Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
United States

Free Software at Risk Under Lemon law 393

mpawlo writes: "Newsforge published a piece I wrote on a lemon law for software. That is - what would happen if shrinkwrap limitation of liability clauses would be banned? I think Microsoft and the GNU Project would both suffer."
This discussion has been archived. No new comments can be posted.

Free Software at Risk Under Lemon law

Comments Filter:
  • by Anonymous Coward on Sunday May 12, 2002 @03:58PM (#3506919)
    As noted on the Smithsonian Institution's site [] [], the first official American flag had thirteen stars and thirteen stripes, each representing one of the thirteen original states.

    The flag icon for Slashdot's 'United States' section [] [] is missing its first stripe - the stripe that represents Delaware, the first state admitted to the Union. While a simple oversight could be forgiven, it should be known from here on out that Slashdot is in fact aware of the missing stripe, and even worse, refuses to do anything about it! [] []

    This vulgar flag desecration and rabid anti-Delawarism must be put to a stop. Let the Slashdot crew know that we will not accept a knowingly mutilated flag or the insinuation that Delawarians deserve to be cut out of the union. I ask you, what has Delaware done to deserve this insolence, this wanton disregard, this bigotry?

    This intentional disregard of a vital national symbol is unpatriotic. Why, the flippant remarks CmdrTaco made about our flag border on terrorism! I urge you to join the protest in each 'United States' story. Sacrifice your karma for your country by pointing out this injustice. Let's all work together to get our flag back. Can you give your country any less?

  • by oPless ( 63249 ) on Sunday May 12, 2002 @04:07PM (#3506972) Journal
    huge difference (#13146)
    by Anonymous Reader on 2002.05.11 13:21

    I am not a lawyer (thankfully), but I do know that if I pay for something, and it fails, I am entitled to compensation. If it fails from negligence or designed error, then there can be punitive damages. But let's examine the case of a Linux/BSD web server, running Apache, MySQL, and PostNuke.

    To be safe, I download for free a non-commercial Linux such as Debian, or FreeBSD. I might be mistaken, but both are developed by groups of people, and anyone is allowed entry if they are competent enough coders. But a group is not a company. The whole corporation/private/public/IPO thing. I acquire, freely and legally, a copy of their work. They might have benefactors and patrons, but that isn't the same as employers.

    So I download Apache, MySQL, and PostNuke. All fall under the same category. Maybe MySQL doesn't, then just replace MySQL/PostNuke with Perl/DBI.

    So now a huge bug develops, a hole so large, it had to be coded in Redmond. I lose all my data, my competitors get my secrets, and I'm on unemployment line next to Enron execs. Who do I have to blame?

    Let's see, someone or some people worked on a project that was supposed to do some particular task. They made it freely available, source and all, so that others might work on it as well. They made no claims about it's security, stability, etc. Others may have, but they did not misrepresent the software in any way.

    I did not contribute, but I saw an opportunity to use their work. So I did. They received nothing from me, not money, not anything. And, the whole time, the company kept no secrets about the product, and in fact, by making the source available, does just the opposite.

    There was no intent to decieve, nor any misrepresentation. By not purchasing the product nor any sort of service contract, I entered into no agreement with the group.

    Going in, I understand the risks. I assume the responsibility if problems occur. This is 180 degrees different from microsoft, since they make plenty of claims, and since there is a legal agreement between a company and microsoft, and because they are marketing a product with known liabilities.

    No, free/open source software doesn't stand to be shut down, rather it stands to gain tremendously. The problem is for companies like RedHat which sell and service open source software. So, form the commercial standpoint, it hurts linux companies who don't have billions to spend on lawyers, like er um, microsoft. But it doesn;t hurt open source software.

    rob mandel
    ^^^----- Posted anonymously here []
  • by murat ( 262137 ) on Sunday May 12, 2002 @04:09PM (#3506978)
    Computer programs are not material goods and cannot be dealt with in the same way consumer advocates wants the legislature to deal with cars, electric appliances and toys. Computer programs are developed incrementally, and the users are always used as dummies.

    In fact computer programs are very similar to material goods. (Not like in "Volkswagen Beetle vs Microsoft Windows", though.) Users of cars, electric appliances, cellulars, etc. are also used as dummies in a sense. Money is what counts. If you pay for something, you can ask something in return. (Read: Liability)

    I guess, companies like which _sell_ products or services like Mandrakesoft, Redhat and Microsoft will suffer a lot, whereas groups such as Debian will not.
  • by Anonymous Coward on Sunday May 12, 2002 @04:12PM (#3506995)
    I think it's a statistically provable fact that you can never find and fix all the bugs in a software program. I find it hard to imagine this "panel of experts" from the National Academy of Sciences want to enact legislation that punishes a software maker for all bugs. While I can understand the frustration from using software which advertises itself as "secure", "compatable", or "reliable", and perhaps punishing companies which are blatant about bad software, I cannot agree that we should allow a company (or any producer of software) to be liable for flaws in their software.

    Does anyone have the original recommendation made by the panel?
  • by mikethegeek ( 257172 ) <blair AT NOwcmifm DOT comSPAM> on Sunday May 12, 2002 @04:13PM (#3506996) Homepage
    While I don't favor turning the sharks loose on software companies, it is obvious there NEEDS to be some sort of liability and responsibility for bugs.

    Some sort of "lemon law" that would REQUIRE the publisher to either correct bugs, and distribute patches for free, or else refund the purchase price IS needed.

    What needs to stop is companies like MS being able to leave gaping holes in their products, then correct some of them, and releasing them as "upgrades", ala Windows 98 SE and ME... Those were not really "new" OS's, they were service releases that increased the stability of `98...

    In all honesty, the commercial software publishers have brought this on themselves. Sure, MS distributes patches for free for the worst holes (ala, the ones that make Code Red, Nimda, and Klez work), but the fact is, they let their products LEAVE the house with those bugs in the first place.

    I see bad consequences for free software out of this, created for it by the closed source companies. Perhaps there can be an exception written in for companies that release source, and in effect, have industry wide peer review of their code.

    Eventually, if such a law isn't passed, sooner or later the sharks are going to class action sue and crack away ALL such limitations in the EULA's.

    There is too much money and lost productivity happening right now due to software defects.

    What we need is a defined list of responsibilities, passed into law, that can't be EULA'ed away.
  • Even assuming that such a "lemon law" could be passed (which is, to my mind, a dubious proposition in and of itself), it wouldn't affect Free/Open Source Software (or even proprietary freeware) at all because there's no contract between the the author/distributor of the software and the user.

    While IANAL, I did consult one about this once - when you give something away, you have no obligation to the recipient. Specifically, the recipient can't sue you if the product is defective in some manner.
  • by Tim Ward ( 514198 ) on Sunday May 12, 2002 @04:25PM (#3507049) Homepage
    ... their lightplane industry before inventing any new product liability laws.

    It got so that anyone who flew whilst drunk and crashed a plane that he hadn't maintained for years could sue the manufacturer for many millions with a fair chance of winning. And even if the manufacturer won their legal costs would wipe out the profit on many aircraft. So basically the US lightplane industry closed down. (It has since started up again, as a shadow of its former self, following some law changes.)

    OK, that didn't affect all that many people. Closing down the software industry would be a different game altogether.
  • by randombit ( 87792 ) on Sunday May 12, 2002 @04:26PM (#3507057) Homepage
    Let's say I write some super-important thing using the ABC and XYZ toolkits. My program fails and bad stuff happens. Do the people suing me have to prove that it was my code, and not in ABC or XYZ, that failed? Do I have to prove that it was not my code? And finally, how the hell could you prove something like that, anyway? [Especially if it was not repeatable - what if it was the OS, or the hardware, or something else entirely?]

    I really don't understand why this is called a lemon law, actually. A car that's a lemon doesn't work, or works for a while and then throws a rod or something. I don't quite see the analouge between that and software.

    In fact, someone mentioned a web server dying at some important moment, and the users of that web server losing a lot of money (ebay or amazon or something). Does this qualify under a lemon law? If I have to get somewhere important, and my car doesn't start, can I actually sue the makers of the car?
  • by damien_kane ( 519267 ) on Sunday May 12, 2002 @04:28PM (#3507074)
    Many of you are discussing this and saying it doesn't apply to OSS.
    Technically, under thet respect, it doesn't apply to Microsoft either.
    If you buy a uesd car, and in the next couple months have to put a lot of money into it to keep it running (i.e. a prime candidate for the 'lemon law'), you don't sure Ford/GM/whoever for making a crappy car that no longer works, you sue the person who sold it to you. In effect, you sue the distributor for charging you for a crappy product, not the publisher.
    It should be the same with software. Microsoft ships software to retailers and OEMs, windows get sold to consumer, consumer is unhappy, consumer sues retailer/OEM. After this, the OEM will no longer buy windows from Microsoft, so the quality of the product and the strength of the corporation will be indirectly affected, but it shouldn't be directly. If 50 owners of windows sue Microsoft, many will lose as they don't have the resources to beat out a large corporation in a legal battle. If Dell or HP/Compaq stopped selling windows with its PCs because they got a very large bad review from those consumers who bought their PC, it will have a much larger impact on Microsoft and its lines of products.
    In this case also, with OSS, the writers would not be the ones who can be sued, but the corporations (RedHat, Hummingbird, Ximian et. al)
  • Perpetual Beta? (Score:3, Interesting)

    by Digitech ( 572815 ) on Sunday May 12, 2002 @04:30PM (#3507084)
    Most open source software seems to be in the perpetual beta state anyway, but if a lemon-law were to pass, maybe the commercial vendors would move toward this as well. Never releasing a "finished" version, just alphas, pre betas, betas, preview editions, release candidates, etc, etc, etc.

    If this were to happen, it might actaully help the public, forcing the commercial vendors into a system where they actaully have to admit that thier product is never finished. Maybe then the public would stop shelling out money every time the latest edition comes out, lining the pockets of Gates and company.
  • by jon787 ( 512497 ) on Sunday May 12, 2002 @04:33PM (#3507097) Homepage Journal
    I think they have too. But really software comes in two forms, source code and compiled code.
    Source code is like the plans for a car. Are plans copyrightable? Patentable?
    Compiled code is like the car itself. Same question as above.
  • by nniillss ( 577580 ) on Sunday May 12, 2002 @04:56PM (#3507162)
    Why couldn't one limit the maximum liability to, say, 10 times the license / distribution price? So a typical private MS customer might claim some thousand dollars while a company or school (with a single contract covering thousands of machines) could start multi-million dollar lawsuits. Obviously, the risk for authors of free software is then still zero. For linux distributors, the liability might be limited to the non-free software parts (like yast in SuSE) and to the editing process (identification of alpha/beta/production grade software). In any case, big money will only be at stake for companies which make big money.
  • I've had just about enough of you and the Japanese. Will you please shut up about the Japanese?

    The only reason I mention the Japanese is the car manufacturing example I used. (Did you look at the link I provided?) The principles of quality control are universal and were actually imported by the United States: The quality movement in Japan began in 1946 with the U.S. Occupation []

    Now, why would Japanese companies like Toyota (which started basically in someones garage) be able to take market share from companies like Ford (who began mass production)? Because they actually applied the quality control principles. Ford, &c., were selling an inferior product, which the "lemon laws" were meant to protect consumers against.

    The same is true for software. Maybe we'll get some "lemon software" protection, but the only thing that's really going to get compaies like Microsoft to start making reliable software is real competition.

  • This was one of the complaints that people had about UCITA. It made software distributed over the net more liable while traditional software companies were not held liable because the shrink wrap license nullified all responsability.

    I think any liability laws would unfairly punish smaller companies.

    Some people are in favour of Lemon Laws specifically because they dislike Microsoft and think that Microsoft software is insecure. This is stupid and shortsighted.

    Deal with Microsoft's monopoly abuses seperately. Monopolies come and go but bad legislation is forever.

    Create laws that arm consumers with security information. Perhaps a grading scheme where software that doesn't connect to the internet is given a A rating. If it is a client then it gets a B rating. If it is a server it starts at C then for every three exploits within the last year the rating increments by one.

    After you have informed the consumer you can let the market decide. If they still use software with a G rating then that's their own problem.

  • by Anonymous Coward on Sunday May 12, 2002 @05:22PM (#3507243)
    If the software behaves as promised, no liability laws can affect you. Therefore, it only makes sense to specifically promise that the behavior of the program is documented by the accompanying source code. Since source code is the ULTIMATE documentation, there can be no false representation. For free software, this is not an issue because it's distributed with the code.

    Ask Microsoft to ship full source code with their products for a full disclosure of what it actually does. Since they're not willing, you have to take their word for it, which is hardly comforting.
  • by gmezero ( 4448 ) on Sunday May 12, 2002 @05:24PM (#3507249) Homepage
    All MS has to do is ask these questions:

    1) Is all of your hardware HQL approved?

    2) Are you running only Microsoft products (if you have a single custom ASP page running on your server answer no)?

    3) Are you running the current versions of all software and protocols used?

    4) Do you have all current updates and service patches applied?

    5) Was/Is your installation completed and maintained by someone who is MSCE for every aspect, component, and method of use for the MS software and protocols you are using?

    If you have answered no to any of these questions, you are TSOL.
  • by tz ( 130773 ) on Sunday May 12, 2002 @05:32PM (#3507275)
    Such a law would be good in the context of a reformed liability law. Right now if someone is .001% liable they can still pay 100% of the damages. This applies if they didn't know or intend the outcome.

    Open Source software can be much like a public park. There should be an exemption for free, public *anything* that doesn't involve criminal negligence. If you don't pay admission, it would be up to you to make sure you don't do anything stupid on the play equipment.

    At that point, Red Hat, SUSE, etc. can assume as much or as little liability as they want as they add a paid layer on top of the commons.

    Further, Source is stuck somewhere being a device (like a toaster) or a book. If you don't like the ending of a book, or how the cake turns out, the book is in no way defective. If you can't follow instructions, or even if you simply won't, or the instructions are wrong or dangerous, you normally can't sue the author. You can sue if the toaster is defective and is actually an ignition source when used as directed.

    An EULA in the usual form Microsoft uses basically declares it to be a device. If I can't read it or analyze it or quote it, but only use it, it is a device and not a book. Also it says you don't even own it (even the single copy as under copyright).

    GPL on the other hand says lets discuss, improve, analyze the work, and by the way, you can run it and maybe use it to do something useful (like a recipe in a cookbook). It might be used as a device, but it is still a "book". And I think you could tweak the GPL if necessary to make it legally fall into the same liability category as a book.

    Between tort reform, and resolving the device / artistic work dichotomy, I think GPLed software would thrive.

    But we do not have wise leaders, and Microsoft sends more money to prevent clear thought on the part of our legislators.
  • by 91degrees ( 207121 ) on Sunday May 12, 2002 @06:29PM (#3507467) Journal
    I've often felt that the insurace model would be a good model for selling free software. You sell an open source product, with a guarentee that it is suitable for running a company with annual profits of a determined amount. You pay 100% of costs to anyone whose business makes a huge loss because of your software. You can sell the software at a cost such that Maximum possible payout * probability of failure cost of software to user.

    If a company has a larger annual profits, you sell exactly the same solution at a proportionally higher price. This means that the seller can be trusted, because it is in their interests to produce a piece of software that is as reliable as possible, and the buyer buys piece of mind. It also provides an answer to "Who do you sue if open source software goes wrong".
  • by deranged unix nut ( 20524 ) on Sunday May 12, 2002 @07:56PM (#3507775) Homepage
    Fixing the software to the customer's satisfaction may imply a lot more than one might initially assume.

    1) Is the fix made in a timely manner? If I base my business on a webstore that you wrote in your spare time, will you be able to get me a fix within 8 hours in the middle of your final exams?

    2) Does the fix solve the customer's problem? What if it is a performance / scalability problem, you designed the app to handle 100 transactions per day and the user wants to do 10,000? It dosen't need to be a technical problem either - what if the software is just too complex to use?

    Then, consider all of the overhead that the distributer needs in order to (a) test the problem to make sure that they can reproduce the bug - you don't want your developers to get thousands of bogus bug reports (b) find and communicate the problem to the developer (c) and communicate the status to the user.

    I think that this is a larger issue than most slashdot readers realize.
  • by AHumbleOpinion ( 546848 ) on Sunday May 12, 2002 @10:03PM (#3508097) Homepage
    Don't you think we would have switched back if the OSS really wasn't better?

    Yes and No.

    (1) No, many Open Source advocates are quite willing to use an inferior product to maintain philosophical purity, forward a political/religious agenda, or to stroke their egos by being elite, rebellious, etc. I don't mean to imply all advocates are like this. Back in the day I would have killed to have Linux on a PC at home rather than have to dial in to the VAX at school, but science and engineering majors are geek home turf for OSS. We too often think what is good for us is good for all.

    (2) Yes, many people who do try Linux, FreeBSD, etc. immediately return to Windows after deciding the OSS wasn't for them for whatever reason. I don't mean to suggest that there is anything wrong with Linux, FreeBSD, etc., just that they are still pretty much built by geeks for geeks.

    Personally I think the future will bring a hybrid approach, part open, part closed. MacOS X is a good example. Other examples will be more open source libraries used by commercial apps, examples: compression, encryption, image processing, etc.
  • by Anonymous Coward on Sunday May 12, 2002 @11:01PM (#3508238)
    Okay, you download my software, and find it defective. What are my obligations? To either fix the software to your satisfaction or refund your money. So I refund you money. All zero dollars and zero cents of it.
  • by nfras ( 313241 ) on Sunday May 12, 2002 @11:07PM (#3508254)
    Here's a hypothetical to test the theory.

    I am a cycling coach. I also make a little bit of money making bikes and sell one to Bob. Bob rides the bike home and on the way the brakes fail and he gets himself mangled by a sixteen wheeler. Not only am I going to get my ass sued by Bob's family for selling a "lemon", the settlement will be much more than what I sold the bike for.

    This could seriously hurt the open source business. If a company uses say, RedHat, and finds that not only does it not work, it corrupts lots of information, RedHat is going to get itself in court.
    Microsoft would probably be in deeper water. I would imagine that "known issues" would be like a company selling a toy which they know contains asbestos (maybe a bit harsh, but you get the idea).
    It may not hurt the developers in a big way but it could effectively kill Open Source by killing off any company which tries to release a distribution. I mean, what CEO is going to authorise his techs to load an OS which was put together by his friends and he has no recourse should it mess up his entire operation, when he can buy software that he knows will compensate him should it all go SNAFU.

    This is going to be a very hard area to try and legislate, and knowing the government, they are going to screw it up but good.
  • by Lambdaknight ( 180569 ) on Monday May 13, 2002 @05:07AM (#3509082) Homepage

    Something that really bugs me is the comment that this lemon law could kill "OpenSource and Free Software" alltogether. In the case you guys from the US haven't noticed: There are other countries with other laws.

    Of course here in Germany a vendor or producer is liable for what he sells, too. But this liability has limitations! In Germany you CANNOT sue McDonald's because you failed to notice that coffee may be hot and McDonald's hasn't provided you with that information! You CANNOT sue a toy company for selling Superman capes without providing a warning that those capes won't give you the ability to fly! And even if you can sue a company for liability (i.e. because they failed to give notice about poisons or side-effects in their products), you won't be rich!

    German jurisdiction mostly follows the customs and the common sense. That means: if you pay 1000 Euro for product A it is NOT regarded in the same way as product B which you got for free.

    Besides: do you really think that OpenSource and Free Software are dead the same moment the US leaves the building?

Torque is cheap.