EU software liability law could divide open source
The world of open-source development could be divided, if the European Commission succeeds in passing a law extending consumer protection rules to software, according to experts.
The Commission proposes that software companies be held liable in the European Union for the security and efficacy of their products.
David Mitchell, senior vice president of IT Research at Ovum, thinks that this may lead to a situation boosting current open-source vendors' business models but making it more difficult for independent developers to thrive.
The proposal is likely to make vendors force customers into support and maintenance agreements upon each purchase, in order to help the former fulfill warranty obligations, Mitchell said.
This is already in line with the business models of current open-source vendors such as Red Hat and Canonical, which sell support services. On the other hand, the "garage open-source model" of independent developers, who do not have the scale to guarantee their products at that level, will likely suffer, Mitchell said in an interview with ZDNet Asia.
Bryan Tan, director of Singapore-based Keystone Law, had predicted in an earlier blog post the "caving in" of open-source software due to similar worries over liability on the parts of independent developers.
"Gone are the days (when) software could be written in a garage by two guys," Tan wrote.
Tan also told ZDNet Asia that the proposed law would likely inflate prices for consumers outside the EU--including the Asia-Pacific region, as a result of the vendors' need to provide insurance. Furthermore, the "death" of some smaller vendors (and an ensuing dearth of competition) would lead to increased prices, he added.
While the Commission has said the proposal is in the interest of consumers, Ovum's Mitchell thinks that a "huge amount of market uncertainty" will be created.
"Customers will find that their existing support and maintenance agreements are now ambiguous, or in contradiction with any new legislation," he said. Businesses would also have to undertake longer testing cycles, resulting in project delays, Mitchell added.
Realistically, liability will be hard to pinpoint because of the interdependency between hardware and software, Mitchell noted. The failure of a piece of software could be blamed on another installed software or hardware portion.
"(The legislation) promises to be a lawyer's dream (come true) but not to deliver any tangible benefit for the customers," he said.
However, Stanley Lai, partner at Allen & Gledhill, thinks that consumers will benefit. While he agrees that software prices will likely rise, "it remains to be seen whether consumers will consider that the price to be paid in return for quality assurance is an adverse effect."
Lai also said it is "premature and oversimplistic" to predict the demise of open-source software. He said with code open and more easily corrected--the oft-quoted "many eyeballs" effect--users and consumers of open-source software may be more likely to get errors fixed through the community and less likely to pursue direct recourse to liability under the proposed legislation.
Victoria Ho of ZDNet Asia reported from Singapore.
In 1970, long before the Internet, a computer Science major and professor stated "No operating system was, or could be, checked in a reasonable time for ever possible bug, buried deep inside it.
In 1976 I encountered a bug in a lotus program ; after that crashing a message was displayed saying "Please call us and tell us what were you during when this happen" oh yeah sure we remembered how we got to that point..
Now with the Internet and 500 million young people with time on their hands, all possible means of exploiting features for ill use are discovered every day. Latest Vista is so full of security protection,I wonder how it runs. Every time a program starts, I get ask if I started it.
For Example my latest little trouble was due to an automatic setting in a Internet suppliers software. Lets see, Email down-loads (the problem) depend on Outllook, Vista, the Internet telephone line, the phone company, the Internet, the Internet site, the Internet providers software, all operating in concert. How does one guarantee that. I remember a ball I had with a map provider, whose software was impacted by a CD creation program (both well know).
I know there is a hate Microsoft contingent, but how can Microsoft test the hundreds of programs out there, and prove that program XYZ will always work when installed with every other one of the thousands of other programs.
Sometimes I really think I live at the wrong continent....
Definately not. It's two other Ms's from Luxembourg and Bulgaria actually (Reding and Kuneva).
I challenge you to provide a link to the text of this proposed legislation. I say this, because surely you have all read it - if you haven't you're just blowing smoke *********.
I will be interesting to see what URLs get posted. Happy binginig ;-)
SAUCE PLZ?
So, I ask again, a URL please for the text of the proposal...
Surely that's not too much to ask?
If independant makers of software would then have to pay to create a corporate entity that they belong to that could be sued in order to stay in business (course it takes away their profits, but that is not the problem of the EU lawmakers, it is to protect consumers from bad programmers.) So there are ways around it, it just "wastes" money from the people making products and puts it into lots of administrative and lawyers hands. You could expect a 10% increaes in overhead to cover liability and admin costs to comply with this by all software developers - remember - if you see just ONE copy of something to someone in an EU nation - you MUST comply with it!
Tom
www.taphilo.com
Basically, you'll have the guys who write the code and charge for new features, and the guys who support the open source software by installing it on peoples systems and giving them warranty service for a fee. (Redhat, etc)
I have a very hard time imagining these laws will hold anyone liable for free software. The EU is crazy, but not that crazy. If I give you free software, am I liable for it on your system? Yikes! That would be pretty insane.
It will, unfortunately, be the utter death of packaged software.
Software developers have gotten a free ride for too long. It is true that flawless software is impossible, but so is a flawless car, toaster, or anything made by man.
Developers use this fact to excuse what is nothing but laziness and incompetence. The vast majority of bugs and security flaws are caused by lack of proper skills and due diligence.
A better middle point is needed, not this law.
There is nothing wrong with customers expecting that software will work properly, and it is quite reasonable for some period after its release to expect its developers to correct any egregious bugs. Given that software is licensed, rather than sold, that is properly a matter for the contract between vendor and purchaser, and it is for both parties to stipulate their requirements.
Put another way, unless you are arguing that a software vendor has a monopoly on some segment of the market, the right way to deal with this issue is competition. Consumers will purchase higher quality software over lower quality based on its reputation and reliability. They will already demand a refund if the software they have purchased turns out to be poor quality. And if they were interested in extended maintenance agreements (albeit at higher prices) they have always been free to negotiate or purchase such a service. If a vendor does not offer it, they can always go to one of that company's competitors and talk to them instead.
The problem with this legislation is that it will drag lawyers and courts into an area where they have no competence or expertise. It will create a cost burden on developers, particularly onerous for smaller outfits who will be forced to put up prices to compensate for the additional burden of risk (if not the cost of insurance against such risk). It is also likely to increase the power and influence of the so-called "Quality Assurance" industry, which in my experience has little impact on product quality and tends to focus instead on procedural consistency and compliance. None of these things are good for consumers; not one. Software will be more expensive, and there is likely to be even less competition.
Some have said that obviously developers will complain at this. Yes, of course. But I maintain that not only is this bad for developers, it will be bad for consumers as well, however well intentioned the idea might seem.
- by ajhoughton June 15, 2009 3:28 AM PDT
- The effects of this kind of law are easy to predict:
- Reply to this comment
-
(26 Comments)1. Software prices will increase.
2. Competition will decrease as smaller shops will be forced out of business by prohibitive liability insurance costs.
3. Software quality will not be affected overall.
4. There will be large transfers of money from productive activities (the creation of software) to unproductive ones (lawyers, courts, "Quality Assurance professionals" and auditors).
5. Vendors will no longer add minor new features to free updates for fear of liability, and may attempt to charge for bug fix updates as well (since even fixing bugs carries a risk of introducing new problems).
6. As a result, the problem of copyright infringement in software will become worse, because consumers will resent paying the higher prices that have effectively been mandated by their political representatives. If the additional insurance costs don't put people out of business, very likely this will.
Oddly enough I don't think there will be much effect on Open Source overall. The distributed liability makes it difficult to sue an Open Source project since there is often no identifiable legal entity that you could reasonably litigate against (and it is possible to see ways of making it even harder, for instance by deliberately shielding the identities of contributors). On the flip side, though, a lot of Open Source development is funded directly or indirectly by the commercial software industry; even leaving aside examples like Red Hat, a lot of FOSS developers have full time jobs writing commercial software for someone else. Some of those people might lose their jobs, which would be bad as they won't then be able to afford to contribute their time and expertise to FOSS.