Assessing Liability for Computer Software Failure; An Overview

by Geoffrey T. Hervey, Esquire

Numerous real-world examples exist in which companies have suffered losses—or caused others to suffer losses—due to failed software. When business reputation is damaged, money is lost or people are hurt, injured parties will look for as many deep pockets as possible. In addition to dwindling productivity and lost revenue, software failure creates potential legal liabilities that can run in several directions. 

Software manufacturers are an obvious target for legal action and may be directly liable to end users when programs fail. Others, however, may be indirectly liable as the result of a failed program, including such end users as the company or people that chose to fulfill contractual or professional obligations with the faulty program or the corporate officer who selected the program.

Several legal theories exist under which parties with very different roles may be pursued for damages when software fails. This article identifies some of the most likely scenarios.

Software as a Tool Presents Negligence Issues
Negligence theories may be advanced against those who rely on software to discharge non-contractual or professional obligations. Negligence consists of four basic "elements:"

• the existence of a "duty of care;"
• a breach of that duty;
• damages caused by the breach; and
• a showing that the injuries suffered by the plaintiffs were reasonably foreseeable.

The existence of a duty of care is generally established by what a reasonably prudent person would have done under the circumstances. For example, a reasonably prudent driver does not run red lights; to do so is a breach of the duty of care. If that breach results in damages (such as a collision), a claim for negligence exists.

A doctor who uses a defective software program to diagnose an illness may be liable for negligently misdiagnosing the illness if a reasonably prudent doctor would not have used the program (a breach of the duty of care) and the patient was harmed as a result. A consulting firm that uses flawed software to forecast market trends may be liable for negligently causing a client to spend millions developing a new product that has no market, if using that particular program is found to constitute a breach of the duty of care.

Moreover, individual officers and directors could be personally liable to their companies if it can be shown that a reasonably prudent CEO, for example, would not have chosen the failed software. In cases in which a company faces significant lost profits or lawsuits from its partners or customers, that company will likely scrutinize any decisions of the officers and directors that may have caused those circumstances. While an officer may find some protection under the "business judgment rule" or through insurance, a claim could still be pursued. An officer may be in a better position to argue that the actions taken were reasonable and prudent if a reputable certification firm certified the software in question.

The Limits of "Limited" Warranties
When a software program fails and causes losses, the end user may sue the manufacturer for breach of contract, breach of warranty, or both on the grounds that the manufacturer delivered a program that did not perform as warranted or as expected by the user. Most software license agreements, however, provide warranties that are so limited as to be almost meaningless and typically limit liability to the amount paid for the program, excluding "consequential" damages, such as lost profits. In most instances, especially when the end user is a business, these clauses are enforceable.

For these reasons, an end user may choose to sue a software manufacturer for common law fraud or for violation of the anti-fraud provisions of certain consumer protection laws if the end user is a consumer. Fraud actions, however, require a showing that the defendant made a false statement about a material fact, intending that the recipient rely on the statement, and that the recipient did rely on the statement to his or her detriment. If the manufacturer knew that the program would not perform as described but misrepresented that fact to the end user, who acquired the software based on the statement, the manufacturer could be liable for resulting damages under a fraud or misrepresentation theory. A successful fraud claim, moreover, may subject the defendant to punitive damages. While difficult to prove, injured parties may resort to these cases when recovery for breach of contract is unlikely.

Personal Injury Raises the Stakes
Under certain situations, a party other than an end user could sue a software manufacturer for a defective program. These cases, however, are generally limited to situations involving personal injury, not merely economic loss. For example, if an air traffic control system fails due to a software defect, people injured in a collision could conceivably sue the software manufacturer for damages under a negligence theory.

Establishing that software failed due to a breach of the standard of care component of negligence, however, is difficult. The mere fact that the software failed does not mean that its manufacturer breached the duty of care. After all, software almost always contains bugs, and many programs fail. One would have to show, through the opinion of an expert on software development, that a reasonably prudent manufacturer would not have designed the program as it was written. This can be quite difficult to prove. It should be noted that, if a software manufacturer obtains certification of its program by a reputable, third-party certification company, the manufacturer's case will be stronger. While the end user of a defective program may also attempt to pursue a negligence claim against the manufacturer, such claims are not common, and an end user typically limits its claims to breach of contract.

Satisfying Contractual Obligations
In other cases, the end user of the software, or the person that selected the program, may be liable to others. Companies that use software to satisfy contractual obligations could be liable for breach of contract if a software failure hampers contractual performance. As an example, assume that a company supplying electronic parts to a stereo manufacturer uses a software program to manage inventory. Due to bugs in the software, the supplier's inventory is incorrectly overstated. As a result, the supplier is unable to produce sufficient parts and is unable to fill an order for parts from the stereo manufacturer, which, in turn, cannot supply its dealers with stereos in time for the holidays. The supplier may be liable for breach of contract for failing to fill the order. The stereo manufacturer does not care that it was the supplier's internal software that caused the problem. If the supplier opted to use software to manage its inventory, then it will be held responsible for the consequences of that decision.

Consider also the case of a book publisher using software for order management and to track royalties. A glitch in the software causes the publisher to overpay some authors while underpaying others. If the publisher had a contract with its authors calling for the payment of royalties for each book sold, failure to pay the royalties may be considered a material breach. Depending on how the contracts in these examples are written, these parties could potentially be liable for direct damages (for example, money paid under the contract) and consequential damages, such as lost profits.

The undeniable truth is that the various groups facing claims for breach of contract, fraud and negligence (among others) must be aware of and assess their legal liability prior to deciding to purchase, develop, deploy or otherwise rely on a specific software program.

© Copyright 2002 by Geoffrey T. Hervey and Bregman, Berbert, Schwartz & Gilday, LLC.  All rights reserved worldwide. 

Geoffrey T. Hervey is a partner (member) of the law firm of Bregman, Berbert, Schwartz & Gilday, LLC, in Bethesda, Maryland.

This article first appeared in the January, 2002 issue of Software Risk Management Magazine, an electronic magazine. http://www.srmmagazine.com/