Malpractice is a widely discussed type of lawsuit. Unfortunately, it is also widely misunderstood, with misinformation spread in private discussions, in the press, and in political discussions. For example, several people have insisted to me that software developers are sued “all the time” for malpractice. This is absolutely untrue. Depending on what you’re willing to count as a “computer malpractice” case, the number of successful computer malpractice lawsuits in the United States is between one (1) and five (5).
For several years, computer malpractice has been a losing lawsuit because to be sued for malpractice (professional negligence), you must be (or claim to be) a member of a profession. Software development and software testing are not professions as this term is usually used in malpractice law. Therefore, malpractice suits against programmers and testers fail.
The most recent case on computer malpractice that I found in LEXIS (a comprehensive database of court cases) is Heidtman Steel Products, Inc., v. Compuware Corporation. [[3]] The court's analysis is typical:
"Professionals
possess a minimum of special knowledge and ability, and, thus, are required to
act with greater care than that expected of ordinary people. No court in
Michigan, however, has ever held that computer consultants are professionals
who, when they violate the standard of care applicable to their profession, are
subject to a malpractice action... Michigan courts have disallowed malpractice
claims against nurses, morticians, newspaper publishers because these
occupations, though involving great skill, are not "professions" as
the term is used doctrinally... [C]omputer
consultants cannot be held liable for malpractice."[[4]]
A malpractice suit involves professional negligence. Computer malpractice involves professional negligence when providing computer-related services. In any negligence suit, the plaintiff must prove:
– Duty. If you provide services to someone, you have a legal responsibility (a duty) to exercise reasonable care in providing the services. For example, if you provide consulting services, your duty is to take reasonable care to provide good advice. If you provide data backup and archiving services, your duty is to take reasonable measures to ensure that you copy the right data and that you keep it safe.[[5]]
– Negligent breach of the duty. If you gave bad advice, you might or might not have been negligent. To prove negligence, the plaintiff has to show that no reasonable person in your situation would have given the advice that you gave. Similarly, if a data archiving service loses its client’s data, it has probably committed a breach of contract, but it might or might not have committed negligence. To prove negligence, the plaintiff would have to prove that the service didn’t take reasonable measures to safeguard the data.
Consider this example of software support advice. People call you when they have problems running their software. One day, you advise a caller that her problems come from an insufficiently-compatible video card. Actually, the caller has set one of the program’s display options incorrectly and replacing the video card won’t help. Have you committed negligence? Maybe. We can’t tell, just based on these facts, because we don’t know what a reasonable support advisor would have done.
Let’s add three facts. First, suppose that you have a database of common problems and this problem was in the database. Second, suppose that the caller’s description was specific enough that you would have easily found the problem (and the solution) in the database if you looked. Third, suppose that most software support providers would have used this database if they had it. This last point establishes a standard of care – most support advisors would have checked the database. If you don’t check the database, and you provide expensive bad advice, you can be accused of acting unreasonably.
– Prevailing standard of care. The fundamental difference between an ordinary suit for negligence and a suit for malpractice lies in the definition of the prevailing standard of care.[[6]]
If someone sues you for ordinary negligence, they will compare your behavior to what any reasonable person would have done under the circumstances.
If they sue for malpractice, they will compare your behavior to what a reasonable member of your profession would have done. Professional standards are much higher and much better documented. (For example, they might be written down in ANSI standards documents.) Therefore, if you act negligently in a professional capacity, it will be easier to prove your negligence by comparing you to other professionals than by comparing you to any reasonably bright and careful person who might undertake to provide the services that you provided.
In complex situations, different reasonable people will collect and evaluate information very differently. This makes the plaintiff’s task difficult but the principle is the same. She’ll have to show that you didn’t approach the problem in any of the ways that reasonable people do, or that no reasonable person would have approached it in the way that you did.
Few published court cases involve claims of computer malpractice. Of those that exist, most involve a brief statement by the Court that there is no such thing in the law as “computer malpractice.” Therefore, that aspect of the lawsuit is rejected and the Court moves on to discuss more interesting parts of the case. Here are the main American cases that discuss malpractice in detail.
The case of Chatlos Systems v. National Cash Register Corp. (1979)[[7]] is the first important computer malpractice case. An NCR salesman did a detailed analysis of Chatlos’ business operations and computer needs, and advised Chatlos to buy NCR equipment. Relying on NCR’s advice, Chatlos bought a system that never provided several promised functions. Chatlos sued. NCR was held liable for breach of contract. In its Footnote 1, the Court discussed Chatlos’ claim of malpractice:
“The
novel concept of a new tort called ‘computer malpractice’ is premised upon a
theory of elevated responsibility on the part of those who render computer
sales and service. Plaintiff equates the sale and servicing of computer systems
with established theories of professional malpractice. Simply because an
activity is technically complex and important to the business community does
not mean that greater potential liability must attach. In the absence of sound precedential authority, the Court declines the invitation
to create a new tort.”
This refusal to recognize the validity of a lawsuit for computer malpractice has been widely quoted.
The next interesting case was Invacare Corp. v. Sperry Corp. [[8]] Invacare claimed that it had relied on advice of Sperry employees when it leased a Univac computer and sued for fraud, breach of contract, and negligence. Sperry argued that the negligence suit couldn’t succeed because there is no cause of action for computer malpractice. Bowing to the Chatlos decision, the Court agreed that there is no such thing as computer malpractice. But, the Court said, Invacare wasn’t claiming that Sperry’s acts constituted malpractice. Invacare’s claim was that the system was so inadequate for the job that no reasonable person would have recommended it. This is just a lawsuit for ordinary negligence, not professional negligence, and the Court allowed it to proceed.
In 1985, the Internal Revenue Service ruled that if a program goes beyond purely mechanical assistance in the preparation of a tax return, the author of the program is a tax return preparer.[[9]] The IRS can fine a tax preparer who acts negligently, or participates in fraud on the IRS.
“When
an individual or a company sells a software program to a customer to aid in the
preparation of a tax return, IRS noted, a customer may be unaware that the
program is incomplete or inadequate and therefore may use it to create an
erroneous return.
“If
using the computer program results in an understatement of tax liability for
the taxpayer, the software company may be subject to a penalty.”[[10]]
This IRS ruling is not a malpractice ruling, but it addresses an important point in the larger area of professional misconduct, and it reflects a well accepted principle of malpractice. Someone who provides bad legal advice can be sued for legal malpractice whether they’re a lawyer or not. Someone who provides bad medical care can be sued for medical malpractice whether they’re a doctor or not. Someone who provides bad engineering while claiming to be a professional engineer can be sued for engineering malpractice, whether they are licensed as a professional engineer or not. The IRS ruling extended this principle to computer programs that provide professional services. I haven’t seen such a lawsuit yet, but it seems likely that a software company can be sued for legal, medical, engineering, architectural, or other malpractice if it claims to provide these professional services and provides them incompetently.
The recent case of State v. Despain (1995) [[11]] illustrates the same point. A non-lawyer bought a computer program that printed legal forms. She helped clients fill out the forms. This was held to be the unauthorized practice of law. The Court carefully pointed out that the sale of computer software that merely contains (and prints) blank legal forms is not the practice of law. But (p. 578)
“the preparation of legal documents for others to present in . . . court constitutes the practice of law when such preparation involves the giving of advice, consultation, explanation, or recommendation on matters of law. Further, instructing other individuals in the manner in which to prepare and execute such documents is also the practice of law.”
If your company provides a program that promises legal, medical, dental, architectural or other professional engineering services and advice, think carefully about what you provide and what your marketing materials claim that you provide. If your program appears to be providing professional services, your company might be sued not for computer malpractice but for legal or medical or dental (etc.) malpractice.
1986 brought the main case (I think it is the only case) that unambiguously recognizes a valid suit for computer malpractice. The Chatlos decision came in New Jersey and was followed in many other States. But laws do differ from State to State. This case, Data Processing Services, Inc. v. L.H. Smith Oil, Corp. (1986)[[12]], was decided in Indiana. The Court stated that (p. 319):
“Those
who hold themselves out to the world as possessing skill and qualifications in
their respective trades or professions impliedly represent they present the
skill and will exhibit the diligence ordinarily possessed by well informed
members of the trade or profession.”
The Court decided that this principle applies just as well to computer programmers as it does to lawyers, architects, building contractors, etc. It then upheld a finding of liability on DPS’ part by noting that (p. 320):
“(a) DPS represented it had the necessary expertise and training to design and develop a system to meet the needs of Smith; (b) DPS lacked the requisite skills and expertise to do the work; (c) DPS knew it lacked the skill and expertise; (d) DPS should have known Smith was dependent upon DPS’s knowledge and abilities; and, (e) DPS should have foreseen Smith would incur losses if DPS did not perform as agreed.”
Diversified Graphics, Ltd. v. Groves
(1989) [[13]]
was the next successful malpractice case. Diversified hired the accounting firm
of Ernst & Whinney (E & W) to help choose a computer system. Diversified
sued for professional negligence & won. In its appeal, E & W argued
that Diversified had failed to define the professional standard of care or to
show how E & W had violated the standard. Though the Court explicitly
stated that this was a computer case (not an accounting case), it determined
the standard of care from E & W’s own “Guidelines to Practice” which
included management advisory practice standards that had been incorporated by
the American Institutes of Certified Public Accountants (AICPA).
It’s not a big stretch to hold an accounting firm liable for computing
consulting malpractice when the proof of the malpractice is proof of failure to
follow AICPA standards.
In 1991, Wang Laboratories was sued for negligence and gross negligence.[[14]] Wang sold a computer and a service contract to Orthopedic & Sports Injury Clinic. While attempting to fix the computer, Wang’s employee used, and corrupted, the Clinic’s last backup disk, thereby losing five years of the clinic’s medical and accounting data. (Oops.) The contract limited the amount of damages that Orthopedic could collect from Wang, but Louisiana law (and many other States’ laws) allows the plaintiff to recover all damages if the defendant committed gross negligence. The Court ruled that Orthopedic hadn’t proved that this use of the backup disk was gross negligence. However, it did allow the lawsuit to go forward as a suit for ordinary negligence. This is another example of a case in which a Court allowed a negligence suit (not malpractice, but ordinary negligence) to proceed against a computer (service or software) seller.
In the case of RKB Enterprises, Inc. v. Ernst & Young (1992) [[15]], RKB retained Ernst & Young (formerly called Ernst & Whinney) to provide computer consulting services. These included helping RKB procure a data processing system, including helping to oversee and assist in the implementation. RKB sued for, among other things, professional malpractice. The Court rejected this claim, saying (p. 816):
“It should be noted that there is no cause of action for professional malpractice in the field of computer consulting. . . . [We] decline to create a new tort applicable to the computer industry. Nor does the fact that Ernst & Whinney was the certified public accountant firm engaged by the plaintiff during the same period add a dimension to the computer or management consulting services separate from the subject of plaintiff’s breach of contract claim.”
The case of Hospital Computer Systems v. Staten Island Hospital (1992) [[16]] reached the same result and added more well-quoted explanation (p. 1361):
“Professionals
may be sued for malpractice because the higher standards of care imposed on
them by their professions and by state licensing requirements engenders trust
in them by clients that is not the norm of the marketplace. When no such higher
code of ethics binds a person, such a trust is unwarranted. Hence, no duties
independent of those created by contract or under ordinary tort principles are
imposed on them.”
Software service providers (such as testers and programmers [[17]]) can be sued for breach of contract whether or not they can be sued for malpractice. In some states, they can also be sued for negligence [[18]]. So why does it matter whether malpractice is a viable type of lawsuit? [[19]]
Malpractice suits are more serious than suits for breach of contract or for simple negligence. The plaintiff enjoys several advantages in a malpractice suit, including these:
– A non-professional service provider’s contract might limit the damages that it must pay the customer. The customer’s losses might be much more than the limited amount of damages that the contract allows. These limits might be enforced in a simple negligence case, but they are rejected in malpractice suits because they are deemed to violate public policy.[[20]] For example, as an attorney in California, I can be charged in a State Bar Court with violating the profession’s Code of Professional Responsibility if I even attempt to put a clause in a contract of representation of a client that limits my liability for malpractice.
– Malpractice lawsuits sometimes provide plaintiffs with procedural benefits. For example, the plaintiff might be able to file the suit after it is too late to file a negligence or contract suit, or in a different State, or under a different State’s laws. The plaintiff might also be able to avoid an arbitration clause or certain defense arguments (such as comparative negligence) that might be available in negligence or contract suits.
– Professionals are held responsible for their advice under a broader range of circumstances. A paying customer might have a hard time proving that a non-professional consultant intended her to take the consultant’s advice seriously and to follow it immediately. In contrast, as an attorney, I risk malpractice liability if I make a dumb suggestion to a non-paying stranger at a cocktail party.
– A malpractice plaintiff might also be more able to collect punitive damages.
Over the years, several people have advocated the licensing and professionalization of computer specialists. There are benefits to this, but we should approach this idea with open eyes. Becoming a professional carries significant additional legal responsibilities that are enforced by malpractice liability.
Five factors are widely quoted as hallmarks of a profession [[21]]:
"1.
the requirement of extensive learning and training;
2. a code of ethics imposing standards above
those normally tolerated in the marketplace;
3. a disciplinary system for members who
breach the code;
4. a primary emphasis on social responsibility
over strictly individual gain, and the corresponding duty of its members to
behave as members of a disciplined and honorable profession; and
5. the prerequisite of a license prior to
admission to practice."
Few or none of these apply in computing.
In one of the two leading treatises on computer law [[22]], L.J. Kutten discussed these factors as follows:
"Applying these criteria to software has
some startling results.
Training: Education and learning in software can range from formal
graduate level training in a university environment to picking up a book and
reading it. Attempts at formal certification have been abysmal failures... Some
of the best minds in computers have very little formal training.
Code of ethics and social responsibility: There is no formal code of ethics accepted by a majority of computer professionals. While there are a number of professional organizations, the members are not punished for violating their codes. [[23]]
Disciplinary system: There is no disciplinary system for programmers that is
equivalent to the system faced by lawyers, doctors, engineers and so forth. The
worst that can happen to a programmer is that he or she will be expelled from a
particular society. This assumes that there is an expulsion procedure. For
example, while the Association for Computing Machinery has long had a code of
professional conduct, it has no formal procedure for enforcement.
Licensing: No state nor the U.S. Government requires a computer
professional to be licensed."
Under these criteria, it is clear that we are not members of a "profession" of the kind that should be subject to malpractice liability.
Jankowski [[24]]
lists questions that might be useful to a litigator in trying to prove to a
court that a software engineer is or is not a professional (someone who can be
sued for malpractice):
·
"Did the computer consultant exercise independent judgment
and advise the client in connection with the computer system that was designed,
developed and/or installed?
·
Did the computer consultant obtain specialized training such as a
Masters in Information Systems from a recognized university?
·
Is the computer consultant certified by an organization such as
the Institute for Certification of Computer Professionals ("ICCP")?
·
Does the computer consultant belong to an association such as the
Association of Data Processing Service Organization ("ADAPSO")
or the Association for Computer Machinery ("ACM") that has a code of
ethics?
·
Does the computer consultant have malpractice insurance?
An affirmative answer to one or more of these questions will help
to establish that a computer consultant is a professional. Conversely, negative
answers to one or more of these questions, coupled with the present lack of
licensure that applies to the computer industry, will help to establish that a
computer consultant is not a bona fide
professional."
Several people are considering taking the ASQ examination to become Certified Software Quality Engineers (CSQE). Others of us have become ASQ-Certified Quality Engineers (CQE). A lawyer can make a persuasive argument that a CQE or CSQE should be subject to malpractice liability, even though we are not members of a recognized profession. The problem is that by using the word “engineer” on our stationery or resume, we can be accused of representing ourselves as professionals. Engineering is a licensed profession, and engineers are subject to malpractice liability.
I’m an ASQ-CQE. I became aware of the risk of malpractice liability in 1993 when my legal malpractice insurance carrier pointed out that my policy covered me for legal malpractice but not for engineering malpractice. That didn’t bother me much because I generally like the idea of holding people accountable for incompetent work, whether they are members of a licensed profession or not. I continued to list my ASQ-CQE on my stationery since I received it, in 1992.
Unfortunately, while doing research for this article, I ran across the following statute, Section 6732 of the California Business and Professions Code, which makes it unlawful to represent yourself as an engineer if you are not registered with the State:
It is unlawful for anyone other than a professional engineer registered under this chapter, to . . . use the title . . . “quality engineer.”
As I read Section 6787(f), calling myself a
“quality engineer” is a misdemeanor (a crime), subject to a penalty of not more
than a $1000 fine and three months in the county jail. My understanding is that
other States also restrict the use of the word “engineer” to licensed
professionals. Obviously, the phrase “Certified Quality Engineer” is coming off
of my stationery immediately.
If you are considering taking one of the ASQ exams, you might consider writing the ASQ and asking them to change the title on the certificate.
I wrote the
preceding few paragraphs in 1996. After that, I did write a letter to ASQ and had some discussions as a result of that letter. ASQ chose not to make a change. [[25]] After long consideration, I've decided not to
renew my certification.
There has been an effective recent push to license software engineers. The November/December 1999 issue of IEEE Software was devoted to this. For more, read Nancy Mead's Issues in Licensing and Certification of Software Engineers at http://www.sei.cmu.edu/staff/nrm/license.html, Steve McConnell's advocacy page at http://www.construx.com/profession, and the links from the Software Engineering Ethics Research Institute's page at http://csciwww.etsu.edu/seeri.
On the other side, the Association for Computing Machinery opposes the idea of licensing software engineers (see http://www.acm.org/serving/se_policy/selep_main.html) and the ACM Task Force on Licensing of Software Engineers Working On Safety Critical Software [[26]] has concluded that licensing will not lead to greater software safety, one of the primary reasons suggested for licensing software engineers.
Licensing will lead to one thing: malpractice liability. If a state government declares us a profession and starts licensing us, that state's courts will accept us as professionals, and that means they will allow lawsuits for computer malpractice.
I think it would be a serious mistake to license software engineers, but further discussion of that would be outside of the scope of this paper. For further discussion, see the ACM Task Force reports, [[27]] .
[[1]] This is an updated version of a paper originally published in Software QA, Volume 3, #4, 1996, p. 23.
[[2]] Department of Computer Sciences, Florida Institute of Technology, 150 West University Blvd., Melbourne, Florida. I grant permission for reproduction of this paper for non-profit educational purposes.
[[4]] Here's the
court's full analysis:
NEGLIGENCE,
GROSS NEGLIGENCE, AND PROFESSIONAL MALPRACTICE
Plaintiff
asserts a cause of action for negligence, gross negligence, and professional
malpractice against defendant in Count VI of its Second Amended Complaint.
Defendant moves for summary judgment as to Count VI, arguing that (1)
plaintiff's negligence claims fail as a matter of law because they arise solely
from breaches of duties contracted for by the parties rather than duties
imposed by tort law, and (2) plaintiff's professional malpractice claim must be
summarily dismissed because there is no such thing as malpractice by computer
consultants. I agree with defendant.
A.
NEGLIGENCE AND GROSS NEGLIGENCE
In
most circumstances, where a party to a transaction renders a service or sells a
product, there would have been no duty to render that service or sell that
product except for the voluntary undertaking to do so; that being true, the
contract governing the transaction normally defines the scope of the parties'
obligations to one another. W. Page Keeton, et al., Prosser and Keeton on the
Law of Torts § 92, at 657 (5th ed. 1984)
[hereinafter Prosser and Keeton]. Accordingly, when a cause of action arises
exclusively from the breach of a contractual promise, the proper remedy is for
breach of contract. Hart v. Ludwig, 347 Mich. 559, 563, 79 N.W.2d 895 (1956).
See also Battista v. Lebanon Trotting Assc., 538 F.2d
111, 117 (6th Cir. 1976) (construing Ohio law).
To
support a tort claim on top of a contract claim, "there must be some
breach of duty distinct from breach of contract." Hart, 347 Mich. at 563.
Negligence (or gross negligence) in the performance of a contract, such as
plaintiff alleges here, can justify the imposition of tort liability only if
that negligence has caused physical damage to persons, property, or other
tangible things. Rinaldo's
Constr. Corp. v. Michigan Bell Tel. Co., 454 Mich.
65, 84-85, 559 N.W.2d 647 (1997). Such negligence is distinctly actionable in
tort because contracting to do something does not alter the fact that there is
a preexisting duty to avoid physical harm when one acts. Id.
Intangible
economic loss, however, is not the sort of harm that can sustain a claim of
negligence in the performance of a contract. Id. (citing Prosser and Keeton,
559 N.W.2d at 657). In cases where an intangible economic loss is suffered,
"the manifested intent of the parties should ordinarily control the nature
and extent of the obligations of the parties..." Id. See also Neibarger v. Universal Coops., 439 Mich. 512, 527, 486
N.W.2d 612 (1992) (applying the economic loss doctrine in the UCC context).
Here,
the Second Amended Complaint simply does not allege that defendant caused
physical harm to persons, property, or other tangible things in the performance
of its contractual duties. Rather, plaintiff merely asserts that defendant
"failed to develop a functional computer system as promised, and, instead,
has produced a system that is inoperable and incapable of effective
function." The crux of this claim is that defendant defaulted on a
promise, and that money damages be awarded to compensate for plaintiff's
alleged intangible economic loss.
Given
these facts, defendant's conduct cannot be characterized as tortious
in nature. No physical damage, injury, or harm of any kind has been proven.
Thus, plaintiff's contractual remedies are its exclusive remedies. Rinaldo's Constr., 454 Mich. at 85 ("There is no allegation that
this conduct by the defendant constitutes tortious
activity in that it caused physical harm to persons or tangible property; ...
'regardless of the variety of names [plaintiff gives the] claim, [plaintiff is]
basically complaining of inadequate service and equipment.' Thus, ... there is
no cognizable cause of action in tort.") (citations omitted).
In
sum, defendant's motion for summary judgment shall be granted as to plaintiff's
claims of negligence -- including gross negligence -- in Count VI.
B.
PROFESSIONAL MALPRACTICE
Professionals
possess a minimum of special knowledge and ability, and, thus, are required to
act with greater care than that expected of ordinary people. Prosser and
Keeton, supra, § 32, at 185. No court in
Michigan, however, has ever held that computer consultants are professionals
who, when they violate the standard of care applicable to their profession, are
subject to a malpractice action. Indeed, no court in Michigan has ever
addressed the question. Thus, the issue presented here is whether Michigan
would recognize computer consultants as professionals if given the opportunity
to do so.
Not
every worker is a professional for malpractice purposes. Malpractice as a cause
of action only relates to those occupations traditionally classed as
professions:
Real
estate agencies are no more professions than any other business agencies. A
commission merchant or an agent for the sale of any particular kind of personal
property, acts in an analogous capacity. Any one can assume and lay down such
business at pleasure, and any one can conduct it in his own way, on such terms
and conditions as he sees fit to adopt. There is nothing in our laws which
would enable any court to draw a line between such business agencies. They are
not classed as professions by popular usage or by law. Pennock
v. Fuller, 41 Mich. 153, 155, 2 N.W. 176 (1879). Accordingly, "the
definition of malpractice and liability therefore are to be determined by
resort to the common law." Dennis v. Robbins Funeral Home, 428 Mich. 698,
702, 411 N.W.2d 156 (quoting Sam v. Balardo, 411
Mich. 405, 424, 308 N.W.2d 142 (1981)). See also Kambas
v. St. Joseph's Mercy Hosp. of Detroit, 389 Mich. 249, 254, 205 N.W.2d 431
(1975) ("'Today, the term, malpractice, is sometimes used loosely to refer
to the negligence of a member of any professional group. However, legally and
technically, it is still subject to the limited common-law definition."')
(quoting Richardson v. Doe, 176 Ohio St. 370, 372-73, 199 N.E.2d 878 (1964)).
Resorting to common law, Michigan courts have disallowed malpractice claims
against nurses, morticians, newspaper publishers because these occupations,
though involving great skill, are not "professions" as the term is
used doctrinally. Kambas,
389 Mich. at 256 (nurses); Robbins Funeral Home, 428 Mich. at 702 (morticians);
Michigan Microtech, Inc. v. Federated Publications,
Inc., 187 Mich. App. 178, 185-86, 466 N.W.2d 717 (1991) (newspaper publishers).
Here,
plaintiff asks that I find computer consultants to be professionals at Michigan
common law. But I cannot do this. There is no precedent in Michigan to
recognizing computer consultants as professionals n2. Thus, computer
consultants cannot be held liable for malpractice.
n2
Courts in other jurisdictions that have contemplated treating computer
consultants as professionals have almost uniformly declined to do so. See
Triangle Underwriters, Inc. v. Honeywell, Inc., 604 F.2d 737, 745-46 (2d Cir.
1979) (refusing to consider computer consultant a professional under New York's
malpractice statute); Arthur D. Little Intl., Inc. v. Dooyang
Corp., 928 F. Supp. 1189, 1202-03 (D. Mass. 1996) ("I decline to recognize
a cause of action not yet adopted by the state court and therefore decline to
hold that the doctrine of professional malpractice covers business
consultants."); Columbus McKinnon Corp. v. China Semiconductor Co., Ltd.,
867 F. Supp. 1173, 1182-83 (W.D.N.Y. 1994)
("There is no basis in law for extending the doctrine of professional
malpractice to cover independent computer consultants."); Hospital
Computer Sys., Inc. v. Staten Island Hosp., 788 F. Supp. 1351, 1361 (D.N.J. 1992) ("[Defendant's] only argument is that
computer consultants are 'professionals' in the same sense as doctors, lawyers,
accountants, engineers, architects, and others, who are held to a higher
standard of care under the law. This argument is not supported by New York
law."); Chatlos Sys., Inc. v. National Cash
Register Corp., 479 F. Supp. 738, 740 n. 1 (D.N.J.
1979) ("The novel concept of a new tort called 'computer malpractice' is
premised upon a theory of elevated responsibility on the part of those who
render computer sales and services... Simply because an activity is technically
complex and important to the business community does not mean that greater
potential liability must attach. In the absence of sound precedential
authority, the Court declines the invitation to create a new tort."). But
see Diversified Graphics, Ltd. v. Groves, 868 F.2d 293, 296-297 (8th Cir. 1989)
(determining that plaintiff could bring a claim of professional malpractice
against an accounting firm that provided computer consulting).
Plaintiff's
reliance on Invacare Corp. v. Sperry Corp., 612 F.
Supp. 448, 453 (N.D. Ohio 1984), is misplaced. In Invacare,
plaintiff hired defendant Sperry to assess its computing needs and recommend an
updated computer system, which Sperry did. After the system was installed,
plaintiff discovered that it entirely failed its intended purpose, and thus
brought suit against Sperry, alleging, among other things, breach of contract
and negligence. On summary judgment, the district court held that both the
breach of contract and negligence claims gave rise to genuine issues of
material fact. In dicta, however, the district court expressly rejected the
notion that plaintiff's negligence claim potentially created a new tort of
computer malpractice.
To
the extent Invacare, which involves Ohio law, is
inconsistent with my reasons for dismissing plaintiff's negligence claims in
this case, I decline to follow it. As I explained in the preceding section,
negligence that results in intangible economic loss cannot support an action in
tort when a contract governs the relationship between two or more parties.
Nothing in Invacare dissuades me from that
conclusion.
In sum, plaintiff's malpractice claim shall be dismissed."
[[5]] If you provide a product, you have a legal responsibility (duty) to design and manufacture a product that doesn’t pose an unreasonable risk of injury or property damage. For discussion of negligence that results in personal injury or property damage, see my paper, “Software negligence and testing coverage” in Software QA Quarterly, Vol. 2, #2, p. 18, 1995.
[[6]] The classic discussion of this is in W.P. Keeton, D.B. Dobbs, R.E. Keeton, & D.G. Owen, Prosser & Keeton on Torts, West Publishing, Fifth Edition (Hornbook Series, pp. 185-193).
[[7]] Chatlos Systems v. National Cash Register Corp., Federal Supplement, Vol. 479, p. 738, United States District Court for the District of New Jersey, 1979.
[[8]] Invacare Corp. v. Sperry Corp., Federal Supplement, Vol. 612, p. 448, United States District Court for the Northern District of Ohio, 1984.
[[9]] “Revenue Ruling 85-189: Return preparers; sale of computer program. A person who prepares a computer program and sells it to a taxpayer to use in preparing the tax-payer’s income tax return may be an income tax return preparer.” Internal Revenue Cumulative Bulletin, volume 1985-2, p. 341.
[[10]] “IRS announces that companies who sell return preparation computer software and programs may be considered return preparers subject to penalties.” I.R.S. News Release, IR-86-92 (May 6, 1986).
[[11]]State v. Despain, South Eastern Reporter, Second Series, Vol. 460, p. 576, Supreme Court of South Carolina, 1995.
[[12]] Data Processing Services, Inc. v. L.H. Smith Oil, Corp., North Eastern Reporter, Second Series, Vol. 492, p. 314, Court of Appeals of Indiana, 1986.
[[13]] Diversified Graphics, Ltd. v. Groves, Federal Reporter, Second Series, Vol. 868, p. 293, United States Court of Appeals for the 8th Circuit, 1989 (Missouri).
[[14]] Orthopedic & Sports Injury Clinic v. Wang Laboratories, Inc., Federal Reporter, Second Series, Vol. 922, p. 220, United States Court of Appeals for the Fifth Circuit (Louisiana).
[[15]] RKB Enterprises, Inc. v. Ernst & Young, New York Supplement, Second Series, Vol. 582, p. 814, New York Supreme Court, Appellate Division, 1992.
[[16]] Hospital Computer Systems v. Staten Island Hospital, Federal Supplement, Vol. 788, p. 1351, United States District Court for the District of New Jersey, 1992.
[[17]] Individual testers and programmers who work as employees will rarely be sued for negligence or malpractice, but consultants and businesses that provide programming and testing services can face such suits.
[[18]]
This was the lesson of Invacare. Skilled service providers can sometimes be sued for
negligence. As Nimmer puts it (Law of
Computer Technology, Warren Gorham & Lamont, 3rd
Edition, with 2001 Cumulative Supplement #2,
Section 9.16[2]):
"Services
contracts create an obligation of care and ... the obligation or standard
should be measured from the vantage point of persons with skill in the trade or
profession that the contract involves. This constitutes a malpractice claim
when the provider of the service comes from a regulated and restricted
profession. But whether or not this is the nature of the service, the proper
standard to measure reasonable care requires a reference to the transaction's
founding or setting in reference to others providing similar services. The tort
law formulation of this comes from Restatement (Second) of Torts [Section 299A]
"One who undertakes to render services in the practice of a profession or
trade is required to exercise the skill and knowledge normally possessed by
members of that profession or trade" ... This language in Invacare v. Sperry Corp. to sustain a neligence
claim for servicelike activities involved in
selecting and designing a computer system ... without calling this negligence
claim a recognition of computer malpractice. As the court there noted,
allegations in this setting do nothing more than hold the services provider to
an ordinary standard of care for persons in the particular industry. "If
machinists, electricians, carpenters, blacksmiths and plumbers are held to the
ordinary standard of care in their professions, the court fails to see why
personnel in the computer industry should be held to any lower standard of
care." (Invacare Corp. v. Sperry Corp., Federal Supplement, Vol. 612, p.
453, 1984).
Despite the often-quoted
wording of the Restatement of Courts, and the
precedent of Invacare, few negligence cases have succeeded against computer or
software service providers. The problem is the Economic
Loss Rule. If a service provider breaches a contract, but the only
harm done is economic (no personal injury or damage to tangible property), and
if the service provider cannot be sued for malpractice, then an increasing
number of courts will reject a negligence lawsuit and tell the plaintiff to sue
for breach of contract. This was the reasoning of the court in Heidtman Steel (see the first few paragraphs of the quote from Heidtman Steel in Footnote 4, above.) For further discussion
of economic loss, software, and malpractice, read Leo L. Clarke and Martin C. Loesch, Errors and
omissions risk for web-centric businesses, at www.insuredotcom.com/content/EORisk.pdf
(accessed July 15, 2001).
[[19]] T.C. Galligan’s article, “Contortions along the boundary between contracts and torts,” Tulane Law Review, Vol. 69, p. 457, is an interesting discussion. See R.L. Bernacchi, P.B. Frank, & N. Statland, Bernacchi on Computer Law, Section 3-40 for additional examples of malpractice issues.
[[20]] See Harris v. National Evaluation System, Inc. for a representative discussion of this issue. Federal Supplement, Vol. 719, p. 1081, United States District Court for the Northern District of Georgia, 1989.
[[21]] K.S. MacKinnon, “Computer malpractice: Are computer manufacturers, service bureaus, and programmers really the professionals they claim to be?” Santa Clara Law Review, Volume 23, p. 1065, 1983 quotes these (on p. 1078) as part of an argument favoring application of malpractice rules to professionals. E.B. Galler, “Contracting problems in the computer industry: Should computer specialists be subjected to malpractice liability” Insurance Counsel Journal, October, 1983, p. 574 works through the same characteristics on the other side of the argument.
[[22]] L.J. Kutton, Computer Software: Protection / Liability / Law / Forms, Volume 2, West Publishing, (Updated to Release #27, April, 2001), Section 10.04[4][f]. The other leading treatise is Ray Nimmer's Law of Computer Technology.
[[23]]
Let me drive this point home. Consider the Software Engineering Code
of Ethics for Professional Practice (approved by the Association for
Computing Machinery and the IEEE Computer Society) at
www.acm.org/serving/se/code.htm. The Preamble to the Full Version of the Code
states that "This Code expresses the consensus of the profession on
ethical issues." But does it? I can't say that I know many software
engineers who refer to this Code when confronting difficult issues at work.
I've never seen it quoted in a business setting and never seen it used to
settle a dispute or justify or help define a policy in a university setting.
Additionally, as I read the
Code, several provisions are routinely violated. The Code defines
"software engineers" broadly:
"Software engineers are those who
contribute by direct participation or by teaching, to the analysis,
specification, design, development, certification, maintenance and testing of
software systems."
Here are some of our ethical
obligations, under the Code:
Software engineers shall, as
appropriate:
1.03
Approve software only if they have a well-founded belief that it is safe, meets
specifications, passes appropriate tests, and does not diminish quality of
life, diminish privacy, or harm the environment.... How
many products are shipped with hundreds or thousands of known defects,
including plenty of failures to meet specs and pass appropriate tests?(In
commercial and mass-market software, how few are not shipped with extensive
problems?)
1.06
Be fair and avoid deception in all statements, particularly public ones,
concerning software or related documents, methods and tools....
6.07
Be accurate in stating the characteristics of software on which they work,
avoiding not only false claims but also claims that might reasonably be
supposed to be speculative, vacuous, deceptive, misleading or doubtful.
Deceptive
claims about the capability, stability and other characteristics of packaged
software are so common, they are treated as normal by vendors and experienced
customers.
2.07
Identify, document and report significant issues of social concern, of which they
are aware, in software or related documents, to the employer or the client.
3 Software engineers shall ensure that their
products and related modifications meet the highest professional standards
possible. Are these really the highest
standards possible?
Oracle's hard sell illustrates industrywide
problems, Dawn Kawamoto
and Wylie Wong <news.cnet.com/news/0-1007-201-6375299-0.html>
It is a scene repeated countless times in the corporate
jungle: A company endures months of sales pitches, pays millions of dollars for
new software, discovers massive problems, and spends far more to fix the
product than the original cost of buying it.
And customers have little choice but to keep eating the
expenses while salespeople walk away making up to $1 million in a single year.
Articles like this are
commonplace. Read a few issues of Computerworld or eWeek.
3.01
Strive for high quality, acceptable cost and a reasonable schedule, ensuring
significant tradeoffs are clear to and accepted by the employer and the client,
and are available for consideration by the user and the public. In my
experience, the tradeoffs are considered trade secrets. The results of the
tradeoffs, such as design limits and known defects, are rarely revealed to
customers at or before the time of sale and many (most?) software publishers do
not reveal their known defect lists to customers after the sale. In the debates
on the Uniform Computer Information Transactions Act, I saw attorneys for
software publishers and their main trade associations repeatedly and
emphatically oppose proposals to require them to reveal known defects to their
customers.
3.02
Ensure proper and achievable goals and objectives for any project on which they
work or propose. Unrealistic feature lists and schedules are the
norm in many companies. Death march projects are discussed frequently,
partially because they happen so often.
3.03
Identify, define and address ethical, economic, cultural, legal and
environmental issues related to work projects. In my
experience, from consulting and teaching to many companies, these are widely
considered management or marketing issues, out of scope of the engineering
team.
3.05
Ensure an appropriate method is used for any project on which they work or
propose to work. Suggest appropriate methods, yes that's done all
the time. Ensure appropriate methods?
3.08
Ensure that specifications for software on which they work have been well
documented, satisfy the users' requirements and have the appropriate approvals.
Many projects operate from minimal levels of specification.
3.09
Ensure realistic quantitative estimates of cost, scheduling, personnel, quality
and outcomes on any project on which they work or propose to work and provide
an uncertainty assessment of these estimates. Suggest
realistic estimates, yes. Protest wildly absurd estimates, yes. Ensure
realistic estimates?
3.10 Ensure adequate testing, debugging, and review of software and related documents on which they work. Not even the societies who wrote this Code seem much concerned with ensuring adequate testing. Look at the ACM / IEEE Curriculum Guides. These documents heavily influence the design of undergraduate Computer Science degree programs. The amount of required study of testing techniques is trivial—a few hours over four years. The 1991 curriculum guide suggests one optional course, Advanced Software Engineering, that includes testing topics among many others, but the guide doesn't even mention the idea of a course focused on software testing. The 2001 Guide is not significantly improved in this respect.
There are more examples, but this list should make the point.
[[24]]Gretchen L. Jankowski (2001), Computer Malpractice Actions: Are They the Wave of the Future? At www.bipc.com/articles/compmalp.htm.
[[25]] See, for example, the ASQ Brochure on Certified Quality Engineer, at http://www.asq.org/cert/types/cqe/cqe.pdf.