Computers & the Law

advertisement
Landmines In Poor Software
Development
-Legal Risks from Sales through
Support
September 7, 2012
Southern California Software
Process Improvement Network
(SCSPIN)
John Cosgrove, P.E., Fellow NAFE
JCosgrove@computer.org,
www.CosgroveComputer.com
Michael Krieger, Esq., PhD
mkrieger239@earthlink.net
Our Touchstones
 Seeing as expert consults a parade of bad
processes from sales to support
 Noting very big awards, i.e., many times
(e.g., 5x and up) the value contracted)
 Recalling the messages in


“Why Software is So Bad” cover story MIT
TechReview, July 2002,
“Software Engineering and the Law” IEEE
Software May/June 2001, John Cosgrove
9 April 2015
2
MIT Technology Review July
2002

Why Software is So Bad
MIT TR and Cosgrove – The Fix
 The fix is going to be lawyers
inflicting enough pain on s/ware
companies (or gov’t regulat’n)
 NOTA BENE: Whether due to code or
implementation, big sytem failure =>
Business Loss May Far Exceed Contract $
 Failed system victim’s problem:
 computer contracts limit liability
 litigation is dreadfully expensive
directly and on internal resources
9 April 2015
4
Sunshine Mills v Ross Systems
Alabama jury awards $61M for
ERP system where original s/w
licence was $250,000 15 Dec.
2010
A pet foods company in the US
alleged that its ERP supplier
fraudulently misrepresented the
capabilities of its software.
9 April 2015
5
Headlines – InfoWorld etc.
University accuses Oracle
of extortion, lies, 'rigged'
demo in lawsuit
 2011/12/14
 Montclair State elaborates on case
against Oracle over ERP project
gone wrong Chris Kanaracus –IDG
9 April 2015
6
Division of Labor
 John Cosgrove – Avoiding danger
Pitfalls to Spot and to Avoid, Processes
to Implement, etc in Major System:
sales  devl’  install’n -> etc
 Michael Krieger – Legal vulnerability
Legal environment: outlines of law and
litigation elements to reveal their
application to cases of poor practices
9 April 2015
7
JC - Topic Outline
 How projects can fail
 Origins of Failure
 Deliverable Definition
 Unrealistic Expectations
 Defective Process Discipline
 Origins of Legal Risks
 Case Histories
 Insurance Policy system
 Component Distributor
 Auto Mall SCM
 Summary
9 April 2015
Cosgrove Computer Systems Inc.
8
8
MK – Topic Outline
 Time v. Oracle – outline facts, big $$$
 Life cycle of a lawsuit
 Contract v. Fraud theory of suit: why
care? How this played out in Trim.
 Summary Judgement Motion by D:
what-why? Lack of success => settle
 Look at cases John describes
9 April 2015
9
American Trim v. Oracle
 American Trim = joint venture of Alcoa &






Superior Metal Prod’ – components for
GM, Ford, etc.
Needed common system to interface with
manufacturers; EDI was required (1996)
Oracle: we’ve got that – Trim: Let’s see.
Mock up demo purported to be live
Long delay as Oracle tried to implement
Trim cancelled, sued to for $1.8 M paid
Jury: $3M compensatory + $10M punitive
9 April 2015
10
Life Cycle of a Lawsuit
 Complaint by Plaintiff – view#1 of
facts, theory of harm and damages
 Answer by Def – view#2 of facts etc.
Discovery - Depositions, document
production, &&. Costly, contentious,
protracted; computer=> experts
 Summary judgment (and other)
motions
 More of above
 Trial and possibly Appeal
9 April 2015
11
Key complaint theories
 Breach of contract: parties make mutual
promises, one fails to fulfill obligations
 Contract: typically sets out remedy for
various breaches, i.e., mutually agreed
limits on damages

Tort: breaching a societal obligation
may entitled Injured party to all reasonably
foreseeable damages. E.g. neighbor cuts
down your tree; unsafe premises
 Misrepresentation: may qualify as tort
 Bingo: cast vendor failure as a tort to
get all losses, not just amount paid
9 April 2015
12
Key fraud/contract distinction
 “Fraud,” i.e., misrepresentation involves
mistating the present, or sometimes
wholly unfounded claims about the future,
not just promises about it.
 E.g., as to capability; resources; existance
of softwara in use, is in beta, planned, ???
Depth and availability of team.
 All these subject to the spectrum from
small exaggeration to fabrications of facts
that the buyer relies on
9 April 2015
13
BSkyB v HP(EDS)
 Comment "Payment of £318m [for] an
IT dev’t contract of £50m and which had
a limitation of liability cap set at £30m is
a very painful reminder to HP and
others that the law of misrepresentation
is alive and that senior management
need to have processes in place [so]
that they can take immediate action if
there is any suggestion of fraudulent
practices during the sales process or
otherwise."
9 April 2015
14
For litigators in failure cases
 Docs and email: likely hold key to
case, i.e., no need for dealing with
bits/bytes
 Expert
costs are much smaller
 Juries can understand incompetence,
lying and cheating, not hex, interrupts.
 Lawyer can understand his/her case!
 Smaller cases become “litigatable,
i.e, the cost doesn’t overwhelm the
9 April
2015
expected
ROI
15
Plaintiff and defendant goals
 P: Include fraud, i.e., really bad
misrep’ that was critical to the loss
 D: fight factual + legal basis of claim
 Resist
discovery
 Move for Summary judgment
 M/SJ: your honor, facts so far show
that a fraud claim has no legal basis.
So toss the claim, no need to put the
issue before a jury
9 April 2015
16
Role of summary judgment
 Defendant does not want the fraud
claim and associated facts before a
jury due to risk of big damages
 Consequently, cases tend to settle if
the court sustains the fraud claims
 Note that a defendant can appeal as
did Oracle in Trim, which is why we
know about it. Question: why did
Oracle even go to trial and let a jury
see such an ugly set of facts?
9 April 2015
17
American Trim v Oracle Appeal
 Upheld trial court on fraud, high damages.
 Special note of “present” tense by Oracle
 Fraud reached well up management ladder
 Reviewed whether it was reasonable for
Trim’s people to believe the simulation
was live, whether attendance at a
convention should have clued them that
s/w not in beta.
 Upheld all lower court finding
9 April 2015
18
The SW Development View
 Factors which affect the developers
legal risks.
 Mistakes the client makes
9 April 2015
Cosgrove Computer Systems Inc.
19
How Projects Can Fail
 Cost – Quality – Schedule
 Getting too costly – Budget is ??
 Causes major errors – Too risky
 Still not done – Schedule is ??
 Unacceptable: don’t pay, sue (&
replace)
 How

Salvage or do-over
 Who
9 April 2015
to recover/replace system
pays for recovery?
20
Origins of Failure
 Defective definition of deliverable
 Unrealistic expectations
 Defective process discipline
9 April 2015
Cosgrove Computer Systems Inc.
21
Deliverable Definition
 What is the deliverable?
 Describing
it in the contract
 Should include process requirements

Change management at least
– Features, cost & schedule

Acceptance criteria & procedure
 Define priorities–Independent Variable
 Cost,
schedule or quality?
 Any cost or schedule OK with low quality
9 April 2015
Cosgrove Computer Systems Inc.
22
Unrealistic Expectations
 Communicating expectations both ways
 Supplier
 Promised
too much, too soon, too cheap
 Competitive bids can set the stage
 Client
term decision criteria – cost &
schedule
 Failed to ID critical trade-off factors
 Short
9 April 2015
Cosgrove Computer Systems Inc.
23
Defective Process Discipline
 Software is Invisible
 Disciplined process overcomes this
 Management only possible with process
elements suitable to the project
 Automated support must be suitable
 Size, complexity, risk elements, etc.
 Testing processes – explicit, recorded &
enforced
 Legal risks largely driven by process discipline
9 April 2015
Cosgrove Computer Systems Inc.
24
Origins of Legal Risks
 Most litigation starts with project history
 Artifacts
start with the solicitation/sales
stage
Representations generated by both sides
 Definitions & obligations expressed in contract

– Features, cost/schedule & required process
 Artifacts
generated by development stage
Absence of artifacts may become critical
 Project status, testing records, etc.

 Artifacts
9 April 2015
generated by deployment stage
Cosgrove Computer Systems Inc.
25
Case Histories
 Insurance Policy System
 ERP System for Electronic Component
Distributor
 Auto-Mall SCM System
9 April 2015
Cosgrove Computer Systems Inc.
26
Insurance Policy System -- I
 Off-shore developer’s quality was
unacceptable to insurance underwriter
 Design

discipline & testing failed
System produced invalid policy documents
– Customers sued citing financial risk

Code was fragile causing DB corruption and
system crashes
 Discovery
document revealed internal
review recommending system re-write
9 April 2015
Cosgrove Computer Systems Inc.
27
Insurance Policy System -- II
 Developer’s quality assurance process
 Design
discipline & testing failed to detect
policy data corruption from improperly
designed terminal sessions.
 Ineffective programmer supervision
produced fragile code without error control.
 Lack of independent QA ignored known
defects risking client’s business survival
9 April 2015
Cosgrove Computer Systems Inc.
28
Component Distributor ERP - I
 Business model – Next day delivery
 System promised < 1 Y, <$5M
 Allowed Go-Live with known defects
after cost & schedule exceeded
 Critical Operations failed with Go-Live –
bankruptcy followed
 Only assets are potential damages
against suppliers
9 April 2015
Cosgrove Computer Systems Inc.
29
Component Distributor ERP -II
 Disciplined process promised but not
followed
 Supplier experienced two mergers
during project
 Supplier Management team
restructured & compromised
 Records show management
inconsistencies
9 April 2015
Cosgrove Computer Systems Inc.
30
Auto Mall SCM System – I
 Multi-brand auto mall orders
replacement Auto-retailing SCM
 System was promised “turn-key” in 1
week
 Critical features promised for all brands

EDI inventory management
 Common lead management
9 April 2015
Cosgrove Computer Systems Inc.
31
Auto Mall SCM System –II
 Promised turn-key is incomplete with
some features yet to be developed.
 Neither of 2 critical functions are
operational with multi-brand dealers
 SCM sales team was conflicted with
pressure to book sale by EOY.
9 April 2015
Cosgrove Computer Systems Inc.
32
Development Summary
 Software Intensive Systems Fail
 “Trend” is for potential liability awards to
be measured by business loss
 Implicit “Duty of Care” requires evidence
of disciplined processes
 Software developers must observe
levels of care similar to professions
9 April 2015
33
Download