Should Microsoft be Liable for its Flaws?


The recent attacks on Twitter and Facebook, probably using Windows botnets, have highlighted an old issue: whether Microsoft should be held responsible for the flaws in its software that cause such costly global downtimes.

At first glance, it's an attractive option. After all, it could be argued that the company has made billions of dollars of profit from software that has caused billions of dollars of losses for users around the world, and so it would be only fair if some of that unjustly gained dosh were redistributed to those who have suffered at its hands.

I wrote about this a few months ago on Linux Journal, when the European Commission floated the idea that consumer protection rules should apply to programs:

A priority area for possible EU action is "extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content", according to the commissioners' agenda. "Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions."

EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.

The big problem with this idea is that it would seem to apply to free software too. Indeed, if you glance at the dozens of comments to that Linux Journal article, you'll see that people from the open source world were very divided on whether such an approach was advisable or even feasible.

Nonetheless, the idea is not going away. Indeed, it seems to be spreading to the US now:

IT vendors and tech industry groups say a new set of legal principles for software contracts developed by the ALI (American Law Institute) could stifle innovation and raise the cost of software, even though they are meant to protect consumers.

One section in the sprawling, 300-plus page document, "The Principles of the Law of Software Contracts," is particularly drawing fire. It states that parties who receive payment for software "warrants to any party in the normal chain of distribution that the software contains no material hidden defects of which the transferor was aware at the time of the transfer."

Once again, a key issue is what happens with free software. Just how concerned the Linux Foundation is can be gauged from the fact that it even wrote a joint letter [.pdf] warning against making software vendors liable for their code with – wait for it – Microsoft.

Clearly, this is an important issue that could have huge ramifications for free software, but one on which opinions are divided. What are your views? Should software companies be held liable for damage caused by their code, and how would that apply to those who produce free software?

Follow me @glynmoody on Twitter and

"Recommended For You"

EU debates criminal sanctions for intellectual property violations EU ministers agree in principle to new data protection oversight