Startup to Offer Open Source Insurance

ThePretender writes "From the Infoworld article, 'Open Source Risk Management LLC (OSRM), a startup company that last month hired Pamela Jones, editor of the popular Groklaw.net Web site, as director of litigation risk research, plans to soon begin offering insurance policies to companies using open source software but fear that they may be sued, according to a company spokeswoman'. What's next - Developers having to pick up 'code malpractice' insurance? Egads." Might as well get some alien abduction insurance while you're at it.

Malpractice Insurance

[Shakrai]

What's next - Developers having to pick up 'code malpractice' insurance? Egads.

They already have it. The agency I work for has several carriers that will write a malpractice (officially called "Professional Liability") policy for computer nerds. The standard one that I've seen provides a million dollars of coverage in the event that you screw up and cause something like data loss or the like. The policy itself is pretty broadly worded and could cover everything from bugs in a program you wrote to a general mistake of stupidity dealing with media. As I recall they start at about $1,200+ a year depending on the type of business and the people involved.

All insurance really does is protect you from losses that you couldn't (or don't want to) afford. The comment from the summary sounds sarcastic (as well as the "throw-your-money-away dept." tagline) but in reality in this sue happy world these types of policies are not a bad idea. Do you want to lose your business and livelihood over an honest mistake and some sue happy customer? A few hundred or thousand bucks for peace of mind is a small price to pay in this day and age.

Re:Malpractice Insurance

[ChuyMatt]

This is not a sue happy world. America has an absurd amount of lawyers per capita v. all other countries. We also have more lawsuits than any other people.

Re:Malpractice Insurance

[Shakrai]

I'm no legal expert, but couldn't all of this be avoided with a proper disclaimer in the licence for the software?

And in theory you can prevent people from suing you if you put up a "Beware of Dog" sign or a "Private Property" sign. In reality you'll always find some clever lawyer or easily-swayed jury that rules the other way.

Are you going to trust the future of your business and life to a disclaimer?

Re:Malpractice Insurance

[kfg]

In reality you'll always find some clever lawyer or easily-swayed jury that rules the other way.

Without even going that far, the act of being sued can be devastating, even if you just fight for a year and then they back off and it never really goes to trial.

Let's say a hundred bucks or so every time your lawyer picks up the phone. Several hundred for a letter. A grand for a simple motion. A couple months of just futzin' around and the legal bills can add up in a hurry.

I know of a judge who treats every petty charge as if it were a federal case. Really comes down hard on everyone, right down to a simple parking violation. And yet if you look at his conviction records they're no different than average.

When asked what gives he said, " I make them have to get a lawyer. Now that is punishment."

It isn't usually losing a suit that hurts. It's simply being involved in one. You have to get a lawyer. And anyone can sue you over damned near anything.

KFG

Re:Malpractice Insurance

[MarkedMan]

" I'm no legal expert, but couldn't all of this be avoided with a proper disclaimer in the licence for the software?"

ABSOLUTELY NOT! Trust me on this one. Insurance is about having a guy on your side with a team of experienced lawyers. That is what it is for. If you don't have that, they can skin you alive. Because of some bad advice I got from my insurance broker, I spent over $100,000 on attorneys fees for a case that a jury would have laughed out of court. But that's the rub: the plaintiff's lawyers make it as expensive as possible to get to court, and even there you better be good looking and well spoken or the jury might decide to split the difference. Heck, with all those big words getting thrown around, you could lose because a single juror misunderstood something trivial.

The reality is that there is no justice for a small business standing alone. Lawyers are sharks and you are penguins. Tasty, tasty, defenseless penquins. They know they can wear you down, because there is nothing you can do to stop them. You can't represent yourself, because one mistake in filing means you lose the whole case and your house, savings and life goes down the tubes.

Despite the above, I'm not really bitter. It's over and I'm glad it is over. But I really understand the need for insurance now, which is to bring your own personal shark to the party...

-Jim

Re:Malpractice Insurance

[kfg]

The quick honest answer is that you can't, and even lawyers depend upon other lawyers to defend themselves.

You can acquire a certain facility with the law, in some cases of specific law even a superiour facility than the legal general practitioner. This will allow you, at least, to do a reasonable job of arranging settlements and plea bargains, although not generally quite as good as you could obtain with a lawyer.

If only because the lawyer has a professional acquaintence with the judge and DA. They have a way of doing business with each other. You're just some scmuck.

But where even a mediocre lawyer is going to kill you, even in those circumstances where you know law and logic to a greater degree than the lawyer, is in purely procedural matters. The pure mechanics of moving a case through the courts. It's second nature to him, done without thought. It's terra incognito to you.

Just as a physicist may know more about mechanics than an engineer, but a civil engineer is more likely to build a sounder bridge.

Your only real defense is in that most cases are petty. They cost no more to capitulate to than to sucessfully defend against.

Spend what little money you have for lawyers up front, in drafting your contracts and business procedures. Become well acquaited with whatever boilerplate you might use. Use the law prophylatically and you have a better chance when representing yourself in court.

And when all else fails there's little you can do other than taking your losses with a benign resignation to fate. Don't take the failure personally. It isn't a moral issue. Pay the judgement, pick up the pieces and get on with your life, knowing that it would have likely cost as much to "win" anyway.

KFG

That alien abduction insurance

Is very handy... especially the double payout for anal probing.

Re:That alien abduction insurance

[Patrik_AKA_RedX]

Anal probing? Last time I was abducted by aliens, all I got was this lousy T-shirt.

Eye Strain Insurance

[richarst1414]

I hope they start offering eye strain insurance soon because of all of the SCO related articles.

'code malpractice' insurance

What's next - Developers having to pick up 'code malpractice' insurance? Egads.

It's called Errors and Omissions insurance.

alien abduction insurance?

[morcheeba]

Sure, I guess it makes sense because there have been more documented cases of alien abuductions than documented copied lines of UNIX.

How about software life insurance?

I mean, in case *BSD dies or something like that.

Pushing out small fish?

[fembots]

Unless the insurance premium is kept low - it could be low now, but we only need a couple of alligation to push up the premium - eventually, only big development houses can afford such insurance, and what are part-time freelance developers going to do?

The main problem is, when you have such 'standard protection' for malpractice, consumers want to see that you're insured.

It's a good idea

[stratjakt]

Forget Linux vs SCO and who's right or wrong..

Look at the broader picture. All that stuff out there on sourceforge. Someone in some cubicle at some business decides some obscure project is useful, and starts using it.

But, that project is illegal. It's stolen code, violating patents and copyrights.

It's that kind of a bullshit legal snare that could send a young business into chapter 11.

If MS or Apple or Adobe stole code for their products, they'd be on the hook for using that stolen code for profit.

If the code was open source though, who do you go after? The people profiting from it - the end user.

Makes absolute sense. In fact, it was the lack of this sort of protection that has kept the company I work for away from OSS. Perhaps I could sway them now.

Re:It's a good idea

[John+Hasler]

> Look at the broader picture. All that stuff out
> there on sourceforge. Someone in some cubicle at
> some business decides some obscure project is
> useful, and starts using it.

What bearing does that have on buying Free Software from a respectable company such as Red Hat or IBM?

> If the code was open source though, who do you
> go after?

Whoever made and distributed the unauthorized copies.

> The people profiting from it - the end user.

The end user is not liable unless he can be proven to have known about the copyright infringement in advance. Copyright regulates copying, not use.

> Makes absolute sense. In fact, it was the lack
> of this sort of protection that has kept the
> company I work for away from OSS.

Silly. The risk is exactly the same for closed-source.

Former Editor?

[PopeJP3]

I thought PJ was still the editor of GrokLaw. Who's in charge now?

Excellent news for open source

[murr]

I disagree with the sarcasm expressed in the article. Such an insurance makes perfect sense for getting risk averse companies to use open source software.

Up to now, the alternatives were:

• Pay $$$$$$ for commercial software and have a vendor you can sue if things go wrong.
  
• Get open source software and be on your own when things go wrong.
  

by buying this insurance, the risk averse company hedges their risk, while still presumably getting a better deal on their software. It's open source capitalism at its finest.

Re:"former editor"?

[trick-knee]

> I thought she still heads groklaw...

as of Tue Mar 16 12:41:33 MST 2004 she hasn't made any announcement to the contrary...

She's not a former editor!

[m0nkyman]

Pamela Jones is still the main contributor and editor for Groklaw.

Check your facts.

Nothing new

[Ralph+Yarro]

There's a company that already offers insurance against just these risks, for a one time price of only $699!

What about closed source companies?

[AndroidCat]

Why just open source companies? If Microsoft screws up, they're not exactly going to be backing you up if you delivered a product using their software. (In the EULA, their liability is usually limited to what you paid for their software or $10.)

This sounds like a company that's gone parasitic on FUD.

Re:Former Editor?

[One+Louder]

This appears to be a mistake in the article - she is *still* the operator/editor of Groklaw in addition to her new position.

Will they indemnify us against SCO?

[djh101010]

The company I work for got "the letter" from SCO, and we have now had a second linux-based project shot down due to SCO's FUD working. This is frustrating, to say the least, when the appropriate technical situation is being held hostage by SCO.

If we could buy insurance against the near-zero chance that SCO could be successful, we might be able to get these projects going in the direction that makes technical sense, and stop worrying about (insert rant about McBride and company here).

Programmers' malpractice?

[PCM2]

What's next - Developers having to pick up 'code malpractice' insurance?

Sounds great to me. Every place I've ever done contract programming for has a clause in their contract that basically says, "If somebody sues us, they sue you." Some of them are nicer about it, and pretty much just require you to appear in court if there's ever a problem. Others want you named as a defendant. Saying "don't screw up" wouldn't make me feel as comforted as a good insurance policy -- if such a thing exists?

Starting my own insurance company

[Atario]

I'll insure anyone who wants to send me $1000 per year against catastrophic meteorite impact leading to the destruction of all civilization.

Wouldn't you pay for that peace of mind? Think about it, won't you? Thank you.

Good alternative to SCO license

[weopenlatest]

I don't see why there is such a negative response to this post. I would bet that many if not most of the companies who paid SCO licensing fees would have opted for this deal instead, had it been available, leaving SCO with a lot less money for frivolous lawsuits. In fact, it wouldn't just take money away from SCO--it would give it to the other side. Any company offering open source insurance would have a huge financial interest in fighting a company like SCO, giving the open source movement some much need legal muscle. If insurance like this got more popular, it could seriously weaken SCO's business model.

Bad incentive structure

[Phat_Tony]

Is it just me, or is anyone else worried about the incentive structure this sets up?

I mean, now an unscrupulous open source developer could intentionally insert some blatantly stolen code, claiming it's their own; some in-cahoots business with a copyright on the code can take everyone to court; the insurance will have to pay out big time, and the company slips a million to the asshole developer under the table.

The Open Source movement gets a bunch of bad PR, the code needs an emergency re-write, some scoundrels make a killing, and the insurance company rethinks its business model.

I know insurance investigators can go about investigating and trying to stop this from happening, but it seems like a very hard thing to prove, as along as the payment to the programmer is channeled very secretly.

How would you know they could pay?

[astrashe]

Don't insurance companies have to have assets to back their policies?

How would you figure out how much money would be necessary to back these policies? If you believe that the risk is zero, and they don't need money, then the business becomes a confidence scheme. If you believe that the risk isn't zero, you need something to back it up.

On top of that, if you insure people against auto accidents, or serious diesease, you can assume that everyone won't get hit at the same time. But if it turned out that running linux exposed you to liability, then all of the policy holders would have to be paid off at once. In other words, there's no way the premiums would be able to cover it.

I'm not an actuary or an insurance expert, so maybe I don't understand what's going on. But it doesn't smell right to me.

Warning: BLATANT PLUG

[cleetus]

This summer I had the opportunity to work for BlackDuckSoftware.com. Black Duck has built software to help developers (from individuals to large corporations) manage their use of open source software. Essentially, the software enables firms to track the usage of open source code, determine conflicts (if any) and suggest methods of compliance. It takes into account methods of combining code, whether the code is for internal use or public distribution, any number of other considerations that involve open source license compliance. It is able to deal with code licensed under *all* of the certified open source licenses as well as many other proprietary licenses.

While it is not insurance, and does not provide any kind of indemnification, it is a damn good management tool. Its goal is to allow companies to make use of open source code in such a way that full compliance is facilitated, and to avoid any uh-oh moments that happen after code is commerically released.

I worked on the development of the license interpretation module. It involved reading (and re-reading) 50+ licenses and parsing their terms such that compatibility determinations and compliance requirements could be generated for every possible combination of license, code, distribution, concatenation, link, modularization, etc. of a software product. It was exhausting (and sometimes tedious) work, and it certainly made it easy to tell which licenses were written by lawyers, which by coders, and which were written with input from both. It gave me new understanding of why unenlightened legal departments sometimes shy away from open source. Nonetheless, the reality is these licenses exist, are in use today, and are all valid until some court says otherwise. Licensors (i.e. coders in the community) have every right to expect their terms to be adhered to.

Being a geek myself, and a law student, it was pretty gratifying to see that a company wanted to build a product that helped managers to understand and not fear the open source phenomenon. Further, I think the product will really help firms stay fully compliant when they decide to use open source code. And that, in the end, is all our community can ask for.

cleetus

Re:She's not a former editor yet!

[h00pla]

I believe she's stated many times that when the SCO case blows over (and SCO blows up and McBride and Co. dry up and blow away) she wanted the site to evolve into a forum for open source and free software legal issues. As far as getting out, I don't think she's ever said that.

A couple of reasons

[DaveAtFraud]

Regular readers of Groklaw have a pretty good idea what PJ thinks of SCO's chances with their various lawsuits. I see a couple of different reasons why PJ and Bruce Perens would both (RTFA) be in on this:

1) Our dear friend Darl has made threatening noises with regard to Groklaw being on the side of whoever SCO is suing this week (e.g., IBM, Red Hat, Novell, Autzone, etc.). OSRM may provide PJ and the rest of the Groklawyers with a corporate vehicle to continue doing exactly what they've been doing without fear that Darl can go after PJ (in particular but also anyone else who contributes) in some sort of malicious (big $ personal lawsuit) way. SCO has amply demonstrated that their response to anyone who opposes them is to file a lawsuit (See SLAPP).

2) You will note that the first activity of this insurance company doesn't seem to be trying to sell an insurance policy. Its to offer a class "...on how best to mitigate the risk of using open source software". Any bets that a lot of that class will be on how to file the right paper work to legally tell SCO to go find an alien who can probe them until the existing SCO litigation is cleared up including deciding if SCO really does own the copyrights to UNIX? (Maybe Darl should look into that alien abduction insurance.)

Smells fishy to me

[cgreuter]

This sounds like a hoax to me. PJ continues to post articles to Groklaw so I don't think she's the former editor. I also haven't heard anything about this venture from there, nor has she been particularly enthusiastic for OSS indemnification in the past.

I could be wrong, but for the moment, I'll hold off taking them seriously.

How do you draw the line?

[zurab]

However, the end user *is* liable for patent infringement.

Here's a hypothetical scenario:

- You buy a jar of mayonnaise made by Kraft
- Kraft gets sued by SCOMayo (whatever) for infringing on one of their patents on how to make mayonnaise that stays fresh for up to 12 months and loses
- SCOMayo now sues everyone who ever bought and stored the patent-infringing mayonnaise from Kraft and demands additional $6.99 for every jar of mayonnaise purchased?

IANAL, so I don't understand how this works. Can SCOMayo sue individual people and sandwhich shops, fast foods and restaurants for patent infringement? If so, maybe they should start selling indemnification insurance at the supermakets as well for an extra $0.99 per item ($0.88 at Wal-Mart)?

On a more technical side, would this mean that because I own 3 nVidia video cards I may get sued by ATI and I need insurance just in case? Where and how is this line drawn, if there is one?

Inaccuracies @ Infoworld

[rixstep]

The Infoworld article called PJ a 'former' editor.

Yeah right. From today's GL:

I've been getting inundated with email, asking if Groklaw will be shutting down, thanks to an article in InfoWorld that identified me as the "former editor of Groklaw". That is inaccurate. I am still the editor of Groklaw, and my work with OSRM is separate from it. My contract is written so as to ensure my having time to do Groklaw. I have always done paid work in addition to Groklaw, so this isn't anything new.

The article said that SCO didn't sound displeased to hear the news. Not that I wish to throw cold water on anyone's pleasure in Lindon or anything, but Groklaw isn't going anywhere.