EU software liability law could divide open source

The world of open-source development could be divided, if the European Commission succeeds in passing a law extending consumer protection rules to software, according to experts.

The Commission proposes that software companies be held liable in the European Union for the security and efficacy of their products.

David Mitchell, senior vice president of IT Research at Ovum, thinks that this may lead to a situation boosting current open-source vendors' business models but making it more difficult for independent developers to thrive.

The proposal is likely to make vendors force customers into support and maintenance agreements upon each purchase, in order to help the former fulfill warranty obligations, Mitchell said.

This is already in line with the business models of current open-source vendors such as Red Hat and Canonical, which sell support services. On the other hand, the "garage open-source model" of independent developers, who do not have the scale to guarantee their products at that level, will likely suffer, Mitchell said in an interview with ZDNet Asia.

Bryan Tan, director of Singapore-based Keystone Law, had predicted in an earlier blog post the "caving in" of open-source software due to similar worries over liability on the parts of independent developers.

"Gone are the days (when) software could be written in a garage by two guys," Tan wrote.

Tan also told ZDNet Asia that the proposed law would likely inflate prices for consumers outside the EU--including the Asia-Pacific region, as a result of the vendors' need to provide insurance. Furthermore, the "death" of some smaller vendors (and an ensuing dearth of competition) would lead to increased prices, he added.

While the Commission has said the proposal is in the interest of consumers, Ovum's Mitchell thinks that a "huge amount of market uncertainty" will be created.

"Customers will find that their existing support and maintenance agreements are now ambiguous, or in contradiction with any new legislation," he said. Businesses would also have to undertake longer testing cycles, resulting in project delays, Mitchell added.

Realistically, liability will be hard to pinpoint because of the interdependency between hardware and software, Mitchell noted. The failure of a piece of software could be blamed on another installed software or hardware portion.

"(The legislation) promises to be a lawyer's dream (come true) but not to deliver any tangible benefit for the customers," he said.

However, Stanley Lai, partner at Allen & Gledhill, thinks that consumers will benefit. While he agrees that software prices will likely rise, "it remains to be seen whether consumers will consider that the price to be paid in return for quality assurance is an adverse effect."

Lai also said it is "premature and oversimplistic" to predict the demise of open-source software. He said with code open and more easily corrected--the oft-quoted "many eyeballs" effect--users and consumers of open-source software may be more likely to get errors fixed through the community and less likely to pursue direct recourse to liability under the proposed legislation.

Victoria Ho of ZDNet Asia reported from Singapore.

[Seaspray0]

"(The legislation) promises to be a lawyer's dream (come true) but not to deliver any tangible benefit for the customers" . I totally agree.

[tektaktyks]

i say make gun makers be held liable for the criminals.

[cp256]

A lot of clooless fools already have been saying that for decades. It sounds just as stupid as always every time I hear it.

[FutureGuy]

@cp256, may be it sound stupid to you but I bet it woudn't to a mother who lost her son/daughter because some idiot who shouldn't be trusted with a shaving blade got a gut because the gun lobby has been pushing hard to relax background check laws.

[krizhek]

@Futureguy may be it sound stupid to you but I bet it woudn't to a mom who lost her son/daughter because some idiot who shouldn't be trusted with a shaving blade stole a gun and their son/daughter was still waiting on their pistol permit.

[Panintheas]

the law is out of place. if a customer wants to pay for quality assurance, he may purchase a program from some business selling it(like Microsoft or Mac or Adobe LOL!) or go with open source as is and get all the assurance they paid for. the law is designed to level the playing field and protect profits, not do a thing for the end user.

[JayWes]

Oh sure, how can an operating system supplier guarantee the software for ever?

In 1970, long before the Internet, a computer Science major and professor stated "No operating system was, or could be, checked in a reasonable time for ever possible bug, buried deep inside it.

In 1976 I encountered a bug in a lotus program ; after that crashing a message was displayed saying "Please call us and tell us what were you during when this happen" oh yeah sure we remembered how we got to that point..

Now with the Internet and 500 million young people with time on their hands, all possible means of exploiting features for ill use are discovered every day. Latest Vista is so full of security protection,I wonder how it runs. Every time a program starts, I get ask if I started it.

For Example my latest little trouble was due to an automatic setting in a Internet suppliers software. Lets see, Email down-loads (the problem) depend on Outllook, Vista, the Internet telephone line, the phone company, the Internet, the Internet site, the Internet providers software, all operating in concert. How does one guarantee that. I remember a ball I had with a map provider, whose software was impacted by a CD creation program (both well know).

I know there is a hate Microsoft contingent, but how can Microsoft test the hundreds of programs out there, and prove that program XYZ will always work when installed with every other one of the thousands of other programs.

[JCPayne]

Well those that don't like it will just have to leave. That is all. Nobody is twisting their arm to operate in the new most powerful market on earth.....

[freemarket--2008]

Most regulated maybe...

[cp256]

most assinine....

[FutureGuy]

"New and most powerful market on earth"?? Did they finally find Atlantis?

[mssoot]

Most draconian perhaps. I hope the major manufacturers wake up and tell the EU to go pound sand soon. No windows for the entire EU sounds just fine to us in the US

[Chevalr1c]

Again a typical EU-idea. An idea that is actually "more headache than help" for consumers. Higher prices, less and later releases and no free software. Probably the person responsible for this brainless idea is Ms. Neelie Kroes again.
Sometimes I really think I live at the wrong continent....

[NickH]

> Proababy ... Ms. Neelie Kroes again

Definately not. It's two other Ms's from Luxembourg and Bulgaria actually (Reding and Kuneva).

[NickH]

To the author of this blog, and those who have replied in righteous indignation...



I challenge you to provide a link to the text of this proposed legislation. I say this, because surely you have all read it - if you haven't you're just blowing smoke *********.



I will be interesting to see what URLs get posted. Happy binginig ;-)

[Magallanes]

Yes, good question, where is it the source of such news?.

SAUCE PLZ?

[KTLA_knew]

Nick, do a few searches on the topic to catch up with the rest of us. This is a proposal, not a piece of proposed legislation, or at least it was last I heard. To imply that it is improper to comment on the proposal (discussed in many articles over the past weeks) is rediculous. I use that word literally.

[NickH]

No need for me to catch up on this one. I chose my words with care - the term "legislation" appears in the article. I absolutely agree that it great that people comment on a proposal, but only if they had read it.

So, I ask again, a URL please for the text of the proposal...

Surely that's not too much to ask?

[TomPhilo]

The idea, like many EU ones, is to protect the consumers so that they can sue a manufacturer for damages - very "social" ideas. The impact would be that EVERY software maker would have to have liability insurance, and with open source there really is no "manufactuer" of it thus who do you get to sue? (This is important for lawyers!)
If independant makers of software would then have to pay to create a corporate entity that they belong to that could be sued in order to stay in business (course it takes away their profits, but that is not the problem of the EU lawmakers, it is to protect consumers from bad programmers.) So there are ways around it, it just "wastes" money from the people making products and puts it into lots of administrative and lawyers hands. You could expect a 10% increaes in overhead to cover liability and admin costs to comply with this by all software developers - remember - if you see just ONE copy of something to someone in an EU nation - you MUST comply with it!

Tom

www.taphilo.com

[mssoot]

If your in the EU you get to sue anybody you want

[honorable1]

Sounds like another power grab by special interests at the expense of smaller firms. The BIG Boyz don't like competition from non-proprietary software writers. Too much competition? Eliminate them with laws.

[blazespinnaker]

This law will basically give all software business to open source.

Basically, you'll have the guys who write the code and charge for new features, and the guys who support the open source software by installing it on peoples systems and giving them warranty service for a fee. (Redhat, etc)

I have a very hard time imagining these laws will hold anyone liable for free software. The EU is crazy, but not that crazy. If I give you free software, am I liable for it on your system? Yikes! That would be pretty insane.

It will, unfortunately, be the utter death of packaged software.

[kelmon]

Well done the EU, as usual. Perish the thought that customers should actually be entitled to expect the software that they buy to work as described. Software developers will ***** and moan about this but hopefully this will go some way to addressing the pathetic "ship now and fix later" mentality that seems to mean that customers end up with what amounts to beta (or even alpha) software that either wasn't written well or wasn't tested properly.

[pentest]

The idea is good but the execution is flawed.

Software developers have gotten a free ride for too long. It is true that flawless software is impossible, but so is a flawless car, toaster, or anything made by man.

Developers use this fact to excuse what is nothing but laziness and incompetence. The vast majority of bugs and security flaws are caused by lack of proper skills and due diligence.

A better middle point is needed, not this law.

[ajhoughton]

Some of us developers, who are not lazy or incompetent, and who do not use the fact that software is complex as an excuse, still think this is a bad idea.

There is nothing wrong with customers expecting that software will work properly, and it is quite reasonable for some period after its release to expect its developers to correct any egregious bugs. Given that software is licensed, rather than sold, that is properly a matter for the contract between vendor and purchaser, and it is for both parties to stipulate their requirements.

Put another way, unless you are arguing that a software vendor has a monopoly on some segment of the market, the right way to deal with this issue is competition. Consumers will purchase higher quality software over lower quality based on its reputation and reliability. They will already demand a refund if the software they have purchased turns out to be poor quality. And if they were interested in extended maintenance agreements (albeit at higher prices) they have always been free to negotiate or purchase such a service. If a vendor does not offer it, they can always go to one of that company's competitors and talk to them instead.

The problem with this legislation is that it will drag lawyers and courts into an area where they have no competence or expertise. It will create a cost burden on developers, particularly onerous for smaller outfits who will be forced to put up prices to compensate for the additional burden of risk (if not the cost of insurance against such risk). It is also likely to increase the power and influence of the so-called "Quality Assurance" industry, which in my experience has little impact on product quality and tends to focus instead on procedural consistency and compliance. None of these things are good for consumers; not one. Software will be more expensive, and there is likely to be even less competition.

Some have said that obviously developers will complain at this. Yes, of course. But I maintain that not only is this bad for developers, it will be bad for consumers as well, however well intentioned the idea might seem.

[ajhoughton]

The effects of this kind of law are easy to predict:

1. Software prices will increase.

2. Competition will decrease as smaller shops will be forced out of business by prohibitive liability insurance costs.

3. Software quality will not be affected overall.

4. There will be large transfers of money from productive activities (the creation of software) to unproductive ones (lawyers, courts, "Quality Assurance professionals" and auditors).

5. Vendors will no longer add minor new features to free updates for fear of liability, and may attempt to charge for bug fix updates as well (since even fixing bugs carries a risk of introducing new problems).

6. As a result, the problem of copyright infringement in software will become worse, because consumers will resent paying the higher prices that have effectively been mandated by their political representatives. If the additional insurance costs don't put people out of business, very likely this will.

Oddly enough I don't think there will be much effect on Open Source overall. The distributed liability makes it difficult to sue an Open Source project since there is often no identifiable legal entity that you could reasonably litigate against (and it is possible to see ways of making it even harder, for instance by deliberately shielding the identities of contributors). On the flip side, though, a lot of Open Source development is funded directly or indirectly by the commercial software industry; even leaving aside examples like Red Hat, a lot of FOSS developers have full time jobs writing commercial software for someone else. Some of those people might lose their jobs, which would be bad as they won't then be able to afford to contribute their time and expertise to FOSS.