• No results found

Strategies for Resolution in IT Quality Disputes 1. Author Reinout Rinzema. Copyright 2013 All Rights Reserved

N/A
N/A
Protected

Academic year: 2021

Share "Strategies for Resolution in IT Quality Disputes 1. Author Reinout Rinzema. Copyright 2013 All Rights Reserved"

Copied!
21
0
0

Loading.... (view fulltext now)

Full text

(1)

Strategies for Resolution in IT Quality Disputes1

Author Reinout Rinzema

Copyright © 2013 All Rights Reserved

(2)

Biographical Information

Reinout Rinzema (1959)

http://www.ventouxlaw.com/home/lawyers/reinout-rinzema Attorney-at-law, Partner at Ventoux Advocaten

http://www.ventouxlaw.com/home

Arbitrator for SGOA (the Dutch Foundation for the Settlement of Automation Disputes ), NAI (Netherlands Arbitration Institute) and WIPO (World Intellectual Property Organization).

Address: Vleutenseweg 386 3532 HW Utrecht Phone: + 31 30 2982460

Fax: + 31 30 2982461

E-Mail: [email protected]

Primary Areas of Practice: IT law, Public Procurement, Dispute Resolution

Education: University of Utrecht

Memberships: Dutch Bar Associaton, ITechLaw, VIRA, Dutch Procurement Law Association Publications: see:

(3)

Introduction

Our society functions as it does due to software. Travel, transportation, production, retail, banking, government, health care, education, and almost every other aspect of our lives is facilitated in some way by software systems. In fact, software is the DNA of our modern information society2.

Nevertheless, words such as ‘bugs’, ‘flaws’, ‘problems’ and ‘issues’ are terms that every IT lawyer is well acquainted with. Some people even claim that software can never be flawless at all.

Is this true and must we simply accept this? How is possible that on the one hand, we can send IT controlled rockets to the moon (and see them return safely), but on the other hand, see many IT projects collapse?

Are these matters of software quality? Does software quality exist and can it be measured? Which standards should apply when parties argue about the quality of the delivered

software? Can notion of civil law in this respect be of any help?

This paper will address these issues and provide background information for my contribution on Thursday 3 October 2013 to ITechLaw’s European Conference 2013.

I will advocate that IT lawyers can do more to help their clients. Proper contract clauses safeguard e.g. that the software clients buy or have developed meets reasonable quality standards. By having knowledge of ‘software quality’

2 See: inaugural speech of Prof. dr. ir. Joost Visser at

http://www.sig.eu/en/News_and_publications/Publications/1259/__How_ does_your_software_measure_up__.html

(4)

lawyers can help their clients with the resolution of disputes in the most efficient and beneficial way as well.

(5)

Reinout Rinzema Utrecht, 3 October 2013 1. What is ‘software’ from a legal perspective?

‘Software’ is a term with a wide range of meanings. It relates to the various types of programs used to operate computers, but it can also refer to computer instructions in general, or to any specific set of computer instructions. It is inclusive of both machine instructions (the binary code that the processor understands) and source code (more

human-understandable instructions that must be rendered into machine code by compilers or interpreters before being executed). It can relate to ‘standard software’ or to software written for a specific purpose or client (‘tailor-made software’). It can be stored on a carrier but it can also be ‘embedded’, i.e. contained in a chip, which chip in itself is part of a device, such as car or a washing machine.

Both the European and the Dutch legislators have restrained from defining the term ‘software’ in respectively the European Software Directive3 and

the Dutch Copyright Act4. One of the reasons for this was the fear that due to technological developments the definition would soon be outdated.

3Directive 2009/24/EC of the European Parliament and of the Council of

23 April 2009 on the legal protection of computer programs.

4 On 1 September 1994 the Act of 7 July 1994 came into force in the

Netherlands to amend the Copyright Act in relation to the legal protection of software. See: Stb. 1994, nr. 521.

(6)

This wide variety of meanings makes it also difficult to place software in a specific legal framework. Traditionally, lawyers tend to address software either from an Intellectual Property Rights (‘IPR’) point of view or from a contract law point of view. IP lawyers emphasize the protection of IPR and debate every possible aspect connected with software licenses. In their view, contracts mainly set out circumstances under which a user does not violate the IP rights of the owner. Conversely, contract lawyers see software as an object of trade, similar to other goods that are being sold or rented out. For them legal concepts such as the agreements of ‘purchase’ and ‘provision of services’ spring to mind.

Although this variety of legal visions exists, we need answers as to the question which quality software should give the impact software has to date. For a definition of quality we can refer to the ISO 8402-1986 standard which defines quality as

"the totality of features and characteristics of a product or service that bears its ability to satisfy stated or implied needs."

2. Does software quality exist it all?

It is not easy to give a definition of software quality. Whether or not software is ‘up to standard’ is difficult to say, simply because such ‘standards’ either do not exist or depended on the purpose for which the software is obtained or developed.

There are many reasons why software does not ‘satisfy stated or implied needs’. Software may be flawed, it may be flawless but not interact with other software, it may technically be flawless but not doing

(7)

‘the right thing’, it may be okay but difficult to maintain, etc, etc.

In my view ‘software flaws’ can be subdivided into the following categories:

a) Technical flaws: flaws that occur without any specific human action, such as software bugs. b) Functional flaws: the software ‘works’ but does

not do what a party expects it to do. For example: bookkeeping software does not provide output that meets the tax authorities’ requirements. c) Other flaws: these flaws are usually linked to

specific expectations. Despite the fact that the software is technically okay and does what it is supposed do, a party still has other expectations, e.g. with regard to the suppliers release policies, maintainability of the software or its fitness for a specific purpose.

When ‘flaws’ occur, it will lead to discussions about applicable framework to assess the software quality and the legitimacy of the user’s or supplier’s visions. Therefore, the software quality should be measured. 3. Can software quality be measured?

“A major problem with software engineering is that data regarding a system’s quality can be observed and measured only when the system is implemented5

The statement above stems from 1995. Meanwhile, a multitude of quality models have been developed and applied with varying degrees of success. Such

5 Improve Software Quality by Reusing Knowledge and Experience,

(8)

measurement models claim that by applying them it is possible to objectively distinguish bad software from good software.

Usually the ISO/IEC 25010 standard (which

overrides and replaces ISO/IEC 9126) is applied for establishing measurement models. This standard defines eight main quality factors and many sub attributes.

These eight main quality factors are:

• Functional suitability. The degree to which the

product provides functions that meet stated and implied needs, when the product is used under specified conditions.

• Reliability. The degree to which a system or

component performs specified functions under specified conditions for a specified period of time.

• Performance efficiency. The performance relative to

the amount of resources used under stated conditions.

• Operability. The degree to which the product has attributes that enable it to be understood, learned, used and attractive to the user, when used under specified conditions.

• Security. The degree of protection of information

and data so that unauthorized persons or

systems cannot read or modify them and authorized persons or systems are not denied access to

them.

• Compatibility. The degree to which two or more

systems or components can exchange information and/or perform their required functions while sharing the same hardware or software environment.

• Maintainability. The degree of effectiveness and efficiency with which the product can be

(9)

• Transferability. The degree to which a system or

component can be effectively and efficiently transferred from one hardware, software or other operational or usage environment to another.

The ISO/IEC 25010 standard helps as a starting point to determine quality in an early stage. Nevertheless, it has two main drawbacks:

• The standard does not specify how to measure

quality attributes. Some of the quality attributes even seem unfit for objective measurement. Take "Operability" for instance, with sub attributes such as "Attractiveness" and "User friendliness". How should these be measured and what is the unit of measurement?

• Most of the defined quality attributes have different meanings in different contexts. So even if it is

possible to measure a quality attribute, it is

impossible to define clear objective criteria for what is considered good or bad. "Performance efficiency" is a good example of such a quality attribute. For some software systems a response within one second is sufficient, whereas others demand a response within one millisecond.6

6 Source:

(10)

Currently, software development services are typically measured and rewarded on the basis of effort, rather than results. Therefore, we need resolutions. When quality becomes measurable, suppliers, clients and lawyers can reach enforceable agreements that set attainable expectations and provide incentives for producing better software. “The overwhelming volume, interconnectedness, and rate of change in a purely intellectual

product makes software fundamentally unsurveyable in the sense that we can impossibly take it all in at once. The tapestry as a whole does not fit in our mind.”7

According to Professor Joost Visser, this fundamental unsurveyability is the root cause of why disputes concerning software quality are difficult to handle. This lack of surveyability affects not only lawyers but also users, developers, and IT managers.

To counter the lack of surveyability of software, a wide range of solutions has been proposed in the past. Professor Visser believes that all of these

countermeasures have helped to alleviate the

unsurveyability of software, but decision makers and lawyers are not helped by these instruments, because in practice the ample availability of metrics has not led to their widespread, effective use. He thinks that stakeholders, including lawyers, need to be provided with observation instruments that allow them to get an objective, shared model of reality that allows them to judge the current state, weigh options, and decide on actions to take. He believes that

“these instruments should be reliable for measurement of all kinds of processes

(11)

involved with software and software development (e.g. quality of requirements), maintainability, company processes (i.e. are those measurable) and of users (e.g.

‘learnability’ and ‘understandability’ as sub criteria of usability).”

The Dutch Software Information Group ‘SIG’, with which he is associated, has therefore developed a ‘working’ model for measuring the maintainability of software applications. This model has been certified by the German certification institute TÜViT.

The model – at least in its current form – uses the following eight software metrics as input.

These metrics are calculated from the source code of the software application under evaluation.

For a medium-sized application, calculation of a given metric will lead to several thousands of

individual metric values. These metric values are then aggregated into scores on a scale of one to five stars for software engineering properties such as unit complexity or duplication. These property scores are then mapped to maintainability sub-characteristics as per the ISO/IEC 25010 international standard and finally a single star rating for maintainability is

(12)

obtained. An example of this rating could be as follows:

The thresholds in the measurement model have been chosen such that about 5% of the software

applications will be deemed highly maintainable and receive a 5-star rating. The 5% least maintainable systems will receive a single star only. And the remaining systems are uniformly distributed over the intermediate star levels.

Thus, the star-rating that comes out of the model can be interpreted as a simple ranking of software systems on a maintainability scale, where 3-star systems can be regarded as good enough, 4-star systems as very good, and 5-star systems as exceptionally good. The SIG maintainability model has seen wide adoption and acceptance. Nevertheless, it only scratches the surface of what is needed in the software industry in terms of measurement instruments.

The question that follows is: which angles does the legal framework offer to enter these measures into the discussions?

4. Embedded software.

When software is ‘embedded’, i.e. cannot be

separated from its carrier, normally a customer does not accept specific license terms. As a result of this,

(13)

computer and software are in a way ‘one object’ in the sense of the laws.

In the Netherlands, it is advocated that the object of legal relevance is in that case the hardware in which the software is embedded. For example: if a car does not function well due to software defects, the car itself is faulty. The fact that this is caused by embedded software is irrelevant.

The question is whether this is also true if the buyer of the hardware, i.e. a smartphone, has to download software and software-updates in order to let the object function properly.

On the one hand this software is necessary to let the object function, which would mean that the software does not differ much from traditionally embedded software. On the other hand software (updates) may also contain extra functionality that is not strictly related to the object itself, Internet access for instance. Examples thereof are ‘apps’.

In 2011 the European Union took an important step by amending the Consumer Sales Directive8 in such a way that software was accepted as a potential

consumer good or as a part of a consumer good. This directive should be implemented by the member states into their legislation ultimately by 2013. It can be said that this Directive purports to provide consumers with a minimum level of protection, which

82011/83/EU /of the European Parliament and of the Council of 25

October 2011 on consumer rights, amending Council Directive

93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council.

(14)

is also provided when the goods comprise software or when software itself is the object of sale.

Traditional legal notions like the law of sales could therefore be of comfort when software quality is in dispute.

5. Standard Software.

‘Standard software’ is a commonly used term that does not go back to any specific legal notion. Struik c.s. 9 are of the opinion that contrary to

tailor-made software, standard software is meant to be used by more users and as a result thereof it can be used for many specific purposes.

Within the European legislation framework, with regard to the protection of consumers or with regard to international trade, the term software is a subset of the term ‘digital content’, which is a more generic concept. In its considerations the amended Consumer Sales Directive sets ‘Digital content’ out as

“data which are produced and supplied in digital form, such as computer programs, applications, games, music, videos or texts, irrespective of whether they are accessed through downloading or streaming, from a tangible medium or through any other means.”

As a matter of fact the market of standard software products has developed in such a way that many people feel that they ‘are buying’ standard software. Although this is formally not the case –solely a license to use the IP protected software is acquired –

9 Struik, van Schelven & Hoorneman, Softwarerecht, Deventer: Kluwer

(15)

also software ‘vendors’ contribute to this impression, e.g. by how they advertise their products.

Traditionally legislation on vis-à-vis ‘purchase’ is related, however, to the sale of tangible goods. Also the CISG or Vienna Convention10 seem to be

applicable to the sale of ‘goods’, which can also be understood to refer to tangible goods11.

Since the CISG assumes that unless agreed otherwise the goods must be ‘fit for purpose’, licensors usually try to exclude the applicability of this Treaty. Clause 35 of the SIG reads:

(1) The seller must deliver goods which are of the quantity, quality and description required by the contract and which are contained or packaged in the manner required by the contract.

(2) Except where the parties have agreed otherwise, the goods do not conform with the contract unless they:

(a) are fit for the purposes for which goods of the same description would ordinarily be used;

(b) are fit for any particular purpose expressly or impliedly made known to the seller at the time of the conclusion of the contract, except

10 United Nations Convention on Contracts for the International Sale of

Goods, Vienna, 11 April 1980, S.Treaty Document Number 98-9 (1984), UN Document Number A/CONF 97/19, 1489 UNTS 3.

11 An example of a Court that was the opinion that ‘the sale of’ standard

software licenses was also covered by the CISG can be found in Oberster Gerichtshof Austria 21 June 2005, IHR 2005, p.195-198.

(16)

where the circumstances show that the buyer did not rely, or that it was unreasonable for him to rely, on the seller's skill and judgment; (c) possess the qualities of goods which the seller has held out to the buyer as a sample or model;

Local law often contains similar a clause. E.g. article7:17 of the Dutch Civil Code reads:

Conformity with the sale agreement

- 1. The supplied object must conform with the sales agreement.

- 2. The object does not conform with the agreement if it does not have the qualities the buyer could expect based on the agreement and given the nature of the object and the product information the sales person, has given. The buyer may expect, without

questioning, the product to have the qualities required for common use of the product, as well as the qualities required for special use as provided for in the agreement

Therefore, if a software license can be qualified as a sales agreement, national and international law may provide an angle to discuss ‘conformity’ of the software also along the lines of the presumed

reasonable expectations with regard to the quality of the software.

In this regard, two court decisions are worth mentioning.

First of all, Case C-128/11, European Court of Justice, UsedSoft v Oracle12. The Court had to deal

(17)

with the question whether or not the software copyright owner could prevent a perpetual licensee, who downloaded the software from the internet, from selling his ‘used’ license. In order to answer that question the Court had to decide whether or not a “sale” had taken place, which is necessary to trigger the notion of exhaustion under Article 4(2) of the Software Directive 13. The ECJ argued that the term

‘sale of a copy’ encompasses all situations in which there is a grant of a right to use a copy of a computer program for an unlimited period in return for payment of a fee.

Secondly, the Dutch Supreme Court ruled on 27 April 2012 in the “Beeldbrigade” case that the title on “Sale” of Book 7 of the Dutch Civil Code applies to software licenses if the licenses are sold for a set amount and are not limited in time.

Schlechtriem en Butler14 state that in most

jurisdictions software licenses not limited in time are subject to the CISG, although they refer solely to software delivered on a tangible data carrier. Consequently, it seems safe to argue that a software license agreement is also a sales agreement if the right to use the software is granted for an unlimited period in return for payment of a fee. Both the European Court and the Dutch Supreme Court found it irrelevant whether or not the software was delivered on a tangible data carrier or downloaded by the user through the Internet.

13 Directive 2009/24/EC on the legal protection of computer programs

codifying Directive 91/250/EEC

14 Schlechtriem & Butler, UN Law on International Sales, the UN

Convention on the International Sale of Goods¸ Springer-Lehrbuch: 2009, p. 30

(18)

Sales law and reasonable expectation may once again be the key to including software quality in the

discussions.

It is difficult to say whether or not other types of software licenses, i.e. licenses provided on an annual basis, are also sales agreements. I have argued that for economic reasons such is the case15, but some

scholars think these would be rental agreements or ‘sui generis’-agreements.

6. Tailor-made Software

Agreements providing for the development of software are usually deemed to be service

agreements. Schlechtriem en Butler argue however that these agreements could also be covered by the CISG since article 3 section 1 states that

“Contracts for the supply of goods to be manufactured or produced are to be

considered sales unless the party who orders the goods undertakes to supply a substantial part of the materials necessary for such manufacture or production.”

In my view software development agreements cannot be considered as sales agreements when the main object of this agreement is the development activity itself. Software development is mainly a process in which the client sets out its needs and the developer translates those needs into a piece of software. The agreement might possibly qualify as a sales

agreement when the development is solely an additional service to the provision of a right to use a

15http://www.ventouxlaw.com/files/20120820_Pleidooi_voor_kopen_stan

(19)

copy of a computer program for an unlimited period in return for payment of a fee. In that case the software license forms the essential part of the agreement and software development is simply a sideshow.

Since there is no general European contract law, I refer to Title 7.7 of the Dutch Civil Code which provides rules and regulations for service agreements. Safe as to contracts with consumers and small

business, these regulations are not mandatory.

According to article 7: 401 DCC the service provider “must observe the care of a prudent service provider”. For professionals like doctors, accountants and

lawyers this is usually assessed by making a fictitious comparison between the contested behavior of a specific professional and the assumed behavior of a similar, competent professional under similar circumstances.

In 198616 the Dutch Supreme Court issued a decision

in a classical IT dispute in which it applied the same criteria for an IT professional. Perhaps as result of the complexity of IT projects and the miscellaneous roles that professionals play, these criteria have not been of much help in Dutch case law. First of all, it is not so easy to establish what the ‘profession’ of an IT professional is and to which other professional his behavior should be compared. Secondly the roles that the parties involved play in an IT project differs substantially from project to project.

16

http://www.itenrecht.nl/www.delex-backoffice.nl/uploads/file/IT%20en%20Recht/HR%2011%20april%2019 86%20%28RBC-Brinkers%29.pdf

(20)

However, with regard to software quality it may be argued that establishing good quality could be one of the obligations of a competent software developer or software architect.

7. Conclusions and recommandations

Software quality is a term that cannot exist without a context. Furthermore, there is no software quality if it cannot be measured. Measurement does not only concern the software itself, but also the quality of all processes involved. Traditionally, however, too much emphasis lies on the process of software development and not on the quality of the software itself.

Many efforts have been made to translate relevant frameworks such as ISO/IEC 25010 into practicable systems for quality measurement. The SIG

maintainability model is a good example of this. Software is not a fixed item in the legal framework as well. When software is ‘embedded’ the quality frameworks may be similar to the legal regime that applies to the object it is part of. With regard to standard software the legal concept of the purchase agreement may be of help if the licenses are paid for and granted for an unlimited period of time. As to software development ‘good craftsmanship’ may be an angle for software quality. A true professional must be assumed to be acquainted with the issue of software quality and measurements to implement that. Disgruntled customers may apply quality

measurement to prove their case.

Lawyers can do much for their client if they enter specific software quality related clauses into the relevant agreement. In software disputes standardized

(21)

measures for assessing software quality can be applied in order to provide resolutions.

References

Related documents

Contract  on  the  Agent’s  Services.  The  Agent  is  obliged:  to  provide  consulting  services  in  the  course  of  preparing  the  Issuing  Prospectus, 

Keywords: American mink, common muskrat, harvest data, Neovison vison , mink farms, multiple linear regression, Ontario, population decline, roads, tree regression...

Smith Planning Group is a full service planning firm with extensive experience providing planning, design and engineering services including landscape design, irrigation and

Pola interaksi dilihat dari tiga puluh tiga senyawa derivat phthalimide dengan enzim reverse transcriptase menunjukkan ikatan hidrogen dengan asam amino Lys101

mectant), (emollient), (protein reju- 와 같이 다양한 종류가 있다 환자들의 연령 및 습 venator). 진의 형태에 따라 적절한 보습제를 선택하여야 한다 보습.

Ensure that non transport fallers can be referred directly from SAAS into metro-wide area falls pathways for coordination and management to: • reduce repeat call outs for

Although the knowledge regarding NSIs has been generally seen to improve with increasing year of medical education; unfortunately the lifetime prevalence of needle

The Dealer Help Desk supports deal- ers with access to New Holland systems such as the Dealer Portal, Parts eCatalog, Parts Ordering, Wholegoods, Finance and Warranty.. You