ACM slams proposed software law

Computer World –

The head of the Association for Computing Machinery (ACM) has voiced her organization's concerns over the proposed Uniform Computer Information Transactions Act (UCITA). She warned that, should the act become law, it could have detrimental consequences on the software market.

"I fear that this law, if passed, will create pressure on our members [computer professionals] to cut some corners in order to get software out as fast as possible," said Barbara Simons, president of ACM. "It may result in reduced software quality and increased risk to the general public."

Simons was explaining why, on behalf of ACM's 80,000 members last week, she sent a letter to more than 300 lawyers, judges and law professors.

The recipients of the ACM letter constitute the National Conference of Commissioners on Uniform State Law (NCCUSL) and are expected to vote on the proposed software law July 29.

According to Simons' letter, the UCITA will make it too easy for software publishers to avoid facing any legal consequences for producing defective software, even for defects they knew about in advance prior to the product shipping.

Such a situation, according to Simons, may tempt software vendors traditionally concerned about software quality to press their employees to get products out if a less conscientious competitor is about to begin shipping its products first.

ACM members are obliged to honor a code of ethics stating, "The computing professionals must strive to achieve quality and to be cognizant of the serious negative consequence that may result from poor quality in a system."

"The UCITA will hinder this pursuit, and result in possible harm to the general public," the ACM letter stated.

Simons, who recently retired after many years working at a major IT company, stressed that she is not worried about minor bugs in software. "We all know it is not possible to write bug-free programs," she said.

However, the ACM letter also noted that the proposed law could make it impossible to develop antivirus software, because the technique of reverse engineering is banned.

Such a ban will prevent computer professionals from unraveling the code in software produced with malicious intent, a security expert said.

According to Peter G. Neumann, author of the book Computer-Related Risks, security professionals may as well pack up and close up shop, if the ban on reverse engineering is upheld. He assisted ACM in the writing of the part of the letter related to security.

"The situation will be absurd," said Neumann, principle scientist at SRI International, based in Menlo Park, Calif.

Neumann referred to the necessity for reverse engineering when the source code for old legacy systems is lost. According to him, the year 2000 issue can't be solved without doing reverse engineering in several instances. Furthermore, reverse engineering is necessary in order to secure interoperability between different software products.

He also criticized the UCITA for equating user interface errors with errors in the content of a newspaper article.

"Bad user interfaces can kill, also in combination with bad systems," Neumann said. He referred to several cases including the tragedy that occurred when the U.S. destroyer USS Vincennes a decade ago fired a missile at an Iran Air 655 Airbus, mistaking it for an attacking fighter plane. Two hundred and ninety passengers were killed.

"The operator had no awareness of what happened, because the information needed was not shown on the screen," Neumann said, adding: "I know the guy who wrote the code."

The interface is crucial, particularly in the aviation industry. A pilot is stressed just by changing to a new type of airplane employing a different user interface, Neumann said.

He warns of the dangers of diluting software vendors' liabilities concerning bad user interfaces, as the UCITA recommends. "Remember, everything is increasingly computerized," Neumann said.

Major software industry organizations are heavy supporters of UCITA and have contributed to the draft, according to NCCUSL statements.

ACM's Simons commented that many of those involved in the draft from the software industry, such as legal advisors, had not written software themselves. Therefore, the possible negative implications of the proposed act might be difficult for them to comprehend.

The NCCUSL members meet today in Denver in order to discuss UCITA and other legal matters during their annual conference, which ends July 30.

NCCUSL is a private organization that assists in making laws uniform across state borders in the U.S. When the NCCUSL has voted in favor of a draft, the body recommends that the states enact the draft, and traditionally, most or all states follow the organization's recommendations.

The UCITA draft addresses buying, selling and licensing "intangible goods" such as software, multimedia interactive products, data and databases, the Internet and online information.

According to the drafting committee, the proposed law is necessary particularly for the development of electronic commerce.

In an article written by those involved in the drafting process, the problem is described in the following way. "There is an absence of any clear guidance about how to form contracts, what obligations exist in computer information transactions online or otherwise, what laws apply, how to deal with automation, and a myriad of other questions," the article said.

The authors are Carlyle C. Ring, the chair of the drafting committee and law professor at the University of Oklahoma, and Fred H. Miller, who is the executive director of the drafting committee. They have both also several times expressed in written statements that the proposed law will increase consumer rights.

However, the law proposal has been heavily criticized, especially by organizations and law professors working on consumer protection and managers responsible for information technology in U.S. companies.

Yesterday, some of the objections were addressed when the UCITA drafting committee had a final meeting before the NCCUSL-convention opening today. An 11-page document called "Possible Revisions of the UCITA Draft" was on the agenda.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies