By Lawrence B. Levy^†
and Suzanne Y. Bell††

Several examples illustrate the extent of the potential liability faced by software vendors. In one case, an error ("bug") in a computerized therapeutic radiation machine caused it to administer incorrect dosages. Two people were killed and several others were seriously injured.² In another case, a construction company alleged that a bug in a spreadsheet program caused the company to underbid a $3 million contract. The company sued the manufacturer of the program for $245,000, claiming it had lost that amount as a result of the incorrect bid.³ Finally, in Scott v. White Trucks,⁴ the defendant's truck was equipped with computer- controlled anti-lock brakes. After the brakes failed and the truck crashed, the driver of the truck brought a product liability action alleging defects in the software.⁵

Few software product liability cases have been litigated, so little directly applicable judicial guidance is available to pinpoint steps a software vendor should take to minimize liability. However, by understanding the legal theories upon which a hypothetical plaintiff may rely in a suit against a software vendor, it is possible to identify and understand where the risk of liability lies. This is the focus of Part II of this article. Part III will describe and provide examples of actions the vendor may take to minimize, shift, or spread the risk of liability for imperfect software. Such measures help protect the vendor and enable both the vendor and its customers to understand their respective rights and obligations. These measures also help to build a positive working relationship between the vendor and its customers by ensuring that expectations are realistic and by increasing the likelihood that potential problems with the software will be detected and corrected before they cause any loss or damage.

The court in Data Processing Services, Inc. v. L.H. Smith Oil Corp.¹¹ held that the sale of the software involved in the suit was a contract for services, not goods, because of both the custom nature of the software and the fact that there was no simultaneous sale of hardware. The court found:

A jury apparently found another factor to be significant in West Outer Drive Medical Center v. Compucare Inc.¹⁴ In that case, a hospital contracted for the development of an "information system" consisting of both hardware and software.¹⁵ At trial, the software developer claimed that the hospital must have considered the software to be a good because it wanted to take advantage of investment tax credits that were available only if the software was tangible personal property.¹⁶ The jury found that the contract was for the sale of goods and that the UCC applied.¹⁷

Some courts have taken a different approach when a vendor provides not only the software itself, but also significant maintenance and support services. In such a transaction, a court must decide whether the goods or services aspect predominated in the transaction.¹⁸ If the services aspect predominated, the court will be more likely to characterize the transaction as a sale of services.¹⁹ In contrast, if the goods aspect predominated, the court will call the transaction a sale of goods.

Courts may decide whether the goods or services aspect of a transaction predominated by examining its financial details. In Micro-Managers, Inc. v. Gregory,²⁰ the court used this method of analysis to characterize a hybrid transaction as a sale of services. In that case, a petroleum corporation sued because the custom software it had purchased malfunctioned. The court noted that the corporation had paid $59,828 to the software producer. Of this sum, $55,968 had been paid for labor and support for the corporation's use of the software.²¹ The court held that this showed that the contract was primarily for services, and, consequently, that the UCC did not apply.²² A court reached the opposite result using this method in Stenograph Corp. v. MicroCAT Corp.²³ It held that the UCC applied to the sale of all the assets and liabilities of a corporation because the parties had allocated $950,000 of the total $1,000,000 purchase price to the corporation's software, and only $50,000 to the corporation's copyrights, trademarks, and other intangible assets.²⁴

Other courts take a less rigorous approach in analyzing hybrid transactions. The court in RRX Industries, Inc. v. Lab-con, Inc.²⁵ began by noting that it would search for "the essence of the agreement" using a "case-by-case analysis" because "software packages vary depending on the needs of the individual consumer."²⁶ In this case, the court continued, the transaction was a sale of goods, not services, because the sales aspect predominated.²⁷ This was true even though the software producer had provided a number of services, including employee training, repair services, and system upgrading. The court found that these services were only "incidental" to the sale of the software package.²⁸

In one series of cases, courts have held that information is a product and that strict liability therefore applies to it. First, in Saloomey v. Jeppesen & Co.,²⁹ navigational charts were found to be a product, not a service. In that case, inaccuracies in the charts caused a fatal airplane crash, and the decedents' administrators brought a wrongful death suit against the publisher of the charts.³⁰ The court said that since the charts were mass- produced and it was likely that purchasers substantially relied on them without making any alteration to them, the publisher had a duty to insure that consumers would not be injured by the use of the charts.³¹

Second, in Brocklesby v. United States,³² the court held a publisher of an instrument approach procedure for aircraft strictly liable for injuries incurred due to the faulty information contained in the procedure. Strict liability applied because the product was defective, even though the publisher had obtained the information from the government.³³

In contrast, other cases have not applied strict liability to information contained in books. For example, in Cardozo v. True,³⁴ a woman was poisoned when she ate an exotic ingredient called for by a recipe in a cookbook. The court held that the information contained in the book was not a product for the purposes of applying strict liability, and, therefore, the seller of the book was not liable on that theory for failure to warn of the nature of the ingredients used in the recipe.³⁵ These cases may be relevant because software usually either contains information or assists in the generation or manipulation of information.

There are strong policy reasons to apply the UCC to sales of software. For example, software sales would then be subject to a concise, statutory, and uniform body of law predictable to both vendors and users.³⁶ It would also be consistent with the parties' expectations; although they typically are licensees, especially when the same program is made available to multiple users, software users frequently regard themselves as purchasers of goods.³⁷ Finally, since the UCC provides for such measures as warranties, disclaimers, and limitations of liability,³⁸ the UCC provides a mechanism to allow the parties to allocate the risk of product performance.³⁹ However, if software is considered a "good" in order to apply the UCC, it increases the likelihood that it will be characterized as a good for other purposes, such as the application of strict product liability law.

Software vendors may be held liable for damages caused by their products under various contract and tort theories. This will be the focus of the remainder of Part II.

Moreover, a court may hold a vendor liable under a warranty theory for statements about the software made outside the formal agreement.⁴¹ In addition, if a court determines that the transaction was a sale of goods subject to the UCC, in the absence of a warranty disclaimer it may hold the vendor liable for breach of warranties implied by that statute. One such warranty is the implied warranty of merchantability, which requires that the software be reasonably fit for the general purpose for which it is sold.⁴² Another warranty is the implied warranty of fitness for a particular purpose, which applies when (1) the vendor knew of a particular purpose for which the software was required; and (2) the vendor knew that the user relied on the vendor's skill and judgment to furnish a suitable program.⁴³

Under a contract theory, a plaintiff may recover the difference between the market value of the software as delivered and the contract price of the software.⁴⁴ Plaintiffs may also be able to claim additional damages such as consequential damages,⁴⁵ incidental damages,⁴⁶ lost profits,⁴⁷ or other losses that the sellers should have reasonably anticipated, such as the loss to the construction company in completing the contract mentioned above.⁴⁸ The possibility of large damages from these additional categories poses a great threat to software vendors faced with a breach of contract claim.

Since these are contractual claims, the vendor frequently can draft its contracts to substantially limit its exposure.⁴⁹ However, as discussed below,⁵⁰ there may be limits to this ability to minimize liability.

The defendant's misrepresentation usually must be intentional for the plaintiff to recover,⁵⁷ but some jurisdictions recognize a cause of action for negligent misrepresentation.⁵⁸ Courts may allow some "puffing" in marketing efforts, but seem to be more inclined to find misrepresentation when the vendor makes misstatements concerning facts that are exclusively within the vendor's knowledge.⁵⁹

A fraudulent misrepresentation claim is especially threatening to software vendors because under this theory, a plaintiff may sue when it suffers damages solely to its intangible economic interests (such as business reputation), rather than personal injuries or damage to tangible personal property.⁶⁰

For a variety of reasons, plaintiffs have had less success claiming damages from software vendors under this theory than under other theories.⁶⁵ Demonstrating that a vendor's conduct is unreasonable is difficult and expensive. Moreover, the defenses of assumption of risk and contributory negligence are available to vendors. For example, vendors have successfully defended on the grounds that the buyer was negligent in using defective data or in hiring incompetent operators. As a result, it may be difficult to prove that the plaintiff's injury was caused by the vendor's breach of duty, such as supplying defective hardware or software, rather than by the plaintiff's own error, such as use of incorrect data. Finally, some courts hold that a negligence action for economic loss is barred if a contract exists between the parties.⁶⁶

To date, courts have been reluctant to entertain a professional malpractice action against software vendors, principally because, unlike medicine and law, there are no established educational standards or regulations governing the performance of software programmers and developers, and they are not licensed as professionals.⁶⁹ However, an analysis of recent judicial and administrative decisions demonstrates that there appears to be some support in the courts for the imposition of a professional standard. In one case, a federal court suggested that persons engaging in computer consulting as part of a regulated profession may be held to the standard of care of that profession. In Diversified Graphics, Ltd. v. Groves,⁷⁰ a company hired a large accounting firm, Ernst & Whinney, to assist it in locating a turnkey computer system. When the system proved difficult to operate and failed to meet the company's data processing needs, it brought a negligence action against Ernst & Whinney. The court ruled that the firm should be held to the standard of care established by the rules for professional accountants. Specifically, it said that the American Institute of Certified Public Accountants' Management Advisory Services Practice Standards, which Ernst & Whinney had adopted for internal use, were applicable to the firm's provision of computer services.⁷¹ In addition, since there were no industry guidelines as to what is required of a turnkey system, the court detailed requirements of such a system.⁷² Although the case did not expressly find a cause of action for computer malpractice, in this instance it practically adopted one by employing a professional standard of care in a negligence action involving a defective computer system.

A court in an earlier case also provided support for holding computer programmers to a professional standard of care. In Data Processing Services, Inc. v. L.H. Smith Oil Corp.,⁷³ a case involving alleged failures of a computer programmer in designing data processing and accounting software for a customer, the Indiana Court of Appeals stated rather strong dictum that identified computer programmers with members of a profession:

Holding software programmers to a professional standard of care has advantages and disadvantages. On the one hand, as software programs become increasingly large and complex, it may be to the benefit of users that the programmers meet a particular standard of care in developing and debugging the program. On the other hand, to ascertain what standard of care should be applied would be extremely complex. Software programmers are diverse in their educational backgrounds,⁸⁰ and programming theories and techniques often are characterized as more of an art than a science. There are no established standards for computer professionals; standards would have to evolve on a case-by-case basis. Courts also would have to decide whether the standard varied by locale, as has been true for physicians,⁸¹ and whether there are specialties within the computer field for which the standard of care might differ.

The IRS's approach of applying the standard of care of the profession normally performing the function of the program could be applied to limit these problems. Consider again the situation of the people who were injured as a result of the malfunctioning of a program that regulated the amount of radiation exposure for patients undergoing cancer therapy.⁸² Under the IRS's approach,⁸³ a court would begin by finding that the administration of radiation would normally be the type of work done by a doctor. It would then apply the standard of care for doctors to the vendor's conduct, to determine whether the vendor breached a duty owed to the plaintiff. The court would therefore not have to find and apply a standard of care for the computer programmer profession.

However, there would also be drawbacks to this approach. The person writing software that, for example, generates tax returns or administers radiation, in most cases is probably not a professional tax preparer or physician, but merely relies on information given to him or her. It may not be fair to apply the standards of the underlying profession to the programmer, and if the law evolves in that direction, programmers may become reluctant to undertake such projects. There are also many professional tasks that could be performed by computer programs, necessitating provision of multiple standards of care applied in computer malpractice cases. In addition, not all computer programs perform the functions of a profession, and some may perform the functions of more than one profession. In those cases, courts would have to decide whether to apply a general reasonableness standard or the standard of a computer professional.

An important feature of the strict liability theory is that it renders legally irrelevant the issue of whether the vendor acted reasonably.⁸⁹ By preventing the vendor from presenting exculpatory arguments, this theory in effect forces software manufacturers to guarantee the safety of their products.⁹⁰ The strict liability theory also has an effect on potential defendants and on recoverable damages. If it is applied, everyone in the chain of distribution of the product may be liable for the plaintiff's damages.⁹¹ However, users are not generally compensated for economic loss under a strict liability theory, but only for personal injury or property damage.⁹²

To date, courts have been reluctant to apply the theory of strict product liability to computer software.⁹³ Proponents have offered several arguments in favor of doing so. They argue that the software manufacturer should be held liable because it is in the best position to prevent defects, and can spread the risk of liability through insurance or by increasing the cost of the product; that strict liability assures compensation of the victim; that negligence is too difficult to prove; and that the application of strict liability will deter the manufacturer from producing defective software.⁹⁴ It is partially these types of considerations that have led courts to apply strict product liability to certain types of information.⁹⁵

On the other hand, the application of the strict liability theory might hinder the development of software. Consider again the medical program that regulates the amount of radiation exposure for cancer patients.⁹⁶ It is likely that clinical judgments and heuristic rules for making decisions, rather than fixed engineering and mathematical principles, would be used to develop the software.⁹⁷ The software developer is therefore not necessarily able to eliminate defects, any more than a medical practitioner can guarantee positive results from radiation treatments. Nevertheless, under the strict liability theory, the software manufacturer might be held liable for large personal injury damages if the radiation treatments do not help, or injure, the patient. Moreover, everyone in the chain of distribution may be liable, including the hospitals and medical practitioners that used the program.⁹⁸

In the coming years, we can expect to see each of these theories tested in the courts as the number of damage claims alleging defective software increases. The prudent software vendor should be cognizant of these risks and take actions to limit its exposure. We now turn to these preventive actions.

Courts generally uphold warranty disclaimers except in cases of "unconscionability," which means that the disclaimer provision is excessively one-sided, oppressive, or surprising to the purchaser.¹⁰⁵ This limit may be particularly relevant in the case of mass-distributed software accompanied by shrink-wrap licenses. It is possible that a court would characterize the license included in the package as a contract of adhesion, and find the broad disclaimers contained within the license to be unconscionable and unenforceable.¹⁰⁶ For this reason, it is often advisable to include in a shrink-wrap license a limited form of express warranty.¹⁰⁷ In addition, it may be difficult for a vendor to negotiate a disclaimer in contracts for custom software.

Warranty disclaimers also should disclaim any warranties that may be implied by law. If a court determines that the vendor's software is a product and not a service, the UCC will apply to its sale¹⁰⁸ and the software will be covered by the UCC's implied warranties of merchantability and fitness for a particular purpose.¹⁰⁹

Courts uphold disclaimers of implied warranties as long as such warranties use the exact words required by the UCC and are conspicuous.¹¹⁰ A disclaimer is conspicuous when it is "so written that a reasonable person against whom it is to operate ought to have noticed."¹¹¹ This is a fact-based inquiry performed by the court.¹¹² In Sierra Diesel Injection Serv., Inc. v. Burroughs Corp.,¹¹³ the court held that:

There is another limit to the use of disclaimers of implied warranties. Under the Magnuson-Moss Warranty-Federal Trade Commission Improvement Act,¹¹⁷ if a consumer good is covered by a written warranty, the vendor cannot disclaim implied warranties arising under state law.¹¹⁸ The vendor may, however, limit the duration of the implied warranties to that of the written warranty.¹¹⁹

A vendor may want to consider providing a limited warranty rather than disclaiming all warranties. This may be preferable from a marketing standpoint and may decrease the likelihood that a contract will be found unconscionable. Moreover, it may be easier to obtain a limited warranty than a disclaimer of all warranties in negotiations with purchasers of custom software. A limited warranty may provide, for example, that the software will perform according to certain specifications for a limited period of time. Alternatively, the vendor simply may specify the level of support and bug fixing it will provide.¹²⁰ In either case, the vendor commits itself to the specified warranty or service, but does not extend as complete a warranty as might have been requested by the purchaser, or implied by the UCC.

A limitation of remedies provision may not be upheld when the proffered remedy "fail[s] of its essential purpose."¹²⁶ This may be the case, for example, when the software does not perform as warranted and the vendor is unable to repair or replace the product.¹²⁷ If a remedy fails of its essential purpose, a buyer may generally pursue the full range of contract remedies.¹²⁸ Thus in RRX Industries, Inc. v. Lab-con, Inc.,¹²⁹ the trial court found that the software developer was "either unwilling or unable to provide a system that worked as represented, or to fix the 'bugs' in the software..."¹³⁰ On appeal, the Ninth Circuit agreed that "the default of the seller [was] so total and fundamental that its consequential damages limitation was expunged from the contract."¹³¹

The following is a sample warranty disclaimer that includes a limitation of remedies provision:

As with the other contractual provisions discussed in this section, limitations on liability generally are upheld in the commercial setting,¹³⁸ although they are narrowly construed. As a result, care must be taken to incorporate them in a contract in a manner that promises the broadest application and that limits the likelihood that the limitation will be held not to apply to all provisions of the contract.¹³⁹ In addition, a plaintiff may assert the doctrine of unconscionability against the enforcement of these provisions.¹⁴⁰

The following is a sample limitation of liability clause:

In general, integration clauses have been effective in voiding representations about the software made outside the contract.¹⁴³ However, this is not always the case. In Sierra Diesel Injection Serv., Inc. v. Burroughs Corp.,¹⁴⁴ the court held that the buyer of a computer system was entitled to rely on representations contained in a letter despite the disclaimer and integration clause contained in the contract. The court reasoned, in part, that the representations constituted express warranties which were part of the agreement between the parties; and that it was reasonable for the purchaser not to rely on only one document for the complete agreement of the parties, but on the series of contracts that were part of the transaction.¹⁴⁵ In addition, integration clauses will not be upheld when fraudulent statements of the vendor caused the purchaser to enter into the contract. In such a case, the fraud invalidates the entire contract.¹⁴⁶

The sample warranty disclaimer presented above¹⁴⁷ attempts to prevent prior communications from becoming contractual warranties by its disclaimer of any warranties "in any communication with you." The following is an example of a standard integration clause:

The contract may also specify certain obligations on the part of the buyer. For example, it may impose obligations to notify the vendor of bugs within a certain time period after discovery, to meet standards for installation and facilities, to provide a certain level of training to end users, to create and keep current appropriate back up programs, and to provide suitable input data. In addition, the vendor may impose an obligation to hire operators having certain qualifications. For example, in the medical context, the contract may state that only certain licensed professionals should operate the software.

Having specified the parties' standard of care in the contract, the software vendor, if it is sued, may contend that it is not negligent because it met its contractual obligations. In addition, it may contend that it should not be held liable for the defective performance of the software if the buyer failed to live up to its obligations. Moreover, both parties may benefit from a clear statement of their respective duties. This may engender a better working relationship between the parties, increase the probability that the software is properly used and maintained and help to identify defects before they cause loss or damage.

The vendor may also consider incorporating functional limitations into the software in order to minimize the possibility of serious error. Although a developer may be capable of designing a more sophisticated system, it may be prudent to include certain limitations in the system; for example, that the system merely recommends a certain action, but does not act or make a final decision. To return to the radiation machine example,¹⁵⁶ the case shows that it might be risky if the software controlling therapeutic machinery goes beyond recommending a "standard" dosage or course of action requiring human judgment and intervention to put into action. By including such limitations, the vendor reduces the risk that its program will be held responsible for an erroneous course of action that leads to a plaintiff's injury. However, the same limitations may make the program less attractive to users.

In the case of custom software programs, it is particularly important for the programmer to work closely with the customer while developing the program. As a result of ongoing communications, the programmer can create a program that meets as closely as possible the needs of the customer. At the same time, the programmer can create accurate expectations on the part of the customer regarding the capabilities of the system, and fully explain to the customer the limitations of the system.¹⁵⁷

The most fundamental principle is that the vendor should be careful not to make false claims in marketing information or other sales communications. Under the UCC, express warranties can be created by words, written or oral, or by conduct; and a court could hold a vendor liable for statements outside the license agreement.¹⁵⁸ A court may also hold a vendor to its marketing statements on a fraudulent misrepresentation theory.¹⁵⁹ Therefore, it is wise to be cautious about making such statements, even if the vendor's license agreement contains an integration clause.¹⁶⁰

In addition, the vendor should consider warning users of limitations in the software. If appropriate, the warning also should specify that the program is not to be used in situations in which the failure to perform could result in bodily injury. The warning may be placed in the license agreement, on the product packaging, on the first screen of the program to appear to the user, or on any other place where it will be clearly visible to the user of the program.

Finally, the vendor should exercise appropriate guidance at every level of its distribution channels. This might include ensuring that distributors and dealers are properly trained and cannot change the software or, if they can, that they will be fully liable for damages incurred as a result of such changes. The vendor and its distributors also should be careful not to market the system without providing adequate documentation and instructions on proper use.

The vendor's vigilance might also extend to its customers. For example, the vendor might establish a means by which users can report bugs. If a significant bug is discovered, it may be advisable to promptly notify all users even if an update is not yet available. When updates and error corrections become available, it may be desirable to require the user to substitute them for the old program. To achieve these goals, the vendor may want to require users to be registered. More aggressive tactics include requiring the buyer to acknowledge the various warnings, disclaimers, and limitations in writing; imposing penalties for breaches of the restrictions on use; and auditing user compliance with the restrictions.¹⁶¹

The vendor may wish to preserve its ability to update and correct its products by reserving the right to withdraw the software from its customers. Of course, the extent to which any of these actions is called for depends on many factors, including the function of the software, the likelihood of damage, the sophistication of the users, and the vendor's risk profile.

First, the vendor should exercise care in selecting licensees that are technically competent and financially secure.¹⁶³ Of course, the degree of competence and security required depends on the type of software, the sophistication of the users, and other factors.

Second, the licensor should attempt to structure the relationship in the manner least likely to produce liability for the acts of its licensees. Viewed along a continuum from the most likely to least likely to be held liable, partners and joint venturers are liable for each other's actions within the scope of the partnership or the joint venture relationship; if the licensor controls and directs the work product of the licensee, it may be argued that the licensee was the employee or agent of the licensor, rendering the licensor liable for the actions of the licensee;¹⁶⁴ licensors may be held liable for the acts of their subsidiary-licensees under alter ego or fraud theories; however, independent licensors generally are not liable for the acts of their licensees.¹⁶⁵ (Of course, in each case, the licensor may be held liable for its own negligence, such as supplying a licensee with defective products or negligently selecting a licensee). The vendor should take appropriate steps to tailor its relationship with its licensee to reflect the degree of liability and control it desires.

Finally, the vendor should consider requesting from the licensee an agreement to indemnify the licensor for losses incurred as a result of the licensee's actions. Courts usually uphold such clauses, although they tend to construe them narrowly.¹⁶⁶