Writings
W050602
Fear and Trembling–Software Liability
Analysis 0.00
|
|
Writings
W050602 |
- Consult <http://orcmid.com/writings/2005/06/W050602b.htm> for the current status and electronic copies of the latest version.
These are crude notes. I had a great telephone conversation that touched on these topics, and I waited too long to write the key ideas down. I also have lost the flow and dynamic of the conversation. Here's a start at fleshing out what scares me and why it matters to me, as well as some great reactions from someone I spoke with that showed me how we are so defensive around liability, just like the media companies about piracy and theft!
When Bruce Schneier talks about software liability, I notice that I become anxious. Not when I read what he and others say and take it in the abstract. Then I just nod my head knowingly. But I heard Schneier speak and he repeated that statement. I notice that I was immediately anxious, uncomfortable and, yes, frightened.
I didn't think to mention that to him when I had the opportunity, but I did raise it the next day (April 16) in a cell-phone conversation with a buddy who returned my call while he was en route to a geek lunch on a geek Saturday outing.
In that conversation, I heard the coin drop. Then I saw what I was afraid of and also how software developers are no different in their fears about software liability than, say, publishers are about open-media, piracy as a widespread practice, and loss of effective IP protection.
I was so struck by that I wanted to write it up, but I have been procrastinating that for weeks (o.k., months).
These pages are my remedy.
I tossed into the conversation that I got to meet Bruce Schneier and that, listening to his luncheon talk, I noticed how challenged I felt when Schneier mentioned, not for the first time, that software liability is the only way that there will be an economic incentive to produce secure software. Being right there, it came across as personal. I took it personally. I was startled by that.
And, because I consider that Schneier's observation is accurate, I didn't know what to do with that. What am I afraid of?
While musing about that, my buddy blurted out,
Whoa. Another country heard from. That was automatic and immediate too. Wow. So then I had to say, wait a minute. Industries adjust to this sort of thing. There are ways we'll adjust to this.
There'll be insurance against software defects and maybe even malpractice for software developers. It will happen over time.
And my concern about this is that there will be a high barrier to entry, with only large professionalized organizations able to satisfy the requirements for developing reliable software and having the resources to endure losses under a liability judgment.
The next day, I stumbled over this observation. It applies as much to software liability as it does to peer-to-peer file sharing:
"The interaction of new technology is always disruptive of old markets ... . Yet history has shown that time and market forces often provide equilibrium in balancing interests ... ."
Opinion of the U.S. Court of Appeals for the Ninth District,
Metro-Goldwyn-Mayer vs. Grokster Ltd., August 19, 2004. (section III p.11746.)
That had me think of software as art and literary creation. I agree. I also observed that writers are not free from liability, although it is a fairly rare situation. Maybe that is what we are looking at with software liability too.
Later on, as the result of other discussions, I want to modify this. It is true that software is like writing in that it is created and distributed as programs fixed in a tangible medium (even streams of electrons on wires). But software behaves. And that is different, and it is what makes some software patentable, whereas the content of books is not so protected. The application of copyright to programs and application of patents to software behavior and principles of operation correspond to this dual nature of software.
That's it. That's what I fear. Not being able to enter the field, not being able to produce software at the cottage-developer level.
Computing and software development are a marvelous vocation for me. Although, after 47 years as a software developer, I have little to fear from the future introduction of software liability, it hurts to think of people cut off from this marvelous activity. Of course, people will still be able to program. The question is about the offering their wares to others, even on a shared or open-source basis. I don't want to see that go away. For me it has always been part of paying my dues back to computer science.
I wonder if my interest in trustworthiness and developing ways to bootstrap to assurance of trustworthiness is really motivated about wanting to protect the ability of individual and small-business developers to create software that meets the reliability requirements that can be expected at the current state of the art.
I want to see practices that can be learned and used that allow bright young programmers to be responsible in how they develop and deliver software into use and further refinement by others. I want a way to do that.
I want an equilibrium, and maybe a spectrum of situations, just as in engineering and construction, where appropriate levels of liability go with the nature of the effort and the domain in which the software is proposed to be appropriate.
[I've got 785 items, some completely irrelevant, that come up on searching for software+liability using MSN Desktop Search on my computer. On the web there are over 800,000 and the first-presented hits are amazing.]
Coffee, Peter. Two recent articles about software-development standards.
Kaner, Cem. Software Liability. Web page. 1997 November 11. Available at <http://www.badsoftware.com/theories.htm>. There's much more on the site, which is related to the book.
Kaner, Cem., Pels, David. Bad Software: What to Do When Software Fails. John Wiley & Sons, New York, 1998. ISBN 0-471-31826-4 pbk. {I know David Pels and I recall how excited he was that this book was published. I wonder what more has been developed since.}
Schneier, Bruce. Secrets & Lies. John Wiley & Sons, New York, 2002. ISBN 0-471-25311-1. The discussion of security in software products is in chapter 23, The Future of Products.
Schneier, Bruce. Computer Security and Liability. Schneier on Security (web log). 2004 November 3. Available on the internet at <http://www.schneier.com/blog/archives/2004/11/computer_securi.html>. Accessed on 2005-06-16.
United State Court of Appeals for the Ninth District. Metro-Goldwyn-Mayer vs. Grokster, Ltd. Opinion. 2004-08-19 Case No. 03-55894, available on the Internet at <METRO-GOLDWYN-MAYER V GROKSTER, LTD.> (Adobe PDF file).
|
You are navigating Orcmid's Lair |
created 2005-06-15-11:47 -0700 (pdt) by orcmid |