Why Isn’t Software Regulated?

Great swathes of the economy are already subject to government oversight: finance is the most obvious, but of course there’s also healthcare, air travel, car safety, workplace-related legislation, food safety, building regulations, telecommunications and so forth. The list is pretty much endless.

At a recent lecture I heard that something like five times as many Americans are subject to some sort of permitting in their job as was the case in 1950s (I’ve tried to track down the statistic but can’t find it — if you have it please provide a link).

So in some sense it feels like something of an aberration that something as pervasive as software would have no regulation attached to it.

There are not many activities where software does not in some way impinge on our lives these days, after all. And while it may not matter to anyone if some random little game App downloaded from iTunes doesn’t work properly when you reach level 50, there are other situations where the performance of software is of very great importance.

In the UK, several banks have experienced partial or total crashes in their ATM networks (see here, for example, and here). Whilst I’m sure that the banks’ regulators would have required them to perform extensive testing of the software, and to have all sorts of complicated business continuity planning in place, I doubt the software vendors themselves have left the door open to any form of claim against them for shoddy workmanship (almost all the licence agreements one has to click in order to install software contain some sort of “no warranty” or “as is” clause which would not cut any ice if you tried the same thing when selling a car).

According to Wikipedia’s article on software bugs there have been some other pretty major problems caused by poor software, including large-scale power outages, incorrect social security payments, aircraft crashes and security breaches (most recently, Heartbleed for example).

Now, perhaps with open source software one could take the view that, “you get what you pay for”. I work in financial services, and even if I were to give my advice away free to anyone who wanted it, there are countries where the local regulator would wish me to submit to their jurisdiction (sometimes there are carve-outs, for example in USA if you have very few clients and don’t manage much money you’re not subject to as much regulation by NFA as a big institution). Not that it would be easy to regulate open source software, anyway, but even something as pervasive as Linux has attracted for-profit companies such as Red Hat which seek to package up the open source operating system and provide useful support and add-ons to make it a more ‘corporate’ product. Under that same model it would be possible to imagine Red Hat’s version of Linux, for example, coming with many more warranties about its performance in specific business environments than the plain-old ‘free’ version would have, in much the same way that one can buy any number of (unregulated) magazines which will tell you what stocks to purchase whereas regulated advice will generally cost you more but come with some additional protections (such as the prospect of making a claim against the advisor in the event the advice is inappropriate).

Don’t get me wrong — I’m really not in favour of wholesale regulation of the global economy; regulation is a dead-weight cost and there seems currently to be a tendency amongst both politicians and the general public to want to regulate as many aspects of life as possible. What we need is smarter regulation, not necessarily more.

Nevertheless, every time I use a bit of software — normally paid-for stuff like Microsoft Windows, Office, Google Apps for Business — and it doesn’t work properly, I wonder if perhaps the world has a little bit of a blindspot about software compared with what consumers (both retail and business) demand in other products.

This article first appeared on LinkedIn 28 July 2014