Software clampdown could harm staff

Loophole leaves workers vulnerable when computers fail...

The Health & Safety Executive's (HSE) move to clamp down on software failures could dangerously dilute responsibility for workplace accidents, according to a top legal expert. The HSE wants to be able to take criminal action against negligent software suppliers, bringing computer programs into the same fold as machinery and substances, resulting in jail terms and unlimited fines. But the inclusion of software under the Health & Safety at Work Act could cause confusion and provide primary service providers with a way of passing liability further down the chain. David Naylor, partner at specialist tech law firm Morrison & Foerster, believes software should be treated differently. "Software in itself is not dangerous," he said. "It is only when it is combined with something else, like machinery, that it can become dangerous." Triggered by concern over the Millennium Bug, the action has raised serious questions about the software industry's liability for industrial, medical and transport accidents. In December last year, US officials admitted a software glitch caused a Boeing-built Osprey to crash, killing four marines on board. In 1994 Raigmore Hospital in Inverness left 4,500 women at risk of undetected cervical cancer after a computer failure lost their records, worse still, it took the hospital four years to own up to the mistake. "Ultimately the person who puts the end product together and the person who uses the end product have much more say in the way that equipment is operated. And they'll frequently take a significant role in the software specifications," Naylor said. If a problem is caused by a genuine programming fault, the operator can then take appropriate legal action against the supplier in the civil courts, Naylor added. Professor John Fox, head of the Imperial Cancer Research Fund's advanced computational laboratory, welcomed the move to make software firms more responsible. "I'm very concerned that there should be professional obligations," he said. "There are already methods of safety management in other industries. I worry that the medical infomatics world hardly has a quality culture, let alone a safety one." Richard Sammons, managing director of SSI, a specialist distributor of semiconductor parts and industrial systems, agreed that safety is crucially important, but raised concerns over the HSE's plan. "There are a few things they haven't covered which need tidying up. I don't think this should be a punitive law, but the situation does need clarifying," he told silicon.com.