Slashdot Mirror

This kind of stuff couldn't happen in the world of material goods. The proprietary software industry lives in a different world with different laws. Do you think a manufacturer could sell a lawn mower which they blatantly announced wasn't even fit to cut lawns? When the blades were determined to have a defect, could they say "Here, buy these new ones?" No one would let them get away with it. Somehow, the software industry gets around it.

Captcha is "frauds." Hehe.

That's because transitory copies have been handled by the courts (for software) already.

I remember a case where someone providing maintenance was charged with copyright infringement while running software on a customer site...

Ah, there it is. MAI Systems Corp. v Peak Computer, Inc.

http://www.badsoftware.com/y2ksspa.htm

It doesn't matter who asks you to make the copy, you have to have permission to do it. That includes executing licensed software on customer premises. The act of running software creates a copy, which the person performing the execution needs to have permission to make.

I'm not familiar with any law changes or follow-on case law, so I don't know how it stands now.

Alienware sucks and has sucked since at least 2005.

Most contracts require prior agreement, but EULAs are exceptions. There was a recent /. article that delved into this:

http://hardware.slashdot.org/article.pl?sid=07/06/ 07/2317239
And some user or another links to actual legal precedent here:
http://www.badsoftware.com/hill.htm

So yeah, EULAs count as valid contracts because purchasing the product (and using it instead of returning it) counts as agreement.

That would be a useful theory to argue if the doctrine of 'contracts of adhesion' were actually alive; it's been dead in the water for many years in most states. You won't find precedent following this line of reasoning since the early 70's. The legal trend is in the other direction -- mass market buyer beware. (And generally not a good idea to use Wiki as a definitive source of the state of the law.)

The best argument is that the terms were not part of the contract formation -- offer and acceptance (payment) were exchanged before they were ever presented and seen. This was a common-law principle crucial to the development of commercial law in most states, prior to the enactment of the uniform laws.

Another great argument is under the applicable state consumer protection act. We lawyers love these -- they address the various sketchy business practices that are used to entice consumers enter into transactions based on incomplete or misleading information. Lots of states provide for attorneys' fees and triple damages.

Another approach is to argue that EULA-type restrictions only can apply to services (licensed intellectual properties) and cannot apply to the goods. The hardware is a good, and after title passes to a good, you can't restrict use or otherwise affect the contract of sale. Software licenses are a service and the prevailing rule of law is that they are not subject at all to the UCC or UCC caselaw, even arguing by analogy.

Those are certainly the arguments that I would make, were I in this guy's place.

On the clickwrap/shrinkwrap enforceability issue -- a few states have tried to pass legislation 'propping up' clickwrap/shrinkwrap by declaring EULAs to be enforceable valid contracts even if they are not seen by the buyer prior to the opening of the package. AFAIK (IAAL) none of these statutes have been found valid in court, so the "clickwrap" issue is very much an open question. (There is another issue, which is whether any such legislation is preempted by the copyright and patent laws, since they are federal and they both were designed by Congress to supersede state laws covering substantially the same rights.)

Also, note that the computer industry has been actively lobbying to get their own uber-clickwrap law in place, called UCITA (Uniform Commercial Information Transactions Act). UCITA applies to all transactions involving "information technology" regardless of mode of delivery (allowing control of use of mixed goods/services contracts -- a book could be "licensed" and not sold, under UCITA). Here are some links to the text and articles and criticism of UCITA. Virginia and Maryland have passed UCITA, but it seems to have lost steam since then, no activity on further adoption since 2000-2001. The same issue above, about preemption by federal law, applies to UCITA as well (since whereever it has been passed, it's a state law).

Have you read your employment contract?

Your rental agreement?

Your credit card agreement?

The entire concept of contracts (which the libertarians are so in love with) only works if you accept the legal fiction that everybody reads all the contracts they've committed themselves to.

Which is, of course, utterly impossible.

because Gateway never gave him a chance to read the EULA

1. As the previous link makes clear, whether the guy actually read the EULA doesn't actually matter.
2. What makes you believe Gateway never gave him the chance? He could have asked the retailer for a copy, called the 1-800 number, read the website, and I suspect if he asked nicely they'd send him a copy for free by mail or email. Don't confuse the inability with the unwillingness to bother; the two are extremely different in court.

But if he had had the chance to read it

he would have been legally presumed to have read it.

This presumption seems very strange to the non-lawyer

Have you read your employment contract?

Your rental agreement?

Your credit card agreement?

The entire concept of contracts (which the libertarians are so in love with) only works if you accept the legal fiction that everybody reads all the contracts they've committed themselves to.

Which is, of course, utterly impossible.

because Gateway never gave him a chance to read the EULA

1. As the previous link makes clear, whether the guy actually read the EULA doesn't actually matter.
2. What makes you believe Gateway never gave him the chance? He could have asked the retailer for a copy, called the 1-800 number, read the website, and I suspect if he asked nicely they'd send him a copy for free by mail or email. Don't confuse the inability with the unwillingness to bother; the two are extremely different in court.

But if he had had the chance to read it

he would have been legally presumed to have read it.

This presumption seems very strange to the non-lawyer

Nobody can "sign away" their statutory rights.

Similarly, in a lot of places, consumer legislation gives you the right to sue any manufacturer for a defect

Also, it'll be fun seeing Gateway try to appeal this one ... they're out of luck here.

Someone posted a link above... I assume this is the case you're talking about: http://www.badsoftware.com/hill.htm

Unfortunately, courts tend to approve EULAs (and even provide some logic for this decision):

http://www.badsoftware.com/hill.htm :

ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996), holds that terms inside a box of software bind consumers who use the software after an opportunity to read the terms and to reject them by returning the product.

Customers as a group are better off when vendors skip costly and ineffectual steps such as telephonic recitation, and use instead a simple approve-or-return device. Competent adults are bound by such documents, read or unread.

Generally, yes. Gateway has traditionally included its agreements in the box. Practically this exact same case has been tried before:

http://www.badsoftware.com/hill.htm

http://www.badsoftware.com/alienwaresucks/

Hill v. Gateway 2000 has your answer. See paragraph 17. No, this isn't universal law, but it holds up well enough that you'd be foolish to take the EULA to court as unenforceable.

WRONG! If you read my bio, you'll see that I am a lawyer - and one who specializes in Intellectual Proprty issues relating to computer software. I have yet to see or even hear of a licensing case that didn't also include copyright claims. The license breach is always designated as a breach of contract action because that is exactly what it is.

Go to Cem Kaner's siteand you'll see that the newest proposals for additions to the Uniform Commercial Code are contained within UCITA. The Code deals with contractual provisions for software - what you can and cannot put in the license.

Those articles are just that - all ARTICLES - just people's legal opinions. They are not law. Law is made by statute or court decision. Groklaw has this posted as well: If the GPL is found invalid, then you revert to copyright law.

This means that copyright law and the GPL are SEPARATE REMEDIES. Like I have said all along - the claim for the violation of licensing terms is a BREACH OF CONTRACT ACTION.

Here's some copyright litigation 101:

• In the US, a copyright is created as soon as a work is fixed in a tangible medium (since the act was revised in 1976 anyway).
• In order to sue for copyright infringement, the copyright holder must have REGISTERED his copyright at the US Copyright Office.
• No copyright registration, no lawsuit. Simple as that.
• If a license is involved, the breach of the license is what would make CONTINUED (NOT PAST !) use of the work a copyright violation as of the date of the violation of the license. The nice thing is that you DO NOT NEED TO HAVE REGISTERED YOUR COPYRIGHT to bring an action based upon a license violation. Why? BECAUSE THE LEGAL ELEMENTS DO NOT REQUIRE IT.

Oversimplification, but here is a comparison of the elements for copyright infringement and breach of license claims:

1. Copyright - Existing copyright in a work, registration of the copyright, unauthorized use (e.g., wholly without permission or exceeding the limits put on permission granted).
2. Breach of License - Offer, acceptance, consideration (something of value passing between the parties), breach, damages.

Why people try to describe the GPL as "not a contract" is beyond me - you WANT the GPL to be a contract so you can ENFORCE IT IN COURT.

One last note - if you don't believe me, will you believe IBM's lawyers in the suit against SCO? HERE is IBM's Answer and Counterclaims. You'll see that IBM's Sixth Counterclaim is Breach of License and its Seventh Counterclaim is Promissory Estoppel. Promissory estoppel is a quasi-contract action.

See? I'm not making this stuff up off the top of my head.

This issue has been around for awhile. I remember reading Yourdon's books on this topic:

Decline And Fall Of The American Programmer

and the sequel:

Rise & Resurrection of the American Programmer

To this list, I would add Steve McConnell's:

After the Gold Rush: Creating a True Profession of Software Engineering

and Cem Kaners:

Bad Software: What to Do When Software Fails

Considering this discussion, these books are worth reviewing.

In Yourdon's view, the response of American Programmers should be to develop better quality through better Software Engineering. As some of the Indian Software Houses are trying that approach, we need to respond.

McConnell would add the point that Software needs to become more of a real Engineering Discipline, complete with professional licensing.

In "Bad Software", Kaner advocates for better quality software and "software consumer rights". Some of these points can go into a "Software Building Code", something we also need to add in making IT more professiobal.

There have been cases where software bugs in medical equipment killed people. In those cases, there would be strong precedent for product liability lawsuits.

Suppliers to the military are harder to sue, which is probably good news to the folks whose bugs killed soldiers when their mortar targeting software made incorrect assumptions about target altitude or when a Patriot missile targeting system's clock overflowed after 8 hours.

For further reading on software liability issues, see this Business Week article, which was discussed on /. and badsoftware.com, which surveys software liability issues from a consumer's perspective.

Negligence: The company has a duty to take reasonable measures to make the product safe (no personal injuries or property damage), or no more unsafe than a reasonable customer would expect (skis are unsafe, but skiers understand the risk and want to buy skis anyway.) Under the right circumstances, a company can non-negligently leave a product in a dangerous condition.

Here is what I believe is the core issue in this discussion: as we practice software development today, protecting ourselves from software liability laws is a practical impossibility. If Software Lemon Laws existed, we'd probably all be out of a job, and/or software would very expensive to own. Plus, the Open Source movement as we know it would probably dry up.

Many of the posts in this discussion focus on the results of, or the viability of, Lemon Laws on the Open Source or the Closed Source software development industries. Futher, many posters have held out automobile manufacturing as a example, both to defend and assault the effects of liability laws on the software industry.

I submit that automobile manufacturing (or most any other manufacturing process) is orders of magnitude less complex than building significant software systems. So much so that I contend that it's currently next to impossible to know with 100% assurance that your software is correct (using current techniques and technologies). Software is too complex (or our testing software and techniques are too inadequate) to test to the point that we can be sure that we won't be sued, or that if we are sued our position is defensible. Also, given the current state of affairs in the liability law arena, if you can be sued, eventually you will be sued.

The beauty of manufacturing is that manufacturing, and the products produced, are constrained by physical laws. Parts fit together in specific ways, they exist in space, they take up room and they interact according to known physical (or chemical or nuclear) laws. Under these conditions it's "easy" (relatively speaking) to model an entire vehicle in software, or in engineering diagrams, before you ever start tooling a plant. Boeing's 777 was entirely built and tested in CAD/CAM before being manufactured.

How many "parts" are there in, say, a Ford SUV (including fasteners)? 25K? 50K? 100K? By today's software standards, this is a relatively simple system.

If we liken a line of code to a "part" in a vehicle (and by "parts" I would even include screws, nuts and washers), when was the last time that you ran across a significant piece of software (an OS, a word processor, a CAD/CAM system, a accounting package) that has less than 100K "parts" (aka, lines of code)? Most significant software, the kind that would require Lemon Law protection, is significantly larger than 100KLOC. But size is just the beginning of the problem.

When was the last time that you were able to model and test a 100KLOC (or 500KLOC or 1MLOC) software system before "manufacturing" it? A new car, or a new airplance, can be almost completely modeled and tested in virtual space before seeing the light of physical space. Not so for software systems, at least not ones that the average business can afford. (not that any software ever really "sees the light of physcial space," anyway ;-)

Additionally, software doesn't function just as the "parts" that are "manufactured." Some "parts" don't exist until the software is executed (i.e., files, objects and other data). So, how do you test something 100% (or at least to a level that makes your lawyers happy) that has 250K (or 500K or 1M) parts, when you can't touch those parts, or even anticipate 100% what all the parts will look like? If manufacturing worked this way (where parts are created and destroyed, modified and manipulated when the product is sent to the field), would Henry Ford ever have been able to create an assembly line. Likely not.

Add to this idea that 100% test coverage of every logical branch, and every permutation of data manipulation, approaches an N-Complete problem. Currently, problems that are N-Complete are considered intractable. As a problem approaches "N-Completeness," it also approaches insoluability (using current technologies). Though 100% testing is not a true N-Complete problem, it is one that is difficult to manage and address -- and doing so ain't cheap.

Finally, stir in the real X-Factor: our users (God bless 'em ;-). Developers: how many times have your users come to you and said "your software is broken," when, in reality, they were using the software for something that you'd never intended for it to do? Once, or twice, I'd guess. When this happened, who was "at fault?"

When software is "driven," unlike SUV's, it isn't constrained by physical laws. There's little risk in "trying something new." On the other hand, SUV drivers understand that "trying something new" (driving off a cliff, taking a corner at high speed, backing into a closed garage door, leaving the windows open during a rain storm, locking your kids inside in the heat of the day) normally has some obvious physical consequence. This is usually not the case for software (unless your software is controlling a CAT scanner... ;-).

With business software, users "try stuff," they get creative, they push the envelope. When you push the envelope in an SUV, it falls over. When a user pushes the envelope in an SUV and it tips over, who's liable? When a user "pushes the envelope" using software and the software "tips over," sending a gigabyte of data to data heaven, who's liable?

Our SUV driver, like every wheeled-vehicle user, is constrained by physical laws. We accept that it may be irresponsible for a driver to "push the envelope" in an SUV. The consequences are obvious and well known to all wheeled-vehicles users. If the consequences are not obvious to the driver at first, they become so quickly. Still, is Ford liable for someone dumping his Excursion into a ditch, even when the user exceeded the design parameters of the system? Not so much.

However, when a software user "pushes the envelope" the consequences are usually not rooted in physics. So, when an intrepid user tries something new, and flushes precious data down the bit-toilet, who's really at fault? The user? Or the "manufacturer" for not anticipating this particular use of the system? A number of a factors would affect assessing blame, and asessing blame could happen in court -- and court ain't cheap.

(Please note that man-rated systems like space shuttle and airliner avionics, nuclear power plant control systems, PET/CAT/MRI control software are, and must be, held to a higher standard than business software and much of what I'm saying doesn't apply there -- but that level of quality ain't cheap, either.)

We could build business software, today, that would better stand the challenges of Lemon Laws, but that would drive up the costs of development. However, would end-users really want to pay $5,000 for M$ Office so that they're assured that it's fully tested -- at least to the point that M$, and it's lawyers, believe they could withstand the assault of a nation full liability attorneys?

What about the Open Source software? Granted, in Open Source bugs are shallower due to the greater number of eyes-balls scrutinizing the code. However, would any of us be willing to spend the time needed to truly test software (peer reviews are effective, but only go so far) to ensure that it'd survive it's day in court? Not likely. Beside, as already noted, since Open Source software is essentially free (without cost), open source developers may not be liable in court.

So, where does this leave us?

To me it seems that Lemon Laws for software are a practical impossibility, at least using today's technologies and practices. Raising the quality bar for software such that it could survive litigation would significantly raise the cost of software itself, likely making software prohibitively expensive. Further, if such laws were enacted, in the current climate (sue! sue! sue!) there would be law-suits. Maybe lots of them. Such activity would sap profits from the industry in the form of legal defense costs. These profits would have to be replaced, further increasing the cost of software to the end-user.

As for Open Source software, as mentioned in other posts in this discussion, Open Source would probably not be liable (or at least "sue-able") under Software Lemon Laws. Hence, there would be little incentive to raise the quality bar sufficiently to protect against litigation.

If it were determined that the Open Source community is liable, since it's primarily a volunteer work force, the work force would dissipate out of fear of litigation. I don't know of too many Open Source developers who would be willing to lose their homes and cars to Software Lemon Law litigation.

The future may change this situation. Who knows? Hopefully, it will. Otoh..... maybe Lemon Laws would force us to get our feces in one sock.....

I was able to scrounge up a couple of references that speak to some of these issues, both for and against:

http://www.kaner.com/coverage.htm
http://www.bullseye.com/coverage.html
http://www.badsoftware.com/qindex.htm
http://www.bostonspin.org/slides/CemKaner.ppt (PowerPoint... sorry)

Some of these issues have been previously discuss here, at our beloved /.:

http://slashdot.org/developers/02/04/21/0058214.sh tml?tid=172

Finally, please note that I don't believe that Software Lemon Laws are inherently bad. What I believe is that they are currently bad for the industry. The industry would not likely withstand the costs associated with protecting itself against Lemon Laws. At least not yet. I remain hopeful that the picture will change in the future.

Thanks for listening... ;-)

P.S.: this is my first post at /., please be gentle... hehehe

Backers of UCITA insist that it leaves consumers and small businesses with our existing rights, and gives us new ones. But it doesn't. That's why every consumer advocate we know (including Consumers Union and Ralph Nader's Consumer Project on Technology) has called for termination of the UCITA project. A July 9, 1999 analysis by the Federal Trade Commission points out that UCITA allows software companies to place "restrictions on a consumer's right to sue for a product defect, to use the product, or even to publicly discuss or criticize the product." The analysis concludes, "we question whether it is appropriate to depart from these consumer protection and competition policy principles in a state commercial law statute."

Sig: What Happened To The Censorware Project (censorware.org)

Backers of UCITA insist that it leaves consumers and small businesses with our existing rights, and gives us new ones. But it doesn't. That's why every consumer advocate we know (including Consumers Union and Ralph Nader's Consumer Project on Technology) has called for termination of the UCITA project. A July 9, 1999 analysis by the Federal Trade Commission points out that UCITA allows software companies to place "restrictions on a consumer's right to sue for a product defect, to use the product, or even to publicly discuss or criticize the product." The analysis concludes, "we question whether it is appropriate to depart from these consumer protection and competition policy principles in a state commercial law statute."

Sig: What Happened To The Censorware Project (censorware.org)

Check out Bad Software They have a nice little series of things to quote at the drones telling you that you can't return it.

Here is a summary of a portion of the Uniform Commercial Code(UCC):

The Mass-Market License. The license is the agreement that gives you the right to use the software (or other information). A mass-market license is a standard-form, non-negotiable, license.7 For example, consider a mass-marketed word processing program. A company that sold (licenses for) a million copies of a $100 program could not afford to negotiate a separate contract for each. The price would have to rise to reflect the cost of all the bargaining. Instead, companies use standard-form contracts. The UCC8 provides some protections from unfairly one-sided terms in the forms. Additional protections come from consumer-protection laws passed by the Federal and State Governments. Consumer protection laws are confusing because the definition of "consumer" varies. A self-employed professional writer could probably treat Brand X Word Processor as consumer goods under the Federal Magnuson-Moss Warranty Improvement Act9 but not under State law definitions that restrict "consumer goods" to those bought for personal, family or household (but not any form of business) use. The mass-market license concept skips this confusion by treating everyone who buys a product that has a mass-market license in the same way.

[/summary]
This is supposed to keep us from being bound by unfair agreements. It, obviously isn't doing it's job. However, it could be cited in cases involving software contracts, seeing as the UCC has been passed in part, or in whole, by all 50 states.

So it was my understanding that fair use can go out the window at any time, regardless of DMCA. Am I incorrect in my understanding?

You are incorrect. If they put a shrink wrap license on a CD saying you're not even allowed to listen to it it's the UCITA that gives shrink wrap (and click-through) licences their teeth, not the DMCA or any copyright law already on the books.

RE: I'm not sure what law prevents you from reverse engineering a file format!

UCITA has another indirect consequence that would hamstring free software development in the long term -- it gives proprietary software developers the power to prohibit reverse engineering. This would make it easy for them to establish secret file formats and protocols, which there would be no lawful way for us to figure out.

UCITA has been opposed by:

26 Attorneys General Software developers

Every consumer advocacy organization that has looked at it

Large software customers

Librarians

Other independent information content developers (writers, photographers)

Entertainment industry

Magazine and newspaper publishers

Many law professors.

(end snippet)

Additionally, it has been sharply criticized by the United States' Federal Trade Commission, http://www.ftc.gov/be/v990010.htm.

So many companies against UCITA, yet RedHat would look credible in the eyes of the same pundits attempting to pass the bill. Laymen terms: RedHat thinks they'll join the "paper-based" elite profile of a company like MS, so they turn around and shaft the OpenSource community by sleeping with the enemy. How thoughtful.

More UCITA opposition info

Besides, plenty of people already know that proprietary software sucks - but they still use it anyway. Open Source software and OSs are just not appealing enough to the everyday casual user, whether they be corporate or private, for people to make the switch. And because of this, UCITA will pass and consumers will be fucked. Some will make the switch to non-UCITA, Open Source software but the vast will not. Unfortunately, they will pay the ultimate price. What is even more unfair is that they will pay this price because they may not be tech savvy enough to make an informed choice for software. Consumer rights with respect to software should not be available only to the savvy users (or those savvy in legalise, who can understand many of the cryptic license agreements).

We've already seen how the RIAA and MPAA have twisted and perverted the DMCA. It should be expected that the companies supporting UCITA will do the same.

Full disclosure: I stole the link from this guy's post but it's an excellent article that should show up several times for this story.

-------

If you're still not sure why you should oppose the UCITA, Cem Kaner has a good essay you should read. This is not just another bad law. This is the bad law of the decade, which could cripple consumer choice in the software industry and throw the brakes on the biggest economic boom we've had in years (powered by those tech companies, which will suffer because of the UCITA).

Write your congressperson and get some Federal legislation to preempt the UCITA. And more importantly, write your own state representative, because the only way to defeat will probably be on a state-by-state basis.

If you don't have equal power, representation is meaningless.

As with any business, traditional companies lobby, both in court and in the legislature, for laws to protect their interests. Often the laws these companies advocate hinder open source software development, or are otherwise antithetical to the values of many members of the open source community. Among the legal defeats that the open source ommunity has suffered:

• legal recognition for software patents
• UCITA
• Digital Millenium Copyright Act (DMCA) bans on reverse engineering
• Sonny Bono Copyright Term Extension Act

• future versions of the Communications Decency Act
• Carnivore
• internet gambling statutes

• Recording Industry Association of America
• Federal Bureau of Investigations
• Business Software Alliance
• Software and Information Industry Association
• Disney Corporation
• Microsoft Corporation

Non-profit organizations that help defend our online freedoms, such as the Electronic Frontier Foundation, League for Programming Freedom, the Free Software Foundation, and the ACLU get their funds from companies and individuals who share values with them, e.g. open source companies and programmers. If the individuals and companies sympathetic to these organizations are impoverished or go bankrupt, the non-profits can't effectively fight for the freedoms we want.

Very nice piece, Michael. Allow me to chime in with my own editorial on the subject.

Just one nit: "Ordinary people" have been purchasing software over the counter for well over twenty years, not ten. I can still remember seeing Brøderbund's "Apple Panic" hanging on a peg in ComputerLand.

Think what you will of Jerry Pournelle, the fact is that, in the early 1980's, he was one of the best known and most respected commentators on the computer industry. When he first encountered shrinkwrap "licenses", he minced no words in proclaiming such documents absolute bullshit. (This is a guy who writes for a living, so he knows what copyright lets him do.) So, for the last twenty years, it's been no secret to the software publishers that these so-called "contracts" are not taken seriously by anyone.

Unfortunately, there are a few stumbling blocks standing in the way of a sane resolution to this issue. The first is that, according to the Uniform Commercial Code, software is not a "good" and therefore is not subject to the normal rules applying to retail sales. The second is that, sadly, there are several court decisions that have allowed these "contracts" to stand. Check out badsoftware.com for more details than you can stomach.

The publishers have all their ducks lined up in a row (lawyers, warped court decisions spanning 20 years, bought-and-paid-for politicians), so I fear the only way to fix this is via a massive PR campaign. Direct people to this and other advocacy sites. Tell your friends, especially those who aren't computer literate. You'll have litle trouble convincing them this is nonsense. In fact, I daresay the only people you'll get an argument out of are software lawyers.

In the meantime, if you find yourself saddled with a machine absent a proper installation CD, return it to the place of purchase and complain loudly. Sadly, it's the only club we have to wield right now, so let's make the most of it.

Schwab

The decision in the article is a great case-study of what this site warns about.

Interested observers should check out Cem Kamer's Bad Software Web site. In particular, you'll want to read up on the court cases testing the provisions of shrinkwrap licenses and other contracts of adhesion. It's pretty depressing.

Schwab

Interested observers should check out Cem Kamer's Bad Software Web site. In particular, you'll want to read up on the court cases testing the provisions of shrinkwrap licenses and other contracts of adhesion. It's pretty depressing.

Schwab

• With UCITA in effect, wouldn't MS be completely within its right by putting backdoors in its software? And wouldn't MS be able to sue the WSJ reporters for exposing this flaw?
  
• Right here we can see why MS will never open their source code. Perhaps they even put this backdoor in on purpose so that they could say to the Justice Department, "Look, if you open the source code up, all these bugs/backdoors will be exposed, and every site running Win2k will be destroyed. So you can't open the source, for the good of the Web." Far-fetched perhaps, but it seems like the kind of tactic they might use.
  

__________________________________________________ ___

The following is a rant I wrote on Saturday, when I first found out about Mattel being awarded the injunction. Anybody may feel free to copy or reproduce parts of it.

My mirror does not include any of the program files, but only the published analysis, Mattel's complaint, and an English translation of the Swedish copyright law 1960:729. I have no relation to the defendants in this case, and am only an interested third party.

- David Michael Turover(Perpetual Newbie)

(begin rant)

I am not in a good mood right now.

I've just had to troubleshoot NT's braindead permissions scheme, I've taken a test where several of the "correct answers" are wrong, my right wrist is aching(not good for a CS student), and it's barely noon. On my lunch break I crack open Netscape to read the news, and find that a United States federal judge has ordered two cryptology researchers to remove an essay that they had published on a Swedish website.

The two researchers in question are Matthew Skala, a Canadian, and Eddy L. O. Jansson, a Swede. They have reverse-engineered a program called Cyber Patrol, and described in detail the cryptography and computer file formats used by the program.

Cyber Patrol is a product made by Microsystems Software, which is a subsidiary of Mattel. The purpose of the product is to prevent any user of a computer where it is installed from accessing any of a list of several Internet web sites, ostensibly to prevent children from viewing pornography. As part of their report, Skala and Jansson offered a Win32 binary named cphack.exe, a utility which decodes Cyber Patrol's list of blocked URLs(website addresses).

Mattel promptly sued the authors of the report, charging them with copyright violations and ordering them to remove their program, report, and all supporting and related documents and materiel, claiming that the report and software will cost them over $75,000 in lost sales. On Friday March 17th, two days after Mattel's complaint was registered, Judge Edward F. Harrington awarded Mattel a preliminary injunction against the two. Jansson's internet service provider, though in Sweden and not subject to U.S. law, has removed his account and deleted the documents.

Reverse-engineering is the process of examining a product to see how it works. In almost every industry it is not only expected to occur but considered an integral part of the free market. In the software industry, however, products are often sold with "shrinkwrap licenses" that restrict reverse-engineering. A shrinkwrap license is a contract describing terms of use for a product, in which these terms cannot be read until after the product has been purchased, can not be disputed, and must be agreed to for the consumer to use the product which they have already paid for and in most cases cannot return. In most Western countries these shrinkwrap contracts are unenforcable, and in the U.S. their legality is disputed, although the upcoming UCITA bill will make them law.

In most Western countries, including Sweden, reverse-engineering of software is a right explicitly allowed by law that cannot be taken away by a contract(1960:729 26 g). Legal protections against reverse engineering can be obtained; they are called "Patents". Furthermore, an action undertaken in Canada and Sweden should be out of the United States' jurisdiction; However, the U.S. court did not refuse to hear the case as it should have done, and instead granted the injunction by weighing the action under U.S. law.

To make the situation more repugnant, Cyber Patrol doesn't work. And not just Cyber Patrol. It is well known that all content-blocking programs such as Cyber Patrol have a high rate of failure, and a high rate of erroneously blocking acceptable content despite any claims by their marketing departments of being 100% accurate.

This is not the first time Microsystems/Mattel's lawyers have been aggressive. A Microsystems software engineer who was fired from his job for seeking medical attention for his sore wrists has since been sued by Mattel for documenting his experiences. Outrageous lawsuits such as this have been happening often lately, and what is frightening is that in the United States' court culture, they have a good chance of succcess.

Plenty of excellent resources and arguments.

One of the major (IMO) problems for GPL'ed software still exist under this dreamy picture of the UCITA. That is the problem of who's going to do the suing?

For instance, you put together a neat little GPL'ed widget, and put it out there every one to use. Six months later you get an email from a friend of yours commenting that the latest Windows beta (or to be fair MacOS X DR) has a suspiciously similar widget in it. What are you going to do? Take on the hords of corporate lawyers?

Even with UCITA to back up your claim, you still have to be able to afford the expense of the lawyers and the time necessary to pursue your claim.

Besides the UCITA places so many other unfair restrictions on the user as to be unacceptable on it's own anyway. We should not even begin to accept the bad to get the good. Bad Software has the info on why UCITA is a bad idea.

yes, this does make a great example of why UCITA should be slashed, burned, and shat upon.

--

Cem Kaner would also be a good person to bring in. He's a developer and a lawyer. He has web pages at http://www.kaner.com and http://www.badsoftware.com; the latter starts off with anti-UCITA information.

If it locks consumers into a licence like current ones, that basically sound more like a slum-lord rental agreement (no guarantee of service, and you don't own it either, and if you [your computer] gets sick because of it, it ain't their problem) then that's an argument I can make.

This is certainly part of it. UCITA would make EULAs much more enforceable. In its current form, it would probably even allow clauses such as those that prohibit criticism or public disclosure of flaws in the software. I would hope that such things would be overturned in court, but why let it get that far if we can fix it before then?

If all it does it prevent the "warez kiddies" from their little pirate cottage industry, as said elsewhere, then how can you be against that.

If that was all it did, then I'd have no problem with it, except that it would be redundant. What "warez kiddies" do is already illegal under current law, so there is no need for further legislation for that purpose. It would only serve to confuse matters.

Sure, some software may seem overpriced, but it is the right of the company to charge what they want for it, and it is your right not to install it. If you did without paying it, UCITA or not, you just broke the law.

The problem is not the price or EULAs in and of themselves, but the fact that UCITA seems to disregard current contract law and current consumer rights. Some of this is explained in the docs I reference below.

There are a bunch of letters and papers written by various lawyers, consumer organizations, industry groups, and others on this site. Might help you out to read through some of them. Most of them seem pretty well thought out and usually emphasize that one of the worst aspects of UCITA is that it is not based on current law and will cause a lot of confusion and expensive litigation. I think this one, this one, this summary, and this article by Lawrence Lessig were some of the most informative.

Are you saying that there haven't been a ton of people out there already opposing UCITA and offering constructive criticism and alternatives?

Did you read this stuff? If all of this has had no effect, then I'd say the rational approach has indeed failed, and that short of realizing an imminent threat to their reelection, there is probably nothing that will deter the various state governments from passing this legislation. Something must be done to make manifest this threat. Otherwise, this will be quietly passed and most of the country will never realize it until the lawsuits start flying and the initial damage is done. I think that the long-term damage will be much, much worse.

Mr. Greenberg's points are usually civil, but often wrong. The reason that UCITA has sailed through its hurdles to date is not that slashdot or any other group has been overreacting; the reason it has sailed through is that the vast, vast majority of the populace has no idea it exists. Rational, reasoned calls for amendments to the draft were met with utter stonewalling; almost none of them were ever accepted, despite many years of effort from the academic and legal communities, with zero hysteria, demagoguery or anything else which Mr. Greenberg wouldn't like. A great many people have worn themselves out arguing for "simple, rational and well-articulated amendments directed to the worst points", and not one of those worst points has changed in the least.

In other words, Mr. Greenberg's suggested method has been a complete failure.

The thing lacking in the above process was substantial involvement from the population. The pro-UCITA forces didn't care to advertise the issue, and the anti-UCITA groups generally felt the issue was too complex to take to the populace and harbored hopes of tempering the draft through their own actions. The DMCA was similarly passed with zero fanfare.

Well, they chose wrongly.

Mr. Greenberg is correct in one thing: the huge amount of money being poured in by the pro-UCITA corporations. Rational, reasoned arguments do not counter large campaign contributions. What does counter them is the threat that a Yea vote will sufficiently piss off a large sector of the population that Politician X will not be re-elected. Politicians ARE afraid of this; thus the voice votes on the DMCA and this vote in the Virginia House which make it difficult to assign blame.

A call-in campaign to stop UCITA is the only thing that has a chance of stopping UCITA right now. If the general population had gotten involved earlier in the process, it might have been corrected at that time. But what the Virginia and other politicians need to hear now is that voting yes on UCITA will cost them votes.

Mr. Greenberg is of course welcome to grovel, write some scholarly papers, or perform some other useless actions as he wishes.

--
Michael Sims-michael at slashdot.org

This article discusses nondisclosure:
http://www.badsoftware.com/nondisc.htm

Does anyone know what the two states that obstained where?

...as have I. I don't know where you got your copy of AOL 5, but the CD I have here doesn't offer anything remotely like that option. It asks if I would like to make AOL your default application for mail, news, and web browsing and connect to the Internet as needed. It then provides two choices:

Yes (meaning "I will make myself the default application for the protocols I support, a la Netscape or IE/OE. Then I will fuck over DUN in such a way to prevent you from using anything but AOL.")
No (meaning "I will not make myself the default application for any protocol, nor will I fuck with DUN settings--as much.")

No matter which one you choose, AOL will copy over critical system DLLs, alter the Windows TCP/IP stack, and screw around with things that are really none of its business, such as mouse drivers and power management.

Although some of this damage falls under the heading "Caveat luser"--let the user beware--there is no excuse for AOL maliciously rendering a system incompatible with competing products.

I doubt that anything substantial will come of this lawsuit. While the damage done by AOL 5.0 may be clear to those who deal with it, proving AOL's intentions in court is likely to be tricky at best, especially since AOL has two potentially viable arguments. The first is that they're simply trying to make things simpler and this is actually a Good Thing. The second, which isn't exactly good PR but wouldn't generate a whole lot of outrage among their users, is that by accepting the click-wrap license the user agreed that AOL would not be responsible for any damage done to a system.

While I may not agree completely with the reasoning behind this lawsuit, I hope that AOL takes a hit. Why? A court ruling that a company is responsible for the effects that its products have on a system, that maliciously screwing with other products is not acceptable, or that click-wrap licenses are not enforceable flies directly in the face of UCITA.

-Tom (who really should get an account so he can stop posting as an AC)

Go here for a list of UCITA-disapproving attorneys-general.

Particularly the UCITA list of articles at http://www.badsoftware.com/uccindex.htm

Particularly the UCITA list of articles at http://www.badsoftware.com/uccindex.htm

Check out http://www.badsoftware.com/oppose.htm.

It seems that the MPAA and RIAA have taken vocal stands against UCITA.

I guess they want to eat their cake and have it too (the logical way to phrase that cliche).