Slashdot Mirror
Richard Stallman on UCITA
Andy Tai writes "In this LinuxToday article, Richard Stallman writes about why the Free Software community must resist UCITA. Worth a read." UCITA, you'll remember, is the legislation being pushed in state governments which would make "click-wrap" license agreements enforceable, allow software manufacturers to ban reverse engineering and criticism of their software, etc.
RMS is anything but a money grubbing whore. The man refuses to take jobs that don't meet his ideals and refuses to take money from groups that don't meet his ideals.
RMS has done MORE real coding than ANYONE in the free software movement. Emacs, gcc, and many, many other small utilities come to mind. So he's not released a major package in a few years. He could retire right now, and go down in history as one of the greatest programmers ever. Now, ESR, as much as I agree with him sometimes, is really a black pot screaming at the kettle here. This is a man who wrote... fetchmail. He didn't single handedly create the foundations of a new operating system. He didn't start a "movement". He wrote a (actually, revised an existing) small but useful utility. And he tried to change the name of the Free Software movement to Open Source.
Anyways, RMS has NOT grabbed hold of the Open Source movement. In fact, he's not fond of the term at all.
I really have to wonder if this isn't an exceptional troll, or someone who's really clueless...
--
--
Just lurking, thanks!
Clickthroughs are already enforceable (there's a long line of cases on this)
Could you cite a couple? I'd love to read up on them.
the First Amendment makes it impossible to prohibit criticism of software (there's an even longer line of cases on that).
Companies wouldn't prohibit you from criticizing the software, they would just prohibit you from benchmarking the software, thus preventing you from effectively backing up your criticism with hard numbers.
As to the poster who talked about "one-way" contracts: the problem is you need a license to use software.
The real problem here is that you don't get to read the contract until after you've bought the software and opened it, at which time it becomes unreturnable. Unless they start printing the EULA on the outside of the package, customers are going to get screwed.
The only good thing I can possibly see coming out of this is that it may have the effect of encouraging consumers to swear off commercial software from companies that try to screw their customers over. Microsoft is far from alone this time in their bad business practices, although they are going to be one of the most noticeable given their marketshare and prominence.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Parts of the UCITA that try to account for banning of reverse engineering AT THE STATE LEVEL are explicitly given by the DMCA AT THE FEDERAL LEVEL. Thus, UCITA in this regard automatically loses. State legislation cannot override federal laws or deny rights given by federal law.
In addition, click licenses are basically parts of interstate transport-- an area of judistriction that the state governments cannot control. (If you bought a CA-based program in CA as a CA resident, the state can affect you usually by sales tax, but not other way).
Some have suggested that UCITA may allow one company to introduce a new format (propriatary of course) into the next major release of the software, get it used by > 50%, then bait and switch, forcing they format as the defacto one for the entire industry, and as reverse engineering would be outlawed by UCITA, everyone else would be screwed. However, I cannot see how that would not be picked up by any monopoly watchers before it got to fruitation. And again, this relying on the inability to reverse engineer for interoperability.
However, that's only part of the issues with UCITA -- it's the loss of consumer protection that can come about if it's passed. I'd be more worried about this front than any other part of the UCITA.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
NOTE: This doesn't mean we shouldn't fight it, if no one fights it then it MAY go through.
I don't know about you, but sometimes it's good to let laws like this go through so that they can be shot down by the courts. Don't get me wrong, I'm not in favor of excessive litigation, but some things definitely need to be tried in court. The deCSS thing is one of those things. This may well be another. Personally, I'm glad that the CDA was actually passed and then erased by the courts. What's the old saying, something like, "The undefined is the most dangerous?" If companies aren't explicitly told that they can't do this, they may very well do it.
IANAL, so they may already be told they can't do this. But if there's currently no legal basis one way or the other, I'd take a court decision over a law any day. Court precedents do a lot more to help you in present day America, with its highly litigious environment, than actual laws do.
UCITA is dead in the water, and here's why:
You're a manager at a large corporation. You employ thousands of people, some very experienced, others that you're just beginning to train.
Let me tell you what you can't afford. You can't afford the liability of any of your thousands of employees having the ability to commit the company as a whole to damn near anything. It's one thing to be liable if an employee pirates something. It's something completely different if you have to have your very expensive lawyers evaluate every single software EULA that any piss-ant department might be exposing your company to.
A mandate to only use standard EULAs is the end result from corporations, and suddenly most software companies have no chance of defeating Microsoft(whose EULA has to be accepted) or Open Source Software(whose licenses are standardized and non-threatening by default.)
Lets not forget that benchmarking restrictions apply just as strongly within a company--oops, now your managers aren't allowed to ask your engineers which database server would best fit your business's needs. More importantly, lets not forget that using a given piece of code could suddenly obligate your entire company to a full disclosure on how that code is being used--running a database on MSSQL? Oops, maybe in the next revision they'll say they have a right to retrieve "performance metrics" and "critical statistics" automatically...oh, don't try to firewall them, they'll remotely disable your server anyway...
And it'll all be legal. Violations of personal privacy pale in all sorts of aspects to the vitriolic reaction against violations of corporate privacy.
Now, nobody's stupid. This isn't going to happen, folks. UCITA's going nowhere, because it's just too much risk to too many people with far too much money.
The only reason this is even a topic of discussion is because more lawyers see a fountain of money flowing from the lawsuits than they see a fiduciary duty to their retained corporate clients to disclose the tremendous amount of legal risk such an ill-advised bill would create.
Never in the history of law has an unlimited amount of liability been enforceable in a unidirectional contract negotation! The fact that such a bill got thoroughly rejected in the United States Congress should say more than a little about the advisability of such a dangerous standard of liability.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
What is the GPL but a very restrictive license then?
A very unrestrictive license.
Think about it. Every license starts at what you get with copyright law. Every EULA-esque license out there wants to *take* away those rights:
"You have a license to use this software, but:
You can't disclose performance benchmarks.
Or you can't make a backup copy.
Or you can't disassemble it.
Or you can't run it in an emulator or an unlicensed player/computer."
Or whatever they can think of to push the limits:
"You can't read it's files with a competitor's product.
You can't store it's files on a competitor's server.
You can't use it except in conjunction with the following list of other software.
We can remotely disable it if we believe you have broken this license.
You must succumb to the power of the Dark Side."
With the GPL, on the other hand,
"You have a license to use this software.
You have all rights copyright law gives you with this software.
In addition, you get these rights:
The right to modify or recompile the software and use the modified software.
The right to distribute the software or it's modifications under the GPL, as long as you distribute the source as well upon request.
The right to charge a fee for that distribution (not for the license or the source code, though)."
In other words, You don't even need to agree to the GPL to use GPL'ed software. However, if you don't agree to the GPL, you just have the ordinary copyright law restrictions to deal with, and you don't get the extra rights the GPL affords you; you can't modify or copy the software.
Granted, it's more restrictive than public domain software, but it's less restrictive than about every commercial license out there.
If the GPL were found to be legally invalid (which I don't expect to see), it wouldn't mean GPL'ed software suddenly became public domain; it would mean that GPL'ed software suddenly became restricted as per copyright law until it could be released by the authors under a different license.
So far so good, except:
if UCITA passes, a UCITA-esque EULA could become the standard EULA, and if some network protocol for some proprietary app somewhere becomes an industry standard, the prohibition on reverse-engineering would nail Open Source groups to the wall and ream them with a wheedwhacker.
There is something that bears mentioning:
Overall, corporate interests should be antithetical to UCITA.
Imagine how lovely it would be for an insurance company to live with the fear that their entire WAN can be knocked out of operation by an irate software company. No more billing until they pay up whatever is disputed. And how just swell they must feel knowing that UCITA's proposed disabling codes could be hijacked by a disgruntled employee of some software company. Gee, won't they love to see that happen to their actuarial software.
Pretty much any financial firm, be it a thrift of some kind or a brokerage, or anything, should find UCITA to be nauseating. For a bank the thought that their software writers could be protected from a liability even if they know that there are backdoors in the ATM protocols or what-have-ye.
Then there are the airlines, also, very much a WAN-dependant industry with little in the way of a fallback if they lose their software.
Why am I saying this?
Because a well directed effort could get insurance-industry-dominate Connecticut and the state of New York not just to ditch UCITA, but to pass a "you gotta be kidding" type resolution.
Although UCITA passing would not mean that a company would have the audacity to try to use a UCITA-endorsed contract in dealing with a large software customer like a bank, it is still in the interests of many corporations in the US to lobby to give UCITA a well-deserved smackdown.
Yeah, I'm sure Satan will love this clause: "Note, this contract need not be read to be enforceable..."
Wonderful! Now you can sell your soul without even knowing it!
*/sarcasm*
Richard, Eric, Bruce, and everybody else on the soap box - step down for a moment and look around. Our message is going nowhere. People see the software, they use the software.. but they aren't terribly interested in whether they have to pay for it or not. "Does it work? Great, I'll take one."
We've been patting ourselves on the back long enough now. The honeymoon is over - let's knuckle down and start talking to the press. We need to boil these issues down to 1 page press releases, fliers, websites - and we need to make this accessible to the average consumer. We need to get them up in arms. I don't care how - make it a controversy. Invite RMS, ESR and the board of MPAA directors to a Jerry Springer show and let them throw chairs at each other - BUT MAKE IT HAPPEN. Turn this thing on it's head - it sounds like just another holy war now to the media - what's the interest? Put a spin on it - make it controversial. GET US A SPOT ON 60 MINUTES!
Hint. It isn't anyone remotely friendly to the authors and users of Free (as in Liberty) software.
... surprise! Member conglomerates of the MPAA, the RIAA, and the DVD Forum. Remember those guys?
In fact, if you look at the conglomerate structure and trace back most of these magazines you find
Now, compare that to the groups which are promoting the UCITA in its various forms and lobbied for passage of the extremely draconian Millenium Digitial Copyright Act. See any similarities? I thought you might.
We can rely on no one but ourselves to get the word out about this. Tell your family and friends, and anyone else who will listen with any tolerance. If enough people will do this the truth will spread in much the same way Linux has, by word of mouth and sneakernet. Talk yourself horse about these issues -- we all have to make up for the resounding silence the "primetime" media will maintain on a subject this close to their pocketbooks.
Organize internet wide awareness, via logos on web pages a la' the blue ribbon campaign.
Stop subscribing to these magazines, and make sure they know why (their silence on the DVD story, UCITA, and the MDCA, in other words, shoddy reporting and/or editors who have whored themselves out to their own special interest).
Please post other ideas -- currently our efforts on the DVD and mp3 front (I submitted a story days ago about yet another lawsuit against mp3.com from the RIAA which was never posted, knocked out in favor of "Phantom Menace Pre-Orders Available", no doubt -- now promoting a major product of these folks was real helpful to this struggle on slashdot's part, but I digress), as well as the DMCA and UCITA, are fairly fragmented.
We need to bring these efforts under an umbrella concept that lends itself (I shudder to say this, but must) soundbytes, banner ads, and little "click-me" buttons that can be spread around the net and made ubiquitious. It's early here in Chicago and I'm not exactly bursting with clever catchwords and phrases at the moment, but if anyone else has ideas please follow up with them.
This issue is far too critical to our personal freedom and our professional lives to be ignored or passively accepted.
The Future of Human Evolution: Autonomy
The author of the comment to which I am responding seems to know more about the state of law than I do (I am not even an American, let alone a lawyer), but here are the salient points as I understand them.
The main point of this law is that it finally makes the legality of a "software license" -- click-through or otherwise -- a definite thing. Software companies have been doing this "license" thing for a long time, but to my knowledge there has never been any legal precedent established as to whether they are in fact enforcable. Why is their enforcability in question?
Let's look a little at what a software license is. Software has been granted protection under the auspices of copyright law, which means there are certain things you may and may not do by merit of the fact that the software is a copyrighted work. Software licenses tend to re-state these terms, but you would have been subject to them anyway (even without the license terms) because that's what copyright law dictates. Software licenses also tend to extend these terms by such constraints as prohibitions on reverse engineering and disclaimers of warranty. Compare this to the GNU GPL which conditionally waives rights available to the copyright holder. Copyright normally prevents you from making duplicate or derived works; the GPL conditionally permits these actions.
Therein lies the crucial difference. I do not need your agreement in order to grant you privileges, but I do need your agreement for you to waive your rights. You have certain rights and prohibitions under copyright: the GPL relaxes or abolishes some of the prohibitions, and the BSD license relaxes even more, but a typical software license tries to take your rights away.
Now we move to step two: non-negotiability. You can, if you wish to do so, enter into an agreement with another party under which you waive certain rights or adopt certain responsibilities. That is what contract law is all about. Contracts are negotiated. This "software license" thing that you have to click through or rip open is not a contract. It is rarely disclosed up front, you have no opportunity to negotiate it, and you do not sign it. These fatal flaws in the scheme are weasel-worded around by such phrases as "by opening this package, you agree". Balderdash! Opening the package is the clear right of anyone who has purchased a product! You should not have to give up additional rights in order to use what you have rightfully purchased! Nor should you have to agree to a click-through license. There is a strong legal argument, I believe, in the notion that you have not agreed to a license just by clicking on "I Agree" -- it was simply a necessary action in order to use the product. It smacks of coercion, and a coerced contract is no contract at all.
Finally, what are we talking about here anyway? A license, or a contract? It looks like a contract, because you are expected to agree to it, but it calls itself a license. What's the difference? In my ignorant non-lawyer way of understanding things, a contract is a set of terms to which two parties mutually agree, whereas a license is a conditional grant of rights by an authoritative party. You do not have a right to drive: you must first obtain a license to do so. Nor do you have the right to bear arms if you live in a country which requires all firearms to be licensed: it is, rather, a privilege that the government grants you. So what's with this "software license" crap? Who gave the software companies the right to dictate to me what I can and can't do with software beyond the scope of copyright? The GPL and BSD licenses are true licenses because they grant privileges to the end-user; privileges which the software author is in a legal position to grant under copyright law. Any "thou shalt not reverse engineer", or "thou shalt not complain", or "thou shalt not say bad things about us" are unmitigated nonsense with no legal weight in a license unless the law already grants the copyright holder the option to assert these rights. Alas, we see a move towards granting many of these exact rights with the "Digital Millennium Copyright Act".
This is what the UCITA is about. It is a broad approach to making whatever language the software companies decide to put into their license terms legally enforcable. It establishes once and for all that a "software license" is a one-sided contract that you do "sign" by opening the packet or clicking on "I Agree", and thus opens up a whole new range of antisocial and unethical behaviour to the realms of legality.
That, at least, is my impression as an uninformed non-laywer who would almost certainly not understand the legislation even if I read it (and I haven't). Caveat lector.
The copyright holder of this post, The Famous Brett Watson, hereby places it in the Public Domain (P) 2000.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
One of the things I like about stories like this is that you get information on HOW TO DO SOMETHING ABOUT IT. There's not just a mention of why you should be alarmed. There's not just a portent of trouble. There's an email address to someone you can contact if you're interested in actively working towards a solution.
Most of the mainstream media is really just entertainment. It's informational too, but hardly ever says anything about how you could be involved. Hence the term Infotainment (and I admit, it's a laughable term, and smacks of copywrighter syndrome, but I sort of like it). Possibly, it's as damaging as no news at all... in the same way as being continually exposed to calls for help from drowning people without doing anything about it might be.
(Except without the drowning people. I think I waxed a bit dramatic there.)
Anyway, I'd like to see more of the "how you can help" style. Probably won't come to USA Today or even CNN anytime soon, though. Thanks to Stallman and Slashdot saying something about it.
(Admirable how Bruce Perens encouraged people to donate to the EFF over on Technocrat.net, too. )
Tweet, tweet.
And to think I almost posted this article, but then I figured, "naah, it must have been posted already..." :P
Anyway, Stallman is, as usual, the best at what he does - which is, being preachy, but in a good way. However, he's evidently preaching to the choir: I'd wager that most of the people who read TLJ already know that UCITA is eeeeevil, and must not be allowed to pass. Meanwhile, outside the established community, very few people even know who Stallman is, let alone read his stuff.
So the foremost priority is to get him published somewhere big. Wired. Any of the big fancy Times-style newspapers. Heck, even a cover story on CNN.com would do.
Until that happens, Stallman will remain in obscurity, and maybe UCITA will be allowed to pass through with little complaint... in which case I'll promptly withdraw all my applications to American colleges.
I'll finish off with a haiku:
Dick watches with grief
Over the frozen water
A bird's lost its wings
To the editors: your English is as bad as your Perl. Please go back to grade school.
Stallman has talked about this before. It's a serious issue that must be fought, tooth and nail, with lobbying and with civil disobedience, if necessary.
Civil disobedience? A fine idea, but one must choose a method of civil disobedience that would be appropriate for the issue at hand. I suggest that the place to apply the civil disobedience pressure is the place where such software is usually sold.
Here is how such shink-wrapped software is usually sold:
Now my civil disobedience version (made available to all freely under the GPL):
Do this enough, and stores will begin to get the idea that selling shrink-wrapped software isn't such a great idea, after all.
An important point to consider when considering civil disobedience within the software store is that such stores do not take enough responsibility with respect to these agreements. In particular, the store does not give the customer an opportunity to read the text of the license agreement before purchasing the software. Either the FULL TEXT of the license agreement must be printed on the box, or the store must give the customer a copy of the FULL TEXT of the agreement to read before money changes hands.
Shrink-wrapped software isn't always where you expect it, either. I found one such example in a printer I recently bought, and if I didn't agree with it, I was not allowed to use the printer drivers. This shows how disruptive shrink-wrapped license agreemeents can be.
Disclaimer: I am describing the usual method of purchasing shrink-wrapped software within Australia. Your mileage may vary....
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
I hate jumping into a thread that consists largely of petty bickering aimed at individuals instead of a debate about the merits of an idea, but I'm going to do it anyways and I'm going to do it here.
While it may be unfair to compare UCITA to the rise of facism in Europe, just as it may be overstated to compare Stallman's creation of the GPL to Constantine's conversion to Christianity, but this last post has, IMHO, got to the nub of the gist.
Stallman is, as far as I can tell, calling for legal political opposition to a proposed piece of legislation. I think that it is clear that the anti-reverse engineering provisions of UCITA represent an unacceptable limitation on personal liberty. Current intellectual property law already adequately protects the interests of proprietary software vendors, many of whom have made their products by reverse engineering the work of others.
Stallman takes the position that a program, as a symbolic representation of thoughts and ideas, is equivalent in every respect to speech. Thus it can be copyrighted and sold, but it cannot be limited. You may disagree with this position.
The provisions that forbid reverse engineering would be like saying that because an idea has been expressed, no one else is allowed to think of the idea themselves and elborate on it or state it in a new way. Copyright law prevents me from publishing "I have a dream" as if I had said it, but it does not prevent me from talking about civil liberty, racial justice, or social inequity. (Note that I am not suggesting Stallman is comparable to Dr. King).
Who cares if a young man overstates the case? Firey overenthusiasm is a privledge of youth. Even older and more sage heads should mind the substance and not the form of the argument. Opposition to UCITA does not mean opposition to intellectual property. As I get tired of pointing out, Stallman's own GPL depends on intellectual property law.
UCITA is more than an extension of copyright, it amounts to a gag order on algorithms. While I don't see anyone progressing from this to censorship of thought directly, it is still something to be opposed.
I do agree with those who think civil disobedience of a bill (not a law) is putting the cart before the horse, but again, can't you see that this is the fervor of youth? Let passion spend. Wisdom comes with age and age is inevitable. Give him his head and he will tire. I hope never again to see the insightful phrase "shut up" in this forum.
I'd like to see some of this list showing that clickthroughs are already enforceable.
Currently, the only cases I know of that supported them are ones in which the license just reiterated the obvious, like the copyright. Similar to shooting down the old defense of "Well it didn't have the (c)" or "It used (c) instead of a C in a circle", where the judge just reaffirmed that the copyright is still valid even if you don't use any symbol.
So, to the best of my knowledge, the clickthrough license has never been valid because it is not a valid contract in many ways, lack of consideration and lack of disclosure being the two most obvious. (You already bought the software before being asked if you agree, so they can't offer you anything at the point which you don't already have. Also, you don't see the contract until after the sale is finalized, where you get your right to own it, and you can't be expected to agree to a secret contract, so it's invalid.)
While a contract can specify nearly anything for consideration (pretty well anything legal), the contract has to itself be valid, or the whole thing is meaningless. So, while they could, with a valid contract (that you sign before purchase, and are paid for) get you to agree to not talk about the product, not reverse engineer, not use while wearing green, etc, they can't do any of this with clickthroughs because they are totally invalid.
Ditto with shrinkwraps, for mostly the same reason.
The UCITA wants to change contract law, such that you don't need to know about a contract (or even have it be implied, like retail sales, etc) to be bound by it, don't need to receive consideration, and don't need to actively agree.
This *will* fail, because if it passes, contract law will be useless. Someone will sneak "And you agree to transfer title to everything you own to Company A." into a EULA and sue that user for everything they own, when that user is a big company, or a government depertment, the shit'll hit the fan, the defendant will buy as many judges as the software industry, and it'll be show down, probably with freaking huge punative damages.
The quote is by Pastor Martin Niemöller. The correct quote is:
"When Hitler attacked the Jews I was not a Jew, therefore I was not concerned. And when Hitler attacked the Catholics, I was not a Catholic, and therefore, I was not concerned. And when Hitler attacked the unions and the industrialists, I was not a member of the unions and I was not concerned. Then Hitler attacked me and the Protestant church -- and there was nobody left to be concerned. " [As quoted from the Congressional Record, 14, October 1968, page 31636]
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
You see, UCITA says that by default a software developer or distributor is completely liable for flaws in a program; but it also allows a shrink-wrap license to override the default.
With all due respect to RMS, I dissent! It seems that UCITA is actually more friendly to OSS developers than the status quo in this very regard.
First, with respect to liability "defaults," how is UCITA any different from the status quo? Under the UCC, for example, there are implied warranties against infringement, of merchantability and suitability for a particular purpose. Present law also permits a contract to override this default. On the other hand, if the GNU license agreement is not binding, then you are stuck with all implied licenses (and if not a contract, perhaps a claim in tort in those states showing chinks in the armor of the Economic Loss Rule)! The risk of unlimited liabilty under the status quo is substantial -- and it is the need to reverse this risk of liability which typically forms the strongest argument for a pro-mass-market position UNDER THE STATUS QUO.
Now as to mechanisms for such reversal, it appears to me that UCITA provides zillions of avenues to argue that assent to the GNU was manifest by conduct, even if the license were not (and it probably is) enforceable as a mass-market license. To the best of my knowledge (it has been a while since I looked at it, the words "shrink-wrap" do not appear in UCITA.
Compare this with the status quo, where we are at best at the mercy of a court to determine whether our GNU license limitation of liability provisions are enforceable against a user. Indeed, under the common law, only "shrink-wraps" and "click-wraps" have been accepted -- it remains to be seen if a license accompanying an electronic record without some mechanism to limit access is enforceable under the status quo.
So, I agree with RMS' points, but think that it argues FOR the adoption of UCITA rather than against it. I AM opposed to certain other provisions of the Act, but these provisions seem to me most among the most helpful to the OSS and free software movements.
Stallman has talked about this before. It's a serious issue that must be fought, tooth and nail, with lobbying and with civil disobedience, if necessary.
Many people are going to say that RMS is a crackpot or a communist. If he were a crackpot, he would talk for hours about this stuff, but never produce anything. Instead, he's slaved over keyboards for years, destroying his wrists to build free software for all of us to share.
Some people here have never actually read anything by RMS, and they don't understand why he, and many others, think that proprietary software is bad. I recommend http://www.gnu.org/philosophy/philosophy.html as a starting place.
Become a FSF associate member before the low #s are used
The e-mail I'm going to write to my state senater:
"By reading this e-mail, you agree to vote against any and all bills endowing "click-wrap" license agreements enforcable"
The cake is a pie
Clickthroughs are already enforceable (there's a long line of cases on this) and the First Amendment makes it impossible to prohibit criticism of software (there's an even longer line of cases on that).
So I guess the real issue here is reverse engineering, and whether a contract which grants a software license in exchange for a promise not to reverse-engineer the software should be enforceable. Right now it is: contract law allows virtually anything except for that which "shocks the conscience." So a law which memorializes the common law may not be a step in the right direction, but it's not a step in the wrong one, either.
As to the poster who talked about "one-way" contracts: the problem is you need a license to use software. When you buy commercial software, you gain title to the "CD Coaster" and a license to use the software. Licenses are revokable at any time unless supported by consideration (which, in the case of a software purchase, is cash). When a license is supported by consideration, the license is revokable for breach of the contract of sale, and, as I mentioned earlier, the common law of contracts already allows virtually anything to be "consideration".
The real solution to this problem is to get Congress to amend the Copyright Act to make it clear that no license is required to USE software -- only to copy, distribute or modify it. This would make software more like a book. You don't need a license to use a book, after all.
Ok, I just read the article again. Let's see.
Of course, this is a secondary analysis from an article that was probably written without advise from legal counsel. I don't know where to find the text of this proposed law (was it authored by the American Law Institute like most uniform encodings, or is it a freelance effort?), so I can't give a more meaningful commentary.
Hi!
(BTW--nice job in formatting your reply with HTML. Never dawned on me to use BLOCKQUOTE for, um, quoting....)
Nobody in their right mind will buy commercial TrojanWare. And no sane shrinkwrap producer will even consider shipping TrojanWare--because the immediate consequence of using a back door will be litigation. Anybody in business knows that it isn't the result of litigation that matters--just the fees for going to court will wipe you out. And, as eToys.com is discovering, a little bid of bad publicity can get your stock price hammered.
What the "self help" provision does is permit a vendor to include language in a contract that explicitly permits back doors or other means. I used to work for a company that did it--here's how it works. A lot of mid-priced software, and custom software projects, are sold on "thirds"--one-third of the contract price is due at the start of the project, one-third is due at delivery, and one-third is due thirty days after delivery. Sometimes getting that last third can be a real challenge--if you're dealing with a small company they may simply not have the cash and try to string you out; if you're dealing with a crook they might suggest that you pound sand--they're not paying. In a lot of custom development the vendor discovers that a lot of new features seem to get added to the feature list after he has delivered--"oh, I'm sure there'll be no problem with payment, if you just be sure to add this little thing for us...." That list can go on for months--because they know you need that last third. If the client tries to stiff you for that last third your only recourse is to take the client to court--but if the client is located across a state line you have to sue in federal court, where you have to demonstrate $50,000 in actual damages before you even have "standing" to sue. If you're looking to collect the last $15,000 on a $45,000 job you can try to hire a lawyer in the client's home state--but you might as well forget it. You'll burn through fifteen grand in legal fees before you get to court, so essentially you're screwed.
Unless you use some form of "self help." In the case of my former employer the system checked the date at startup (since this was an order entry system dates couldn't easily be spoofed) and checked a series of parameters to see if the software had been installed for more than 90 days. If it was, the operators would get a screen asking the supervisor to call customer service. Thirty days later, if the system still hadn't been paid for, another screen asked the supervisor to call customer service, as a serious problem exists with the system. (My employer viewed an invoice over 120 days old as a serious problem.) Thirty days later (thus, 150 days after installation, and four months after payment was due) every user logging in was prompted that the system could not function because a bill had not been paid.
We told every prospective client about that feature. To my knowledge it was never used--in part because the clients knew it was there. (We did do some weird stuff at startup if the date was Friday the 13th, but that's another story :-)
In the late 1980s the commonwealth of Virginia banned that kind of Trojan. And all of a sudden you simply couldn't collect that last third from deadbeats in Virginia--and the Virginia deadbeats knew it. The UCITA overturns that law, and similar laws in other states (I don't know if there are other states with similar laws or not).
Couple of additional points: first, my company doesn't use Trojans. We usually provide source code to our customers, and we typically do systems for companies that are large enough that they don't play those kinds of games. Second, the Independent Computer Consultants of America opposed the UCITA, especially the self-help provision. I don't know why, but it is an interesting perspective to this discussion that I'd like to learn more about.
RMS, once again, disappoints me. As the leading light of the Free Software movement he certainly has an important perspective to share on many issues--but in this article he simply reiterates many of the straw-man arguments that others have raised.
Simply put, the spectre of UCITA that he raises is that UCITA permits vendors and buyers to agree to contract terms. UCITA does not, in so many words, legalize Trojan Horses (so-called "self-help measures") without buyer consent. Nobody in his right mind is going to buy a TrojanWare shrinkwrap app. But "self-help" measures permit custom software developers to ensure that they get paid. They can only use self-help if the client agrees to them, in the contract.
Can Microsoft, IBM, Oracle, or another software giant force an onerous contract down your throat? Nope--markets do, in fact, work. In 1989 Lotus had a cast-iron lock on the spreadsheet market, WordPerfect had a lock on the word processing market, and Xerox had a lock on desktop publishing. Lotus 1-2-3 still has a dozen or so users, somewhere; Corel can't give away WordPerfect; and I'd bet most SlashDot users can't even name the erstwhile Xerox product that owned the DTP market. (Hint: Corel Draw was created as an add-on product for it, and Corel now owns it.) Lest you think that Microsoft hegemony can keep a bad product alive, two words: Microsoft Bob.
If you thought the world was going to end on New Year's Eve, you'll probably get panicked by UCITA as well. You shouldn't be--this isn't nearly as scary as the doomsayers are claiming.
Cem Kaner is a lawyer who's spent years fighting this. (He hates me, but I think he's a good guy.) His web site has a good summary of the situation, although it's out of date. Nobody seems to be tracking where this is in each state legislature, and somebody should be. It has to be opposed state by state now, and it may sneak into law in some states when nobody is watching.
If they use it, the software sends a mail to ProFTP containing the username of the account, and the hostname it was connected to. They then send an email to that ISP, stating that the ISP will be held responsible for the actions of the user under the DMCA, and that they must temrinate the account if the user does not pay.
The letter is actually quite nasty, saying something to the effect of "we do not wish to receive any excuses or justifications for non-payment".
Quite nasty.
If you can't figure out how to mail me, don't.
For linux tips: http://www.linuxtipsblog.com
I found out that ProFTP has been sending nastygrams to ISPs under the DMCA holding their users accountable for not registering their software. (I always get these mixed up, could be FTPPro... find out for yourself. It was on Bugtraq a while ago.)
The UCITA will take this despicable process to the next level. Make no mistake - we are at war with these people. UCITA must not be allowed to pass for the same reason that the offending parts of the DMCA need to be overturned. They're going too far.
If you can't figure out how to mail me, don't.
For linux tips: http://www.linuxtipsblog.com
Some people seem to believe that the GPL is somehow related to shrink-wrapped licences. It is not even close, either legally, morally or factually.
The GNU GPL is a copyright notice. As such, like any copyright notice, it covers modification and distribution only. There is nothing in the GPL about usage. The GPL even states that usage is not governed by its terms. You can therefore do whatever you want. You have no obligation to anyone.
Of course, if you want to distribute or modify it, you have to do so under the terms of the license. Not because you signed it or used the software, but because due to copyright law, the license is your only permission to do so.
That is an important part: since the GPL is just a copyright notice, it only covers only usage and modification. Contrary to popular belief, you do not have to agree to the GPL before using GPLed software, and are not bound by its terms simply by using the software.
Shrink-wrap licenses are not copyright notices. They are contracts. Contracts as in "I signed on a new mortgage", "I got married" or "I signed a NDA". And contracts can cover a LOT of ground, much more than mere distribution of modification.
With shrink-wrap licenses, you basically end up with legal obligations towards the other party. And with UCITA, shrink-wrap licenses can apply to internet content (articles and such) and be retroactively modified.
Question: do you really want to have legal obligations towards every news site you visit that feels like it? Remember, hitting the "Back" does not mean you never visited the site, never broke the "shrink wrap".
Well, I don't. Regardless of whether or not that power would be misused. But I'm in luck: I don't live in the US. If I did, I probably would be writing to my elected representatives, right now.
Dislike the GPL, if you must... But at least know it for what it is: a copyright notice, nothing more, nothing less.
The biggest problem with this entire thing is that those who have the most to gain, also have the easiest means to make the law come about. consider these premises:
1) The people actually passing the laws (congressmen, legislators) know very little about computers, and so in an odd (ironic) way they really don't have a way to know the benifits/dangers from this law.
2)The lawmakers are going to try and become informed about this, but will turn to the very software makers that benefit most from this law for that information.
3) Money buys influence in Washington. (how much could Micro$oft "contribute").
Conclusion: So, the Law Makers are going to have a financial stake in being influenced by those who benefit
Now think about this pemise:
1) In many people's minds "open software"="freesoftware"=cheap bastards. That is to say that a lot of people see the open source movement being led by people who just don't want to have to pay for what someone else worked hard to make.
2) Again, in many people's minds "opensoftware"=hacking=criminals. I could ad to this, but I think we've all seen enough mainstream news stories about "criminal hackers" and not enough about "hackers as programs who give away their source code.
3) The Opensource/Freesoftware Community isn't the richest community out there, and there isn't a lot for "campaign contributions".
conclusion: The large corporations can portray the opensource community to the uneducated (in these matters) law makers as whinny criminals who bring nothing to the table.
Im not trying to say its all about money here, but Money at least buys access to talk to these guys. And, perceptions are important. And, the Legislators really don't know enough yet about this issue to vote yet. Just think about this. Go out and read all the news stories in the mainstream press (the ones these legislators read) and see what they say about opensource and about the DVD issue. Now you think what they WILL think.
The best way to counter this is with "clear information" This means sending polite and informative emails to legislators with links to news stories, even news posts about this issue.
It's our world now. But how can we really say that if we don't speak up once in a while.
"I mean, All you can definately say about a fellow who thinks he's a poached egg, is; He's in the minority." James Burke
Here is the bad news ... if any state passes the ammendment to the Unform Commerce Code a software vendor can still force that the licence be interpreted under that state's law even though the user's state has not passed the ammendment unless the state had passed legislation to forbid that.
Just my two cents ... I've been reading about it in infoworld and other IS applications for some time. Corporations are really worried about this because it could have the effect of dis-allowing transfers of licences during aquisitions and other things they do not want to deal with.
- subsolar