>According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.
So I'm now liable for that project I wrote in one night for myself that I released under the MIT License if anyone from the EU finds it, uses it, and runs into some security hole?
That's going lead to a whole new brand of licenses that say, "Anyone may use this, unless you're in the EU, in which case I can't handle the liability. Sorry, your parliament sucks."
In fact, I would argue that this law would void open source licenses in the EU anyway.
From the MIT License:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Doesn't that imply that the software can't be used anywhere where a warranty is mandatory? The license states that there's no warranty, so you're violating the license by having a required warranty.
Well, that's what the BSA director said. The article says almost nothing about the actual proposal. So we have to read it at EC pages here (link is not included in the article, of course). http://ec.europa.eu/consumers/rights/cons_acquis_en.htm
IANAL, but it looks like this only covers commercial transactions. I'm guessing it applies to things like Red Hat Enterprise Linux, but not free as in beer software.
I can't tell whether that would include a "consumer" of free-as-in-beer software.
After reading the link you posted above, it seems that a money-back guarantee would comply with the regulation. That should be easy enough for someone writing free-as-in-beer software to offer :).
This was proposed by Meglena Kuneva, the consumer protection comissioner for the EU. I attended a talk she gave in Harvard. While she seems dedicated to her work she often blames companies for consumers' lack of judgment. For example, she blamed Apple for corrupting the youth with iPods.
Every now and again, a government representative decides that they would like to do something relating to technology, or medicine, or whatever. Whether this something is practical, possible, or legal is largely immaterial. They will bring it up, and it may even get passed (American CDA, Australian internet filtering thing); at that point it will die amongst legal challenges or simple impracticality. Business as usual.
This is about risk allocation, the idea being to make the party bear the cost is who in the better position to do something about it.
If corporations were liable for defects in their software, they would need insurance to cover claims, and this would be passed on to consumers as higher prices. They would also be more precise in specifying and communicating how the software should be used. They would start using techniques that might not be efficient or clever, and they might be overkill and more expensive, but that were known to work - similar to how civil engineers design bridges that don't fall down. And they'll need teams of lawyers to handle the litigation.
Software will cost more in the EU.
This focus on security and consumer rights is what happens after the cowboy phase of an industry is over. But as we move into cloud computing, SaaS, and netbooks and smart phones, that age is yet over for us. Probably it will last at least as long as Moore's Law holds.
Although I'm certainly not sold on this idea [1], I find it amusing that the BSA representative is against it; after all, one of Microsoft's main arguments against F/OSS is that there's nobody liable for its correct function. Maybe because the EU laws covering warranties only apply to consumers, not businesses, and Microsoft would have to offer consumer-level customer support of some kind as part of the license. (as far as I know you currently have to pay per issue for support unless you have some kind of contract with MS)
[1] I don't see how someone writing open source software in his or her spare time in any way deserves to be liable for malfunction, for example; another worry is the amount of ambiguity involved at all stages, from "intended use" to the definition of "efficacy and security", along with the technical complexity and explosion of possible combinations of software on the average computer
Oh, that's just one part of the inconsistency shown in the BSA quotes.
"Digital content is not a tangible good and should not be subject to the same liability rules as toasters" is also interesting seeing how in regards to [intellectual] property they very much push the opposite stance.
"extending consumer regulation to software could lead to less interoperability between software products" is just shameless seeing how the EC had to force some (much fought against) interoperability down some of the bigger memberst of the BSA.
There is no mathematically rigorous way of proving that any given piece of code does or doesn't do anything. It all depends on the context in which the code is being used.
Building software is a trial-and-error process, and building large pieces of software is a large trial-and-error process. They are asking for the impossible, like providing airport security or anything of a similar scale.
If a law is made of this it will serve nothing but annoyance to actual users of said software. There is just no conceivable way anyone could regulate and enforce that law. It's a good idea in general but it shouldn't have an application in legislation, that's like forbidding pigeons to litter monuments -- no offence, but what the...
And draw any meaningful conclusions from that data.
Better yet, how do I write reliable software that runs on a buggy processor? What do I use to test that the chip I'm making does what it is supposed to every time for all scenarios? It's programmable, after all.
There's a reason why most entrepreneurial endeavors start in the United States and not in Europe. Bureaucratic laws like this stifle innovation rather than promote it.
How about we make the EU politicians and lawmakers liable for the laws they pass? If a law they make happens to harm the economy in any way, they'll have to cover any such losses out-of-pocket.
This isn't a law. It's a bizarre, stupid suggestion.
>> "There's a reason why most entrepreneurial endeavors start in the United States and not in Europe"
I'd like to see your data for that one. I really don't think it's due to bureaucracy. Starting up in the UK at least is ridiculously simple, and cheap - £25 will get you a Ltd company.
Good question. Note by "entrepreneurial endeavors" I meant start-ups, and not mom/pop "home businesses." Companies which plan to scale to a reasonable size (20-1000+ employees), essentially.
I've come to that perception from economic classes I took in college, and from general observation of start-ups. This is a good article which elaborates on entrepreneurial differences between the U.S. and Europe, citing economic, government, and social differences, among other things:
Noteworthy quote: "And far fewer start-ups in those countries become big businesses. Janez Potocnik, the EU commissioner for science and research, points out that only 5% of European companies created from scratch since 1980 have made it into the list of the 1,000 biggest EU companies by market capitalisation. The equivalent figure for America is 22%."
It's not that doing a start-up in Europe means you're doomed. There's just less of them which make it big.
Also, "Europe" encompasses a bunch of different nations with different attitudes and laws. The U.K. is much different than Finland, or Denmark, etc... So bunching them all together as I did isn't entirely fair.
If you look at one of the charts in the article, Denmark/Sweden/Finland all in-line with the U.S. when it comes to venture capital. If you look at Europe as a whole at the bottom of the chart, averaging all nations together, you see a much different picture.
If this proposal passes (which I doubt) I'm going to write a letter to the commissioner, demanding that everyone gets to try washing machines for 60 days and keep a copy of the machine after returning it.
They should put forward computer scientists to refute this, rather than business representatives. Oh well, we can laugh at their ignorance but it's easy to miss overlook the fact that companies in a large fragmented market sometimes gouge consumers for years and falsely shift the blame for high prices onto whatever government happens to be handy. Having worked for some privatized utilities over there, management is often focused on accumulating as much money as possible rather than improving service for the consumer.
If you are an open-source developer, you could write in license or documentation, `This software does whatever its source code states it does'. Joe the Average User don't need to to read through code himself; there are enough geeks on his friendlist to have this covered. In spite of reeking of RTFM-ness, this approach actually is about the only honest; all other ways of documenting are simplifications, approximation and literally shuffling dirt under the rag by assuming nonexistence of bugs.
However, due to to exceptionally high complexity, and hard to predict interactions between various software and hardware components of system, you need to put strong disclaimers in place: `Unless there are faults in compiler, libraries, the underlying OS your hardware' makes any responsibility very diluted and hard to prove at best. And let's not forget about the -- very uncommon, but occurring nonetheless -- random flips of bits in memory, which may bring the system down or silently corrupt code or data in unreproducible ways, regardless of software and hardware quality.
Only actual cure for software reliability is to use simpler systems, made up of loosely coupled components, where failure of one doesn't affect others, and it's easy to re-start from previous step. It's the big, opaque, monolithic, all-encompassing application or systems that bomb and trash your data that are the most problematic. Outlaw those.
The EU needs disbanding :( Complete waste of money. This is just another example of them making up work for themselves to do to justify their existence.
Only someone with no clue about programming would suggest something like this.
It's very worrying that unelected 'officials' being paid by us can try to pass laws that no one wants.
Only someone with no clue about programming would suggest something like this.It's very worrying that unelected 'officials' being paid by us can try to pass laws that no one wants.
Unfortunately, that type of thing happens all over the world, not just in the EU parliament. I don't think that disbanding the EU would resolve the problem of politicians making decisions about things they have little to no understanding of.
I don't think our politicians are any better, really. Local politicians make equally bone-headed moves, such as the UK's DNA retention schemes, or France's 3-strikes rule. In these cases, the EU has actually been the one opposing political idiocy.
It's also worth noting that most dumb ideas from the EU (including this one) come from the unelected European Commission. The EU parliament, whilst far from perfect, doesn't seem to be quite so stupid, and unlike the EC, the EU parliament is made up of elected MEPs.
I'd be in full favour of getting rid of the EC, but the EU has been a very powerful economic equalizer in Europe, which in the long term is probably a good thing for all European countries. It's also a force that discourages local politicians from being dumber than average, so schemes like punishing people outside the judicial system, or keeping the DNA of innocent people tend to be resisted by most MEPs.
At least, that's been my experience with the EU. Feel free to come up with counterexamples :)
As an electrical engineering grad, I have thought about the option of becoming a Professional Engineer. The idea behind the PE certification is professional responsibility - I see very little wrong with requiring that an engineer stands behind their work.
Unfortunately, software does have the formal verification problems discussed above, so there may have to be modifications made to how this responsibility is handled.
At the same time, I find it very troubling that software engineers who produce shoddy products - bad security, unsafe control system code - are not held responsible. If nobody takes responsibility to "sign off" on a design, who is the one that is going to spend the time necessary to verify its function to the proper degree it deserves?
Cars do tend to come with a guarantee of some kind, and I'm pretty sure EU consumer protection laws do extend to them. That doesn't extend indefinitely, of course, but this article says nothing about the duration of liability.
>According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.
So I'm now liable for that project I wrote in one night for myself that I released under the MIT License if anyone from the EU finds it, uses it, and runs into some security hole?
That's going lead to a whole new brand of licenses that say, "Anyone may use this, unless you're in the EU, in which case I can't handle the liability. Sorry, your parliament sucks."
In fact, I would argue that this law would void open source licenses in the EU anyway.
From the MIT License:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Doesn't that imply that the software can't be used anywhere where a warranty is mandatory? The license states that there's no warranty, so you're violating the license by having a required warranty.