[long] Legal traps in open source

Fri Nov 1 04:49:18 EST 2002

Simon Fowler <simon at himi.org> wrote [[Thu, 31 Oct 2002 02:13:22 +1100]]
> > Right now, that's the environment you'll be releasing your "sue me ware"
> > into.  Once the courts can figure out how to throw out stupid claims,
> > yes, I expect software developers to take full responsibility for the
> > code they write.
> >
> And what's to stop anyone from suing me /now/? As it stands anything
> I sell in Australia has to meet standards of merchantability, and
> carries an implied warranty - if it screws up, there isn't anything
> an EULA can do to disclaim either of those. Aside from, of course,
> not selling it - hello free software.
> 

The usual list of ACCC requirements are:
- Not misrepresented
- 'Fit for purpose'
- 'Of Merchant able Quality'
I _believe_ Giving away stuff does not let you off...

In Oz we also have an anti-monopoly rule called 'Third Line Forcing'. Knew a
software guy that had used it [and won].
He wrote a program for cattle studs.  They all were using a system from Uni of
Armidale [a commercial service].  The Bureau refused to release any data or the
export/import file format...  Which led to the court case & they had to comply
[but were a bit expensive]
The '3rd line forcing' rule meant they couldn't force breeders to use their
Bureau.

> I'm really surprised this hasn't happened already, actually, given
> the kind of crap that gets sold. I imagine it /will/ happen
> eventually.

It has already actually... [in Australia - mostly for failed projects, but also
for at least one product]
The usual ULA limits the producers liability to just refunding the purchase price
- pretty lousy if you just screwed up your whole life.  'consequential damages'
are the whammy.
Mid-eighties/early 90's I think, there was a case [Victoria?] reported in the
papers where a company sued a word processor software company for damages and
won.  Think it shutdown the company...

[[On suing for failed projects:  DFAT's 'fully buzzword compliant' messaging
solution, ADCNET, started in 89/90, went to litigation in Mar/Jun 96 is due to
have a judgment handed down before the end of the year.  Original software
contract [for stage 3, started Sept 94] was ~$10M & supposed to be done in 18
months.  Legals fees for all 3 parties [DFAT, Prime Contractor & Sub Contractor]
were ~$100,000 PER DAY.  Whoever loses is could be up for ~$15-$20M just in legal
fees...  Then they might appeal if they have money left.  Would you rather program
or work as 'senior counsel' for $20,000 per day??]]

=====

The really big difference I see between binary and source distributions [given you
have the build/release environment] is a) you _can_ fix minor bugs yourself if you
really need, even if the supplier has gone away and b) you can do 'white box'
testing if you suspect major bugs... [and maybe figure out some work-arounds]

For source distros, If you request a vendor to fix a bug or change a feature and
they decline - then _you_ can take on the responsibility of making the changes you
want/need _and_ assume the problems of merging updates.  Not for the faint
hearted, but because you have a remedy, the courts would probably not be
sympathetic for consequential damages, but may award you the costs incurred...

For recalcitrant vendors of binary distros, I'd say people are starting to have
pretty strong cases for at least direct costs, probably 'class actions', and a
growing chance of consequential damages - especially if the effects are large or
catastrophic [say if MS-Word would not print the Olympic programs ...]

I you _give_ something away, whilst you have some basic obligations, the
expectations of the user/client should be LOW - especially if the software is
tagged 'Supplied AS IS'.
If you've embeded some nasty features - like data gathering or a Worm/DDoS agent -
you'd deserve both criminal and civil actions.

For sometime now 'the public', the enforcement agencies and the courts have
regarded commercial release software as exempt from normal customer protection
rules. [Remember we have much better/tighter and uniform legislation than the USA]

After 20 years of the IBM PC & 12 years of Win 3.1 and nearly 10 years of Win-NT
what _should_ consumers be expecting as 'normal' software reliability?

The really persuasive argument is that open source represents 'state of the art'.
ALL commercial software should be about as reliable as the open source versions -
because they can see/copy the free code!!! Or at least integrate the parts they
need.

The idea that open source even comes _near_ to commercial software - especially
the more complex areas of O/S, file systems, network services - in terms of
performance, reliability, usability, features is astounding.

This is _exactly_ the same as a bunch of us building a Formula 1 race car in our
spare time and it being competitive with Ferrari.  If Windows & other commercial
apps are NOT the best that the vendors can produce, what is going on?  That would
be something more than negligence... There would be wilful intent.  BUT, if it is
their BEST - their shareholders should be really upset.  All that money being
poured away on substandard work!!  Shades of the Ford Edsel.
====

Sorry to bang on for so long...
cheers
sj

-- 
--------
Steve Jenkin, Unix Sys Admin
PO Box 48, Kippax, ACT 2615
0412 786 915