Can Programmers Become Legally Liable for Their Code?

owillis asks: "Reading this Salon article on file sharing programmers who are suspending or ending work on their projects due to the legal climate post-Napster, I wonder what the liabilty is for people who work on open source software. Does open source protect the creators from these laws or is it fair game?" We've discussed this before but it would be interesting to note if your opinions have changed after the Napster ruling. However it bothers me that in today's legal climate, it is easier to blame the creator of the tool rather than the users who use them illegally.

Won't see this happen

[Rob Kaper]

While the legal system is not perfect when it is about software, this doesn't seem like something that could happen.

Every software license I know of, either open-source or proprietary, waivers liability. Big companies such as AOL/* and Microsoft will not be accepting liability ever, so they will make sure there is a way to prevent this from happening.

And whatever way they find to keep the ability to dismiss claims, this way can also be used by open-source. AFAIK it is not possible yet to buy/bribe yourself an exception clause to the law. And if that wold be possible, then it's time for a new Constitution.

liability for material product versus IP product

[lythander]

Seems to me that the big problem with examining this problem vis-a-vis the gun issue is problematic. When you make a thing (i.e. gun) that can do something illegal (of course, so can a baseball bat), it's not illegal as long as the thing has a legitimate purpose, too. Gun makers have never been successfully sued on the basis of "you make guns, you're liable." They get sued for selling guns that are too cheap to be of any use but spraying bullets over a playground, and for dumping guns in quantities far exceeding local demand in localities where gun purchase laws are weak, making it easy for criminals from other jurisdictions to come there, buy the gun and return home to commit a crime with a gun they could not have bought at home.

Similar laws govcern things like lock picks and bongs. I doubt anyone ever got arrested for having made their own lock picks, or having a bong (hell, head shops would go out of business!) But there are laws that allow the prosecution of possession of burglery tools or drug paraphenalia in most states. Just another charge to pile on when someone gets arrested for something else they were doing. Locksmiths need picks. Someone somewhere might actually be smoking tobacco in that bong.

Intellectual property would seem to be diffeent. It's speech, and it might even be protected speech (still waiting to hear on that...) But it also does something, performs a function. SO it's a real murky water.

Keep in mind that the FAA and the National Weather Service are almost always co-defendants in lawsuits over air-traffic disasters. Usually cited for negligence (they also usually win their cases). A weather forecast is really just more IP, and in fact comes with its own implicit disclaimer.

I do find this an interesting issue. Many here take the side that it's not fair that the big software houses don't have to warranty their product free from defect and disavow liability (ala UCITA), yet the same folks seem to flip flop when smaller developers are also concerned with the same issue. Where should the liability rest, then? If I create a tool whose sole purpose is to share files, am I aiding and abetting? The algorithm is certainly protected speech. Maybe the implementation isn't. I can draw a general diagram of how a bomb works, no problem. It's in the encyclopedia. Schematics and instructions on how to sneak into the white house are probably illegal.

As we move forward and computers do more and more for us (i.e higher level languages, voice command, etc.) what if I give a few voice commands and the programm breaks the law by trying to execute my commands, even though any human listening to my instructions would understand that that isn't my intent? I could say retrieve all pictures of Natalie Portman, and who knows what sort of smut it might find labeled with ther name.

oooohh, my head hurts....

An out for Free Software?

[gmhowell]

Apparantly (sp) it is okay to distribute speech of damn near any type in the US. So why not release software ONLY as code, and under the OCL? I haven't checked it out yet, but is there any reason that code cannot be released under this license? It would state (and should also be commented in the code itself) that this is speech, and a discussion of how a certain project may be completed. That it is written in C, Java, perl, etc. is of no more meaning than if it was written in Polish, English, Esperanto, etc. It is writing intended for a group of computer savvy individuals who can understand instructions better when 'spoken' in a computer language than in a strict human language.

Liability is therefore foisted onto those who distributed binaries. Another (possibly necessary) step to take is to comment out "main ()". Program won't compile until it is read. Therefore forcing one to read the disclaimer that this is a form of discussion, not a computer program.

Now, we all know that this is the highest degree of semantic bullshit. But that is what typically carries the day in court.

Short answer: YES.

[rjh]

First, it's unlikely that Free Software will ever be found liable in court, due to the conspicuous disclaimers of warranty and liability which can be found with every Free Software license.

That's not the same thing as protection, though.

Remember that contracts are subservient to the civil and criminal law. It is not possible to construct a contract which violates the civil law; if such a contract exists, then the portions of it which violate civil law are null and void.

So let's say, for sake of argument, some state has a law on the books which says "for all software used in avionics, the manufacturer must provide a warranty". This is a plausible law; avionics is a life-and-death software situation, and it's entirely within the rights of a state to specify that life-and-death software be held to a higher standard.

Now let's say that an aerospace company wants to build an airplane, and decides to use a GNU tool as part of the software package. The engineering staff sees that there's a disclaimer of warranty, and sends a letter to the Free Software Foundation saying "hey, I'd like to use this software in our new plane, would you mind terribly if we did?"

Suppose the FSF says "sure, go ahead"--in writing, of course. The FSF thinks that the terms of the GPL apply; the engineer thinks that the terms of the state apply, and by giving the go-ahead, the FSF has acquiesced to this.

Now suppose that plane crashes, and lawsuits are filed. Suddenly there's a big lawsuit filed against the FSF; the aerospace company claims "we talked to them and we have this letter here permitting us to use their software; that overrides the GPL which they *thought* they were releasing it to us under, and that means the FSF *must* provide a warranty for this software".

The FSF says "But wait! This is a Washington state court, and we're from Massachussets. We weren't aware of Washington's required-warranty law, and had we been aware of it, we wouldn't have told them to go ahead--we told them `sure, go ahead', meaning under the terms of the GPL, with no warranty involved!"

Eventually, the case would go to the jury. The jury would come back with a decision, and it might not be favorable to the FSF.

This is just one hypothetical situation. There are many more you can construct. No matter what, though, it all winds up the same: in a civil trial, everything's irrelevant once the jury gets seated. If the jury is dead-set on saying that you're liable, then by God you're going to be liable whether or not you disclaimed everything.

The very short version:

Don't spend your time worrying about whether or not you can be held liable--you can. Spend your time making your software high enough quality that nobody will ever want to sue you for making a shoddy product.

Open Source and the legal system.

[kiniry]

Early experiments in this domain have been conducted. In October of last year a joint program was conducted between Loyola Law School and Caltech on exactly some of the issues surrounding the "collision" between Open Source Software and the current legal system. Participants included Linus Torvalds, Diarmuid O'Scannlain (Judge of the 9th circuit), Terry McMahon (representative for MSFT in the Sun/Java case), and Ed Felten (prof at Princeton and DOJ expert witness in MSFT anti-trust case). Anyone interested in the details of this case, the legal briefs (which have been published), etc. should see http://techlaw.lls.edu/


Joseph R. Kiniry
http://www.cs.caltech.edu/~kiniry/
California Institute of Technology

Yup

[at0m]

It pisses me off when geeks/coders think they're above the law. A while ago there was an article about some people whining that they were getting sued over creating a bad website that didn't fit any of the criteria in contract. Well, uh, yeah - even though you get paid a lot for what you do doesn't mean you're not responsbile for obeying laws of decency. Give me a break - you can't turn complaints against your low quality product into a fight for "freedom on the web" - that's ridiculous.

I'll admit that it's different when dealing with open sourced software that nobody's paying for. But we still hold creator responsible for virii, don't we? Its the same sort of thing. If you're going to do something bad, and you know it, then you should be prepared to face the concequences. Don't think that you're above everyone and everything and every law in the land just because you visit slashdot regularly and occasionally understand what an article talking about.

Re:Short answer: YES.

[radja]

ever tried reading how responsible the large manufacturers are, according to their shrinkwrap licenses? they aren't.

//rdj

Question of ethics or law?

[lw54]

This is a test to see if Slashdot moderators are doomed to repeat history. This post was originally written by evilpenguin on Wednesday November 24, 1999 @ 07:27AM EST

--------------------------------------------------

I think the law has to treat the person who uses a product for illegal means as the "guilty" party. The person who makes it bears no automatic culpability.

This is my general take. Gun manufacturers are not responsible for murders committed with guns. Now, I'm not a gun nut, but I think this is legally right.

The same should hold true for the authors of nmap and queso (to name a couple tools that system crackers might use) and the authors of pgp and gpg (to name a couple tools that criminals or terrorists might use).

Now, if it is a question of ethics, you've opened an entirely different can of worms. Ethically, I think several guns need a closer look. I think teflon tips are something that raise ethical questions. I think nmap has a few grey areas (what legitimate use requires the micro-fragmentation feature? That's there just to avoid string scanning intrusion detection.), but in each of these cases (except maybe those teflon tips) I think the law has to protect the author/maker and hold the user accountable.

If we hold that the maker/author is responsible for all of the ways in which their product/idea is used, then we should have locked up Darwin because his ideas contributed to holocaust. We should lock up the inventor of the circular saw because it has maimed and killed. And so on...

Ethics lies behind law, but the cliched figure of justice that adorns so many government buildings (at least so many American ones) wields a scale, a sword, and she is blindfolded. The sword is two edged as well. It may be a cliche, but it is an apt one. The law is not ethics. The law is the minimum interference to maintain the social order. While many conservatives in this country will argue with me about the law being minimal, it is certainly not the opposite. You can write and buy a book about how to crack safes. That's legal. Crack somebody else's safe, and you've broken the law. It seems absurd, but it isn't. To write a book on how to crack safes (so long as you believe in the idea of private property) is unethical, but I for one would not want to see it made illegal.

Offtopic, but relevant.

[technos]

And the laws don't work.. There's a study in this month's JAMA on whither bans and waiting periods actually do a damn thing; At best, restrictive gun laws cause no reduction in gun-related crime, save for a tiny reduction in suicides. In most cases, they actually do harm. Why? Criminals aren't stupid. If they think they might be robbing someone with a legal weapon, they aren't going to do it. If they can count on them not being armed, they're easy pickings. Proof? States with the highest percentage of gun ownership and the highest growth in gun ownership showed proportional reduction in gun-related crime.

How does this relate to hacking tools and software? Well, if you're a script kid with an illegal portscanner, illegal IP fragment generator, a illegal copy of traceroute, and you know the other guy doesn't, you can pretty much guarantee you're going to hack more sites than if you knew the fellow you were attacking were similarly armed. Script kids and armed robbers are cowards.

Think on this

[jallen02]

IF I have a swimming pool in my backyard, and I do not go to reasonable lengths to protect my neighbors children from them and a child drowns in my pool, I am liable.

If I have a dog and it bites someone, its my fault

If I write a virus and it wipes your hard drive, im not responsible?

A more proper scenario, I have a program that I have waivers of liability on and its a program many people use because it is useful but I become disgruntled and in one release it formats everyones hard drives at a certain time

Since waivers are there I am protected?

Needless to say never trust anything open source right? Well let me ask when was the last time you read the source of the program, chances are closed/open source the existence of such things will not be detected any quicker. So.. where does that leave us you have to draw a line in the sand somewhere, where should that be?


If you think education is expensive, try ignornace

Study

[mrquinn]

Still off topic but could you post a link to that study?

Deja Vu

[TMiB]

"We've discussed this before"

Indeed we have. Same article was posted about four days ago: Hacker Crackdown [slashdot.org]

The law cuts both ways

[gauche]

I disagree. I'm unable to find the text of Judge Patel's ruling but consider this: Napster's Copyright Policy [napster.com], which is incorporated by reference into their TOS [napster.com] states that "Napster does not, and cannot, control what content is available to you using the Napster browser."

Patel's injunction has to mean that a TOS or EULA, no matter how carefully crafted, doesn't absolve a company of responsibility for the abuse of their product.
Now, this may well be the kind of thinking that enables families of, say, murder victims to sue gunmakers, but it's also the kind of thinking that put seatbelts into automobiles.

There is an upside: what are viruses if not an abuse of software (specifically, of the security holes in software)?
If the EULA doesn't protect companies from liability for abuse of their software, well, places like M$ will have to take security & privacy concerns a lot more seriously lest they face class-action suits.

The law cuts both ways.

Possible answers at UK law.

[AndrewD]

Depends what you mean by "liable".

Criminally liable? Possibly. We have laws against cracking in this country, and any coding you do to that end could make you liable to a conspiracy or aiding and abetting charge. Possibly. I don't do any criminal law, and haven't in over ten years, so I can't be sure on this one.

Not entirely seriously, there are a number of offences you can commit by communicating with others in the UK:

1. Where you incite dissaffection between different classes of UK citizens, you commit sedition. So stirring up Mac users to assault slaves of the Borg would be covered by that (incidentally, this is what incitement to racial hatred used to get proscuted as before the tories made up a new offence and cut the penalty to two years' jail).
2. If your code mocks christ, it's blasphemous, and a criminal offence
3. If it depraves and corrupts the user, it's obscene and liable to seizure and destruction.
4. ...er
5. ... no doubt there're more, but these are all I can remember right now.

Civilly liable? I doubt it, frankly. The only successful case we've seen so involved some other thing being done by the guilty party: Napster offered the pirates' trading service. They aren't being made liable for their code.

DeCSS is an odd case. That DMCA business is a real kicker: it makes the tool, and distribution of the tool, illegal contrary to what I understand to be (and what the judge now appears to understand to be) the proper interpretation of the First Amendment. In theory at least, that should come out all right, but chickens should remain uncounted for a while yet.

The other oddity is Crypto. There are a lot of places around the world where you can get in serious, serious trouble for even thinking about the stuff.

Re:Like guns

[Chubbyman]

Yes

Distribute anonymously.

[Kickasso]

'nuff said.
--

Be careful of you liscense

[kiltedtaco]

I don't think the goverment needs to put in any laws, just that you must be very careful about you'r lisense agreement. All the software I write at least has something saying that I will try to help, but I will not be legaly obligated to help, and whatever you do with my software is you fault. I don't see what the big deal is about.

Programmers --- Bad

[chris_7d0h]

Why are you guys writing programs? Don't you realise that your work could be torn to little pieces, analysed, the theory stolen and put together into very evil nasty things!!! (You are then liable)

I think it is very immoral creating software and just spreading them. For everyones sake, you should post your work to your country's governmental archiving department and let the politicians (the ones who know what is best for all of us) decide what to do with the software.

The most irresponsible of all are the open source people. You are basically giving bullets to a bunch of terrorists, having empty AK4 magazines, just waiting to get them filled. (Don't try to fool me with your talk about legitimate uses, why would there be free software if it wasn't for evil purposes? Nothing is free in this world today)

Now, some of you might start shouting about freedom of this and rights of that. Before you start, please realize something. Your rulers and masters know best! Why did you else elect them, giving them the rights to control your lives?

Re:Won't see this happen

[Clubber Lang]

Well, crazy stuff has happened before, and continues to happen, so I'd say some sort of liability might not be out of the question...

It's important to point out however, that I don't think anyone will ever be successfully sued in a civil suit but there may be the possibility of criminal liability. If someone wrote a piece of software that's only function was to do something illegal, then you might be able to go after that person for aiding a crime or something like that, since they wouldn't be able to use the defence that their software also had legal uses as well.

Companies like Micro$oft and AOHell wouldn't have any problems because they provide mainstream products and services, and their EULAs pretty much absolve them of any responsablilty for what may or may not happen. In this way, it would be possible to prosecute people without having to worry about the legal clout of the big tech companies.

Alcohol, tobacco, firearms etc all have legit uses as far as legality is concerned, so I don't think you can lump purpose-written, single function progams into that area. This is why the Napster programmers are safe, their product does have potentially legal uses. On the other hand, if someone were to write and distribute a program which can shut down any poweplant in north america, the legal system would probably have a pretty easy time going after the programmer in court assuming they could find him/her.

Like guns

[PacoVore]

&nbsp

This is the same approach people take with guns. I hate to sound like the NRA, but it's the same story. People want to make all kinds of rules, legislation and litigation around the tool, rather than the people who choose to use the tool irresponsibly.

Like guns, this makes the tool users reluctant to use the tools, because the climate is so antagonistic to the tool. It slurs all tool users with the same stigma.