Follow Slashdot stories on Twitter


Forgot your password?
United States

Software Licenses Get Worse 210

Slimbob wrote in with the word about UCITA, a wonderful little law that, if passed allows for remote shutdown of software if you violate the license, make shrink wrap license more enforceable, and outlaw reverse engineering, amongst other gems. Get more details here. Thanks to C.Scott Ananian for sending us a UCITA page, with the TeX version of the letter to be sent and more information.
This discussion has been archived. No new comments can be posted.

Software Licenses Get Worse

Comments Filter:
  • WERNDA identifies and criticizes some of the points made in the InfoWorld articles:

    CLAIM -- UCITA will "prevent the transfer of licenses from one party to another without vendor permission"

    WERDNA'S COMMENT: "Of course, this can be (and often is) accomplished under the status quo with a commonly used contract provision. I actually prefer the common law default to the language of UCC2B, but I don't see this as either new or particularly egregious."

    KANER'S RESPONSE: UCITA section 502 allows publishers to restrict transfers of MASS-MARKETED works. This was rejected by the United States Supreme Court back in Bobbs-Merrill Co. v. Straus 210 U.S. 339 (1908), which settled the existence of the First Sale doctrine. Similarly, for patented goods, read the literature review and discussion of Motion Picture Patents Co. v. Universal Film Manufacturing Co. 243 U.S. 502 (1917), which established the doctrine of exhaustion.

    Without UCITA, I don't think that a ban on transfer of a mass marketed software product (such as giving a used computer game to your cousin when you're done with it) would be enforceable under current law. I certainly have never seen a case that upheld such a restriction in a mass marketed software product.

    CLAIM "allow vendors to disclaim warrantees"

    WERDNA'S COMMENT: "Vendors can presently disclaim warrantees."

    KANER RESPONDS: Oh yes, vendors can disclaim the implied warranty of merchantability under UCC Article 2. But they have to do this CONSPICUOUSLY. Courts have interpreted that requirement consistently in decisions involving software, consumer products and commercial products. They have rejected disclaimers that were not available to the customer until after the customer paid for the product. I'm not going to walk through all the cases. For citations, read the literature review in my book, BAD SOFTWARE: WHAT TO DO WHEN SOFTWARE FAILS. The only exceptions that I found to the general rule (post-sale disclaimers are flatly unenforceable) involved either (a) a longstanding relationship between trading partners, which involved so many transactions that the disclaimer of implied warranties could be treated as part of the course of regular dealing between the parties or (b) a decision based on the Roto-Lith precedent, which has since been overturned by the 1st Circuit (which said it was bringing 1st Circuit caselaw into conformance with Step-Saver, a case that rejected a shrink-wrapped disclaimer of implied warranties).

    UCITA sections 2-207 and 2-208 allows publishers to enforce a disclaimer of implied warranties even though the customer is unable to see the disclaimer until after paying for the product and taking it away. No other law in the USA today allows this.

    CLAIM "outlaw reverse engineering."

    WERDNA'S COMMENT: "I believe you can review the last draft in vain to find a provision outlawing reverse engineering."

    The draft doesn't ban reverse engineering. It allows vendors to ban reverse engineering of their products. The section that allows this is 102(b)(16) which defines a "Contractual use restriction" as "an enforceable restriction created by contract, which restriction concerns the use or disclosure of, or access to licensed information or informational rights, including a limitation on scope or manner of use."

    A ban on reverse engineering is a restriction on the use of the product (a limitation on scope or manner of use of the product). UCITA repeatedly authorizes contractual use restrictions in software licenses.

    Reverse engineering was discussed at length at the last national meeting of NCCUSL, the body sponsoring UCITA. NCCUSL passed the Perlman Amendment, which read:

    "If a court as a matter of law finds the contract or any term of the contract to have been unconscionable or contrary to public policies relating to innovation, competition, and free expression at the time it was made, the court may refuse to enforce the contract or it may enforce the remainder of the contract without the impermissible term as to avoid any unconscionable or otherwise impermissible result."

    This language, especially the reference to "innovation" and "competition" was felt to protect reverse engineering.

    The Article 2B/UCITA drafting committee revised this language as follows:

    "If a contract term violates a FUNDAMENTAL public policy, the court may refuse to enforce [it]. . . TO THE EXTENT that the interest in enforcement is CLEARLY OUTWEIGHED by a public policy AGAINST ENFORCEMENT of that term."

    I've capitalized a few words to highlight the several things that you will have to prove to a court before the court can refuse to enforce a term. This set of restrictions is even narrower (gives judges less freedom) than current law that governs the power of judges to refuse to enforce terms that violate public policy (see the analysis of public policy conflicts with contracts in the Restatement of Contracts 2nd, published by the American Law Institute).

    Note also that the UCITA language drops Perlman's explicit protection of "public policies relating to innovation, competition, and free expression." Instead, we don't know what policies UCITA is talking about.

    So, on a case by case basis, software developers can go to court to either attack a contract or to defend themselves from attacks on them by software publishers. After spending a zillion dollars in the trial and appellate courts, the individual developer hopefully wins the case (and so only suffers the loss of the zillion dollars plus huge amounts of wasted time). But a win by one developer doesn't mean that the next developer in the next court will win. For example, a shrinkwrapped arbitration clause was ruled enforceable in the 2nd Circuit (Illinois law) but was ruled unconscionable and unenforceable in New York. So it will take years and many court cases before developers can safely reverse engineer mass market products (safe from threats of enforcement of a law on the books, safe from having to spend a zillion dollars in defense costs). Until then, it will be easy to intimidate most developers with the threat of enforcing the clause. Can you afford to defend yourself against a lawsuit, where even if you win, you still have to pay all your legal expenses?

    WERDNA finally calls on readers to read UCITA. By all means, try to read this 200-plus page draft statute. Good luck. I know contract law professors who have studied the statute carefully and concluded that it is unteachable. I have attended all of the UCITA/2B meetings since February 1996 and seen lawyer after lawyer, experts in commercial law, struggling to make sense of the statute. The Reporter (senior author) of UCITA has included many Notes in the draft statute but these have been included over many years, many drafts. The comments don't all match or correspond with the language in the draft, making reading yet more confusing.

    The last point that I'll respond to is the cheap shot attack:

    WERDNA: "ask yourself why critics aren't really citing its language"


    UCITA has been under development, in various incarnations, for about 12 years. It will finally be resolved, one way or another, this summer when NCCUSL either dumps the thing or sends it to the states (some of which will certainly approve it if they receive it from NCCUSL). By all means, try to read the statute. And then follow the Association for Computing Machinery, the IEEE-USA, the Independent Computer Consultants Association, and the sw-test-discuss software testers mailing list (organizations that represent working programmers) and the many other organizations of publishers, customers, libraries, and writers and express your own concerns about UCITA. Tell the NCCUSL representative in your state to make this turkey go away.


    -- Cem Kaner, J.D., Ph.D.
  • We'll just have to agree to disagree, then. There is no obligation of "obviousness." The requirement that certain warranty disclaimers must be conspicuous is trivially satisfied by a font change (or ALL CAPS), as everyone here is used to seeing the routine disclaimer language concerning fitness and merchantability. Further, all shrink wraps generally permit as a matter of course (particularly after Pro-CD v. Zeidenberg) the return of the product if the agreement is unsatisfactory. And, of course, after Pro-CD, there is substantial authority that the "time of contracting" arises when the agreement is reviewed, not when the tender of payment is made.

    Finally, I note that nothing in Todd's posting contradicts the proposition that warranties can be disclaimed under the status quo. Indeed, UCC expressly permits the same to be disclaimed.

    I am aware of no case holding that a UCC warranty disclaimer is ineffective because it was given in a shrinkwrap, but would be pleased to see one cited if this is so. Indeed, the 7th Circuit cases seem to militate to the contrary, but that is a subject for a different forum, I think.
  • From inf oworld []:

    One simple thing you can is to sign our e-mail petition, which reads as follows:

    "In light of the concerns previously expressed over proposed UCC Article 2B by a variety of interest groups, and the lack of time such groups have had to study and respond to its new reincarnation as a uniform act, the undersigned urge the National Conference of Commissioners on Uniform State Laws to not approve the Uniform Computer Information Transactions Act at this time."

    If you agree, "sign" the petition by sending an e-mail to us at with any
    additional comments you'd like to make and your name, title, company, city, and state. The results will be presented to the NCCUSL commissioners in Denver to help demonstrate to them
    that the concern about UCITA is widespread.
  • We'll just have to agree to disagree, then. There is no obligation of "obviousness."

    UCC Article 2, paragraph 2-316, subsection 2, and I quote:

    (2) Subject to subsection (3), to exclude or modify the implied warranty of merchantability or any part of it the language must mention merchantability and in case of a writing must be conspicuous, and to exclude or modify any implied warranty of fitness the exclusion must be by a writing and conspicuous. Language to exclude all implied warranties of fitness is sufficient if it states, for example, that "There are no warranties which extend beyond the description on the face hereof."

    The language specifically says both "written" and "obvious". I would say that hidden inside the box so that you cannot read it until after you have paid is the exact opposite of "obvious" and/or "conspicuous".

    And yes, all warranties can be disclaimed under the UCC. However, under UCC2 they cannot be disclaimed after payment is tendered and the goods are delivered ( ie. after you pay for the software and have the box in your hands ). All the portions of the UCC are worded such that delivery of the goods and acceptance of them by the buyer is considered sufficient evidence of a contract. The only question would be whether delivery of the goods occurs when the buyer takes physical possession of the software, or when the buyer opens the package containing the diskettes. I would suggest that, if you bought a car, paid in full and took possession of the keys, then found a tag in the ignition that said that by removing it you agreed to certain other terms not in the agreement you signed before you paid, you would be hard-pressed to find a judge who would rule that the dealer could modify the contract unilaterally after closing the sale.

  • If I recall correctly, certain versions of Office 2000 (such as the Student Discount version) will have Internet Registration.

    Hopefully Microsoft learned something from the "Channels" and "Windows Update" disasters and left that little feature out of the corporate desktop version.
  • The guy said free software (i.e. the GPL) doesn't have restrictions on it. That is a false statement. I agree with most of what you said, except for: If you actually WANT to write software that restricts people's freedom, I can see why you wouldn't like the GPL, but otherwise, it's a Good Thing

    I think what you meant was If you actually WANT to write software protects your rights, I can see why you wouldn't like the GPL, but otherwise, it's a Good Thing.
  • Imagine if someone found out how to delete windows remotly using this thing.

    Within about 20 minutes you can delete windows of every computers hard drive in an office.

    How much fun could hackers have?
  • To me, the real issue here is not that EULAs are going to suddenly be more enforcable (after all, it is a legal binding agreement - if you break it you should be willing to live with the consequences that you originally agreed to - even if that means that you lose the right to run the software) but that the body responsible for the enforcement is the issuer of the license.

    This is same as having a law that would allow landlords to unilaterally evict tenants. It is a case where all the power in an agreement between two parties is held by only one of the parties.

    Its clear here that no consideration was given to GPL'ed software. If the 'vendor' has the unilateral authority to block usage of software by users in violation of the user agreement. Where does that power reside in free software where anybody can be a vendor? Since anybody can be a vendor, does that imply that anybody can block the misuse of GPLed software? Can I shut down my competition because they are in violation of the GPL? Are we going to end up in a world where everybody is a software police officer an there are no courts or judges?

    What is needed is an impartial third-party, whether it be the courts or a separate Software License Tribunal, to whom vendors and users alike can argue their cases. We do need license enforcement or the GPL is useless but we need that enforcement to unbiased.

    That's my two cents.
  • by Cary ( 7220 )
    Isn't Mesa just an implementation of OpenGL?
    This doesn't seem to fall under the proposed
    Facist legislation.
  • by Anonymous Coward
    This already exists in the form of keyservers. If the keyserver crashes, your copy prompts you to save, and then you twiddle your thumbs for a while.

    I'd question what would happen if something happens and your copy quits, but if you weren't violating the license.

    Also, are they going to have me sign a contract? Or will they depend on the 'legality' of the EULA? I think I'd sue someone if they tried to enforce a EULA. Either that or send them a EULA myself.

  • by alkali ( 28338 ) on Tuesday June 01, 1999 @09:35AM (#1872232)
    Here are two basic issues in contract law:

    What contracts can't you make? I can't agree to work for less than the minimum wage. I can't agree to rent an apartment without hot water. I can't agree to sell my organs. Putting it another way, while I might agree to do these things, I can't be held to that agreement.

    What are the default terms? If I agree to paint your house, but we don't set a time for doing it, and you sue me when I don't do it, I can't avoid the lawsuit by saying I'll paint your house in the year 2019. The court will say that the parties understood that I would do the job in a reasonable time (perhaps a month). In cases like this, where the parties don't address a particular point in their agreement, the law will generally supply a default term in order to make the contract enforceable.

    Keeping the foregoing in mind, this proposed law does the following things: (1) It tells you what kind of software licenses you can't agree to -- and by the sound of it, not very much is out of bounds. (2) It tells you what the default terms will be when a license doesn't fill everything in.

    The suggestion that this proposal represents some sort of government intrustion into the software maker/consumer relationship doesn't seem fair. Under this law, every consumer gets enough rope to hang themselves with; there's very little that's prohibited. As for the default terms, you're free to contract around them if you don't like them. By libertarian lights, this law is -- if anything -- too slanted in favor of consumers.

    (That doesn't mean it's a good law, of course; it just means that if you consider yourself an anti-government sort, you should understand what this proposed law would[n't] do.)

  • One other point. IF this is an American law, if a software company attempts to shut down a piece of software in a country with no agreement to upload this (ridiculous) law, would the company have the right to sue (the living hell out of) the company?
  • By way of background (missing from the article from InfoWorld), UCITA was until recently the proposed UCC 2B. The proposal to add a provision to the Uniform Commercial Code to deal with software licenses was until recently a joint project of the American Law Institute (ALI) and the National Conference of Commissioners on Uniform State Laws (NCCUSL) []. The proposal was so awful, and attacked by so many people [] (especially legal academics!) that the ALI pulled out []. This is unusual.

    NCCUSL historically is less likely to throw roadblocks in the way of a proposal once a drafting committee says it's done. On the other hand, this one is so controversial, for so many, many reasons, that there is a little hope that the steamroller can be stopped. Uniform Commissioners are political appointees, usually by state governors, so if you or your firm happens to have any pull in your state, a word to the (un)wise might help. Furthermore, even if it passes NCCUSL it then has to be adopted state-by-state, so there's another chance to fight it.

    For my account of why an earlier draft was bad for e-commerce (the latest draft is bad in slightly different ways) see 2B as Legal Software for Electronic Contracting -- Operating System or Trojan Horse? [].

    A. Michael Froomkin [mailto]
    U. Miami School of Law,POB 248087
    Coral Gables, FL 33124,USA
  • You're talking as if Government were some monolithic boogeyman who is out to stick it to the little guy. There are several layers of government in our system. This draft has been proposed by a committee of representatives from the states. If a draft passes the committee, it will have to be acted upon by the state legislatures. Business has the money to pay lobbyists to write and promote this legislation. We have to power to let our disapproval be known to our Governors and legislatures. Use it.
  • hey hey hey, don't be calling it an OpenGL implementation.. Mesa is a graphics lib that is GL compliant but not officially. so as far as RE goes.. It might be. I'm no lawyer but i do know it was made without SGI's help.. and they own OGL.
  • by Anonymous Coward on Tuesday June 01, 1999 @08:54AM (#1872238)
    How long until internet connections are required to install software that registers itself? Ore reuqires a 'net connection each time you run it? Or maybe just periodically?
    * What if you reinstall it?
    * What if you reinstall you're whole HD (after a crash)?
    * What if you upgrade to a whole new machine?

    I think SW vendors need to address these 3 issues before thay can even think of any sort of auto-remote-kill-the-pirates-and-a-few-honest-guys -along-the-way-oh-well protection scheme.
  • Fine, GCC is general purpose software. It should be open source. Similarly the MRI software being hosted on a Linux OS. But I seriously doubt if the MRI application itself is open source. It's possible, but I doubt it.

    In my own field of Insurance, there aren't enough qualified programmers to support OS software for this industry. There also isn't enough glory to get anyone in OS interested. From this I conclude that OS software specific to my industry will never exist.
  • > This already exists in the form of keyservers. If the keyserver crashes, your copy prompts
    >you to save, and then you twiddle your thumbs for a while.

    You wish. The software I am using for editing GDSII files (microelectronics masks format) just shuts itself down without bothering to save data or making sure that database stays uncorrupted.

    Anyone has pointers to free UNIX GDSII software (except for MAGIC)?
  • As long as StarDivision ceased all RE activities the second the law was passed, they'd be fine. You can't be charged for a crime that wasn't yet a crime when you committed it. (though I feel silly for forgetting what this principle is called) Now, MS and other big companies could (and, I have no doubt, would) try to sue the OSS crowd for RE the second this law passed, but the charges would be thrown out, despite the amount of money MS would be willing to throw at the legal system. If RE the product was legal when they did it, then they're fine, whether it becomes illegal or not. If their actions were illegal when they took them, then they're in trouble, whether this law passes or not.
  • Seems to me that there were similar worries early in the satellite TV days with the crypto boxes for the big dishes...that was solved when someone exploited the back door and then put the solution out on USENet. Now you can buy a card/SmartCard that allows you access to every channel able to be demodulated from your geographic location...including HBO, etc.

    Linux is a small kernel...the I/O drivers are Open and Free...just give the underground a chance...I guarantee you will be approached on the internet 2 days after your settop box/cable provider goes UCITA!

  • I don't care about remote shutdown of software at all - if you bought it, you agreed to the license and serves you right if you violate the terms.

    I don't care about requiring permission for pass-along - if a software company wants to spend millions of dollars overseeing and enforcing this, whilst at the same time alienating their customers, well go for it.

    I *do* care about the reverse engineering clause. All of you in the US need to LOBBY against this NOW. The whole open source community has utterly relied on reverse engineering to produce software which supports a large variety of hardware and interoperability with other software. Your graphics adapter drivers, your sound drivers, your SCSI drivers, your TV card drivers may all well be the result of reverse engineering. Take that away and what do you have?

    Remember Halloween I? That paper identified the possible strategy of closing and obfuscating protols and file types to prevent the open source community from having access to them. If we can't work with the rest of the world all the progress of the past ten years will be lost.

    Outlawing reverse engineering will mean the end of working with MS filesystems, exchanging files with MS (and other) programs, communicating with computers which use closed protocols.

    This scares the you-know-what out of me, and it should do the same for you too.
  • I hope these morins put themselves out of business!

    What corporation would be willing to take this risk? Not a smart one I hope...

    Consider this:
    Disgruntled employee acquires companies list of serial #'s and posts them on the 'net. Then the corporations software could be remotely shutdown by the software vendor for license violations...

    Bring it on, I am moving more and more to a complete OSS working environment, this should help speed the process!

  • A previous post pointed out that this "law" will be passed by some state attorneys-general, and "a few state legislatures." How does that enact national law? Is that not the task for which Congress was expressly designed?

    And to whom do we express our rage? As far as I can tell, the worst part of this "law" is not the clause that allows vendors to auto-destruct software -- though that is admittedly horrible -- but the part which states that the creator of the software cannot be held liable if the software sucks. What the hell is that? I mean honestly, what the hell is that? How can that even be under consideration by lawmakers (RESPONSIBLE TO THE PEOPLE, RIGHT?)?

    What if the auto industry tried something like that? What kind of cars would we be pumping out if auto makers were not responsible for the quality of their merchandise? Sure, I guess nobody would buy the newest Mustang if it had a bad habit of exploding over 25 mph, but are they claiming that that would be good-enough punishment for the manufacturer? Where are we? Am I in the right universe?

    Some may say that the situation is much different with software. But I contend that it is exactly the same. Let's say NASA used Windows as the operating system on the next space shuttle or something (as if). As America watches the in-cockpit camera, we see the blue-screen-of-death pop up and ten seconds later the shuttle blows up. Oops, MS says, but not our fault! See! Look at the license!

    Maybe that's an overexaggeration, but there are many situations in which failure of software is simply not an option. If we remove all responsibility for responsible programming, what kinds of programs will we end up with?

    But then again, every time I start up emacs it tells me that it's distributed with "ABSOLUTELY NO WARRANTY". And it's a pretty solid piece of software. So I don't know where that leaves this argument. :-(

    Here are the paragraphs in question:



    What's to stop any software company from adding a line like this to their program? What's stopping them now?? Is it the "applicable law" part? Somebody please tell me. I know there must be something or else every software maker would have implemented this already.


  • Is it clear whether network providers could extend these UCITA laws to the networks? What about ISPs that "require" you to use their software to use their network services? If there are problems, then the ISP says it's with their software, and therefore not warranted. oh, and by the way, their software contract does not allow you to do this-and-that service, so we're shutting off your service anyways...

    The web site for that person's travails with Comcast and @Home should be enough evidence to the contrary to shut up the "but it can't happen here" people.

    It will. And once companies figure out they can make some good money by it, it'll spread like a bad case of Ebola.
  • This would be a uniform act that is done on a state-by-state basis in the US (La. does not generally participate in the uniform acts).

    The law would define what the default is if the commercial transaction is covered by the state and your contract is silent on that point. Large companies will not tolerate most of these default provisions.

    Many of the default provisions violate consumer protection statutes, so they will not be effective against home users either. The people who will get screwed if the software publishers have their way are the small businesses that cannot get a company to change the terms and conditions but are not protected by consumer protection laws.

    This is a state by state operation. Even if Washington State rolls over for their software publishers, other states can make it illegal or economically irrational to license software under UCITA because it is against public policy. They can further stop the effect of this law by extending consumer protection statutes to all purchases who are not the position to negotiate terms and conditions of the license.

    Encourage your state to pass consumer protection laws that say that any company that uses shrinkwrap agreements to license software have:

    • Warrants that the product may be tested for 30 days and can be returned for any cause that the customer cause for a full refund at that time;
    • Self-help reposessors must provide a bond of $1,000,000 or more against any damages that may be caused by self-help repossession;
    • Companies must at least refund all money spent, at any time during the life of the license, if the product fails to work as described in any documentation from the company.
    UCITA is a bad idea.
  • ....give vendors the right to repossess software by disabling it remotely

    What gives them that right?"

    The letter of the law, it seems. A similar concept is already in force; anyone suckered into buying a Divx player agreed to this cute little statement in the Divx contractual agreement...


    This allows them to prevent a movie from being viewed, say, if you forget to pay your bill, or a company wishes to put a movie "on moratorium".

    Yes, less than 300 000 people bought those infected DVD players. Yes, it will probably die in a year or so. The ideology that birthed Divx, the concept of complete corporate control over the use of software (including the data on certain DVDs), is being adopted throughout the software and entertainment industries. The rush to create a "pay-per-listen" music format is one example; this software license bill from hell is another.

    More fun statements...

    "...but your warranty says that I can return it if it doesn't work as it says it would." "Too bad. We've disclaimed that warranty."


    "[the bill] says manufacturers are not liable for the poor quality of their products,"

    These statements, and the states of mind they represent, would be unacceptable to consumers in any other product. Somehow, software manufacturers can get away with substandard products; this legislation would give that dangerous mindset legal backing.

    I get the sick feeling the software lobby can get laws like this passed because the current political establishment has no idea how software works, and are unable to draw important distinctions and similarities between software products and other products. Thus, large corporations and powerful lobbies with enough money can tell the aforementioned clueless politicians how a particular law should be written, which just happens to work in their favour. I think it's time for some hackers who know how to deal with software and the Internet to get political office, before it's too late.

  • Since the company already disclaimed all responsibility for the program they can't be held responsible when Joe Random Scriptkiddie deinstalls all copies of the mission critical application Foobar across an entire corporation...

  • I like that. I've got a stupid NT Workstation CD that my college included as part of my tuition (came with a remedial language I swear I just needed the credits for). I've got ZERO use for that. Anyone else got an NT WS CD they'd like to swap for mine? :) We'll call MS at the same time and get permission. Hell, all we have to do is pair off enough people like this and we can just swap up pairs every now and then. They must have enough people that we won't likely speak to the same poor schmuck twice very often.
    Digital Wokan, Tribal mage of the electronics age
  • I sent an article about this to Rob a couple of
    months ago and it never appeared...I'm glad to see that it now has.

    I've thought a lot about this since then, and I
    believe that this can ultimately become a threat to OSS development in the US. If the government
    makes this law to 'protect the rights' of the
    software industry it will eventually see fit to
    make the 'technology' a requirement of exported software. This would enable the US to disable
    software used by its enemies, as well as totally prevent the use of US-authored software with strong encryption outside the US.

    OSS, by definition, couldn't meet such a requirement and would become illegal to export.

  • nope.. they stated in their shrinkwrap license that they are not responsible for their software...

  • I would note that the "limited warranty" in most products that you refer to typically does not limit the warranties of merchantibility and fitness for purpose, which are what the shrink-wrap licenses disclaim.

    Disagree. Such warranties, in my experience, are common and routine, and are hardly limited to shrink wrap licenses. Just looking around the house, I note that my stereo, VCR, DVD player, washing machine and a television set (just things for which I happened to have the documents in a drawer) all had the standard disclaimer.

    Also, you keep coming back to the point that all warranties can be disclaimed under UCC2, as if this is somehow relevant. It isn't.

    I understand why you would want to backpedal. The video tape proves otherwise: I wrote, criticizing the articles proposition the UCITA "allow[s] vendors to disclaim warrantees," stating that "vendors can presently disclaim warrantees." I wrote nothing else on this point.

    You wrote, "I would take exception to several points here, in particular your statements about vendors disclaiming warranties."

    I am pleased we no longer disagree that the article exaggerated.

    As to your final question, it is simply this: 2B was a standalone provision, requiring that everything be spelled out. I agree that the statute was drafted to be more closely tuned, and to give greater clarity, to circumstances surrounding transactions involving shrink-wraps. I also agree that it is generally pro-licensor and has serious problems.

    The point of my posting is that UCITA's critics are being disingenuous in their criticisms. The bill is a mixed bag, some good, some bad. The stupid polar bullshit from opponents and proponents has stood in the way of it being a very good bill.

    As a lawyer practicing daily in this area, I lament the lack of CERTAINTY (whatever is the result) in these transactions. It would be wonderful if a great number of these ineffable fuzzy questions were resolved, and the prospect of a fairly balanced UCC2B could have been a great thing. Unfortunately, the radical views pushed and pulled at the thing until it became useless. Now we have UCITA, and I see the same demagoguery happening all over again.

    Moreover, the exaggerations from many critical quarters has hurt "our" cause, permitting publishers to marginalize very credible critics as part of a group of knee-jerk opponents who only speak in half-truths.

    This is a bad thing. We as a community need to do better. We need to insist on clear, truthful and complete accounts -- using solid advocacy of course -- rather than trying to justify after-the-fact these sound-byte half-truths so empty as to be misrepresentative in context.
  • I would note that the "limited warranty" in most products that you refer to typically does not limit the warranties of merchantibility and fitness for purpose, which are what the shrink-wrap licenses disclaim. UCC2 only addresses those two warranties, and IMHO applying the rules for other warranties to them isn't correct. The two are different, and are treated differently by UCC2 itself. Almost always, reference to those additional terms is made in the before-sale paperwork, and the terms are available before you pay if you wish to review them.

    Also, you keep coming back to the point that all warranties can be disclaimed under UCC2, as if this is somehow relevant. It isn't. The point I make is not that warranties cannot be disclaimed, but that under UCC2 they cannot be disclaimed in the way that shrink-wrap licenses do it and the way that UCC2B/UCITA would allow, which is a completely different point.

    One final question. If the current shrink-wrap licenses are actually so acceptable under UCC2, why are the software companies so interested in pushing UCC2B/UCITA through, and why with terms so different from UCC2 so explicitly spelled out? It would seem that, if 2-217 was the only problem, it would be simpler to just print the shrink-wrap license seperately and require it to be signed at the time of sale than to lobby for changes in the law. This suggests that the software companies are worried about someone bringing a case, not under the terms of the shrink-wrap, but as a straight UCC2 case.

  • by werdna ( 39029 ) on Tuesday June 01, 1999 @01:34PM (#1872262) Journal
    One of the difficulties in working through all the hype on both sides, is that the shift from UCC2B to UCITA leaves us without a specific draft to criticize. Critics are free to exaggerate supposed defects, and of course, advocates can do the same. Anyway, before taking the article's word for it, look at the last drafts of UCC2B [], ask yourself why critics aren't really citing its language, and consider well whether you are being completely and honestly informed by critics or advocates alike.

    UCC2B is not all bad, and not all good, IMHO. However, some of the comments in the subject article strain credulity and, regrettably, much of it is demagoguery from various special interest groups trying to stir up dissent.

    For example, shrinkwraps. Shrinkwraps are not the enemy of open source -- to the contrary, they are part of what makes the open source license "virus"es work. Some here have argued that this law can somehow have retroactive effect on already existing contracts and past reverse engineering -- Not so, indeed, a law that changed existing contract rights would be unconstitutional. In short, while I understand why the software defect plaintiff's lobby is all in a huff about greater certainty in enforcing shrinkwraps, I'm not sure that the OSS community shouldn't be planting itself squarely on the fence on the issue.

    Some other points made in the article:

    prevent the transfer of licenses from one party to another without vendor permission;

    Of course, this can be (and often is) accomplished under the status quo with a commonly used contract provision. I actually prefer the common law default to the language of UCC2B, but I don't see this as either new or particularly egregious.

    allow vendors to disclaim warrantees; and

    Vendors can presently disclaim warrantees.

    outlaw reverse engineering.

    I believe you can review the last draft in vain to find a provision outlawing reverse engineering. Still further, it is doubtful that a state law could do so under present law without violating the Supremacy Clause of the Constitution. Indeed, the last draft of the UCC2B has an express example in the commentary expressly noting circumstances where unconsented reverse engineering is not a breach!

    Why are they exaggerating if their case is so strong? Think about it. Its not.

    I find great flaws in the UCC2B as do others. However, while flawed, it is not the unmitigated disaster it is held out to be by its critics (although it is certainly special interest legislation). As is often the case, the truth is more interesting.

    I do believe slashdotters should educate themselves about this bill, study its provisions (the real ones, not the straw men) and judge for themselves what should be the law. But UCITA is not suprise legislation -- these proposals have been brewing now for years. Consider them carefully, and use what power you have, particularly now that it is no longer UCC, to help your legislators to separate the wheat from the chaff.

    So, RTF Bill, read the commentary on both sides, and judge for yourselves.
  • I believe that European directives explicitly allow reverse engineering for the purpose of interfacing. It also states that these rights cannot be removed by licence conditions. So, even if reverse engineering is made illegal in the US, the open source movement elsewhere will still be able to determine the required protocols and hardware interfaces.
  • Very 1984-esque. As the phrase goes, 'may you live in interesting times'. This is the digital equivalent of the period just before the American Revolution, FWIW.
    I have to sympathize with the people who argue, 'no! Don't let this pass, it will do immeasurable damage even if it _does_ force the issue of free software and make it almost unavoidable'. I sympathize a great deal, because it is deeply disturbing to watch an industry develop a choke-hold over technology, government- anytime an entity is legally allowed to hold _sole_ discretion over the survival of another entity, be that a company or a person's records or, hell, a government's records... then you have real trouble. Power corrupts, and that is more power than most people would know what to do with- especially when we're talking about the privilege to on the one hand define an industry standard operating system (yah, 'doze...) and then withhold it at whim regardless of damages. That's _damned_ scary.
    And yet, I am not convinced 'we the people' have the power to reform this in time. I believe this or something like it will go through- and our humanitarian concerns (wishing business, government not to be subject to a reign of terror) will not save the intended victims of this ghastly power-seize. I think it will go through, and our world will quietly change into an Orwellian nightmare around us- with respect to proprietary software. And there will be no ground to give and no chance of negotiation- the only choices will be to submit or to _fully_ go for free software and disclaim even the idea of interoperability with the proprietary stuff- it simply will not be in the interests of proprietary software to pretend anymore.
    Where this might get very ugly is protocols and networking. It won't kill anyone if computer joysticks or certain printers can't be used with open source products- this already occurs. However, attacking the networked infrastructure of the world would be deadly, and it's hard to imagine anything more important than defending the ability of the world to communicate- we cannot balkanize, we can't afford another Dark Ages, we must protect the ability of people everywhere to network with each other and exchange ideas, viewpoints, dialogue. This was important even when the danger was only proprietary stuff crowding out the older stuff and refusing to interoperate- how much more dangerous when the proprietary stuff is to be operated only by the graces of a centralised authority? This would be Jon Postel's worst nightmare, perhaps beyond his imagining.
    We are looking at war.
    Whether or not it turns out as bad as it might, it's best to remain firmly aware that we are looking at the prospects of literal war over these issues. There are too many parallels with civil liberties issues- first trespass into people's software 'homes', then negligence and the refusal to take responsibility for damages to said property, and now it's to be legal for companies to destroy my data or seize it without due process on _their_ notion that I did something wrong? Does this begin to sound eerily familiar to those who have learned anything about the American Revolution?
    We _are_ looking at war, and we are probably stuck with it.
    For me, well: I can't be terribly impressed with some of the scuzball freedomfighters, any more than the colonists were an impressive aristocratic lot. Seems like there are a lot of script kiddies in the ranks- that ego runs riot, mine included- that politicking is rampant, the whole troupe seems like either blowhards or rugrats up against trained troops with big budgets.
    Yet I know damned well which side I'm on- there's no possible compromise, and my mood is more and more like the Boston hotheads causing trouble for the colonies in 1776. It's the grand imposing impressiveness of a small, mange-ridden cornered rat- and the same desperation, born of the total lack of other options.
    I'm posting this from a small town in Vermont, in the United States of America, and will soon be visiting my family in Lexington- where the Redcoats marched, shed Colonist blood, and were cut down themselves in the start of the war for independence.
    WE WON, DAMN IT. Remember that when this nightmarish cybertyranny madness gets oppressive. Supposing the laws are passed and working on reverse-engineered projects becomes ten years and $100,000 minimum, supposing this is quickly taken advantage of to render everything that seemed to be good strategy (Samba, windows-like interfaces, ability to talk to NT Server...) useless. Guess what? That's war for you. If you don't like it, you can knuckle under and bootlick, or you can fight back using any means at your disposal. The outcome is not pre-ordained- and there comes a point where fear, uncertainty and doubt no longer matter because there is no longer an option to bootlick. With this legislation and what it represents, I see that point approaching, and I choose to call it war, just as much a war as any physical war.
  • by elyard ( 928 )
    SGI doesn't really own OGL in the sense of a proprietary ownership. Rather SGI (along with every other major UNIX workstation vendor) oversees the standard.
  • No, not under the "no warranty" and lack of indemnification parts... would become your burden to prove anyways...
  • is what it was called for the last three years while it was being drafted. So why are you all surprised at this? It has been coming on for three years. Everyone has criticized it and casts votes against it and asked for it to go away to no avail. A lot of BIG $$ from the software industry behind this one.

    It will most certainly effect the printing, video and audio industries as well. From past experiences it doesn't look like arguing against it in this forum at this point will do any good. (It hasn't to date.) The best thing is to get ready for the arguing at your State Government level. (I'm sure a few free copies of Windows for Government use will oil the passage of this one though.)

    The biggest thing is that in the bowels of this proposal is the excusing from liability of software companies for anything arising from faults in their software... Which explains why Microsoft is such a big pusher of this legislation.

    Of course, it'll put it on par with Open Source...

    Dave Bennett
    Chief Information Officer
    Inland Truck Parts Company
  • Imagine all MSWord users in the state of California suddenly having their software nixed,
    or having every Oracle database in the Pentagon frozen due to "license violation".

    I say let them do it, its their foot they are aiming at. M$ may do this but you'll never see Oracle do it.

    In a critical failure situation, where a machine dies over the weekend, it is in Oracle's best interests for you to be able to set up on another system on your own and make them look good, rather than telling thousands or tens of thousands of users that the Oracle database is down on Monday. If this means that there is a chance you will be running two copies of the software on one license during the transition, I think they'd take that chance rather than change losing the contract.
  • Free Software has no restrictions on how you can use it.

    Sure it does, it has that stupid, you can't use this in non-free software restriction.

    Maybe you meant public domain?
  • Imagine the fun when digital hooligans use the industry's own tools to shut-down enormous pools of users of a given product.

    Imagine all MSWord users in the state of California suddenly having their software nixed, or having every Oracle database in the Pentagon frozen due to "license violation".

    Hey, that could well be the 'blue-screen of death' of the 21st century. You won't even get the *chance* to get a good, old-fashinoed Access Violation!

    ] word foo.txt
    ] loading...
    ] Terminated at 005e20010fcb
    ] License Violation.

  • Its developed in .au, where I doubt this law will apply.
  • I vote "Self Help" as the most heineous mis-nomer since "Ethnic Cleansing".
  • As I understand the main difference between
    software and physical goods is a relative ease
    of DISTRIBUTION. And the licenses were invented
    to take control over this.

    Therefore DISTRIBUTION must be the ONLY subject
    licenses may limit our use of software.

    Any other items in the licenses must be illegal.

    This approach clears the view to restrictions
    like 'reselling/giving_away the license',
    'reverse ingeneering', 'product reviews' and
    many others.

    One thing remains unlear, though. I speak of
    DISTRIBUTION, but it is not quite clear what
    it means. Does 'fork()' produce another copy
    of the program? Who is the user --- system
    administrator sitting before the console,
    client connected via network, CPU performing
    machine code of the program, the running
    process, the running thread, disk space
    occupied by installed program. Most people will
    probably say: "the box, software is installed
    on". But then I recollect that clusters exist.

    Anyway, the DISTRIBUTION must be the only item
    software owners should be allowed to regulate.
  • As for the default terms, you're free to contract around them if you don't like them. By libertarian lights, this law is -- if anything -- too slanted in favor of consumers.

    This statement would be true if copies of Windows 2000 or whatever has words on the outside of the box to the effect of "Software includes remotely triggered self-destruct feature. Microsoft reserves the right to disable this software at any time if Microsoft believes that this software is being used in violation of license".

    The sleaze factor of this law is that it makes enforceable provisions which are unknown to the consumer at the time of purchase (i.e. neither disclosed before breaking the shrinkwrap nor matters which the "reasonable man" of the lawbooks would already expect).

  • Here's a list (with links) to opposition letters from a wide range of organizations that oppose UCITA / (formerly Article 2B).

    If you want additional information, write me at and/or check my website,

    Recently, several organizations have submitted letters to NCCUSL or ALI asking that 2B/UCITA be tabled or cancelled. Not all of these letters have been published. I'm aware of letters from:

    - fifty intellectual property law professors (

    - American Association of Law Libraries ( and html)

    - American Library Association ( and html)

    - American Society of Media Photographers (

    - Association for Computing Machinery ( 98.html)

    - Association of Research Libraries ( and html)

    - Consumer Federation of America (

    - Consumer Project on Technology (Ralph Nader) (

    - Consumers Union (

    - Independent Computer Consultants Association (unpublished)

    - Institute for Electrical & Electronics Engineers (IEEE) submitted specific criticisms of 2B ( l) which have not been resolved in the ways requested. The IEEE suggested in its most recent letter ( l) that if these issues were not satisfactorily resolved, it too would recommend tabling.

    - Magazine Publishers of America (

    - Motion Picture Association of America ( and

    - National Association of Broadcasters (

    - National Cable Television Association (

    - National Consumer League (

    - National Music Publishers Association (unpublished)

    - National Writers Union (

    - Newspaper Association of America (

    - Recording Industry Association of America ( and

    - Sacramento Area Quality Association (unpublished)

    - Society for Information Management (

    - software-test-discuss (this is the Net's largest e-mail discussion forum on software quality control)

    - Special Libraries Association ( and html)

    - United States Public Interest Research Group (

    Most of these letters are brief. After consultation with some other consumer advocates, I submitted a detailed letter with a section-by-section call for consumer-side revisions (

    The National Writers Union letter ( details writers' issues.

    The Society for Information Management's letter details the concerns of large software customers (

    A recent advisory letter from the Federal Trade Commission ( raises many of the same concerns.

  • Most medium-to-larger businesses already "rent" their software in the form of annual maintenace and support agreements, so no news there. And yes, if your company is on a annual plan with Microsoft, they could well be still spending a couple bucks a year for some old MS-DOS PC.

    I can't even imagine the hassle that Microsoft (Corel, Lotus, and so on) would have to go through to get that $10-$20 maintance fee out all the individual users and small businesses out there. Hardly likely to happen.
  • There seem to be an awful lot of us suggesting that we should support the law because it's so bad that it will make free software look angelic in comparison. While i appreciate the irony of the software industry crippling itself with a self-serving uniform law, i think that the impact of this law will have severe effects on users of open source software as well. Where do you guys work? I would guess that most if not all of the companies that we work for depend on some sort of proprietary software package. Commercial software is everywhere; and even the Linux community is for the most part hoping that more companies will take notice of us and port some of their commercial software to our OS. Believe me, the consequences to all of us will be markedly visible if this legislation passes. I don't know about the rest of you, but i don't want to see this much power in the hands of the commercial software developers, even if it does make us look better in comparison. I really think that everyone should be very scared that such a law is not simply laughed into nonexistence. We need to oppose UCITA, or suffer possibly unforseen consequences.
  • by Anonymous Coward on Tuesday June 01, 1999 @09:16AM (#1872282)
    From what it says in the article, vendors can already decide to repossess software. A case with Revlon is cited. However this would add an air of legitimacy to it and encourage proprietary vendors to build backdoors into their software. In addition this law would allow vendors to disclaim all warranties and increase the strength of the EULA.

    Given the rather questionable EULAs in effect today and the rather questionable software quality in proprietary software, I don't think any manager in his right mind would be willing to stake his job on a piece of software under the terms set forth here.

    I can only see this as a boon to the open source software movement, which would offer the following over proprietary:

    1) A much more agreeable license. If a license is Open Source, no one will ever try to repossess your software.

    2) No warrantee, but if you're using a package and something breaks, you can at least fix it yourself in the worst case.

    3) It's free. If your company merges with another one, you don't have to ask anyone for additional licenses or permission to use current licenses.

    4) No proprietary file formats. No need to reverse engineer anything. Your data is not being held hostage by anyone.

    5) Your terms, mostly. You can do anything you want with the software, with the only restriction being that you make any improvements you make available to everyone.

    So you see, I hope this law passes because the sooner everyone is demanding open source, the easier my life will be.
  • by Dead Mike ( 21904 ) on Tuesday June 01, 1999 @09:11AM (#1872283) Homepage
    This is the best thing that could happen for open source software. The publishers are closing ranks and restricting their users more and more. We have reached a critical mass with Apache, sendmail, emacs, etc. and don't need to worry about the 'reverse-engineering' provisions of this law.

    Corporations will come our way in droves if we point out that not only don't we implement UCITA and its noisome 'self-help' strictures, they can see that we don't for themselves. Also, since they own the source, _no one_ can take their software away from them. We should be trumpeting this from the highest peaks. Can you imagine what fear this will strike into the PHB's and suits when they find out that if they don't accede to punishing 'licensing terms' __________ (--Oracle, Microsoft, SAP, Peoplesoft, Baan, etc.--) (fill in the blank) will remotely disable their software throughout their enterprise, from the desktops to the server farms, into the mainframes and down to the data warehouse. Most painfully, the courts and the legislatures will let them!!! Talk about a gun to your head!!! "Sure the data is yours. Try to get at it!"

    However, we DO need to beat these fsckers at their own game and protect our 'prior art' at all times when it is obvious (IIS, Exchange, Notes, etc.) that they are the ones doing the reverse engineering. In these cases we need to insist that all these products conform to the liceses they were initially released under or these anal-retentive zipperheads will find themselves in court!!! Also, we need to DEMAND participation in the standards bodies, so they cannot lock the standards (as Rational and Microsoft have done and continue to do.)

    The only threat I see here is from Adobe. Anyone know if they still have any claim to PostScript?
  • by Accipiter ( 8228 ) on Tuesday June 01, 1999 @09:35AM (#1872285)
    This is absolutely crazy. If you read the article carefully enough, you can pick out SEVERAL controlling issues:

    ....give vendors the right to repossess software by disabling it remotely

    What gives them that right? If you lend a laptop computer to a friend, and he didn't return it when you asked him to, does that mean you can break into his house and take it?

    ....prevent the transfer of licenses from one party to another without vendor permission

    "Hello, Mr. Gates. I'm selling my computer to someone, And I'd like your permission to give him my copy of Windows as well." Now, Microsoft can just as easily say "No, afraid not. BUT, he's perfectly entitled to buy his OWN copy!"

    ....allow vendors to disclaim warrantees

    "...but your warranty says that I can return it if it doesn't work as it says it would."
    "Too bad. We've disclaimed that warranty."

    I've noticed on the chart that Microsoft was in full favor of this bill. (suprise!) Some other stupid items follow:

    McCabe added that vendors are not permitted to exercise self-help if the vendors are aware of third parties that could suffer serious losses because of it.

    So, if a company is confronted with this, they can simply say: "But we had no idea!"

    Software vendors argue that they are within their rights to limit the use of their products.

    Absolutely, but if you want to limit it, you limit it in the actual design of the software. You don't crumble a company's infrastructure just because of a licensing agreement.

    "[the bill] says manufacturers are not liable for the poor quality of their products,"

    Gee...looks like Microsoft is off the hook. Answer this: If the maker of the software isn't responsible if it sucks, who is?

    "If I have to guarantee that my software will perform the way you think it's going to perform, that's going to be costly for me," Winpro's Harris says.

    Actually, that's correct. Expecting Microsoft Excel to walk your dog isn't reasonable. BUT, expecting Microsoft Windows not to crash every hour, is. The idea is that Software manufacturers have to guarantee that the software will perform the way THEY claim it will perform. But if it doesn't,"...manufacturers are not liable for the poor quality of their products."

    Seems to me, that software vendors want to take more responsibility when it comes to them getting their money, but when it comes to their software not performing at it's expected level, they don't want ANY responsibility. It's a 2 way street, folks. They're just trying to put up One-Way signs.

    -- Give him Head? Be a Beacon?

  • If anything it shows the need for "self help" on the part of users, in that users would benefit from sharing experiences and problem resolutions etc so as to reduce the cost of, reliance on and the workload of vendor support.
  • I went through the warranty information for a bunch of my appliances. The closest any of the dozen-plus warranties comes to disclaiming the implied warranties of merchantibility and fitness for purpose is to state that they are limited to the warranty period ( usually 60-90 days ). Better than half of them make no mention of any limitations on the implied M/FFP warranties. Not a single one attempted the sort of blanket disclaimer UCC2B/UCITA attempts to legalize.

    Having read the drafts, I would say that UCITA is less unacceptable than the original UCC2B draft. OTOH, having one leg amputated at the hip is less unacceptable than having both legs amputated, too. Neither is desirable. The best that can be said is that UCITA, in a few spots, provides almost the same rights to the consumer as they would have under UCC. That's not acceptable.

    And nobody has yet presented an argument for why software companies should be allowed to live up to even minimal standards. Even a used car sold as-is still has to meet certain minimum safety standards, yet UCITA wouldn't even hold software makers to that minimal standard.

  • by James Ojaste ( 12446 ) on Tuesday June 01, 1999 @09:03AM (#1872289) Homepage
    This sounds like a death knell for commercial/closed software if it gets passed into law. Does a company *really* want to give its competitors the ability to shut down its systems remotely? How long will it take for somebody to write an exploit to prematurely trigger the self-destruct? Oh sorry, they called it the "self help feature", didn't they?

    I'd much rather stick to open source, so I know that nobody else will be controlling that assembly line or office environment. Talk about a massive DoS attack...
  • This is going to push ever further the necessity of free haven for software : countries where laws about reverse ingeneering/software patents/copyrights don't exist. They already do that with cryptographic code which is made out of the US to get around export laws. Also BladeEnc (MP3 encoder) is made in Sweden because software patents don't apply there. Internationnal laws state that all actions are subject to the local laws where it is done, so you can't sue in the US somebody for a crime (RE ?) commited in a country where it is legal.
  • Office 2000, AFAIK, requires an internet registration within the first 50 times you run the program.

    If you re-install, and have a PIII, it'll be identified as a what happens if you just upgrade the CPU?

    A simple solution would be to embed the serials into the cdrom...A unique serial number on each cdrom.

    10 years in the future....

    Please place your eye to the retena scanner for product branding......Serial number already in have been found guilty of software fraud, Etching advertising slogans onto retena....completed.....have a nice day
  • The shutdown exploit is a good idea.

    And guess who will get blamed when hackers (uhhh, did I get it right) figure out how to do it? The software house? HAH! The FBI and State 'Computer Crime' Task Forces will be out in force. MS (for example) will be making money hand over fist as money that could have been spent by MS on programming shows up in law enforcement agencies pockets. Tech Support with M-16s! Bah, it's already happening.

    I'm having paranoid episodes again! Whee!

  • This has been discussed above... It would only be illegal AFTER the laws have passed. Creating crimes out of actions after the fact, I think, is unconstitutional.

    "I'm a hacker, not because I was programming when I was 13, but because I'm human."
  • Folks, don't bash this law and don't fight it -- if there's ever to be a law that'd promote open source, then this is it. Let it pass! Then make sure your bosses are very well aware of it. And then see how getting open-source software into your company becomes so much easier.
  • by Anonymous Coward
    is the ability to now rent software year-to-year.
    (Good if you're the publisher.)

    If you don't pay your license fee up front, you be turned off.

    This can only increase software costs. Just imagine if all that old, moldy MS-DOS software in use by 30,000,000 Americans could just be turned off. Instant upgrade to Win98/2000. Cool, if you're Microsoft.

    In the mid term, this is terrific news for Linux. Think about it, this only increases the price disparity between open and closed source. Not only do I use better software, but software that is much cheaper.
  • Looks like Infoworld is collecting e-mail signatures for a petition against this thing. Look at the bottom of this page for details. The address is

    How Ironic it is that the simnet page linked from the infoworld page in your previous message, provides a NCCUSL list of commissioners, and a sample letter of dissent to mail to said commissioners, but it's only provided in MS Word .doc format. How obnoxious.

    I faithfully followed those links in order to send a snail-mail because honestly these people take signed snail-mail much more seriously than email petitions, and I wanted to register my dissent with the strongest force possible. Oh well, one hopes StarOffice will read it... but still, these guys ought to get a clue.
  • Someone already said, "if you give them enough rope, they'll hang themselves."

    True, no IT pro will risk their jobs with software that can be yanked at any time, no matter how much adobe and ms say the bill will help the customer.
    Since when did they put the customer before themselves and their image?

    In addition to problems already mentioned, what happens when you put a back door into a piece of sw?
    Once a hacker/cracker reverse engineers that back door and this knowledge spreads, you cant really rely on that program at all.

  • If you need to periodically renew access to your mission-critical software by contacting the vendor, aren't you essentially subscribing to it? What company is going to be silly enough to run their company on software that they are subscribing to? Jeez, the first time the accounting department gets shut down due to the vendors not renewing the keys to the software, someone's head is gonna roll. Perhaps you can get fired for buying Micros~1!

    Personally, I can't see this happening industrywide since the infrastructure that a software vendor is going to have to put into place in order to use a software enabling mechanism like this is going to be considerable. Consider the class action suit that they leave themselves open to if their key distribution server is attacked and rendered unusable for several days. Also, consider the situation where your vendor is clobbered by some natural disaster. Selecting a software vendor located closer than 100 miles of the San Andreas fault could be considered a career-limiting move! Oh sure, they could build multiple servers to serve wide geographic areas and act as backups but methinks that the expense involved is going to make this something only the larger SW vendors are going to attempt.

    I wouldn't count on internet-based software key distribution to catch on too quickly (my gut feeling) but technological advances could make something like this cheaper and more accessible to SW vendors. Then it'll be the royal pain-in-the-keister that everyone's complaining about today.

    Just to be safe, let's make sure that this sort of software enabling becomes about as popular as parallel port dongles. You don't hear much about those nowadays, eh?

  • That's two point of view. If you want to protect your IP by restricting other people then feel free to do it but if you want to give up some of your IP rights for the community then feel free to do it, that's what free licenses allow you to do and the GPL not only allow you to do it but allow you to protect your IP so it won't be used in commercial software. That's not because you use/make closed software that you are evil, this is just a choice.

    BTW: the GPL give you very few restrictions about the USE of the software and these restrictions are about preventing loopholes allowing people to close GPL'd stuff. The GPL is very restrictive about DISTRIBUTING software (which isn't the same as using). You're not allowed to distribute GPL'd stuff in binary only form without any access to the code.

    The GPL is a good thing because it fills a gap in the free licenses community, but this don't mean other license are not bad or better, they just are different and can be called better or worse only when you try to apply them on your code (ie: for what you want to do it can be worse to apply the GPL than the BSD license and vice-versa).
  • To our American friends, good luck fighting this stupid law. (I'm Australian, I know about stupid laws. Internet Censorship, anyone?)

    If the stupid law passes, however, here's a bit of fun that you can have. Have a Transfer of Licence Day, which will work like last February's Refund Day, except that a bunch of you get together and swamp a vendor with requests to transfer your licences to each other.

    It might work like this. Suppose Fred and Barney both have licences for the same software from Vendor ABC. Fred contacts Vendor ABC for permission to transfer his licence to Barney, and Barney contacts the vendor for permission to transfer his licence to Fred. If enough people do this, a vendor would be swamped with requests, and a significant amount of the vendor's time can be spent fielding these requests. The worst-case scenario for a vendor is the cessation of normal business as they use all their resources handling the requests, in the real-world equivalent of a denial-of-service attack.

    Maybe you could organise something similar before the stupid law passes, to demonstrate to vendors how stupid the law will be. Call it a Bogus Transfer of Licence Day.

    The stupid law also needs a clause that states that the vendor cannot unreasonably withhold permission to transfer the licence. If I want to sell my computer and all its software to Fred, it would be unreasonable for the vendor to withhold permission, surely?

    Let's hope the stupid law doesn't pass.
  • This is a ridiculous law, but it's intended to protect ridiculous people. Who cares? I've run Linux for a few years now, I've had Word Processors that make better College Reports than any commercial (LyX), better Math software (Rlab) and better programming environments, Vi, Emacs..
    . If these commercial developers who make shoddy software want to cripple themselves even more, especially in the face of this OSS revolution, more power to them.
    I don't need them, and neither do you.
  • Commercial software licensing has been fscked up for years. Try reading some of those licenses - the end user has little to no rights as it is.

    Right now OSS supplants commercial software. Perhaps one day, it will replace it. Due to commercial software's history of being closed, often buggy, and now licensing issues, perhaps this is OSS's time to be in the limelight.

  • Your post is very pessimistic, and it fails to consider what many of the post have done: software vendors are banking on the presumption that consumers will be STUPID enough to purchase software with this kind dreck attached to it. Let's not forget - these companies are SELLING us something. This involves a condition whereby one party agrees to exchange THEIR money for what it is the software company is offering. This license seems to treat any revenue from these kinds of licenses as a foregone conclusion.

    At the risk of stating the obvious, a company can't exist without sufficient revenue. If enough customers find this kind of agreement as hideous as it really is, they'll simply refuse to purchase the product. Revenue falls, company goes under, end of story. How many times do you think this will have to happen before software companies decide that this kind of license is tantamount to putting a loaded gun to your head and pulling the trigger?

    Once a user signs an agreement, they're stuck...but no software company can MAKE you buy their product, and this is something that consumers would do well to remember. I'd just love to be able to send a letter to one or more of these companies:

    To Whom it may concern:

    We have been long-time consumers of your products in the past, and we are pleased with the results we have been able to achieve. I regret to inform you, however, that we are unable to continue a relationship with your company. Because we have found your new licensing requirements unacceptable, we will be replacing your software with an alternative that has far more reasonable terms governing its use.

    Have a nice day.

    John Q. ITProfessional
  • Free Software has no restrictions on how you can use it. ...which would imply that my Free Software could impose restrictions on how YOU use it, or you could impose restrictions on how others use it from your download site, backed up by UCITA, no? After all, Internet Explorer is "free", too...
  • the website states that "reasonable upgrades" won't break office, but if the case and a modem are the only parts in common with a before and after of a massive upgrade, then it'll break, definitely.

    The connection-req'd editions will be [initally?] released in "high-piracy" markets, e.g. China, Brazil, student discounted versions.

    Hurry up with Koffice already!
  • by sinan ( 10073 )
    Actually he said OSS ( I think he meant GPL) is not the answer, Free Software ( i.e. NOT GPL but non-restricted Free software , as in antlr from is the answer. He was using Free to mean NOT GPL.... in my opinion.

  • An Anonymous Coward wrote:

    "Interesting, groups that have backing which use/depend on software in a big way in their business. Makes sense."

    I'm not sure what this means, but if it means that the primary opponents of UCITA are large and small customers, that's a mistake.

    The Association for Computing Machinery, the Institute for Electrical and Electronic Engineers, the Sacramento Area Quality Association, the sw-test-discuss mailing list, and the Independent Computer Consultants Association have all opposed UCITA. These groups all represent software developers.

    And the Motion Picture Association, the Recording Industry Association, the National Cable Television Association, the National Association of Broadcasters, the Newspaper Association of America, and the Magazine Publishers of America are all publishers. They oppose UCITA as publishers, not as customers. Their gripe is the extent to which the rules favor only the software industry. These publishers find that the rules are too heavily tailored to the practice of software publishers ("Article 2B departs from this sound model [of neutrality across industries] by providing highly specialized default rules based on practices advocated by only one segment of a much broader and more diverse group of licensing industries."
  • Aren't some of these features already in place in some software? Someone from another dept came to me the other day blaming someone in my dept. for pirating their Adobe Photoshop. On her Mac, she couldn't run Photoshop because it detected another copy with the same serial number in use on the network. What friggin BS(and why I hate Macs), and we're supposed to have a site license for it.

    All this software at work we have site licenses for, but it's all for Macs. So I do a little "borrowing" for the Win95 software I need.
  • This provision could end up being the end of the Uniform Commerical Code. Right now commerical contracts are largely governed under this "model" legislation which is passed at the state level. If the state's flub it though, the federal government has the power to override this via its interstate commerce powers. Consumer protection legislation has always had better luck at the federal level than at the state level. If the state's pass laws that allow companies to screw over consumers too badly, look for consumers' groups to lobby the federal government to pass overriding legislation. The states could see their precious contract rights laws thrown out the window! I'm planning on forwarding a copy of that article to my Congressman.
  • by Fizgig ( 16368 )
    Well, I can answer the second part of my question from reading the end of the article. Since this is about making commerce laws the same within states (not necessarily interstate), it couldn't be done federally without bending over backwards. So it was a part of the Uniform Commercial Code, a law making commerce rules the same in states. They then made it a separate bill. It will be decided upon by the American Law Institute, which is not made up of state attorneys general but by lawyers appointed by the state (quite often the same people, I'm sure). But who do I write to?

    Ok, I've found they're at, but I can't find a member list. Anyone?
  • It will be difficult enough when a vendor can shutdown or reposses Software remotely. However, I have to wonder if they have considered the probablility that once the commercial security has been broken (shouldn't take too long either), nobody's software is safe from being cancelled. Do you chase after the cracker who killed your mission critical software (or destroyed your ability to write business letters, which could be considered mission critical) and whom doesn't have the resources to return your business to health, or do you chase the vendor, who may well have deeper pockets.

    Assuming that this turkey goes through, and since it will enrich lawyers I suspect that it will, Open Source will be the only software worth having.
  • by technophile ( 8799 ) on Tuesday June 01, 1999 @09:50AM (#1872329) Homepage
    Somehow I doubt this would ever hold up under judicial review. The whole intellectual property set-up, as explicitly set forth in the Constitution and federal copyright law, is an exchange. On the one hand, the owner of a copyright is given exclusive rights to copy, redistribute, etc. On the other hand, they voluntarily cede rights to the founding ideas to the public. Reverse engineering is therefore legal, since copyright confers absolutely no rights to any founding ideas behind a copyrighted work. I think the Supreme Court would overturn this in a heartbeat. The only sticking point is that (technically, at least), a EULA is a voluntary contract, and it is possible to voluntarily refuse to exercise one's rights under a contract. That would be legally enforceable, if the SC took the view of EULAs as full contracts. However, currently, it's more likely that extreme provisions of EULAs will be looked upon as unenforceable (at least two federal district court decisions have come down this way).

    I guess the simplest way to put it is that the proposed law directly contradicts both federal copyright law and the underlying (constitutional) motives behind IP law. In that light, I fail to see how it could survive judicial review.

    "Perfection is achieved, not when there is nothing left to add, but when there is nothing left to take away. "

  • by IIH ( 33751 ) on Tuesday June 01, 1999 @01:19PM (#1872331)
    (licence contained on dashboard)

    Welcome to your Microsoft Car. By opening the door of this car, you have agreed to this contact and are legally bound by its terms.

    You are hearby granted licence to drive this car for purpose of leisure only, within the radius of 50 miles of point of purchase.
    Should you wish to use this care for commerical purposes, or for distances longer than 50 miles, you must purchase an upgrade to this licence, details of costs are available from your local MS office

    This car comes without any warranty, evnt those assumed for fitness of purpose.
    If this car breaks down, we will disclaim liabilty, and not be liable for any damges resulting thereof.

    This car has been fitted with the lastest cut-off system, whereby we can remotely imobilise your car in the case we are in suspicion of you breaching your licencening agreements (eg for commerical use, more than 50 miles, or listening to music in mp3 instead of microsoft format)

    In no case will we be liable for the damages resulting from cutoff, not even if life or money is lost as a consequence therof. any fines for stopping in the midst of the freeway must be borne by the customer.

    If you even wish to sell your car, you must contact us for permission to do so, permission may be granted in exceptional circumstances, the normal requiremnt is for a second owner to purchase the licence to use the car from us. We will retain any monies thereof, and you will also be unable to use the car hencewith.

    You may not attempt to guess what is wrong with the car, if it splutters and stops, you may *not* assume that it is out of petrol and attempt to refuel. Yu must bring it to a MS approved dealer, where he will apply the required fix (for an appropiate fee). Attempting to refuel the car, will result in breach of the licence, and your car may be cut off at any day henceforth. The petrol gauge is for use of a Microsoft certificed mechanic for diagnositic purposes only.

    As the car is the primary mode of transport, any other modes of transport are deemed copies, and are subject to patent laws. Any mode of device which transports a person, goods, information or thought from two distinct places will be covered. injunctions are currently in place against bicycles, wheelbarrows, televisions, and telepaths in the respective categories.

    This casr is equipped with the latest map guidance, so it can tell you (and us) hwere exactly you are in the world. On each entry to the car, it will ask you "where do you want to go today?" If you answer correctly, it will transport you there. Any attempt to visit one of our competitiors will result in imediate terminition of your licence.

    This MS care is fully compatible with all othe MS road users, howevrer any crashs as a result of contact with other road users will be deemed to be the fault of the non-MS road user, and MS will not be liable.

    this product is only supported on MS stamdard road. For a definition of the word "supported" please see licence 345, section 4, paragraph 5, with excpemptions for cases detailed in sections 1 through 4.

    Thank you for *choosing* an MSCAR, the only car that can get through an MS toll bridge in under 3 hours. Our competitors (which you are free to choose, of course, subject to fillout the relevent documentation) seem to be unable to cope with this simple transport protocol.

  • From a libertarian free-market-absolutist standpoint(*), there's no problem with such licenses as long as you can reject the license and obtain a refund as soon as you have an opportunity to read the terms. Alternatively, such licenses would be OK as long as manufacturers could put on the box a binding statement that the consumer will not be bound by any license terms not disclosed on the box, and customers could avoid software not bearing that statement.

    (* Which I don't necessarily endorse.)

  • "If I have to guarantee that my software will perform the way you think it's going to perform, that's going to be costly for me," Winpro's Harris says. "Software isn't like a piece of furniture -- there are many other variables."

    Well... it looks like they're tired of fulfilling all of their promises. I guess they want a law to support vapourware.

    Software better damned well perform as I expect it, as my expectations are based on your advertisements and demonstrations. If I see a demo that shows a petroleum accounting product doing a year-by-year budget comparison at a trade show, that feature had better be in the demonstrated version.

    Imagine if your TV had "supports over 1,000 channels on the box" and only supported 100 when you actually tried to use it!

    Please, please kill this law. The only good thing that could come out of this is giving OSS a huge boost, but there are a lot of industries that will be hurt by this no matter what.

  • This regulations are clearly made to prevent the illegal distribution of of-the-shelf software, in contrast to sofware which requires heavy support and/or customization. In fact, for that kind of software, the main revenues come from service and consulting.

    It's interesting that during the past years, the business model of shrink wrapped software was changing in that direction as well: Software gets bundled and shipped without manuals (making it virtually free if you buy a new computer), and using technical support is not free any more.

    This alone indicates that the need for so-called "self help" to sofware vendors is nonesense! In a professional organization, heavy service fees are paid, so (higher paid) engineers don't have to figure the software out themselves. As far as the private market is concerned, well, that doesn't seem to be UCITA's target group in the first place, which introduces even more controvercy!

    Then again, this proposal already raises a lot of opposition, so I personally doubt that it will ever pass.

  • Companies don't reverse engineer anything. They buy a software package to do the work, and they use it. This is true today, and it will be true tomorrow. Companies are smart enough to sign clear legal agreements, and would never let their data be held hostage to 'anyone.' This arguement belongs in /dev/null

    If you are talking about small companies that have no IT department and rely on off-the-shelf software, then what you say is true.

    However, bigger companies often buy software packages that require lots of customization, and they often want it integrated into existing systems. The more open the product is, the easier this is to accomplish.

    As for the "held hostage" comment. If your documents are stored in the latest MS word/excel formats, it works fine if you only use word and excel to view them, but if you want to do anything tricky with the data, maybe export it every sunday evening, and email a summary to certain employees who are logged into a certain system at the time, you are stuck using MS tools which may or may not be available to accomplish your task. If you use non-proprietary formats, you will never be "locked-in" or held hostage by a certain vendor.

  • Ugh. I've been mulling about what's wrong with IP law lately, and I've decided a large part of the problem is that large, restrictive contracts like EULAs are being granted legal enforcement. Let's face it, most people don't read through that list of conditions because it's so easy to bypass, so they waive all sorts of legal rights to the software manufacturer. If you ask most Joe Users, they aren't aware that they don't legally OWN the software, they can't modify it in certain ways, etc. User ignorance, yes, but the ignorance of the masses impacts the individual.

    I think if, in order to make a EULA enforceable, the user would have to SIGN a real contract, people would become much more aware of the drawbacks of non-Free software and become hopping mad at the conditions that most vendors are trying to get them to commit to.

    It is an essay on shrinkwrap licenses by Leo L Schwab.

    There was also pretty good page with information about the legality of reverse engineering at, but that site seems to be gone once again :( (Does anyone know of another such page anywhere?)

  • >You do realize this has the
    >potential to kill WINE and Samba, right?

    Nay, nay. The license provisions only apply to
    those who install and use the software. That
    would have to be proven in court in order to
    invoke the reverse engineering clause. This is
    only a danger if we are not aware of it when
    founding such projects. Pay attention to your
    clean room, and this law is nothing but good
    news for open source.
  • by tdunn ( 1381 )
    The one provision I love is for the manufacturer to reposses the software in the event of a dispute.
  • This is a prime example of Government making rules to the benefit of big business rather than to the benefit of the individual.

    UCITA will in no way help consumers. It WILL help out the huge mega-corps who will now have the power to play hard-ball with individual users.

    This definately is a call for users to go with OSS. It's the quickest and easiest way out of the mess that proprietary vendors are creating.

    As you can see, Government is making rules based on where the money is. It should be passing laws that protect the individual. I think it's in all of our best interest to fight this (write letters, use OSS--stuff like that)

  • by Stephen Beynon ( 22217 ) on Tuesday June 01, 1999 @11:08AM (#1872378)
    I will be interested in how they enforce this world wide, since remotely disabeling software is certainly a prohibited in the UK by the computer misuse act 1990. I even recall a case where a company refused to pay a software development company. The software developer remotely disabled the software, and was successfuly prosecuted under section 3 of the computer misuse act.

    As I understand it if a person from the US brought thier laptop into the UK, and had the software disabled remotely they they would be able to prosecute the software vendor.


    Section 3 of the computer misuse act follows:

    Computer Misuse Act 1990 (UK) Section 3

    3.(1) A Person is guilty of an offence if -

    (a) he does any act which causes an unauthorised modification of the
    contents of any computer; and
    (b) at the time when he does the act he has the requisite intent and the
    requisite knowledge.

    (2) For the purposes of subsection (1)(b) above the requisite intent is an
    intent to cause a modification of the contents of any computer and by so
    doing -

    (a) to impair the operation of any computer;
    (b) to prevent or hinder access to any program or data held in any
    computer; or
    (c) to impair the operation of any such program or the reliability of any
    such data.

    (3) The intent need not be directed at -

    (a) any particular computer;
    (b) any particular program or data or a program or data of any
    particular kind; or
    (c) any particular modification or a modification of any particular

    (4) For the purposes of subsection (1)(b) above the requisite knowledge is
    knowledge that any modification he intends to cause is unauthorised.

    (5) It is immaterial for the purposes of this section whether an unauthorised
    modification or any intended effect of it of a kind mentioned in
    subsection (2) above is, or is intended to be, permanent or merely

    (6) For the purposes of the Criminal Damage Act 1971 a modification of
    the contents of a computer shall not be regarded as damaging any
    computer or computer storage medium unless its effect on that computer
    or computer storage medium impairs its physical condition.

    (7) A person guilty of an offence under this section shall be liable -

    (a) on summary conviction, to imprisonment for a term not exceeding
    six months or to a fine not exceeding the statutory maximum or to
    both; and
    (b) on conviction on indictment, to imprisonment for a term not
    exceeding five years or to a fine or to both.

  • by Fizgig ( 16368 ) on Tuesday June 01, 1999 @09:33AM (#1872379)
    Yes, I can see how this might help OSS (or whatever), but I can see how it would hurt it just as bad. You do realize this has the potential to kill WINE and Samba, right? The reverse-engineering clause would kill those. I suppose you could do something with WINE by using the programming references, but you're not going to get as far as you might by reverse engineering Windows (and no telling how liberal their definition of reverse engineering will be; you really can't be bug-for-bug compatible without doing some kind of reverse engineering).

    One thing I'm not clear on: what kind of a law is this? It says that once it's ratified by a group of state attorneys general and then passed by a few state legislatures, it will become law. Since when is that how things work?
  • Wow. This is perfect. Perfectly Orwellian, that is:

    "[...]a Microsoft public relations representative agreed that the law is designed to protect customers."

    That quote is in reference to the "self help" provision of the proposed law. That provision is the one that will allow software licensors to remotely disable licensee's software. Allowing this has the exact opposite effect of protecting consumers; it exposes them to greater risk!

    So, when using newspeak, remember: "protect" means "threaten."

    The world is getting more Orwellian by the day.

  • by Signal 11 ( 7608 ) on Tuesday June 01, 1999 @09:00AM (#1872385)
    If there's ever been a time for the open source community to make itself known, this is it. Now, more than ever, we have proof of the damage to the consumer that intellectual property concerns can do. Apparently, if we give our legislators enough rope, they will gleefully hang themselves.

    Here's what you can do:

    - Talk to management. Get them to see what intellectual property concerns will do to their bottom line. Then suggest the alternative: open source [].

    - Support things like Consumer Reports [], and the Better Business Bureau.

    - Inform would-be software buyers of the tradeoffs to buying proprietary software.

    It's a decidedly different tact. If you're on the open-source train, I'd have a good laugh right now, because these [] people are putting the nails in their own coffin, free of charge -- The ultimate compliment to the OSS movement [].

  • Todd proves too much with his quote. For one thing, the word "obvious" does not appear there. As an aside, I didn't take issue with the use of "written," so that's a straw man.

    There is substantial case law concerning the term "conspicuous," which does appear in the statute is satisified by an all-caps document. I noted all of this in the post to which he responded.

    The assertion concerning payment and delivery is at odds with applicable case law which holds that when a box states that there is a shrinkwrap therein, the acceptance of an offer to sell does not take place until after the shrinkwrap is reviewed; provided there is a return option. ProCD v. Zeidenberg.

    Todd to some extent misstates and largely overtstates what is the law. The use of after-payment-and-delivery limited warranties disclaiming fitness and merchantability, when a package recites the existence of a limited warranty, are common in the consumer electronics and home appliance businesses, and elsewhere in commerce. According to Todd, none of these documents have any meaningful effect, and years of litigation in which such provisions have been enforced are mistaken.

    It's not that Todd is entirely wrong, however. There is another UCC issue, 2-217, the battle of the forms provision, which precludes adding terms to agreements under certain circumstances by the use of printed forms. In many cases, the exchange of paperwork resulting in conflicting terms or new material terms added afterwards *CAN* result in some terms (like arbitration clauses) being cut out of the deal. 217 cases are highly fact-specific, and shrink-wrap scenarios do involve substantial risk for the vendor who is not careful in preparing his packaging.

    That, however is not the issue -- the original article suggested that UCITA is evil and radically different from the status quo because it permits warranties to be disclaimed. Such overstatements are dangerous and a discredit to those who would criticize UCITA. Todd ultimately admits that the article's point is a canard when he writes, "And yes, all warranties can be disclaimed under the UCC." Accordingly, it would appear that he should agree that the statement in the article, at least, is a wild overstatement of the problem.

    On the other issues, I stand by my last posting, and suggest once more that on this point, Todd and I simply agree to disagree.
  • The one thing that I really object to in this law is the clause against reverse engineering. I like to have the option of trying to figure out how things work... (even though I'm not good at it.)
    I think the code for accessing ZIP drives under Linux was originally written by reverse engineering.
    Comments in the source code indicates that the Matrox Millenium driver in XFree86 was originally written by something akin to reverse engineering.

    The other clauses will probably hurt the software vendors once people start to grasp the trap. There is after all lots of free software out there.

    Do you think every manufacturer will write rock solid authentication code to prevent non authorized people from deinstalling their software? I don't.

    On the other hand, if we allow laws like this there could eventually be even worse laws around the corner... Imagine people selling a PC to you, and you are not allowed to install anything on it unless you pay a fee to the manufacturer, or something equally absurd.

  • The back doors that this bill seems to mandate are ripe for exploit in a new type of Denial Of Service attack, especially if they are included in software as popular among the .com set as MS-ware. If you think about the most common "features" exploited by virus writers and crackers, the majority of them are on MS software and its famous integration (Word macros sending an ungodly amount of emails, screensavers that allow root access, etc.).

    Viruses are often written to disable programs or destroy data. If the software vendor can disable product remotely, it won't be long before the methods are used in a malicious piece of code (a matter of weeks or even days at the most, considering how many vendors push beta or even alpha releases out the door).

    All the more reason to use GPL/OSS products.

  • No reverse engineering? What the hell? I thought that the USofA was supposed to have freedom of speech and expression? What this means, of course, is that NO emulator is legal. All emulators rely heavily on reverse engineering tactics.

    Could you prove that AbiWord reverse engineered word? The look a lot alike, right?

    Laws like this aren't just stupid, they're outright dangerous.

  • by Jeff Monks ( 6068 ) on Tuesday June 01, 1999 @09:37AM (#1872408)
    Looks like Infoworld is collecting e-mail signatures for a petition against this thing. Look at the bottom of this page [] for details. The address is [mailto].

    Time to put the /. effect to good use?

  • by Aaron M. Renn ( 539 ) <> on Tuesday June 01, 1999 @11:23AM (#1872409) Homepage
    Here's a copy of a letter I just fired off to my Congressman. (Hope it's accurate...):

    To the Honorable Janice D. Schakowski:

    The federal government has always been a leader in consumer protection. Unfortunately, our state governments are not always so progressive. The National Conference of Commissioners on Uniform State Laws (NCCUSL) is planning to meet in July to vote on the ratification of the proposed Uniform Computer Information Transactions Act ("the Act"). The Act is a revival of the highly criticized "2B" amendment to the Uniform Commerical Code (UCC). The Act would be an unmitigated disaster for consumers of software products. Among its provisions, the Act would:

    -- Drastically increase the enforceability of "shrink wrap" software licenses. These licenses are typically included inside the sealed software packages that appear on store shelves. Consumers have no ability to negotiate terms or even see what it is they are agreeing to prior to paying for the software. These licenses often contain draconian terms such as prohibiting anyone from publishing bechmarks or evaluations of the software without the manufacturers permission (ie, muzzling free speech), prohibiting the transfer of the product to a third party (ie, gutting First Sale rights under copyright law), and prohibiting reverse engineering (ie, gutting Fair Use rights under copyright law).

    -- Allows software vendors to more easily disclaim any warranties and escape liability for defective products.

    -- Gives specific authorization for software vendors to remotely disable software if the vendor believes its license terms have been broken -- without any finding of this fact by a court or other neutral body, no due process for accused license violators, and insufficient safeguards for customers who might not even find out they have been accused of a violation until such time as their software has been shut off. Even a threat to revoke the license of a mission critical software product could be an unfair bargaining lever against small businesses without the resources to fight back.

    I urge you to investigate this matter and take steps to ensure that software consumers are adequately protected. Most software sales involve some form of interstate commerce and so federal jurisdiction should apply if Congress decides to exercise its authority in this matter. It is imperative that Congress put the states on notice that it will not tolerate legislation that harms consumers and benefits only multi-million and billion dollar corporations. It is important to act fast because if the NCCUSL approves this "model" legislation in July, it is highly likely that state legislatures will give rubberstamp approval to it just as they do to UCC changes. If that happens, Congress should not hesitate to override this anti-consumer state legislation.

    Software manufacturers are already entitled to 95 years of protection under existing copyright laws, including both civil and criminal penalties for copyright infringers. It is imperative that the existing rights of consumers under copyright law are not stripped away by an added layer of contract rights granted at the state level.

    For additional information on the Act, please see the article "Licensing time bomb: Software-law dispute explodes as enactment draws near" in InfoWorld magazine. This article is available on the World Wide Web at features/990531ucita.htm Additional InfoWorld articles about the Act are available at features/990528ucitareport.htm

    Thank you for taking the time to consider my concerns.


    Aaron M. Renn
  • Legal and ethical issues aside...

    If this becomes a technological, rather then a legal, issue; what is to prevent the vigilante anti-M$ crackers (a'la Back Orifice) from issuing a remote shutdown flood for a software made by the company of their choice?

    Given Microsoft's abysmal security, there are going to be many unhappy customers, ready to convert to the next best alternative (ahem! TUX) - one that does not implement a remote shutdown back-door.

    On a totally unrelated note (heh), I'm sure that no self-respecting open source software would even come close to considering this path.

    We're looking at something akin to the PIII-id. They just keep on cutting the branch they sit on, don't they?
  • by paitre ( 32242 ) on Tuesday June 01, 1999 @09:07AM (#1872412) Journal
    1. This is draconian legislation (or whatever you want to call it) in every sense of the word. The software companies will not be held liable for the software to work, and they can kill "your" copy of their product on a whim.

    2. The belief that the consumer market will be able to police the proposed legislation, putting companies out of business if they shut users down, is so absolutely ludicrous that it's almost funny. The average consumer deals with MS failing on a daily basis, and yet continue to purchase their products, although there are others out there. This will make it even MORE difficult to bring competition and fair play into the market. I don't think frightening can be used too much here.

    3. Big Brother, here we come. This is the complete and total annihilation of any rights that a software purchaser may have had before. Not allowed to resell/give/transfer a software package without vendor permission? WTF is with micromanaging consumer use/reuse? Again, we're looking at a very scary scenario here. If this passes, what is to prevent the federal government to pass a similar law/set of laws? What is to prevent them from passing a similar law/set of laws with provisions that the NSA/FBI/CIA have access to every shred of data on every individual's computer system? This is the logical progression from such a law, and if this happens, it will become VERY difficult to get rid of.

    The gist of what I read in the aforemention article is that the software companies (and is anyone really suprised that MS is in favor of this?) want complete and total control of what users can and cannot do on their computers. I can agree with the concern about piracy and RE, to an extent. HOWEVER, without RE (reverse engineering) we'd probably not even have half the products (payware and otherwise) that we have today. This is including Windows (c'mon, Xerox and Apple had a GUI LONG before MS even thought of it, and need I bring up Mesa, Samba, etc? All solid products making use of RE to figure out necessary hidden/proprietary protocols).

    The only way to stop such a draconion piece of legislation is to make it crystal clear to our state legislatures (for those of us who are in the USA) that anyone who votes FOR this thing will have a bitch of a time getting reelected. We also need to make it clear that there WILL be a series of court challenges to this legislation, as I seriously doubt the ACLU will allow for this to occur.

  • Perhaps the best analogy is a music CD.

    It is (I think)legal to make a single copy to a cassette so that you can play it in your car in addition to your home stereo. It is also legal to lend/give away/whatever your copy of the CD to someone else. Hell, it's even legal to sell the darn thing back at a used CD shop.

    In addition, it is CERTAINLY legal to play the CD while someone else is in the house. Not so legal if you're "commercially broadcasting" with no license, but that's different.

    What I don't like about this law is that it would be like saying you can't sell your CDs along with your stereo if you decided to do that for some reason. (Maybe you got a minidisc player, love minidiscs, and want all your music in that format? Meanwhile, your kid sister is getting her first ever stereo ...)

    And if you want to be really inane about all this, I'm a temp. The software I use is registered to the person I'm filling in for while she's on disability. Looks like I'm breaking the law or something. :P

Disraeli was pretty close: actually, there are Lies, Damn lies, Statistics, Benchmarks, and Delivery dates.