Why Can't Microsoft be Sued Under the Lemon Law?

briant97 asks: "Microsoft is sitting back making all this money by charging for desktop and server operating systems. If you go for a server, they also add additional charges through client access licenses. Well, now that they've charged you all this money they leave their software open to viruses and exploits beyond belief, which will cost your company even more money. When will it stop? When will Microsoft become liable for their actions? I mean they are making billions while costing other companies billions. Ford, Chevy, and all other car manufactures get held liable if they make a defective product, why not Microsoft?" One can argue that you sign away your right to seek damages from Microsoft, by agreeing to the EULA, however there is still this issue as to the strength of a EULA since they've never been tested in court. How do you feel about this subject? Should software owners be allowed to "sign" away their basic rights via click-thru licensing, or should software manufacturers be liable for the critical defects that show up in their software?

Lemon Law

[arrow]

My first guess would be because the "Lemon Law" only covers cars.

From http://www.mylemon.com/faq.htm:
What types of products are covered by the Lemon Law ?

All motor vehicles primary used for personal use are covered under the Pennsylvania and New Jersey Lemon Law.

slippery slope

[voisine]

Just remeber, if Microsoft is held liable for it's products in spite of the EULA, it's only a matter of time before other software comapanies and eventually open source authors will be sued for the same. Are you really so eager to jump headlong into the new world of software liability litigation?

They should be liable

[kommakazi]

EULA's shouldn't be able to take away a consumer's basic rights as many basically do these days. If you buy a product you expect it to work as advertised and not be defective. It seems only software companies are able to get away with selling defective products by tacking on long EULA's to them. Why don't car companies tack EULA's onto their vehicles saying if it's defective, you're SOL? Because nobody would put up with it, they'd go find another car without one. Nobody would put up with that on about any other product except software. I strongly agree people should stop letting software companies shove defective software down their throats. I say people challenge EULA's at all *reasonable* opportunity... EULA's should simply be an agreement that you're not going to reverse engineer their product or distribute it illegally and such....not forcing you into agreeing that the software is probably defective and that you're going to be the one paying out your ass for it.

This is ridiculous

[torinth]

When desktop and corporate customers are willing to wait 10 years for products that incorporate new technology, we can talk.

Microsoft is being no more negligent than their competitors would be. Businesses recognize the risk of using Microsoft, Apple, Sun, third-party or OSS software, and balance that against their need to actually use recent innovations. The end result, a fast life-cycle on development and rather unreliable products. Businesses suffer losses when software is compromised, but that's built into the cost of getting software years before it could be released otherwise.

If consumer advocacy laws applied to software development right now, you'd see innovation plummet. What few developers that would bother with top-notch reliability (which is comparitively boring) would still take years to create something after the idea was publically announced.

Meanwhile, some black market developers would create the same function in some illegal and wholly unsupported product, but businesses would buy it up like crazy.

The reason that these kinds of regulations are important with cars and pharmaceuticals is that these industries put people at risk to their lives. A flaw in a car will kill people. A flaw in software will cost a company some money, but is a threat that can be overcome through market practices. The company insures against damage, pays a premium, and gets reimbursed on loss. Nobody dies. Big fricking deal.

Businesses where reliability does matter (i.e. infrastructure and medical projects) go further and independently make sure they only use software that has gone through the ropes. This software tends to evolve more slowly, or else has a disproportionate amount of money thrown against it to speed things up.

Re:exploder

[Scottarius]

very true. But I would assume (or at least hope) that servers that control systems that could mean a life or death situation if they fail would be monitored much more closely with more failsafes than your average web server.

Which brings up an interesting questions. Does it matter as much what caused the malfunction as how you were using it when it happened? Say I'm driving my car 130mph down the freeway when a faulty tie-rod end breaks causing me to carom around the freeway createing a 20 car pile up. Who's to blame? Me or the manufacturer of the faulty tie-rod end?

I would think the same thing applies to server software, if your using it irresponsibly when it's being used in a life or death situation and you don't take the necessary precautions just in case of a failure, who is really at fault?

Now if a serious fault in Microsoft software caused a train to kill a bus load of nuns, i'm sure a lawsuit could be filed against Microsoft. Weither or not it could be won I have no clue, i'm not a lawyer.

Re:slippery slope

[silverbolt]

Exactly. Microsoft is just being singled out because they are making all this money. No software program, not even your $FAVORITE_DISTRO, is foolproof. Holding software developers/companies accountable is not feasible nor advisable. Best to let market decide which ones to prosper and which ones to push to oblivion.

Re:Because it would be bad for everyone...

[91degrees]

Now, what about the floating-point exception handler bug in Linux?

But how much did this particular bug cost the industry? This would be the maximum liability. And obviously only the vendors would be liable; They're the ones selling it as a working OS suitable for certain purposes. There is only an implicit warrenty once you charge for it.

Re:slippery slope

[Anonymous Coward]

On the other hand it's not hard to imagine a lawyer arguing that allowing anyone to contribute to a product's code without knowing anything about them could be negligent on its face.

Re:All software makers should be held liable

[secolactico]

As an example of why software makers should be held liable, imagine a nuclear power plant being run by some OS. Now imagine that OS has a bug which causes it to crash if certain conditions are met. Now imagine those conditions are met one day, causing the cooling system in the reactor to stop working as it should. I think we all know what happens next...

Which is why Microsoft forbids the use of MS software for such mission critical apps.

If you need an OS to run a nuclear plant, you'll have it custom made, by someone who can be held liable and who'll probably provide the source.

Think of it like a car.

[man_ls]

Think of it like a car.

My 1998 Honda had a problem with the ignition that, if a certain combination of environmental factors, driving habits, and the phases of the moon and planets all combined correctly, the contacts would corrode under the extreme voltage and cut power to the engine while in operation. Their response: Take the car to a dealer to have the ignition switch replaced free of charge.

I.e.: This otherwise safe and well designed car has a small flaw that under certain conditions may manifest itself in a potentially annoying to potentially dangerous way, depending on what you are doing.

Now, let's pretend it is a computer.

Your well-engineered and hardened security Windows 2003 Server system has a flaw in a protocol parser that allows, with the right combination of messsages, someone to cause code to be executed on your system.

In other words: This otherwise safe and well designed server operating system has a flaw which, depending on several factors, may manifest itself in an annoying or dangerous way.

Any complex system is going to have problems with it. Millions of lines of code, or hundreds of thousands of moving or conductive parts, each can have something fail if there's a tiny problem with it.

Microsoft releases their fixes free of charge, just like a dealer service recall on an automobile.

What's the problem here? You can eliminate 95% of these vaunerabilities by simply *not running without a firewall* and *not running unneeded services* which is (GASP) something you'd do on Linux as well. Linux is just as vaunerable if it's sitting open and unprotected on a network with 500 services running as root. Would you do that? No. So why do you do it with a Windows box?

If it's because Windows is more of a "turn-key" solution, and the user doesn't think to secure their box, it's not Microsoft's fault, the blame rests surely in USER ERROR.

Re:slippery slope

[Bastian]

But do you really want Joe College Student, who has a big fat two digit number in his pocket and a big negative five digit number on his student loan to be exposed to the risk of getting sued over some barely-tested and half-broken piece of software whose source he posted to the web incase somebody else wanted to work with it?

It wouldn't work

[MerlynEmrys67]

There is software that provides these kinds of guarantees... Problem is the guarantee is almost worthless.

Lets first talk about supported hardware configurations.

Before I would allow certain liabilities like this, I would require a given supported configuration. Lets say something like a Pentium 4 processor running at 3Ghz - without HyperThreading, A Chipset, a single graphics card (make it old too), a single hard disk from one manufacturer - the list goes on (well in reality - the list doesn't go on). Your hardware isn't in the supported configuration (You did buy directly from Dell didn't you ?) forget the support, it isn't a tested and qualified system.

Software configuration

You weren't going to install ANY other software on your system, other than mine... How do I know that THAT software didn't cause the problem - so nix any software purchases - or that will void the warantee as well.

So basically you end up with a supported system, that is completely useless. Not much fun at all. And you WANT to have this happen by getting lawyers involved ?

Re:slippery slope

[isaac]

Just remeber, if Microsoft is held liable for it's products in spite of the EULA, it's only a matter of time before other software comapanies and eventually open source authors will be sued for the same.

Of course there's a big difference between the GPL and a EULA. A EULA imposes additional terms upon the buyer after a sale! This is, of course, redonkulous and utterly unenforceable. The consumer software buying process goes like this - you go to store, you pay your money, you walk out with a box of software.

Only when you get home and open the box do you get to read the EULA (and by the way, no retailer will accept returns of opened software!).

Now, if the terms of the sale were clearly specified on outside of the package, and you had to signify your assent to the terms before taking the software from the store, then the EULA might be enforceable. (Even then it would probably contain unenforceable terms, but that's a separate discussion.)

Of course, no software vendor or retailer is actually willing to do this because it would totally kill impulse purchases that are the backbone of retail software sales.

The GPL is a different sort of license, covering redistribution; if you buy a cd of GPL'ed software, the GPL allows you to redistribute it subject to certain conditions. If you don't assent to its terms by redistributing it, I can't think of a reason why the seller would not be liable for the software. Of course, if you just download GPL'ed software for free, the site you downloaded the code from may not be liable because, hey, you got it for free!

-Isaac

This would totally kill the software industry

[wayne606]

Ever check how much doctors pay for malpractice insurance? It's in the 6 digits for some specialties. Just think what would happen when small software companies start getting sued because of bugs in their code that lead to others making expensive mistakes. Lots of companies would be driven out of business and the only ones that would be left standing would be the ones with the deepest pockets, i.e. Microsoft. Then they would say "we are paying out all these huge damage awards, so we have to raise the base price on windows to $1000 / copy".

Maybe that's a bit extreme. Seriously, software is way more complex than a car. Who among you would bet your entire net worth that you haven't shipped code with potentially serious bugs in it? There are always bugs.

Maybe a mandatory "your money back if you aren't satisfied" law would fly. But 99% of the people who take advantage of that offer are going to keep a backup copy of the software, "just in case" ...

This idea could never get past the unanimous opposition of every company in the software industry. Just live with it - software has bugs. If you don't like it switch to another package or just go back to pencil and paper.

Oil change

[jptechnical]

You don't expect a car dealership to be liable if your engine siezes because you never changed the oil.

The patches and exploits are handled as they arise and if you keep up with the maintenance than you wont suffer catastrophic failure.

Sure this is a bit of a stretch but you have to take some damn responsibility. You can't blame MS for all your woes.

They make a good product that keeps the majority on the road. Every generation has new features and new flaws. The fact is the flaws are publicized and you have an opportunity to patch them.

The time and money spent is part of the upkeep. It is like oil in an engine... if you never maintain it it will fail. It will leave you stranded and up a creek with a very expensive repair.

However, when maintained you get acceptable operation.

Quit your mindless bitching! Blame the Virus Writers for writing the viruses. Patch your system be it MS, *nix or whatever. Take some damn responsibility and stop blaming everyone else.

djb's take on EULAs

[_iris]

DJB seems to favor the consumer [cr.yp.to] in the EULA debate.

Re:slippery slope

[NanoGator]

"... it's only a matter of time before other software comapanies and eventually open source authors will be sued for the same."

For the record, I'd never ever contribute anything to the Open Source Community if I would be held responsible for the criminal act of another party.

Here's the problem: Viruses don't write themselves. It'd be like suing Ford because somebody put sugar in your gas tank.

Re:They should be liable

[NanoGator]

"It seems only software companies are able to get away with selling defective products by tacking on long EULA's to them."

Duh. They get away with it because they cannot guarantee the environment in which the software is run. Do you think your car would have a stellar warranty if there were no roads?

FTC Heard Arguments on This

[lkaos]

http://www.ftc.gov/bcp/workshops/warranty/

97 comments were filed publicly. Everyone from RMS [ftc.gov] to IEEE [ftc.gov] to, well, me [ftc.gov].

Basically, software warranties would make Free Software illegal. The model wouldn't work if we were held to quality expectations. Read the comments to educate yourself.

Re:As is....

[schon]

there is no transfer of property, so there is no sale

Bullshit. If there was no sale, then the store is liable for fraud - because they sold it to me. And if you wanna go bark up that tree, you'll find that MS sells the software to them, so MS would also be liable for fraud.

Just because you've fallen for the EULA propaganda, doesn't mean it's true.

lemons

[Anonymous Coward]

Yesterday : If life hands you lemons, make lemonade.

Today : If life hands you lemons, sue the bitch.

Why is this so misunderstood?

[rjh]

If this were the case, you could sue $developer for $foss_project.

Why is this so misunderstood? Why is legal "analysis" like the preceding accepted as unquestioned fact?

Here's the thing. Well, here are the things--there are two of them.

1. $developer can be sued for $foss_project today. You can be sued for eating a ham sandwich. You can be sued for putting a detailed account of felonies [sixdemonbag.org] on your webpage. The only way to be lawsuit-proof is to die, and even then, your estate can be sued.
   
   So this entire "software needs to be without liability, because otherwise we could be sued!" is nonsense. We can already be sued. What can't happen, at least assuming EULAs are valid and we're all using a EULA that disclaims liability, is we can't be sued successfully. And even if EULAs are held invalid and software liability becomes the rule, we're still not likely to be sued. Read on.
   
2. If I tell you "hey, I wrote this, and I'm giving it to you for free without any reciprocation from you, but I'm not making any guarantees it'll work," that's a boatload different in the eyes of the law from me telling you "hey, I wrote this, and for $10,000 and the souls of your children I'll let you use it, but I'm not making any guarantees it'll work".

Have you ever heard of Good Samaritan laws? Some state legislatures got tired of hearing of frivolous lawsuits filed against people who came onto the scene of an accident, gave emergency care in good faith and for no cost at all, only to have the person whose life they saved turn around and slap them with a malpractice suit. This was considered to be so beyond the pale that both the courts, via common law, and the legislatures, via statute law, moved to smack it down.

If software finally becomes subject to the same requirements of any other manufactured good, we're going to see commercial software companies (like Microsoft, Oracle, Red Hat, Novell, etc.) spending a lot of money doing bughunting, bugfixing, and documenting failures; and we're going to see both common and statute law exempting no- or low-cost free software from software liability.

Re:slippery slope

[pla]

Just remeber, if Microsoft is held liable for it's products ... eventually open source authors will be sued for the same.

"Lemon Laws" basically let you get your money back on a defective product.

So, keeping to that idea - Sure, I'll gladly refund the purchase price of $0 when a program I write fails to work for someone.

Similarly (as a freelance contractor), if someone pays me to write a program, and it doesn't work... Well, I don't suppose I'd get paid, would I? So why should Microsoft (and any other commercial software house) not have to live up to the basic standard of "works as advertised"?

Re:exploder

[itwerx]

U.S. reactors literally cannot go Chernobyl in the event of failure.

Even Chernobyl wouldn't have gone Chernobyl if the stupid bastards running the plant hadn't disabled all the safeties and forced it into that state. [elon.edu]

Link above is from a Google search so here's the cache link [66.102.7.104] as well.

Re:slippery slope

[Radical Rad]

So why are you even fucking arguing about it?

Maybe he's arguing about it because you don't even understand the terms you are using, so you are obviously clueless.

Are you honestly going to sit there and insist that a normal, home PC is somehow worthy of lemon laws which are designed to protect the lives of citizens like you and me?

You believe that Lemon Laws are designed to protect lives and use this as your argument that software doesn't need similar laws. Go learn what Lemon laws actually are and then you'll realize how silly you look.

And why are you being so abusive to people in an argument over something you don't even understand? Is it because Microsoft was used as a perfect example of the type of company we need protection from? Why do you pledge allegiance to Microsoft? Do you work for it? Do you own stock in it? Tell us please.

Re:slippery slope

[10101001 10101001]

In the US, you can sue anyone for anything. So, the only thing you can do to stop being sued over released software is to not release software. I'd go a step further; it's possible someone could steal and distribute your software and you'd be sued over it, so you really can't make software if you don't want to be sued over it. It's still the case that actual damages (ignoring lawyer fees, which is probably the biggest hit), assuming you lost, would only be relative to the cost of the sale unless it was intentional damage.

Re:slippery slope

[bnet41]

But I don't think it's su ch a bad idea that such a developer be held liable for her code.

Until it's you being held liable. Sadly, all it takes is one little mistake.
I do think there needs to be some type of software liability laws, but they are going to have to be like nothing else out there, basically a totally new concept.

Re:slippery slope

[Grab]

No, lemon laws exist to protect consumers from bad products where the "badness" is very easy to quantify. If a 2-litre Ford engine doesn't pull as well as a 2-litre Honda engine, you have no rights under the lemon laws. But if it bursts into flames, *that's* where the lemon laws can come into play. And it's very easy to determine whether an engine has burst into flames or not, I think...

And what do auto manufacturers do? They recall the cars and modify them. Put simply, they upgrade them. What does MS do when there's a new Windows vulnerability? Exactly the same thing.

Grab.

Re:I'm also feeling addicted to Windows

[Anonymous Coward]

I misread "inbox" as "XBox". Call it preminition.

Re:As is....

[nagora]

But the software, they just sold you a license to use it. Nothing more, nothing less.

Bullshit again. Where's their signature? Where's mine? What is the term of the license and how do I renew it or cancel it? Which company appointed agent negotiated the terms of the license with me?

When you buy a copy of Windows, that exactly what you do under the law as it stands. Software vendors have not quite managed to change that yet so they just pretend they have in the worthless EULA's that they produce.

no doubt some aren't, but they've not been tested in court any more than the GPL ever has been

The GPL's been tested millions of times in courts: it's called copyright. That's the crucial difference between, for example, MS's EULA and the GPL - the GPL gives you MORE rights while MS is trying to get you to sign AWAY rights (without signing). That's a huge difference when it comes to court. You don't have to sign something to agree to having more rights!

If you don't understand the license and click "I agree" anyway, that's your problem.

No it's not. If I have to yodel to get MY software to install then that's what I'll do. If I have to press a button marked "I Agree" then I'll do that too. Makes no odds: I still own the program just as much as I own my toaster. If the seller thinks that their pseudo-legal claptrap binds me any tighter than copyright law, then that's their problem.

TWW

If Users Can Sue MS, They Can Sue You, Too

[reallocate]

Open source advocates need to think long and hard before lobbying for legislative action aimed at Microsoft. The mandate of a lemon law is unlikely to be constrained to only Microsoft.

Any legislation mandating performance and security standards for software, or allowing its users to bring suit against the people that developed and distribute it, will likely be aimed at open source, as well as other non-MS commercial products. (If not intially, certainly rather soon. A lemon law targetting only MS is no more likely than a lemon law targetting only General Motors.)

Bottom line, then: If users can sue Microsoft, they can sue open source developers, too.