EC takes three steps back on software liability
The European Commission wants to regulate software through new liability laws, but could do far more good by simply ensuring open markets.
The European Commission has a bold plan for improving software quality: make software developers liable for their code. The purported reason? Consumer peace of mind, according to the European Union commissioner of consumer affairs, Meglena Kuneva:
If we want consumers to shop around and exploit the potential of digital communications, then we need to give them confidence that their rights are guaranteed. That means putting in place and enforcing clear consumer rights that meet the high standards already existing in the main street. [The] internet has everything to offer consumers, but we need to build trust so that people can shop around with peace of mind.
Because, you know, the Internet has really struggled with consumers due to the poor quality of code. Google has a wide range of products in beta that really struggle to find users because who could possibly trust the beta version of Gmail, News, etc.?
I'm personally not against software liability, but have yet to discover a software vendor, open source or proprietary, that tries to evade responsibility for the quality of its products. In other words, I think this is a case of regulators seeking to justify their existence, not a plan for actually improving anyone's software experience.
On that note, the EC should be careful to avoid hurting the software industry, and minimizing its benefits, even as it seeks to help consumers of that industry by ensuring those benefits. For example, one of the reasons that software remains comparatively inexpensive is that the cost of legal liability is not baked into the purchase price. The EC's action could well result in pricing software beyond the reach of many current consumers and businesses.
Don't worry, some may claim, there's always open-source software! It's free and high quality!
Well, yes, but oddly enough, it also comes with absolutely no warranties, indemnification, etc., at least when used without commercial backing. It's a good thing, too: imagine releasing your software free-of-charge onto SourceForge.net, only to get hit with a lawsuit because some company's business was hurt because your software allegedly failed to work as expected. Talk about a raw deal.
On this point, Glyn Moody quotes security guru Bruce Schneier, who suggests that open source could get a free pass because open-source software is distributed without contracts. Open source, in other words, might be the ultimate get-out-of-EC-regulation-free card.
If this free pass works as advertised, presumably we'd see more software companies distributing software under open-source licenses, and only taking the blame for the proprietary add-ons/extensions that complement this open-source software. It's unclear how this would be helpful to the consumers the EC is straining to protect, but it's the stance I'd take if I were a vendor.
In this way, the EC's proposed changes to software liability could end up leaving businesses and consumers with less protection, not more, with open source providing a convenient escape hatch. Perhaps this is good as it means more software released under open-source licenses. But the idea of open source used as a means to evade legal liability doesn't sit well with me, and likely would ruin the positive connotations that currently attach to open source.
As noted, the Web seems to have thrived despite (or perhaps because of?) the lack of software-liability regulation. Open source, too, has fared exceptionally well, and has yielded significant benefits to companies and consumers...despite offering exactly zero software liability.
But this is the problem when bureaucrats, not common sense, rule. Subscription-based business models protect commercial customers, and open-data policies protect consumers, far better than any software-liability regime can. The freedom to change software vendors is a far better antidote to poor software quality than some EC bureaucrat.
In short, despite getting a lot of bad press lately, the market remains the best way to protect customers. If the EC would spend more time ensuring open markets, instead of trying to regulate closed markets, European consumers and businesses would find much better software protection.
Follow me on Twitter @mjasay.