something to that effect.
When a bug or security hole is found in the software who do you blame? The developer who writes the product or the company who sells the compiler used to make the program binary? Lets not forget that a lot of developers will use 3rd party code libraries so save time during development.
I am going to disagree slightly with my esteemed colleagues.
If you acquire a software package for free, your recourse is limited to the amount you paid. You don't get indemnity for nothing.
If however, you paid for the software, you buy it according to a set of stated principles. The prospectus for that purchased software will state what it will do and where it will run. If it doesn't you instantly get your money back, minimum. If in failing to perform according to the spec, it costs the user money, then the user has a case for damages.
This would apply to both proprietary and open source software. The developer is not involved, the organisation actually selling the software is the one in the frame.
The only people this would affect would be the ones selling software products, or licenses/subscriptions to use the software. If they are selling CDs which carry software, but are not selling the software, then they are immune.
This carries on down the line. If the vendor in turn purchased a license to a library from someone else and it was this library that caused the problem, then the liability can be passed on as well.
As it stands there is nothing the customer actually acquires in paying money for the software, other than a (sometimes time limited) right to have a crack at making it work for them. Under the above suggestion, the customer would be buying assurances that the software will actually work for them. If anyone wants to sell software, they will have to actually come up with something that works.
The actual code cutters would be liable only if they both developed and sold the software. If they are an employee of a company, then they worked on behalf of that company. If they are working for free as an open source contributor, then they are immune.
The proprietary software industry has been getting away with pulling in money for old rope for years. This might focus their attention on quality rather than just profit margin.
Andrew,
I can't say I agree with the idea of software developers being liable for software they've constructed - however, <u>if</u> a law to this effect was introduced, then yes, it should only be software which has been acquired through some form of commercial transaction that would fall within this legal scope.
Which brings me to a related item. I spent many years trying to convince businesses that they were <b>not</b> covered for losses due to software when buying proprietary software. People seemed to think that by paying a lot of money for software, that somehow the vendors of that software would and could be held accountable.
It seems that few people actually read the EULAs of said software, and seemed to think that they had more rights to claims than they would with corresponding open source software.
So I had a bit of a go at some <a href="http://www.cybersource.com.au/about/comparing_the_gpl_to_eula.pdf">edification</a> ;-)
: I can't say I agree with the idea of software
: developers being liable for software they've
: constructed
For clarity, if the person is the developer, but not the vendor, then there is no liability. It is the organisation who are actually selling the software and saying it will do xyz, that are liable for whether the software does what it says on the tin.
Nice edification by the way ! :-)
This post has been removed by a moderator.
: I can't say I agree with the idea of software
: developers being liable for software they've
: constructed
For clarity, if the person is the developer, but not the vendor, then there is no liability. It is the organisation who are actually selling the software and saying it will do xyz, that are liable for whether the software does what it says on the tin.
Nice edification by the way ! :-)
This post has been removed by a moderator.
This post has been removed by a moderator.