Protecting myself from liability with software I develop

Hi all,

Firstly, let me say I won't pretend to know anything about professional liability / indemnity, waivers, EULAs, contracts and the like.

I write scripts (primarily VBScript) for lots of things, and thousands have been posted here on EE for others to use and share.  I have never really been concerned about liability with these scripts (or indeed other advice provided) because I figure (being open-source languages) that it always comes stamped with an implicit "use at your own risk" and "I accept no responsibility for any possible damages caused" kind of clause.

While I never really state these clauses in my scripts, I figure it must be covered by the Open Source Definition somehow.

But, if I were to rewrite one of those larger applications in a closed source .NET language, does that make me liable for the software I write?  I don't have a registered business, so I'm a freelancer, and I don't have any written contracts either.  Is it enough to have it in writing from my client that they will in no way hold me responsible for any damage incurred, whether financial or defamatory based on decisions made from the data, etc?

I'm really at a loss with how in depth I need to go with it.  I'm in Australia, and my client is in the US, so I'm sure there's some difficult legal crossover there somewhere.

I guess I could register with a contractor, up my rates, but be covered by them, but I'm not sure whether that's just too complex.

Any advice I could get, even from some freelance programmers, would be great.

Rob.
LVL 65
RobSampsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joe Winograd, Fellow&MVEDeveloperCommented:
Hi Rob,
Your question interests me — and hits home, as I'm in a similar situation — but I need to head out now for a couple of hours. Just wanted you to know that I'll provide some thoughts when I return. Cheers, Joe
0
RobSampsonAuthor Commented:
Thanks Joe,

I did find these:
http://www.biztree.com/doc/software-development-and-consulting-services-agreement-D800
https://www.docracy.com/8574/design-and-development-contract

But again, not being legally minded in any way, not sure if it's overkill, or fits the bill perfectly to waive me of any responsibility (while still keeping ownership of the software).

Maybe I could even rip a EULA from any other free executable out there, and that's enough. I really don't know.  I mean, we download free utilities all the time, and yet we only hold ourselves responsible if it screws something up, right?

Rob.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Hi Rob,

I'm in a similar situation, i.e., writing custom programs/scripts (in my case, mostly in AutoHotkey — discussed here, if you're interested). First, a few high-level comments. I'm not an attorney, and what I do know about I.P. and contract law is from experience negotiating contracts in the US. I don't have a clue about such law in your neck of the woods, so you should give serious consideration to paying for advice from an attorney — although I must admit to not following that suggestion myself. Second, I'll address your questions on a point-by-point basis:

> While I never really state these clauses in my scripts, I figure it must be covered by the Open Source Definition somehow.

There are many Open Source Licenses. Here's a good site to explore them:
http://opensource.org/licenses

The most popular is GNU GPL 2.0:
http://opensource.org/licenses/GPL-2.0

You should read the whole document, but in particular, note Articles 11 and 12, which provide the liability protection. So one clear way to protect yourself is to state explicitly that your scripts are being distributed under the GNU GPL 2.0 (or one of the others, if you prefer). But I don't know if leaving it to an implicit "it must be covered" or a "since you're downloading it from the web you must know it is 'use at your own risk'" would hold water in a court of law (whether that court was in your neck of the woods or mine).

> But, if I were to rewrite one of those larger applications in a closed source .NET language, does that make me liable for the software I write?

I doubt very much that the language you write it in matters. For programs that you sell, you should have an EULA, to protect both you and your customer. The EULA should have liability/warranty protections.

> I don't have a registered business, so I'm a freelancer, and I don't have any written contracts either.

You should consider registering a business, even if it's a one-man shop. I don't know what the equivalent is down under, but here in the states I have what's called s single-member (just me!) Limited Liability Company (LLC). It is inexpensive to maintain, provides protection for assets, but there are serious tax implications. All of this is surely different in AUS, so you'll need to check it out, but my gut says that having some form of business entity will make sense for you and provide some degree of protection. Also, as a business, you may be able to get professional liability insurance, known here in the vernacular as E&O (Errors and Omissions) insurance, which is reasonably priced (although it depends on the nature of your business and clientele).

> Is it enough to have it in writing from my client that they will in no way hold me responsible for any damage incurred, whether financial or defamatory based on decisions made from the data, etc?

Yes, but for software, that should be via the EULA.

> I'm in Australia, and my client is in the US, so I'm sure there's some difficult legal crossover there somewhere.

I don't have a clue on the implications of that.

> I guess I could register with a contractor, up my rates, but be covered by them, but I'm not sure whether that's just too complex.

I've seen a lot of that, especially by freelancers who want to do business with the US federal government. Yes, it can be complex, with some pros and lots of cons, imo. I doubt that it would be a good way for you to go, although I've known some freelancers who have done it for decades.

> I did find these ... not sure if it's overkill

I haven't read the docs at those links carefully, but upon a quick review, I do not think they're overkill. For services, they're the right way to go. But for a custom program to which you sell licenses, I think an EULA is the way to go. Also, for custom programs that you sell, I recommend a code-signing certificate. I have one from VeriSign and it's comforting for my customer to see it in the UAC upon installation rather than the "Publisher: Unknown" one.

> Maybe I could even rip a EULA from any other free executable out there, and that's enough.

I used an EULA from a commercial (not free) software product as the basis for my click-through EULA that I now incorporate in all of my custom programs, which are delivered as executables.

> I really don't know. I mean, we download free utilities all the time, and yet we only hold ourselves responsible if it screws something up, right?

Those free utilities often have an EULA or at the very least a statement like that in IrfanView:
IrfanView software is provided "as-is".
No warranty of any kind is expressed or implied.
Or like the one in all of the NirSoft utilities:
Disclaimer
The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason.
The law doesn't have to make sense — it just needs to be the law. :)

Well, that's my view from the cheap seats. Best of luck in your business. Regards, Joe
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RobSampsonAuthor Commented:
Thanks Joe that's very detailed information, but this will definitely take time for me to figure out which direction I want to go.  So in summary, you have your one-man LLC to provide some protection, you don't have extra insurance on top of that, or that is included?  In Australia, I would register for an Australian Business Number (ABN), but I don't think covers any assets out of the box unless I paid for PI or PL insurance.

At this point, you make it sound like sticking a EULA on my application would be enough.  I know exactly what my application does, and I know exactly where it gets its data from, so I can be confident that the program will work as designed, but what I'm trying to protect myself against is what the end-user actually does with that data.  It's sort of a data mining marketing thing, so I don't want, for example, people to feel like their being harassed, then the end-user saying "well this program gave me the data" and it falls back on me.  Is that even possible, or is that like saying I'm suing Microsoft because someone generated an offensive Word document?

Rob.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
> you have your one-man LLC to provide some protection

Yes.

> you don't have extra insurance on top of that, or that is included?

Correct — I don't have it and it is not included in the LLC fees. But I'm considering getting some E&O insurance when I put up a website to sell my software, which I'm working on now (if I can stop spending so much time on EE).

> At this point, you make it sound like sticking a EULA on my application would be enough.

I do think a solid EULA would be enough, but I want to go back to the comments that I'm not an attorney and know nothing of Australian law.

> Is that even possible

I don't think so, as long as the EULA clearly spells it out, but, again, that is my layman's opinion and not a legally rendered opinion. I want to avoid sounding as if I'm giving you legal advice — I'm not qualified to do so. Regards, Joe
0
RobSampsonAuthor Commented:
Thanks Joe, I do fully understand that you are not providing legal advice, the comments just help me narrow my search I guess, so that when I perhaps get some proper legal advice I will be a little more informed.  Any more comments are more than welcome!

In a very narrow form, I checked out the Microsoft Script Center disclaimer as well:
"The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages."

That, among other things, in my EULA, sounds like it might be enough to waive any liability, so that's a good start.

This is another good article I just found as well:
http://www.smh.com.au/small-business/ask-our-experts/the-ins-and-outs-of-selling-software-20120731-2398e.html

and I may contact the Australian Computer Society to get more info.

Rob.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Rob,
I really like that Microsoft Script Center disclaimer — I had not seen it before, so thanks for posting! I went to the Script Center site to check it out further and found another agreement worth looking at — the Microsoft Developer Services Agreement:
https://technet.microsoft.com/en-us/cc300389

Some food for thought in there. Btw, in the disclaimer you posted, I would not remove the first few sentences, which are:

"The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose."

The last sentence is especially important, appearing in virtually all disclaimers that I've seen.

> That, among other things, in my EULA, sounds like it might be enough to waive any liability, so that's a good start.

I agree.

> another good article

Yes, and very good that it's specific to AUS.

> contact the Australian Computer Society

Excellent idea!

Regards, Joe
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Hi Rob,
It's been several months since we had this exchange, but I'm still working on putting up my website and wondering if you've made any other discoveries that might be relevant for me. Thanks much, Joe
0
RobSampsonAuthor Commented:
Oh wow, it has been a while!  I'm still in development stages for my program, so I haven't spent a lot of time figuring out who I need to talk to, but I've got a couple of people lined up.  I did however, obtain pre-approval from an insurer for PI and PL insurance, which came in at around AUD$1,400 which doesn't seem that bad.

I'm still seeing people saying it may be a good security measure to get my house put entirely under my wife's name, but until I hear that from a professional or two who understands my situation, I won't go down that route yet.

Thanks for checking in, I'll hopefully get more information early next year....too busy around Christmas now.

Rob.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Rob,

Thanks for the update. AUD$1,400 does seem like a reasonable price for "PI and PL" insurance, which I'm guessing is what we call "Errors and Omissions" (E&O) insurance here.

Keep me posted. I'll do the same for you, but I'm making very little progress. :(  Cheers, Joe
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Hi Rob,
Decided to spend some time this weekend closing a few hundred of my Firefox tabs — most EE, of course. :)  And I ran across this one. Any progress on your end? Unfortunately,  no progress here. Regards, Joe
0
RobSampsonAuthor Commented:
Hi Joe, thanks for the check in...unfortunately no further info, been majorly busy with my full time job!  Can't get time for these "side quests" at the moment!

Will let you know though!
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Same here, Rob...can't find the time to work on my site...but not because of a full-time job.
0
RobSampsonAuthor Commented:
Hey Joe, I know we've covered some basics here, but now that Experts Exchange have launched their Live services, my first thought on this was "how is this handled from a legal standpoint?".  I mean, the Experts that can provide the assistance for actual money, real time, may not even have any of the qualifications required in the real world to provide such information.  So I found this:

EXPERTS EXCHANGE LIVE SERVICE-SPECIFIC AGREEMENT
http://www.experts-exchange.com/liveServiceAgreement.jsp

Under "Independent Contractor Status" it states "Experts Exchange is only acting as a passive facilitator of the relationship between Consultant and Client, and makes no representations or warranties as to Consultant’s knowledge, expertise or fitness to provide the Services, or the result(s) of the Services received by Client. "

That strikes me as a dangerous proposition from EE's perspective, but I'm sure they've covered all legal angles, so I figure this must be a decent legal statement to be looking at.

In respect to the topic of this question, the Indemnification and Intellectual Property clauses are of particular interest, and I would like to acquire some legal advice on how well those hold up in the event of a dispute, for my own works.

I really need to invest some time into this, and hope to do so in the first half of this year, but the year is already quickly disappearing!

Rob.
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Hi Rob,
Good to hear from you. Updated agreements/contracts for Live and Gigs were part of the Code and Content Release on 29-Feb. Here are all of them:

Live Service Specific Agreement
http://www.experts-exchange.com/liveServiceAgreement.jsp

Live Client Facilitation Agreement
http://www.experts-exchange.com/liveClientFacilitationAgreement.jsp

Live Consultant Facilitation Agreement
http://www.experts-exchange.com/liveConsultantFacilitationAgreement.jsp

Gigs Service Specific Agreement
http://www.experts-exchange.com/gigsServiceAgreement.jsp?ver=2

Gigs Client Facilitation Agreement
http://www.experts-exchange.com/termsClient.jsp?ver=2

Gigs Freelancer Facilitation Agreement
http://www.experts-exchange.com/termsFreelancer.jsp?ver=2

While there may be some stuff in them that's helpful for you, all six of them say, "This Agreement shall be governed and construed in accordance with the laws of the State of California..." So you'll certainly want to get some legal advice with respect to Australian law.

Yes. amazing how time flies! Hard to believe just two weeks remaining in Q1. :(

Cheers, Joe
0
Joe Winograd, Fellow&MVEDeveloperCommented:
Many good comments during more than a year that this question has been open. Reasonable to close it at this point in time.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.