Lawyers snap at Microsoft

Can a lawsuit in the US force software vendors to accept liability for flawed products?

This month, when news stories suggested that most Americans were fending off attacking tigers, Microsoft was preparing for the possibility of yet another mauling by marauding lawyers.

This time the instigator of legal action is an LA film editor. She is proposing a class-action suit against Microsoft in Los Angeles, alleging that a flaw in Microsoft's software has allowed personal business information to be swiped by hackers. Her submission has been posted online and makes interesting reading - see the first link below.

The main justifications for the action are: the argument that Microsoft's user licences unfairly limit the firm's liability; claimed shortcomings in the way Microsoft publicises its patches for security problems; and an appeal under Californian privacy law, saying that Microsoft should inform its clients if it thinks that data has been accessed or compromised by an attacker.

The complaint under the privacy law may exceed the original intentions of the legislation, which was to encourage online firms to take steps to keep their customer data safe.

The plaintiff is pushing for a jury trial and a cynic would say it's easy to see why - the members of a jury would probably have had bad experiences with Microsoft software.

Ignoring the legal niceties, the case boils down to the allegation that Microsoft software is inherently insecure and that Microsoft hasn't done enough to address the issues.

The question is: can an operating system be written that can deflect or stop any attacks against the system running it? Well, in short, no - it cannot be reasonable to expect an operating system to resist all attacks, as intrusion techniques are likely to appear in the future that have not been anticipated thus far.

The next logical question should be: is the developer doing enough to adapt its operating system to resist new attacks? This is the main question the court would have to decide.

This legal move comes at an important time for Microsoft, because tomorrow sees the launch of new versions of Office and Exchange. If this lawsuit is successful it could subject computer software to standard product liability law, with all the ramifications that entails.

I suspect that this action will not get very far against Microsoft's elite team of corporate lawyers, but the day may not be too far away when software comes under the "must be fit for its intended use" laws.

The final part of the legal submission against Microsoft is the hilariously titled Prayer for Relief, in which the plaintiffs set out how they would like a trial to proceed - in this case as a class action with a jury - and then their hopes for financial recompense from Microsoft. I suspect there are many other firms in the world that would also like to put in such claims.