LINK HERE In a few days` time, we will know our readers` sentiments on the difficult question about software vendors` liability for flawed software. It is a radical idea, given software`s long, free ride on the back of contract laws.
We`ll be less likely to know what the legal outcome of the same issue will be. Microsoft has got embroiled in a lawsuit again, with the plaintiff saying she was robbed of her identity in a scenario not unlike the story of Angela Bennet (Sandra Bullock) in a film called The Net some years ago.
Do we really want suppliers of products that are critical to our businesses and economy to be able to absolve themselves of all liability?
Carel Alberts, technology editor, ITWeb
Marcy Hamilton says Microsoft`s "insecure software" allowed a cracker to gain access to her banking details. In many articles, most perceptively so in the New York Times, speculation is rife over whether normal US product liability laws should extend to software, to hold vendors like Microsoft liable for flaws in the same way that a manufacturer of a faulty tyre would be liable in the right circumstances.
The feeling among those who know their way around US product law seems to be that current laws conspire against Hamilton winning. Certainly contract law provides refuge to the seller: software is not sold like most other products. The user buys only the right to use it, quite expensively, via licensing, and clever disclaimers and caveats contained in these contracts further complicate a user`s case.
Past master
Microsoft is a past master of litigation. You could argue that if it spent as much time securing its software as it does making itself invulnerable to legal challenge, there wouldn`t be an issue today. As such, it will know the above considerations are working in its favour, but it must also know contracts can be ruled unenforceable, when they clash with certain other legal principles.
One way to challenge a contract in the US is to invoke the "fit for intended use" rule, which reportedly applies to most consumer products. I seem to remember something about "inherent defects" in South African law, which appears to me to be a stab at the same concept. I`m not qualified to write legal opinions on such matters, but the point remains that users may not realise contracts are not as sacrosanct as they seem. You could argue exceptions.
Aside from matters of law, the broader and more important issue is one of policy: should we allow this to continue?
Should an entity that asserts intellectual property rights over a creation be allowed to distance itself from its dangers in a contract? Do we really want suppliers of products that are critical to our businesses and economy to be able to absolve themselves of all liability?
Should the law (in this case the courts) not intervene when unprecedented security breaches have failed to provide enough incentive to spruce up software?
These are the feelings of a former US federal prosecutor, now a VP of a computer security firm and of the US National Academy of Sciences. It seems the questioning has begun.
Some arguments against liability
But the truth is that this is a divisive argument, and software vendors, security vendors, users, IT administrators, online commerce providers and, yes, hackers, will probably all argue according to what one might expect of someone with a vested interest.
The argument against liability that impresses me least of all is Microsoft`s statement that we`re all missing the point. The real criminal, it has stated, is not the software vendor, but the hacker. Although compelling in its own way, this seems to me a fairly obvious attempt at throwing consumers off the scent. From the poll ITWeb is running, you`ll notice that we`re acknowledging software vendors alone may not be the only ones at fault. A degree of shared responsibility seems reasonable with the right set of facts. But to argue that the hacker is the most culpable, and therefore that everyone else should escape blame, simply doesn`t follow.
Another argument avers that liability would dampen innovation. My response is that, in many ways, we`ve had too much innovation and too little value in IT, and an edge of responsibility may do wonders for the respect the industry sorely needs to nurture.
According to the New York Times, the IT industry has also argued that software is often misused or modified by consumers. Assigning responsibility for a failure, the argument goes, would be unfair to any single company. This, in my opinion, is not the point at all. Microsoft, for one, is on record as having said it is "humbled" by a recent spate of attacks from hackers, and so the vulnerability of its software is not in question.
Are Microsoft`s products more vulnerable than most software? Hamilton`s lawyers assert that this is the case, but it doesn`t seem necessary to get into that debate now, both because admitted vulnerability is enough to consider the central question of liability, and because most people are concerned only with the way Microsoft goes about patching its vulnerabilities. The company says there is ample information on its sites, others claim the information is complicated beyond description, and in some cases enables quick-acting hackers to gain control over systems. Microsoft`s own reaction, in the form of its Trustworthy Computing initiative and its focus on proactive software updates and education campaigns, appears to be an admission that it isn`t doing enough. Perhaps the court will, with these developments, find that now it is.
Whatever the result, this case is likely to be only the first of more of the same. The early chances of the claimant`s success hinges on the case being afforded class action status, in which event the consumer`s pocket deepens significantly. In any event, ultimate success will depend on whether the court is willing to effect a real extension of current laws. And if it does, it could be because a contract should not frustrate a user`s expectation of a trustworthy product.
Share
