Legal (and ethical) comment

Legal (and ethical) comment

Stuart Hannabuss

The appearance of a new edition of Morgan and Burden's (2000) Morgan and Stedman on Computer Contracts served to remind me recently of professional obligations. Not all obligations are promises, and not all promises are contracts, but obligation and responsibility underpin the concept of breach of promise in contract law, and the concept of wrongful conduct in negligence and tortious liability. In Roman law, obligatio was two sided – it involved a personal right to claim on one side and a right to performance on the other (typically with a creditor and debtor). Current contract law emerges from the capitalism of the nineteenth century and the reliance, in entrepreneurialism, of the receipt of benefits. Its links with economic ideas about utility, and links between utility and equity, are of recurring judicial interest.

I oblige

Negligence emerges when we acknowledge the implied promise. So in relationships between employers and employees, often power-asymmetrical, a need came to impose duties on the employer under negligence. Consumer welfarism nourished this, e.g. in consumer contracts. Reliance is a key factor in negligence, and asks whether something that was done was fairly done, whether harm was inflicted, and whether a defendant has become unjustly enriched at the expense of the plaintiff. Contracts are two-sided, the receipt of a benefit justifying the imposition of an obligation to fulfil an implied promise. In common law obligations state that the law of contract protects a person's expectations by putting him or her into the position he would have been in had those expectations been fulfilled. Promises encourage acts of reliance and, if the promisee's expectation interest is protected, this serves as an encouragement to the promisor to fulfil his promise.

Contracts can be seen in a narrow sense (an exchange undertaking or promise which the law will enforce, with obligations and remedies) and in a wide sense (including other aspects of obligations, such a misleading statements which cause a person to enter the contract, or unjust benefits conferred on one person at the expense of another). It is right to consider the ascription of responsibility in such relationships: when does exchange liability come into effect, what conditions need to be fulfilled before an obligation can be ascribed to one party or the other, and when and where does the obligation begin? Conduct can justify ascription of responsibility, such as express or implied consent (e.g. acceptance of an offer) or voluntary reliance by the offeree by words or conduct. The moment of contractual responsibility begins, legally, in the offer and acceptance. It also draws on conventions and assumptions about social cooperation and fairness.

Misztal (1996), in her study Trust in Modern Societies, suggests that trust provides social benefits, acts as a confidence in probable outcomes, and tokens willingness to fulfil contractual obligations. It may be based on self-interest or a consensus identified as necessary to the social order, or as good as it gets in a world of risk-taking rationality. Bernard Williams (1981) is one of many to argue that practical necessity is never enough to define the "oughts" of moral responsibility, while Iannone (1989), in Contemporary Moral Controversies in Business, reminds us that ethical neutrality is impossible to achieve. Such issues are rarely distinctions between good and bad. They are more likely to be distinctions (if they can be made) between rival good and/or bad choices.

I commit

Martin (2000), in Meaningful Work: Rethinking Professional Ethics, brings us back to the notion that personal commitments motivate, guide and give meaning to the work of professionals, motivating them beyond the paycheck and the quest for power. That said, the consensus paradigm can reduce professional responsibilities to shared mandatory requirements developed and imposed upon members – e.g. competence, care, confidentiality, informed consent, honesty, and providing access to services. Such things appear in codes of ethics, but morality and virtue lie behind such codes. Obligations and promises reflect that moral hinterland, and act as a ground for professional ethics, complementing legal contracts, acting as pledges of competence and good faith. Codes, he says, are often merely self-certifying devices embodying official standards and reflecting collective interests, and producing an array of benefits for members. They do not always promote responsible service Wrongdoing can only be understood by looking at the shape of professional life, patterns of personal commitment, failure and success. "To act on professed values, to walk the talk, to show moral courage and initiative, to deal with conflicts and personal weaknesses, to management compromise and reasonable accommodation between issues and parties, we have to draw on this personal commitment and acknowledge its existence".

I fill the gaps

There is a mix of law and ethics here. The overlap is interesting. A good working description of where they meet and mix is provided by Baase (1997) in A Gift of Fire: Social, Legal, and Ethical Issues in Computing, where she suggests that ethics fills the gaps between the time when technology creates new problems and the time when reasonable laws are passed, and fills the gap between the general legal standards which apply to all cases and the particular choices that must be made in a specific case. Law and ethics are often kept in separate boxes. So it is good to look at contracts and examine the legal and ethical issues they raise. Good sources can be found on the UNESCO INFOEthics Web site (http://www.unesco.org/ webworld/public_domain/legal.html), where the aim is "to reaffirm the importance of universal access to information in the public domain and to define ways in which it may be achieved and maintained in the global information infrastructure", and where relevant congresses and cyberspace law are noted, as well as a link to the invaluable UNESCO Observatory Web site (which deals with new ethical, legal, and societal challenges in the field).

The Web site of the International Center for Information Ethics (http://icie.zkm.de/) is particularly good. It defines its field as foundations (information ethics as applied ethics, in areas like computer science, libraries, and cyberspace), history (the western tradition), and systematics (like human rights and responsibility, information production and dissemination, international harmonization, and challenges like censorship on the Internet, ethics and information brokerage, misinformation, and economic damage amounting to liability). A good site for codes of ethics and codes of professional conduct is the Center for the Study of Ethics in the Professions (http://www.iit.edu/), based at the Illinois Institute of technology, where the codes can be searched by category and sector, and where search terms like "contract" throw up interesting cross-currents between law and ethics. For example, in the Japan Information Service Industry Association (JISA) code, there is an ethical emphasis, as well as the expected legal ones, on confidentiality and IPR.

I give it eight

Interesting, too, is the work of the Centre for Computing and Social Responsibility at De Montfort University, UK (http://www. ccsr.cse.dmu.ac.uk). The work of Simon Rogerson, its director, has been substantial over the years, and two papers – on strategic information systems planning (SISP), an ethical analysis, and on the ethics of software project management, are worth reading. In the first, Rogerson develops an ethical framework for computer professionals based on eight ethical principles (honour, honesty, bias, professional adequacy, due care, fairness, consideration of social cost, and effective and efficient action). In the second, he argues that ethical issues tend to get neglected, so he applies these eight principles, suggesting they can and should be used to analyze, inform and colour practice within computing and software project management. Only in that way can stakeholders be fully and equitably represented. The principles draw on the ACM Code of Ethics Imperatives – avoid harm, he honest, honour property rights, respect privacy, honour confidentiality, maintain professional competence, respect existing laws, honour contracts and assigned responsibilities. A topical paper on privacy in the information age, sub-titled "individual freedom faces competition from technological advance", written by Graham Smith, comes from the same source.

I contract

What got my thoughts going was Morgan and Stedman on Computer Contracts (Morgan and Burdam, 2000). This is a standard UK text in its field, dividing up a complex area into three logical parts – hardware and software acquisition, maintenance, and computer services. In the first, we find hardware, software, PCs, distribution and marketing, test agreements, and leasing. In the second, hardware and software maintenance, a minefield with its expectations of services, error detection and correction, consequential loss, supplier's and user's duties. In the third, computer services – bureaux, outsourcing, service contracts on the Internet (e.g. ISPs and Web site design), and consultancy. At all points goods and services mix in complex ways. Negotiating and drafting the contract you want is never easy. Some of the best advice in the UK, once you have read the books, comes from the Web sites of legal firms like Eversheds and Fox Williams, Denton Wilde Sapte, and (a lively one at) Briffa. My portals to these are Venables and Lawzone.

Often with contracts the standard negotiating terms and conditions are mere starting points, e.g. B2B contracts. Boilerplate clauses (like severability, arbirtration, governing law and jurisdiction, force majeure, notices and so on) follow on and then come milestones and IPR. Heads of agreement often form precursors to the full form of the contract. Robert Bond, Head of Innovation & Technology Law at Hobson Audley, pins down three golden rules in drafting contractual documents: first, those who think they have agreed generally have not; second, those who think that they get on well will generally fall out; and third, an oral agreement is not worth the paper it is written on. He follows it with good advice on the Lawzone Web site at http://www.lawzone.co.uk. Time and time again we read of contracts going awry. In the UK booktrade in July 2001 there was Triptych, the software company which provided the Bestseller ordering and stock control system to booksellers like Hammicks and SPCK. These guys snapped up former Triptych staff and brought them in-house to help them keep the system going when Triptych collapsed, leaving more than 200 booksellers without essential support services. At the end of 2001 stories circulated of the failure of BT's backbone. Outages there had drawn attention to the lack of service level agreements (SLAs) to guarantee performance for broadband DSL users. BT offered no SLAs to DSL Openworld users, or to service providers who sold DSL. While compensation was paid for leased line failures, none was available for DSL downtime.

I warn

At about the same time, Masons (http://www.masons.com) provided a timely warning on its Web site about a contractor's duty to warn. The brouhaha and fall-out (and bathos) of Y2K had not yet subsided, yet the legal issues resonated. Data protection, tortious liability (in respect of Y2K related liability, where it was likely that any negligence that occurred would arise out of acts or omissions of specialist sub-suppliers rather than main contractors, and main contractors would not be liable for sub-contractors' actions, unless they were shown to have had knowledge of a defect and that that defect would cause system failure with serious consequences), and contractual liability. Under this came several legal niceties. Once the contract had been completed there was no continuing obligation on the part of the contractor to investigate whether he has committed a breach. During the currency of the contract there was an obligation to disclose to the client and, if the contractor undertook a design obligation, whether there was a fitness for purpose warranty. Some librarian friends of mine swear by Bielefeld and Cheesman's (1999) little book on Interpreting and Negotiating Licensing Agreements: A Guide for the Library, Research, and Teaching Professions, (Neal-Schuman, 1999), certainly a useful book for students.

I seek to exclude

Provisions in a standard contract that limit or exclude the supplier's liability have moved, under UK law, to the status of being unenforceable unless they are "reasonable" under the Unfair Contract Terms Act. In a case in 2001 for the supply of computer software, the contract included a clause under which the supplier purported to exclude liability for indirect or consequential losses and to limit its liability to the price paid by the customer. Following the failure of the goods to perform, the customer sought to recover damages for breach of contract totalling £5.5m in respect of loss of profits and depression of turnover and increased costs of working. The total paid under the contract amounted to £104,596. At the first hearing (so the http://www.foxwilliams.com runs), the court ruled in favour of the customer following a line of cases where the courts have ruled limitation and exclusion clauses unreasonable under UCTA and therefore unenforceable.

On appeal, the Court of Appeal said that the contract had been negotiated between experienced businessmen of equal bargaining power and skill. They decided that the court should not interfere with the limitation of liability clauses unless satisfied that one part had effectively taken unfair advantage of the other, or that a term was so unreasonable as plainly not to have been understood or considered. The Court of Appeal has applied brakes to a worrying trend of re-writing contracts, and confirms that a liability limit equal to the price being paid can be regarded as reasonable. The case was Watford Electronics Ltd v. Sanderson CFL Ltd (2001) and related to B2B contracts (not B2C contracts).

I escrow

Another trend has been greater use of escrow in software agreements. Escrow agreements allow software users access to the source code to maintain the software if the supplier becomes insolvent. The escrow agent hold a copy which is released to the customer in such an event. For an escrow agreement to be valid, users should ensure that they have signed an agreement with a third party escrow agent such as the NCC Group (in the UK). They should ensure that there is an obligation on the supplier to deposit the latest release of the software with the escrow agent within a period of time from delivery of that release of the software to the customer. This obligation should be contained in the agreement between the customer and the supplier. Such arrangements are particularly important where the software supplier has developed bespoke software for a client, or has customized it for them. Commercial and legal trends in the UK, over the last year, have meant that escrow arrangements are more important than ever, and kept up to date.

I fall out

Agreements do fail and partners fall out. This happens between ISPs and their business partners. In one recent case, an ISP was able to terminate a contract on the grounds that the other party's Web site was of poor quality. In a second case, an injunction was granted to the ISP because the other party agreed to continue its provision for a period in return for security. Lawzone refers to the High Court case of Internet Trading Clubs Ltd & Others v. Freeserve Investment Ltd & Freeserve plc (June 2001), where leading ISP Freeserve successfully defended its right to terminate a contract which provided a hyperlink to a joint venture because it had failed to live up to expectations. Back in October 1999, Freeserve Investment (a subsidiary of Freeserve plc) entered an agreement with Internet Trading Clubs to develop the latter's proposed Internet motoring channel. Its aim was to marry up motorists' customer needs with optimum value automotive products supplied by top quality companies and tailor demand with dedicated suppliers through the Internet. But the venture failed to attract customers. In the course of discussion, Freeserve was told that the poor site could harm its reputation, was not generating enough income, failing to secure supplier agreements, and was deficient in coping with online transactions.

I tender

A tender is an invitation to treat. Only when offer and acceptance take place does a contract come into legal existence. Very little research seems to exist (I may be wrong!) on tenders in the library field, more in the computing and IT field. I have to hand the corporate procurement tender documents for the supply of library stock for a London Borough. The invitation to tender stipulates confidentiality (in the preparation of tenders and pre-tender inquiries, the disclosure of information about the company, insurance, and operational plans, including quality and standards and health and safety). General terms and conditions of the contract define key terms and their interpretation, address confidentiality and guarantees, security and agency, liability for injury loss or damage, indemnity and insurance, statutory and other regulations, good employer conditions, warnings (e.g. rectifying defects), waivers this side of estoppel, monitoring and meetings, variation of conditions, payment, prevention of corruption, termination, illegality and force majeure. The special terms and conditions of the contract lay out exactly what should be done (materials, delivery, payment, invoices, discounts, and layouts).

My own search for suitable documentation seems to get an echo on the well-known JISC (Joint Information Systems Committee) Web site at http://www.jisc.ac.uk, where there is a highly informative invitation to tender for the supply and installation of new management and administrative information systems software (dated January 2000) at http://www.jisc.ac.uk/cis focus/casestudies/umistcasestudy. doc). It is a companion to an equally interesting account by Iain Stinson, Director of Information Systems at UMIST, called "Selecting New Management and Administrative Information Systems for UMIST". It was part of a JISC funded case study. A frustrating aspect of looking for – and at – contracts in this area is that many templates are available on the Internet for people who want to use them and pay for them. Singleton (2001), in her recent book on e-commerce, says very much the same thing. A tender subject.

I outsource

Outsourcing automation work has gone on in the IT field for years. Contracts range from designing and maintenance of things like payroll systems to designing, installing and maintaining complex network projects. Firms outsource to save costs, get quality, be flexible, and have scope to focus on core activities. Some agreements end in disappointment because outsourcing contracts and service level agreements (SLAs) are vague. The SLA translates the client's needs and the design and evaluation of goods and services into practical reality. Levels include things like availability, response time, and bug-fixing. Contractually, it is useful to highlight the following factors: the apportionment of responsibilities, whether work can be done on the client's premises or has to be done remotely, whether there is exclusive or shared use of software (e.g. it could be shared, as it is if an ASP or application service provider is used). Customized software can hardly be shared. Another factor is how much to outsource (all or some).

Specify the size of the project (e.g. the service provider's obligations, say, to process data and set up technical infrastructure for the client and maintain software). Ensure the provider knows the client's exact requirements. Preferably include an exclusivity clause. Identify if personnel need to be seconded and clarify the IPR implications of employees and independent contractors. Sort out the IPR – whose, joint, mine, yours, assigned, licensed?

What about the source code, to escrow it, rights over decompiling for inter-operability, and management, maintenance and service levels. Such SLAs bring legal, commercial, and technical issues together in a fine balance, and drafting SLAs is not a simple task. You may wish to use benchmarking checks for ongoing quality performance, and synchronize them with milestones in the project management schedule. Warranties will be important (e.g. that the system will function without errors), as will liability commitments. And, finally, there are termination and terms of rescission. A lot to do, but always better before the event than after it.

I end

Having browsed the WIPOUT Web site today (http://www.wipout.net), devoted to arguing (subversively some would say) that copyright is finished, and an anti-site to the WIPO or World Intellectual Property Organisation Web site, I am wondering whether a lot more might be done to make information about IT, computer, and ILS-related contracts available. Perhaps an anti-contract Web site might do it. In default of that, however, hope this provides some hooks, signposts, and gadflies.

ReferencesBaase, S. (1997), A Gift of Fire: Social, Legal and Ethical Issues in Computing, Prentice-Hall, Englewood Cliffs, NJ.Bielefeld, A. and Cheesman, L. (1999), Interpreting and Negotiating Licensing Agreements: A Guide for the Library, Research and Teaching Professions, Neal-Schuman, Chicago, IL.Iannone, P. (1989), Contemporary Moral Controversies in Business, Oxford University Press, Oxford.Martin, M. (2000), Meaningful Work: Rethinking Professional Ethics, Oxford University Press, Oxford.Misztal, B. (1996), Trust in Modern Societies, Polity Press, Cambridge.Morgan, R. and Burden, K. (2000), Morgan and Stedman on Computer Contracts, 6th ed., Sweet & Maxwell, London.Singleton, S. (2001), eCommerce: A Practical Guide to the Law, Gower, Aldershot.Williams, B. (1981), Moral Luck, Cambridge University Press, Cambridge.

Stuart Hannabuss (s.hannabuss @rgu.ac.uk) is a member of the faculty at the School of Information & Media at the Robert Gordon University, Aberdeen, Scotland and writes the "Legal Comment" column for LHTN.