Soctech brainstorming

From PublicWiki
Revision as of 22:51, 22 October 2004 by 128.208.3.71 (talk)

Jump to: navigation, search

Possible CSE590 Topics

The impact of vendor liability upon the open source development model.

Currently, software vendors are not liable for damages caused by faults in the software they build and sell. The societal cost of defective software (e.g. computer security defects) is currently high (some estimate in excess of $15 billion annually). Moreover, we can predict that the cost will continue to grow, as society becomes increasingly reliant on computers, and computers become increasingly pervasive. The current absence of legal liability allows software vendors to externalize the costs of low-quality software in a manner analagous to environmental polluters.

Hypothesis: Imposing liability on vendors will force vendors to bear the cost of low quality software, thereby providing incentives to improve software quality.

There are many issues under this topic. Generally, what are the costs and benefits of the status quo versus a world with vendor liability? Assumming we want to improve software quality, are there other approaches that would work just as well or better? What are the costs of imposing/enforcing liability? How would this impact the open source movement? Specifically, would this unduly "chill" open source development if developers have to fear that software they write might become subject to legal liability in case it contains "damaging" flaws?


UI Design for a Better Click-through Licenses

Click-through licenses are, for better or worse, a large part of every consumer's life. This research would focus applying user interface design principles to implementing "better" click-through license agreements. As a straw-man definition, a "better" license would be defined as one where the user actually has some chance of understanding the terms of the license they are agreeing to. We can imagine all sorts of improvements that might enhance a consumer's ability to make an intelligent decision about whether they really want to accept the license or not. Trivial examples might include expressing the terms in plain English; more complicated examples might include "walking" the user through the license (term by term) and requesting assent to individual terms. Obviously, there are all sorts of trade-offs to be explored.

Why would this ever be interesting to anyone? Well, consumer groups would certainly be happy if they could point to real research that shows that companies can do a better job of presenting their license terms to consumers. Companies are, of course, seemingly unlikely to want to embrace new ways of presenting licenses -- especially if it will increase the number of e-commerce sales that do not get completed because the buyer gets "cold feet" upon grasping the implications of a purchase. On the other hand, some companies may use "humane licensing" to their competitive advantage, by attracting customers who like shopping somewhere that the company seems willing to actually explain terms to them, rather than bury them in 20 pages of fine print.

Finally, if history is any teacher, courts did not disapprove of click wrap licenses (ie. a license that is only reachable by following a link) until they had another technology - click through (ie. a license that is splashed onto the screen with an "I accept" button at the bottom) - came onto the scene. The point is that while courts aren't in the business of saying what sort of technology is required to create an enforceable license, they may bless one technology as sufficient when presented with a qualitatively "worse" technology. (I need to find the case on this, but there is at least one reported opinion where the court compared click wrap to click through and approved of click through...) In short, it may provide the (however tiny) opportunity to change the law by building something better.




From Caroline: I see potential here-interesting ideas. Thanks, Ben. On the first one, software vendor liability, taking off from your idea about methods for improving software quality, an interesting security/econ/policy angle is the idea that there is a market failure in the provision of security. If people could judge security for themselves, then companies would be more willing to compete on quality. In fact, consumers probably have no idea what they're buying so that companies have little incentive to invest in security. Methods to improve software quality then, might include having some sort of Underwriter's Lab for software that gives consumers something tangible to grasp (Software X got 1 star but Software Y got 3 stars, so I'll buy Y--assuming we're in a non-monopoly situation). Would this work? Isn't it even hard for computer scientists to judge how secure code is? And how do you account for users' security failings--insecure systems aren't totally the software's fault.


A couple other things I've been thinking about:

IP protection for software

One of the lessons of the open source model for the software industry is that transparency increases trust. To that end, Microsoft has made progress in sharing source code through the Shared Source Initiative and many other major software vendors have embraced source licensing as well. There is an impact to this though, and primarily that is the sacrificing of trade secret as one of the major underpinnings of commercial software vendors IP strategy. If one holds that increased transparency is critical, then software vendors are in essence going to be pushed to rely more heavily on patent rather than trade secret. This gets interesting especially since the Open Source community has historically been anti-patent.

Another note, maybe worth pondering: Managed code is more transparent than unmanaged code. Microsoft wants to carefully control access to its source code whether it shares code through Shared Source, or in components it ships with its development platforms, and so forth. Yet the way the .Net platform was implemented means that Microsoft code is more transparent than before. On a transparency scale of 1 to 10, with machine language (or whatever the most non-transparent form of code is called) being a 1 and source code being a 10, developers have told me Microsoft's Intermediate Language is a 7 or an 8. Is the higher transparency of its code of concern to Microsoft given its highly-controlled approach to open source?

_=^=_

Distribution as Property

From Joshuadf:

The advent of technology able to create virtually unlimited identical copies at low cost created the current "Copyright Crisis." While many possible methods of "Digital Rights Management" have entered the marketplace, the Open Source Software movement offers a different solution---a redefinition of intellectual property based on distribution instead of exclusion. Is this an unworkable system, or just the beginning step in constructing a new definition of what it means to create in an increasingly digital world?

Possible readings from Stallman's "Why Software Should Not Have Owners," Tiemann's "Future of Cygnus Solutions: An Entrepreneur's Account", and/or Weber's Success (Sorry for all the cititions; I was a liberal arts major. :)

_=v=_

Property in virtual worlds

The Terra Nova blog has been having some interesting discussions about property, both intellectual- and non-, in "virtual worlds" (Everquest and their ilk). Some relevant posts: