Abstract-view-of-Toronto-City-Hall

Latent Defects in Software and Potential Liability

Torkin Manes LegalPoint
 

Glitches. Bugs. Freezes. What happens when the unexpected occurs?

Latent defects in software are problems not easily detected through regular testing. As the term suggests, they remain hidden until triggered by specific conditions after launch. Although programmers use routine analyses, such as code reviews and stress testing to try to detect these, latent defects often fall between the cracks. Since they can arise anytime and without notice, this creates uncertainty for buyers (or subscribers) looking to purchase software with long-term performance (or specific functions in mind).

Canadian courts suggest that latent defects relate to the notion of implied conditions of quality. Section 15 of the Ontario Sale of Goods Act (“Act”) provides such an implied condition, while Section 51(1) states that an action is permissible where the seller breaches a warranty, such as to a product’s quality.[1] Importantly, latent defects can attribute liability back to sellers, even if the quality of software was tested and assured at the time of delivery.[2] This article will examine various cases in Canada and the US and their applicability towards latent defects. Next, it will examine key elements of legal claims on this subject.

Canadian Cases

It is a principle that breaches of implied conditions of quality go to the root of the contract, and can entitle buyers to allege breaches in favour of rescission. In the 1994 case, Gerber Scientific Instrument Co. v. Bell-Northern Research Ltd, a buyer bought a computer system that failed to meet expectations due to deficiencies in speed and positional accuracy.[3] The Ontario Court of Appeal reversed the trial judge’s decision and found that a fundamental breach had occurred, namely, the degree to which the defects affected performance were so frequent and significant that the system was “inoperable”. While smaller defects can be fixed, the nature of this case warranted rescission of the contract. There were breaches of Section 15(1) of the Act and the implied condition of the computer system. This was due to its lack of fitness “for the purpose for which it was sold”.[4]

However, more recently it appears that latent defects may be a factor but not the sole basis for a claim. In Bennett v. Lenovo (Canada) Inc., a class action settlement was approved after Lenovo’s computers allowed third parties access to private information if connected to an unsecure network under certain conditions.[5] Justice Perell certified the class action in that case because of the potential intrusion upon seclusion and breaches of privacy legislation as a result of the latent defects. Next, in a case currently awaiting appeal, Arial v. Apple Canada Inc., the Superior Court of Québec certified a class action against phone manufacturers Apple and Samsung.[6] However, the Court appeared to reject the plaintiffs’ allegations that latent defects existed, notably that the phones “are not fit for their intended purpose” due to potential radiofrequency exposure. Instead, the Court found that the health risks and potential misrepresentations were more viable issues than a functional or material defect.

US Cases

Similar to the Canadian jurisprudence, many U.S. cases do not treat latent defects as the main cause of action, but use them instead as a factor to prove other claims such as fraudulent omissions or misrepresentations. Parties will often allege that the seller was aware of the potential defects in software, but chose not to disclose them.

Nonetheless, latent defects are relevant when they affect the central function of a product. In Beyer v. Symantec Corporation, a set of Norton security products were sold but were alleged to contain vulnerabilities in an antivirus engine, which stifled its marketed ability to prevent risks such as phishing scams.[7] The United States District Court agreed that the seller’s omission of the latent defects was material, as they defeated the main purpose of the software, which was to offer protection against threats. However, the plaintiff’s claims were dismissed, as no actual injury had occurred, nor was there a “credible threat” of future harm.

Other cases speak about reliance. In the recent 2023 case Bartling, et al. v. Apple Inc., the plaintiff’s claims for misrepresentation were found non-actionable due in part to the fact that there was no reliance.[8] The plaintiffs brought a class action stating that latent defects in Apple’s products caused security risks only reparable through software updates, which Apple did not disclose until the defects were leaked to the media. While the defects existed, the United States Court of Appeals wrote in a memorandum that it was unclear if Apple deliberately omitted disclosing the defects, and if it did, the plaintiffs would likely be unaware and would not have acted differently had they been disclosed.

Discussion

Ultimately, latent defects can surprise both buyers and sellers. For buyers, latent defects are unexpected obstacles stifling business activity and can lead to losses. For sellers, latent defects are burdensome as they permeate despite rigorous testing and due to human error or limited time and resources. The question then becomes how much liability sellers should assume for such defects.

Canadian and U.S. courts both appear to be somewhat aligned with each other, namely that latent defects, while relevant to a liability claim, are usually smaller parts of a bigger argument. Importantly, cases from both countries raise the issues of (i) core functionality, and (ii) reliance.

First, buyers can argue that latent defects hindered or defeated the core functionality of the software they purchased. As seen in Gerber and Beyer, buyers purchase software with the implied condition that they are usable and will meet the purpose for which they were bought.[9] If latent defects are so severe that the software no longer serves its main function, liability on the seller is more likely to be made out. Naturally, this argument relies on a case-by-case analysis of the defect(s) and the degree of their impact on overall performance. Furthermore, there may be the requirement of actual loss.

Next, reliance is a second element that can help form an action. Here, reliance is related to the seller’s expertise or on the alleged omission of disclosure.[10] In a buyer-seller relationship, there is a commercial legal obligation that the seller will provide a product or service that meets an implied condition of fitness. The seller is assumed to have “superior” knowledge than that of the buyer. As Bartling shows, failure to show evidence of reliance could defeat a claim based on latent defects.[11]

Takeaways

Much can be gleaned from the case law relating to a software’s core functionality, reliance and provincial sale of goods legislation.

When it comes to software, nothing is guaranteed to run smoothly. Routine bugs should be expected, especially within the first few months of use of a new product.[12] Moving forward, it would be helpful for both buyers and sellers to be aware of what reliance exists at the outset of the transaction, and what is actually purchased. When buying software, it is also preferable to specify its main purpose and functions in anticipation of its future use. That way, what the buyer “hopes” to achieve from the purchase is not kept hidden but expressly set out for both sides, avoiding misrepresentation and future litigation.[13]

For more information, please contact Roland Hung of Torkin Manes’ Technology and Privacy & Data Management Groups and Sumeet (Sonu) Dhanju-Dhillon of Torkin Manes’ Litigation & Dispute Resolution Group.

The authors would like to acknowledge Torkin Manes Articling Student Herman Wong for his invaluable contribution in drafting this bulletin.

 


[1] RSO 1990, c S 1 [Act].
[2] Barry B Sookman, “Contracting for Computer Hardware and Software and Related Services in Sookman: Computer, Internet and Electronic Commerce Law (2023) at § 2:41.
[3] Ibid; 17 BLR (2d) 21, 1994 CanLII 971 (ON CA) [Gerber].
[4] Ibid at paras 4–8.
[5] 2017 ONSC 6578 at paras 21–23 [Bennett].
[6] 2022 QCCS 3594 [Arial]; Samsung Electronics Canada c. Arial, 2022 QCCA 1695.
[7] 333 F Supp 3d 966 [Beyer].
[8] No. 22-16164 (9th Cir 2023) [Bartling].
[9] Gerber, supra note 3; Beyer, supra note 7.
[10] Sookman, supra note 2 at § 2:40.
[11] Bartling, supra note 8.
[12] Sookman, supra note 2 at § 2:41 (referencing Oilcon Services Co v Systemetrix Systems Ltd, 27 ACWS (2d) 326, 1984 CarswellNS 558).
[13] Ibid at § 2:39 (referencing Family Drug Store of New Iberia, Inc v Gulf States Computer Services, Inc, 563 So.2d 1324 (La Ct App 1990)).