EU Consumer Protection Reform: Liability for Software Code

A recent proposal by European Commissioners Meglena Kuneva and Viviane Reding outlined a number of consumer protections relating to licensing agreements.  In the event that the proposal becomes law, software companies could be held liable for their code.  The directive requires that products, including software licensed under licensing agreements, be held to a higher standard of accountability, and that they carry a two year guarantee.  According to the commissioners’ agenda, licensing should guarantee consumers the right to get a product that works with fair commercial conditions.  This post outlines some arguments put forth by proponents and critics of the proposal and discusses the implications of the proposal on open source software.

Proponents of the proposal argue that extending consumer protection would give consumers a broader choice of software.  Bruce Schneier, an American computer security specialist, believes that

[t]here’s no other industry where shoddy products are sold to a public that expects regular problems, and where consumers are the ones who have to learn how to fix them. If an automobile manufacturer has a problem with a car and issues a recall notice, it’s a rare occurrence and a big deal – and you can take your car in and get it fixed for free.  Computers are the only mass-market consumer item that pushes this burden onto the consumer, requiring him to have a high level of technical sophistication just to survive….  The key to fixing this is software liabilities.”

However, critics argue that extending protection would limit consumers’ choices.  Further, they argue that “creators of digital goods cannot predict with a high degree of certainty both the product’s anticipated uses and its potential performance,” and that extending consumer protection to software code could lead to decreased operability between products if manufacturers decide to limit how much of their code could be accessible to third-party developers.

One of the more intriguing implications of the proposal is its potential effects on open source software.  If the proposal becomes law, open source programmers could be liable for any damage that errors in their software cause.  Alan Cox, a programmer who was involved in the development of Linux, argued that it would be difficult to make open-source developers liable for their code because of the nature of open-source software development.  As developers share code around the community, responsibility is collective, and thus there is potentially no way to enforce liability.  However, Schneier has suggested a solution to the problem of enforceability, arguing that free software would not fall under a liability regime because the writer and the user have no business relationship.  In the event that open source software does fall under the new liability regime, others suggest that additional laws be passed to protect people who distribute free software.

Clearly, the commissioners’ proposal has far-reaching implications.  Introducing liability for faulty code could be a great method to force large software companies to pay consumers for the harm their software has caused, and thus could create an incentive for those companies to write more secure and stable code in the future.  However, it could also make open source software producers liable for the damages that result from their code, creating a disincentive for them to release freely available open source software.