Presented by Team A: Dax Hutcheon
The current practices of software development, insofar as all responsibility for the correct functioning of software is disclaimed, are scandalous. In no other industry or human endeavour is such irresponsibility tolerated. This situation cannot continue. The already significant and continually growing importance of software in the lives of people and the functioning of society makes the issue even more pressing. The software industry needs a dose of reality. No longer must they be allowed the luxury of power without responsibility. If they wish their products to play a role in the lives of people, and reap the benefits thereof, then they must take commensurate responsibility for the consequences. We propose a sliding scale of minimum personal and corporate liability for software developers. This would actively and directly encourage the software industry to develop and follow better practices.
We do not propose a series of standards or guidelines which the software industry must follow in designing, coding, testing, debugging, or deploying their products - all that we require is that they take responsibility for the results of these processes. Obviously, we believe that this will necessarily translate into improvements in some or all of these processes, but we believe that members of the software industry are the best people to determine and implement what changes are necessary. We do not propose self-regulation on the liability side - the standards and extent of liability must be determined by a rather more objective body. We also acknowledge that this cannot be an instantaneous or opaque action. It will take time to develop appropriate standards of liability, and it will take time for the software industry to react to them. Various phase-in schemes could be envisioned, but we leave this as a question of implementation.
Some objections to minimum liability for software have been raised by by various parties. Firstly, there are those who would argue that standards for software are too difficult to formulate. The primary answer to this charge is that we are not proposing formulation of general standards. We leave this issue of implementation up to the developers, and we are confident in their intelligence and ingenuity. There is another point being made though, that goes beyond this. It is being proposed that in some cases, software and/or the development process is too complex to be properly understood and managed. In this case, the choice for software developers is whether to proceed blindly, or not at all. In the current environment, the decision being made is to proceed blindly, virtually without exception. Our liability proposal still allows this choice to be made, but it should give developers reason to at least consider their wisdom. In cases where liability is minor, the decision will no doubt continue to be to proceed. In cases where liability is major, we would hope that the decision would be to reconsider.
A similar argument regarding the difficulties of software testing can be answered in much the same way. We do not propose software testing and certification standards, but are confident in the intelligence and ingenuity of developers to do so, should they deem it necessary. Where they cannot, we wish them to consider whether what they are proposing is worth the liability risk.
Another objection to minimum liability for software is that it is difficult, if not impossible, to pinpoint blame for the failure of a system. We would argue that this is a perfectly good argument for minimum liability. If we let failures in critical software occur without recourse, then there is little incentive to improve the software or the development process, and failures will continue to occur. If we demand that there be some level of responsibility and accountability in software, then this incentive is created. At whatever level the liability is being applied, there will be pressure to improve the product and the process. With the liability levels properly implemented, this pressure will necessarily be sufficient to propel the improvements.
The final objection that we will address is the claim that minimum liability could be very damaging to the software industry in general. Firstly, looking at this claim on its merit alone, we can see that it is spurious. Many industries face minimum liability standards, as do many professions. It would be farcical to suggest that the automobile industry has suffered due to government-imposed safety standards, and it would be even more humorous to suggest that doctors, lawyers and engineers have suffered due to the liabilities that they are required to practice under. In fact, it is these very liabilities that allow these industries to thrive. Liability for failure makes broad public trust possible, and broad public trust makes for a broad public market. As software permeates more and more of people's lives, this trust will become more and more important.
Notwithstanding all of the perfectly rational responses to the various arguments against minimum liability, there currently exist real world examples of situations which clearly refute them. These are situations where liability for software has been imposed, and the results are clear for all to see. Some of these are automobiles, airplanes, and telecommunications. In each of these industries, there are minimum standards of liability for the systems, and clear consequences when these standards are not met. The result is that these systems rarely fail. Automobile software is arguably not terribly complex, but the software that runs modern airplanes (not to mention the supporting systems) is, and the software that runs telecommunications certainly is. In each of these industries, liability for failure has compelled developers to develop processes to deal with all the objections mentioned above. Complex systems are not deployed unless and until they are sufficiently understood. Software is tested as much as necessary. Procedures are put in place to ensure that the cause of failures can be pinpointed, and remedial action can take place.
It is clear that minimum liability standards can and do work. Now let us look at the advantages that are gained by them. The most obvious is an increased emphasis on reliability in software - developers subject to certain levels of liability will naturally make commensurate attempts to avoid failure. This will not only benefit the software consumer, but also the software industry, since it is itself a very heavy user of software. The productivity increases expected from computer usage have not surfaced in any obvious way, and it is often argued that a major reason for this is that people spend a significant portion of their time dealing with system failures of one sort or another. Minimum liability standards might make it easier for organisations to sue negligent developers for loss of time, but we believe that this will be a rare occurrence. More important will be an increase in the quality of software, to guard against such repercussions, and a commensurate increase in the productivity of computer users.
Minimum liability standards are not direct impositions on the practices of software developers. They merely make up a mechanism to ensure that these developers assume responsibility commensurate with their power. We have faith in these developers to construct mechanisms and processes that they are comfortable with, and that they feel will protect them from severe repercussions. With these mechanisms in place, we expect that the quality of software will increase, the productivity of users will increase, computers will become a trusted and reliable part of our daily lives, and the world will be a better place to live.
Thank you, and good night.