BBC Commentator Goes After Software Licensing

An anonymous reader writes "Bill Thompson, a regular commentator on the BBC World Service programme Go Digital, criticizes current software licenses (including the GPL) for giving developers 'freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private'." From the article: "A friend of mine is a children's writer. When she writes a non-fiction book she is typically asked to sign a contract that indemnifies the publisher against legal costs resulting from errors of fact in the book. If she was to suggest a school experiment that involved drinking sulphuric acid, because she'd confused it with acetic, then she'd be in big trouble. Yet I can't do anything when a company produces software that exposes my online banking details to any script kiddie with time to spare, because I've agreed a license that removes such liability. "

About time

[bruce_the_loon]

It's about time that someone got up and did something about this. It's time we realized the customer comes FIRST and our comfort and legal safety POST.

And...

[Ooblek]

....every software developer is supposed to know that a customer doesn't have people smart enough on staff to install software using anything other than the default install? There would be nothing but a blame game because much of commercial software depends on other software libraries, including those provided by the OS. If our courts can't figure out that P2P lawsuits are basically meritless, I'd hate to see them figure out who is to blame because someone installed a default option on IIS that had an exploit, yet wasn't required to run IIS with a vendor's software.

Don't get me wrong...bugs suck, but suing someone over it is as equally bad as releasing buggy software.

Re:GPL

[gosand]

On a more serious note, this is more expansion of the culture of victimization and the lack of responsibility that is taking over the Western world. Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.

Fear and greed, and a lack of compassion. That is what causes these things.

Let's say theoretically, someone goes to a restaurant, orders a cup of coffee, and the lid isn't put on properly. The person spills hot coffee all over themselves.

Which is more likely to happen:

the restaurant apologizes, helps the person clean up, and gives them their meal for free
OR

the restaurant denies any liability, and immediately asks the person to sign a form saying they aren't responsible. They refuse to even apologize, for fear it will indicate they are at fault. This angers the person, so they seek revenge. Lawyers get involved. The media gets involved. It turns into a ridiculous circus.

Companies are afraid to be sued, because people are greedy. Companies won't admit ANYTHING for fear it will demonstrate some sort of fault. People are greedy, and know they can sue pretty much anyone they want. There will always be a scumbag lawyer or two to help mix things up, because they always seem to win in situations like this.

Re:Separate Coding and Liability

[KillShill]

how about people who write FOSS and therefore give away their code not be liable but people who sell err excuse me, PROPOGANDA MODE ON, "LICENSE" software have to assume liability.

no other industry on the face of this earth (except politicians) can sell you stuff and not be liable for it causing harm.

if you are a merchant, you are liable. if you stand on a street corner (or virtual corner) and give it away then your liability is orders of magnitude less (read: zero).

Re:No guarantees

[Chyeld]

Actually in all cases there is that option. Just because no one is willing to pay $150,000 to a software development firm to create a knockoff version of Quicken and guarantee a certain level of reliablity doesn't mean it's not an option.

What this guy is complaining about is the fact that he expects consumer level software to come with the same quality of proffessional level software. It's a bit idealistic and unreasonable.

If you aren't willing to pony up the money for quality, you shouldn't complain about the quality of the what you get.

Re:Bad analogy

[sedyn]

Stepping beyond that kind of bad analogy, there is another one:

"If Apple turned round to nano users and pointed to a shrinkwrap "licence" on the high-design packaging that exempted it from the provisions of consumer protection law it would never get away with such a blatant disregard for its customers' rights."

But, if I go to a pawn shop and buy refurbished goods, which are sold "as is" then I have accepted more responsibility at the expense of supplier/creator liability.

Likewise, with free software, you accept liability for it being free. If it harms your system, then you should have examined it yourself to be sure. If you don't think that's fair, and that users shouldn't have to (possibly because they can't), I'd like to point out that I can sign a difficult to read contract without prior knowledge of law (which is especially important in "common law" countries, where the law is not always as explicit as it should be).

The moral of the story, hire someone to proof-read the code you want to use, just like people hire lawyers to check contracts. I know that I would like to see an increase of demand for programmers.

Re:malpractice caps do NOT decrease premiums

[tchuladdiass]

If you buy a tree from Home Depot's garden center, and plant it in your yard... 30 years later it gets to a good size, then it gets infected so that the insides are eaten out, and it falls on you house... Should you be able to sue Home Depot for selling you the tree that has the capability of smashing you house?

Accept the risk

[Red Flayer]

FTA: "Programmers have built their business models on a freedom from responsibility which would be considered wholly unacceptable in almost any other sphere of activity, public or private. [1]

We all pay the cost in wasted time, lost files, hacked systems and reduced productivity [2]. Our children spend time in lessons waiting for interactive whiteboards to be repaired [3] while businesses around the world suffer from crashes and security breaches. [4] "

Hey, you know what, Bill? You don't like the fact that you accept the responsibility and risk when you use the software? Then don't use it.

I bank online, not because I need to, but because it is convenient. I accept that there is a slight risk involved. If I only banked brick-and-mortar, and my banking information was hacked, who is liable? The bank, because they CHOSE to use software that is insecure, KNOWING that it is potentially insecure, is who I hold liable.

I enjoy using the internet. Do I need to use it? No. But because I want to use it, I accept that there is risk, and do my best to protect myself.

[1] Not so. How many stunt shows always start with a disclaimer that no one should try the stunt at home? Fore-warned is fore-armed.

[2] We all also reap the rewards of the software. Do our kids ride bikes, Bill? When they fall and scrape their hands, do we send the medical bill to the bike distributor, manufacturer, or retailer? We accept a certain level of risk. If the bike design is faulty, that is a different issue -- but then again, we never signed a usage agreement that disclosed that there might be problems.

[3] Why doesn't that classroom have a dry-erase board or a chalkboard? Why is the teacher incapable of instruction without it?

[4] Businesses would suffer more if there were no innovation in software due to possible lawsuits. Businesses would be better off putting systems in place to prevent hackjobs, to make sensitive information secure even if their system is compromised, to prevent extreme loss of business due to system downtime.

I think it is ridiculous for every tomdickandharry to want someone else to be responsible for the risk that they voluntarily took on.

Software is not a necessity. It is a tool that we use to help us do things more efficiently. The tradeoff for that efficiency is risk.

Fallacy

[hunterx11]

FOSS != non-commercial. I sure as hell hope an institution like a bank wouldn't use unsupported software be it open or proprietary. But the author apparently hasn't heard of such obscure companies as "Red Hat" and "Novell" and "IBM."

The Reality Is..

[Anonymous Coward]

There is no such thing as a bug-free program of any complexity.

Checking facts in a book is trivially simple compared to checking a complex program with a virtually infinite number of execution states for correctness. Plus a software vendor often has no control over what their software is actually used for (what is the allowed application of a "spreadsheet"?), and hence the scope of damage from possible errors.

If software vendors could be put out of business by ONE bug in their software that escaped testing, it wouldn't be a viable industry.

Re:Guarantee is spelled "liability insurance"...

[winkydink]

The cost of liability insurance can be prohibitively high or not available at all. I work for a company in the wireless space. We frequently see requests to indemnify against RF "frying your brain". Insurance companies (even the really big boys like Lloyds) won't touch it.

Ya, more or less

[Sycraft-fu]

You choose to accept the risk, in trade for the benefits. Designing a system with no bugs is expensive and time consuming. You have to test things extensively at every level. That also means testing all the possible interactions. Not only how the OS interacts with the hardware, but how it interacts with the software, and how it interacts with each other. So when you design a system like that, the hardware neede to be known, as does all the software. You can't have it run on random comoddity hardware using random software beacuse then unforseen problems can result.

So by choosing to run software cheaply and quickly developed in random environments, you choose to accept teh fact bugs may occur.

To me, demanding that commoddity software on commoddity hardware run without bugs is like demanding that an automobile on the public streets never get in to an accident, even one caused by driver error, unforsseen conditions, or other drivers. Can't happen. If you want gaurentteed operation, you need controlled conditions.

Re:Bad analogy

[richdun]

The moral of the story, hire someone to proof-read the code you want to use, just like people hire lawyers to check contracts. I know that I would like to see an increase of demand for programmers.

So what about software that comes without source? I think the greater point the author is trying to bring up is that even for non-free software, like say IE, how are companies held liable for releasing software with security holes? Most EULAs make you accept the software as is and doesn't let you sue the company later if their software causes problems.

Re:GPL

[Anonymous Coward]

Nothing is ever our fault, we muyst always find someone else to hold responsible for problems that we should be tough enough and capable enough to not get into or to solve ourselves.

Now, are you making a comment about the end-users who won't take responsibility:
I am suing this company because I was able to remove the safety from their tool, and after I then hotwired the circuitry to be able to run the tool without the safety, I was able to hurt myself with their tool.

Or the companies who won't take responsiblity:
Yes, on occasion the product will blow up like a hand grenade, however this is rare, and usually caused by the user. You can't expect us to get everything right, these things are complicated.

Or was that a general statement that applies to everybody these days?

Personally, I kind of believe the third option. I think software companies need to take more responsibility, because some major companies have championed a ship-first/fix-later strategy, such that it has become the industry standard. The first thing I have to do when I get new software is to look for a patch, because there probably is one already. I don't expect it to be perfect, nothing is, but the condition a lot of things are shipped in is terrible, and yet they get away with it.

Now, the capitalist view is that the market should fix itself. If people don't like bad software, then they will only buy from companies who ship good software. Sadly, either people aren't interested in good software, or they don't realize what it is (or that it can be had). I think it extends further, though, as evidenced by the Wal-Mart success. People only care about the price tag. The difference is that if they buy a cheap blender and it doesn't work, they take it back. If they buy cheap software that doesn't work, they figure they did something wrong because they don't understand computers and don't realize that they are supposed to work all the time like a blender. Also, you aren't allowed to take opened software back, and you have to pay extra just to call the publisher about your problem.

So, basically, my view is that when people understand software better, the companies won't get away with as much, because people will know when something was a bug or not, and they are going to hold the companies accountable more often. However, it's going to take a long time to change the momentum, because the publishers these days have a good thing going and they aren't going to let it change willingly.

Re:Keyword

[M-G]

Not only that but his analogy ignores that an entirely separate entity actively and maliciously misused or exploited the software to gain access to his personal information. Suing the software company would be like suing the acid manufacturer for doing enough to make sure it wouldn't hurt children!

Sort of. I was thinking along the lines of what if the acid was mislabeled by the teacher? That's more akin to someone setting up software but not configuring proper security around it.

Publishing Licenses are Lazy

[robbway]

If you've ever read any commentary by Christopher Rice in his books, you'd see how much disdain he has for those "pass-the-buck-to-the-author" clauses. Not every writer agrees with that concept! It's a lazy concept, akin to publishing super-offensive ads in a magazine and claiming no responsibility for the ad. Let's face it, the publisher should be responsible for the content they distribute to a certain degree, like publishing errors causing serious misunderstandings.

I don't know about the rest of you, but if she tells me to drink poison in a book, I'm not going to do it.

S.W. is not a complete product

[Dare nMc]

I think the bad analogy in this article is between the products. In the case of a book, it is a complete product. When a book is released, it is unlikely to be used for other than the intended purposes, and when used with another product it is not expected to still stand on its own (you cant subst the 265th page for another authors page, and expect it to work, but that is expected of the dll's, windows 98 vs XP, etc.)
Most software is either released inside a complete product, and the product liabilty is left intact. Or it is software inteded to be used with other software, and with the original programmers usually not being the system integraters, going back to a single person to be responsible is no longer easy or practical.

Re:malpractice caps do NOT decrease premiums

[Belial6]

"I'd just as soon see the industry grind to a halt until they find a way to nip these miscreants in the bud."

Yeah, and lets do the same for other products like houses. Lets not allow the sale of houses until they are secure.

With every product, you take risk. The trick is figuring out where the risk/cost sweet spot is. Obviously, Medical/Financial data needs to have stiffer restrictions than say, an online recipie book. This kind of logic is what leads to things like banks being more secure than houses. Obviously information that is used to create financial data should be considered financial data in and of itself. e.g. SS numbers, stree address...

Re:GPL

[azrider]

The whole thing about licensing (and disclaimers) started in the late '80s. A company sued Lotus regarding a bid they had entered. The premise of the suit was that the spreadsheet allowed them to make an incorrect calculation of their costs (since the software did not catch *their* math error, it must have been defective). Although Lotus won the suit, since then *ALL* software companies include a disclaimer to the effect that they are not responsible for , among other things, your mistakes. It is much, much easier to point at the disclaimer than to try to argue in most courts of law the fine points of cos(6) vs. sin(6) or log(5) vs. log10(5)