Information Technology Litigation and Software Failure
Mayur S. Desai, Ph.D.
Assistant Professor of Information Systems
School of Business
Indiana University - Kokomo
mdesai@iuk.edu
Judith Ogden, J.D.
Assistant Professor of Business Law and Taxation
School of Business
Indiana University - Kokomo
jogden@iuk.edu
Thomas C. Richards, Ph.D.
Professor, Business Computer Information Systems Department
University of North Texas
richardt@cobaf.unt.edu
Abstract
This article addresses the reasons for so much Information Technology (IT) related litigation. The costs of failed software or computer related services can be substantial, including lost sales, legal fees, litigation costs, system failure costs, lost management time, lost employee time, incidental expenses, vendor charges for phone support, and damages to the business. When failure occurs, one of the first remedies is often instigating litigation against the vendor or service provider. Unfortunately, using the law as a remedy is widely misunderstood.
There are two distinct groups who will most likely end up in litigation. These include those who purchase a product or suite of products to increase efficiency and productivity. Disputes among this group of litigants are characterized by businesses with little experience in IT. The second group of litigants is the IT vendor and IT purchasers. Both parties are sophisticated in terms of their understanding of the dynamics of the IT market and will usually have products or services, which purportedly complement each other. Disputes between these parties often revolve around the failure of the parties to understand their own and the other parties' products. With ever-changing upgrades and releases of new versions of hardware and software, minor misunderstandings as to the ability of a product to perform at a specified level can become a major problem for the end user.
Keywords:Computer System Failure, Software Contracts, Software Litigation, Product Liability, Computer Malpractice, Professional Liability
This is a commentary published on 16 August 2002.
Citation: Desai et al, 'Information Technology Litigation and Software Failure', The Journal of Information, Law and Technology (JILT)2002 (2)<http://elj.warwick.ac.uk/jilt/02-2/desai.html>. New citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2002_2/desai/>.
1. Introduction
When purchasing or contracting for Information Technology (IT) services, we expect that the software (product) will function according to our specifications or the services will add value. Software products and IT services have become very complex during the last decade. These systems and services no longer represent simple hardware and software systems. They usually must interact with communications packages, databases, multiple hardware platforms and interface engines. As the complexity (Stozen, 1997) of the products and services increases so does the probability and risk of the failure.
The costs of failed software or IT services can be substantial, including lost sales, legal fees, litigation costs, system failure costs, lost management time, lost employee time, incidental expenses, vendor charges for phone support, and damages to the business. When failure occurs, one of the first remedies is instigating litigation against the vendor or service provider. Unfortunately, using the law as a remedy is widely misunderstood. For example, people often insist that IT vendors and software developers cannot be sued with ease. This is absolutely untrue. Depending on what you're willing to count as a 'computer malpractice' case, the number of computer related lawsuits in the United States is high. It is not unusual for a large software development organisation to have of fifty active cases on its hands (Salle, 1997). IT firms are experiencing an epidemic of litigation related to software projects. Software warranties have done little to reduce this flood of litigation (Gonulkiewicz, 1997).
2. The Litigants
There are two distinct groups who will most likely end up in litigation. These include those who purchase a product or suite of products to increase efficiency and productivity. Disputes among the first group of litigants are characterized by businesses with little experience in IT development, manufacturing or services. The inexperienced purchaser relies heavily on the expertise and experience of an IT vendor to define the products and services, which will satisfy the purchaser's requirements and objectives. In these transactions there is often no previous commercial history between the parties.
The second group of litigants is the IT vendor and IT purchasers. Both parties are sophisticated in terms of their understanding of the dynamics of the IT market and will usually have products or services, which purportedly complement each other. For example sales and purchasing officers may conclude a deal based upon inadequate or assumed knowledge of the technical aspects of the products which they wish to sell or purchase. Disputes between these parties often revolve around the failure of the parties to understand their own and the other parties' products. With ever-changing upgrades and releases of new versions of hardware and software, minor misunderstandings as to the ability of a product to perform at a specified level can become a major problem for the end user.
In the following paragraphs we will examine some of the legal concepts about which both of these groups should know. These include Contract Law, Tort Law and other theories of liability. Contract Law includes breach of contract and warranties. Tort Law includes negligence and fraud. The other liability concepts discussed include Tax laws, the unauthorized practice of the law and copyright protection. Cases are sighted to illustrate the application of these concepts.
2.1 Theories of Liability Related to IT Litigation
Plaintiffs generally sue based on state law theories of contract law or tort law. While there may be some overlap between these theories, there are also important differences. Both are common law theories that can trace their history to England. Law, however, generally imposes tort obligations, while contract obligations arise out of agreements made by the parties to the contract. Consequently, contract law attempts to provide the parties with that which they were promised, while tort law attempts to make the injured party whole by placing him or her in the position prior to the injury (Glaser and Lewis, 1995). The potential for recovery will therefore differ depending on whether the plaintiff is suing in tort or contract.
The appropriate theory will also differ depending on whether the defendant is selling a 'good' or product, or whether he or she is providing a service. At times, elements of both exist, and courts must usually try to determine which characteristic of the transaction is dominant. In the case of customized software, some courts have held that providing it involves providing a service, while other courts have held that a good is being sold (Cannata, 1999). In some situations it may matter if the injured party is the actual purchaser, or if he or she is a foreseeable user.
2.2 Contract Actions
2.2.1 Breach of Contract
Every sale involves a contract. This action arises when the subject of the contract does not live up to the promises that were made. It may be relied upon whether the contract involves goods or services (although for contracts for the sale of goods, the common law in some situations may be superseded by the Uniform Commercial Code, which is discussed later.). The applicable law is the common law of contracts, which is found in state case law. A major defence against a breach of contract action is privity of contracts. This means that only those who are a party to a contract may bring an action for a breach of contract, even if third party is impacted by the contract's breach.
2.2.2 Breach of Warranty
This is a specific type of contract breach. This cause of action holds the greatest potential for recovering in this area. The warranty can be express or implied.
Express Warranties
This occurs when a seller makes specific promises to the buyer. An example would be the written guarantees that accompany many products, but the warranty may arise from statements made on packaging, in advertisements, and from demonstrations. As pointed out by (McLaughlin, 2001) the buyer can furnish specifications to the seller and the seller can be held harmless the seller complies with these specifications. For example, if the specifications for a computer omitted communications ports, when they are needed by the buyer, then the seller could be held harmless.
Implied Warranties
These are guarantees that the law imposes. They do not arise as a result of any promises that the seller has made. The legal source for implied warranties is the Uniform Commercial Code (UCC). The UCC was the creation of the National Conference of Commissioners on Uniform State Laws and the American Law Institute, and it was an attempt to make the state laws that govern the marketplace uniform. It has been adopted, at least in part, by all fifty states, the District of Columbia, and the Virgin Islands. The UCC is limited in its application to the sale of goods. Courts have generally held that software is a 'good,' and that the UCC would apply. This is an interesting conclusion considering that we really do not 'buy' software, we only buy a license to use the software.
The UCC recognizes two types of implied warranties. The first is the implied warranty of MERCHANTABILITY. If the seller is a merchant, i.e; someone in the business of selling the product in question, then the seller is warranting that the product is fit for the ordinary purpose for which it was intended. The second warranty is the implied warranty of FITNESS FOR A PARTICULAR PURPOSE. For this warranty to apply, the buyer must have some special need, and the buyer must rely on the seller's expertise to select the appropriate product.
Defences to Warranty Actions
Despite the fact that courts have allowed for the possibility of suing under the UCC, the law allows sellers to DISCLAIM liability. Courts will not allow sellers to disclaim liability for personal injuries, but if the loss is purely economic, the courts will give effect to these disclaimers. Most software sales will be accompanied by these disclaimers, and customers are faced with a take-it-or-leave-it situation.
2.3 Tort Actions
There are several tort theories that might provide the basis for liability, but these cases of action have generally been less successful than the contract actions. Liability may be based on the following.
2.3.1 Negligence
One basis for liability may be due to negligent DESIGN, but there is little precedent for this. The more common negligence action, and one that has generated a fair amount of litigation, is for COMPUTER MALPRACTICE. This would essentially be an action against the defendant for professional liability, similar to the liability imposed upon doctors, lawyers or accountants. It would expect a heightened standard of care from the defendant. The Restatement of Torts, 2nd, an authoritative legal resource relied upon by most state courts, makes a distinction between the standard of care of a reasonable person and those who 'render services in the practice of a profession or trade.' (See ??283 and 299A of the Restatement of Torts, 2nd, and the discussion in Ballman (1996/1997)). The prevailing view appears to be to not extend this type of liability to sellers of software. Glaser and Lewis (1995) note that courts have limited this liability to professionals because professionals have special education, ethical requirements, and licensing, all of which inspire unusual trust. The authors also note that in several cases in which the malpractice issue was raised, the actual liability was based on a theory of breach of contract. Malpractice is a tort theory, and Glaser and Lewis (1995) suggest that courts are reluctant to extend tort rules to contract actions.
The case of Chatlos Systems v. National Cash Register Corp. is an illustration of a tort action. An NCR salesman performed a detailed analysis of Chatlos' business operations and computer needs. He then advised Chatlos to buy NCR equipment. Relying on NCR's advice, Chatlos bought a system that did not provide many of the promised functions. Chatlos sued. NCR was held liable for breach of contract. The Court discussed Chatlos' claim of malpractice:
'The novel concept of a new tort called 'computer malpractice' is premised upon a theory of elevated responsibility on the part of those who render computer sales and service. Plaintiff equates the sale and servicing of computer systems with established theories of professional malpractice. Simply because an activity is technically complex and important to the business community does not mean that greater potential liability must attach. In the absence of sound precedential authority, the Court declines the invitation to create a new tort'.
This case and its refusal to recognize the validity of a lawsuit for defects in vendor systems design have been widely quoted.
Another interesting case was Invacare Corp. v. Sperry Corp.In this case Invacare claimed that it had relied on advice of Sperry employees when it leased a Univac computer and sued for fraud, breach of contract, and negligence. Sperry argued that the negligence suit couldn't succeed because there is no cause of action for computer malpractice. Using the Chatlos decision, the Court agreed that there is no such thing as computer malpractice. Invacare wasn't claiming that Sperry's acts constituted malpractice the Court said. Invacare's claim was that the system was so inadequate for the job that no reasonable person would have recommended it.
Glaser and Lewis (1995) have noted that there is a line of cases that extend professional liability to 'skilled service persons.' One such case was Data Processing Services, inc. v. L. H. Smith Oil Corp. This is a case that unambiguously recognizes a valid suit for computer malpractice was completed in 1986. The Chatlos decision was used in New Jersey and was followed in many other States. Laws do differ from state to state. In this case, which was decided in Indiana, the Court stated that:
'Those who hold themselves out to the world as possessing skill and qualifications in their respective trades or professions impliedly represent they present the skill and will exhibit the diligence ordinarily possessed by well-informed members of the trade or profession'.
Diversified Graphics, Ltd. v. Groves was another successful litigation. Diversified hired the accounting firm of Ernst &Young, to help choose a computer system. Diversified sued for professional negligence and won. In its appeal, E & W argued that Diversified had failed to define the professional standard of care or to show how E & W had violated the standard. The Court explicitly stated that this was a computer case and it determined the standard of care from E & W's own 'Guidelines to Practice' applied. These included management advisory practice standards that had been set forth by the American Institutes of Certified Public Accountants. The reader will note the fact that the defendants were accountants, and were therefore held to the standard of care normally expected of accountants.
This would appear to conflict with the decision in RKB Enterprises v Ernst & Young, where the state court in New York did not determine liability based on accountant liability, but rather upon liability for computer consulting. In this case RKB retained Ernst & Young to provide computer-consulting services. This included helping RKB procure a computer system, including helping to oversee and assist in its installation. RKB sued for, among other things, professional malpractice. The Court rejected this claim, saying:
'It should be noted that there is no cause of action for professional malpractice in the field of computer consulting. . . . [We] decline to create a new tort applicable to the computer industry. Nor does the fact that Ernst & Whinney (now Ernst & Young) was the certified public accountant firm engaged by the plaintiff during the same period add a dimension to the computer or management consulting services separate from the subject of plaintiff's breach of contract claim'.
Also, Ballman (1996/1997) notes that software professionals have taken some steps to raise the standards for the profession. Several computing organisations have promulgated codes of ethics, developed criteria for training in computer science, and are maintaining a certification process.
A case in which the court distinguished between negligence and gross negligence involved Wang Laboratories. In 1991, Wang Laboratories was sued for negligence and gross negligence. Wang sold a computer and a service contract to Orthopaedic & Sports Injury Clinic. Wang's employees used, and corrupted the Clinic's last backup disk while attempting to fix the computer, thereby losing five years of the clinic's medical and accounting data. The contract limited the amount of damages that Orthopaedic could collect from Wang, but Louisiana law allows the plaintiff to recover all damages if the defendant committed gross negligence. The Court ruled that Orthopaedic hadn't proved that this use of the backup disk was gross negligence. However, it did allow the lawsuit to go forward as a suit for ordinary negligence.
2.3.2 Fraud or Misrepresentation
Under these tort actions, liability might be based on the fact that statements made by the defendant were false or incorrect. A misrepresentation is generally innocent, while fraud is intentional.
2.3.3 Product Liability (Strict Liability) under ?402A of the Restatement of Torts, 2nd
This is a tort action that is very similar to the Implied Warranty of Merchantability. It imposes absolute liability on the seller of a product to make a product that is not defective. It is not necessary to prove any actual negligence on the part of the defendant. Liability can result from a design defect, a defect that occurred during manufacturing, or from the failure to adequately warn or instruct. However, most states allow recovery only where there has been personal injury, so this would limit this cause of action' s usefulness in most software cases.
2.4 Other Potential Liability
2.4.1 Liability under Tax Laws
The Internal Revenue Service in 1985, ruled that if a program goes beyond purely mechanical assistance in the preparation of a tax return, the author of the program is a tax return preparer. A tax preparer who acts negligently, or participates in fraud on the IRS can be fined.
'When an individual or a company sells a software program to a customer to aid in the preparation of a tax return, IRS noted, a customer may be unaware that the program is incomplete or inadequate and therefore may use it to create an erroneous return. If using the computer program results in an understatement of tax liability for the taxpayer, the software company may be subject to a penalty' (IR-86-92, 1986).
2.4.2 Unauthorized Practice of Law
In a more recent case of State v. Despain illustrates the same point. A non-lawyer bought a computer program that printed legal forms and helped clients fill out the forms. This was held to be the unauthorized practice of law. The Court carefully pointed out that the sale of computer software that merely contains blank legal forms is not the practice of law. But
'the preparation of legal documents for others to present in . . . court constitutes the practice of law when such preparation involves the giving of advice, consultation, explanation, or recommendation on matters of law. Further, instructing other individuals in the manner in which to prepare and execute such documents is also the practice of law'.
2.4.3 Copyright Protection
A number of commentators, although apparently no courts, have argued that software is not a product. Because what is purchased is the license to use the software, it is actually an 'intangible' and should be governed by copyright law and not the UCC. (Ballman, 1996/1997).
Another answer to this problem might be found in proposed amendments to the Uniform Commercial Code. The National Conference of Commissioner on Uniform State Laws in 1999 promulgated the Uniform Computer Information Transaction Act (UCITA). If adopted by the various states, it could become the new Article 2B in the UCC. However, there has been some opposition to some of its terms and it remains to be seen if any states adopt it in its current form. A draft of the act can be accessed at <http://www.law.upenn.edu/bll/ulc/ulc.htm>.
3. Defining the Nature of the IT Dispute
Defining the nature of the relevant IT dispute is a difficult task. Drafting pleadings in an IT dispute involves asking detailed questions to identify the real complaint. It can be difficult to identify relevant malfunctions. The complainant has an obligation to inform the defendant of the precise nature of the complaint. A complainant may need to retain experts at the commencement of the proceedings to identify the precise problems with a product. Such action may be warranted to prevent a defendant striking out those parts of a claim which are imprecise.
One of the key factors which can help address the issues related to software usability and functionality is the contract or agreement between the customer and software vendor. Contracts can be oral or written. Generally a contract for goods worth less than $500.00 does not have to be written. Shrink-wrap or Click-Wrap agreements are an example of this type of non-written contract (Buono and Friedman, 1999).
If there is a contract, an allegation of breach will generally be at least one course of action. It is common to also incorporate the use of 'implied terms' into a contractual dispute. By way of example, the complainant may plead that it was an implied term of the contract that an IT vendor would do everything that was reasonably necessarily to ensure that the product which the purchaser has received under the contract will not be diminished in value in a way or that the products were fit for the purpose for which they were intended.
Often there are no terms in the contract dealing with such matters such as acceptance testing. In these cases, the Complainant will need to 'construct' a contract, which may be a combination of correspondence, invoices and discussions. The difficulty here is identifying which pieces of evidence are relevant to defining the terms of the contract.
4. Conclusion
Why is there so much IT related litigation and bad software? Using PC software markets as an example, there are too many programs that are difficult to install, don't operate in a manner that they are supposed to and arrive late. Our initial enthusiasm for each new box of software that arrives is tempered by our realization of the problems it may bring. Software systems engineers often install a new program on a test computer, so if it blows up they do not risk losing the system and data. The same concepts apply to the mainframe IT products and services.
Software quality would improve dramatically if developers paid more attention to just three areas: documentation, testing and planning (Beizer, 1998). Under pressure to release products, most software is not properly tested before its release. Today's programs are huge and complex and it is harder to test software with millions of line of code. Too often the testing falls to the unfortunate user who decides to use a new program or IT system. Is it any wonder that many astute computer users avoid the first release of a program, preferring to await the next version that fixes the initial release? Litigation related to software and information systems will only continue to grow as we move in the 21st century with increased software complexity, the use of networks and the rush to get new products and services to market. The use of the Internet for e-commerce raises yet another level of complexity (Dearing, 1999), and (Rush, 2001). A recent comprehensive publication (United States Department of Justice, 2001) provides details on the use of warrants, searches, disclosures, electronic surveillance, and many other issues related to the changing nature of the use of computers in our ever changing societies.
Bibliography
Ballman D R (1996/1997) 'Commentary: Software Tort: Evaluating Software Harm by Duty of Function and Form,' Connecticut Insurance Law Journal, (3), 1996/1997, pp. 417.
Beizer, B (1998) 'Software is Different,' Software Quality Professional , December (1,1), pp.28.
Buono, F M and Friedman J (1999) 'Maximizing the Enforceability of Click-Wrap Agreements,' Journal of Technology Law & Policy, Fall (4,3), pp.3.
Cannata, J B (1999) 'Note: Time is Running Out for Customized Software: Resolving the Goods Versus Service Controversy for Year 2000 Contractual Disputes,' Cardozo Law Review, October (21), pp.283.
Dearing, M (1999) 'Personal Jurisdictions and the Internet: Can the Traditional Principles and Landmark Cases Guide the Legal System into the 21st Century?,' Journal of Technology Law & Policy, Spring (4,1), pp.4.
Federal Reporter (1989), Diversified Graphics, Ltd. v. Groves, Second Series, Vol. 868, pp. 293, United States Court of Appeals for the 8th Circuit, (Missouri).
Federal Reporter (1991), Orthopaedic & Sports Injury Clinic v. Wang Laboratories, Inc., Second Series, Vol. 922, pp. 220, United States Court of Appeals for the Fifth Circuit (Louisiana), January 8.
Federal Supplement (1979), Chatlos Systems v. National Cash Register Corp., Vol. 479, pp. 738, United States District Court for the District of New Jersey.
Federal Supplement (1984), Invacare Corp. v. Sperry Corp., Vol. 612, pp.448, United States District Court for the Northern District of Ohio.
Glaser, R A and Lewis L M (1995), 'Redefining the Professional: The Policies and Unregulated Development of Consultant Malpractice Liability,' University of Detroit Mercy Law Review, Spring (72), pp. 563.
Gonulkiewicz, R (1997), 'The Implied Warranty in Software Contracts,' The John Marshall Journal of Computer & Information Law, Winter (16,2), pp.393.
I.R.S. News Release (1986) 'IRS announces that companies who sell return preparation computer software and programs may be considered return preparers subject to penalties', IR-86-92 May 6.
McLaughlin, G. T. and Cohen, N. B. (2001), 'Warranty Against Patent and Trademark Infringement,' New York Law Journal, February 26, Pg.3.
New York Supplement (1992), RKB Enterprises, Inc. v. Ernst & Young, Second Series, Vol. 582, pp.814, New York Supreme Court, Appellate Division.
North Eastern Reporter (1986), Data Processing Services, Inc. v. L.H. Smith Oil, Corp., Second Series, Vol. 492, pp.314, Court of Appeals of Indiana.
Rush, M. A. and Pagilia, L. G. (2001), Preventing Investigating and Prosecuting Computer Attacks and E-Commerce Crimes: Public/Private Initiative and Other federal Resources, Delaware Corporate Litigation Reporter, August 20 (15, 22), pp11.
Salle, R (1997), 'The Perpetuation of Litigation within the Commercial Industry,' The John Marshall Journal of Computer & Information Law, Winter (16,2), pp.421.
South Eastern Reporter (1995), State v. Despain, Second Series, Vol. 460, pp.576, Supreme Court of South Carolina.
Stozen, A (1997) 'Fighting Complexity in Computer Systems,' Computer, August (30,8), pp.47.
United States Department of Justice (2001), Computer Crime and Intellectual Property Section Criminal Division , 'Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations,' <http://www.cybercrime.gov/searchmanual.htm>.
|