EU Proposing Software Liability Protections; Malpractice May Be Better Model

Featured Resource:

EU Commissioners are proposing stronger consumer protections for software security and efficacy. Software industry advocates want no part of this. The EU was ahead of the US on privacy protections which are common place today so it is worth watching how this story unfolds.

According to ZDNet.UK, the commissioners propose:

"extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content", according to the commissioners' agenda. "Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions."

Software industry advocates argue that software is more complex than a common household appliance and the same rules should not apply. That's true but it does not mean that no rules should apply. There is is a need for balance here.

One principal that may come into play is that the more you pay for software the more protections it should have. Open source developers should not be liable because they are not compensated and users "get what they pay for." Spending hundreds of thousands or millions of dollars or euros for software and maintenance should include some risk mitigation.

Pushing this idea we could get to the point where all software is "free" and maintenance and customization are purchased. This just pushes the liability issue to maintenance and customization activities, it does not change the fundamental question of what are the responsibilities of software developers with regards to security and efficacy and what are the rights of consumers that purchase this software.

Another outcome is that software development, like medicine, is treated as a complex practice with many uncontrollable and unknowable factors. Practitioners establish best practices and we hold developers responsible for following those practices. The burden shifts from something we can't control, i.e. what software operates in an unknown environment with unanticipated conditions, to something we can control, i.e. how we design, develop, and maintain software.

Given the state of medical malpractice litigation this may not be such a great alternative. It may, however, be most likely outcome of the need to establish some level of protection balanced with the inherent risk of using complex software.

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Name:

Email Address:

URL:

Remember personal info?

Comments: (you may use HTML tags for style)

Most Active Posts

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net

Site Sponsor:

Now Available:

Featured Resource:

Realtime Communities

Newsletter

Monthly Archives

RSS

Ask the Expert