Software Licenses and Responsibility
There has been a recent flurry of articles pertaining to two related topics: software licenses and a software company's responsibilities when something goes wrong. Both topics really pertain to the same thing: what rights do consumers have, and should they have more?
Prompted by recent virus activity (Mimail, Sobig, Blaster, and Welchia), many people are rehashing an old argument over whether or not software vendors should be responsible for the bugs in their software. Current law exempts software vendors, categorizing software as a license, not a good or service, with the former not governed by the same rules as the latter.
This news article from Reuters details the capture of the writer of one of the Blaster Worm variants. There are several statistics towards the end of the article worth noting. Specifically, one in three North American companies have suffered a Blaster infection. This resulted in 1.3 billion dollars in damage, not counting lost productivity. This doesn't include small businesses, those businesses with less than 100 employees, and home users.
The total damage estimate from all viruses and computer attacks during the month of August is believed to be around 3.5 billion. Bugs and security holes in Microsoft products were exploited for the vast majority of these attacks. However, at the same time, patches and fixes for these exploits had been available from the Microsoft Windows Update site for weeks to months before the attacks started. We, the consumer, simply did not install them.
Amidst the fray came this amusing anecdote about a man who purchased a Dell computer. Though he had to buy the computer with Windows and other software pre-installed, he had intended to wipe the computer clean and install Linux.
However, when he went to boot the computer, he was forced to agree to the licenses of all the software installed on the computer, licenses he couldn't read without first agreeing to them. The licenses were not included in the packaging. Dell tech support could not provide him with copies, and Dell customer service, allegedly, told the customer to just "lie" and say he had read the licenses.
And what do all the licenses say? Many prevent the customer from publishing critiques of the software or comparisons with other software. Most prevent the user from reverse engineering the software. Reverse engineering is a broad topic which includes everything from pirating software to academic research to security analysis to diagnosing bugs. Without reverse engineering, there would be no anti-virus programs.
The courts have ruled both in favor and against software licenses to varying extents. At least one court ruled that shrink wrapped, click-through licenses such as the one in the Dell story are not enforceable. Similarly, software vendors cannot stop public critique of their software as long as it falls under the guidelines of the Copyright Act and other applicable laws.
Nevertheless, there doesn't seem to be much recourse for those businesses and home users who have fallen victim to one or more viruses. And it's not just malicious attacks from third parties at stake, but lost money and productivity from false claims and failure to disclose known defects. Software licenses (and all licenses in general) are excluded from these very fundamental laws.
But if you bought the software because of a claim made in the advertising only to find that it did not live up to expectations, don't expect to resell it on eBay. Many software licenses prevent reselling the software, and many new products from Microsoft, Intuit, and Macromedia contain product activation, a software routine which prevents the consumer from installing the software on more than one computer over time (not just at the same time).
All of this has led a Professor of Computer Sciences at the Florida Institute of Technology, Cem Kaner, to post a "Software Customer Bill of Rights". In addition to the 10 rights, you'll find many links to applicable laws and news articles on each topic. The article, and the pages linked to from the article, are well worth a read.
Perhaps the solution, however, is to make software licenses subject to the same laws as every other product and service we buy, to eliminate exemptions from making false claims, and to hold vendors liable for failure to disclose known issues. In the meantime, if we buy software without product activation, we can at least ensure our ability to resell the software, if not our legal right.
One day, probably sooner rather than later, software will mature. When there's 5 different accounting programs and 10 different Word processors on the market which have all the features most customers will ever need, software will be sold like most other products, with warrantees and guarantees.