Richard Stallman on UCITA

Andy Tai writes "In this LinuxToday article, Richard Stallman writes about why the Free Software community must resist UCITA. Worth a read." UCITA, you'll remember, is the legislation being pushed in state governments which would make "click-wrap" license agreements enforceable, allow software manufacturers to ban reverse engineering and criticism of their software, etc.

Feeding the trolls

[BOredAtWork]

If this is a troll, it's a damn good one. So good that it deserves an answer, because some people might take it seriously.

RMS is anything but a money grubbing whore. The man refuses to take jobs that don't meet his ideals and refuses to take money from groups that don't meet his ideals.

RMS has done MORE real coding than ANYONE in the free software movement. Emacs, gcc, and many, many other small utilities come to mind. So he's not released a major package in a few years. He could retire right now, and go down in history as one of the greatest programmers ever. Now, ESR, as much as I agree with him sometimes, is really a black pot screaming at the kettle here. This is a man who wrote... fetchmail. He didn't single handedly create the foundations of a new operating system. He didn't start a "movement". He wrote a (actually, revised an existing) small but useful utility. And he tried to change the name of the Free Software movement to Open Source.

Anyways, RMS has NOT grabbed hold of the Open Source movement. In fact, he's not fond of the term at all.

I really have to wonder if this isn't an exceptional troll, or someone who's really clueless...

--

Re:UCITA Will never happen

[Hrunting]

NOTE: This doesn't mean we shouldn't fight it, if no one fights it then it MAY go through.

I don't know about you, but sometimes it's good to let laws like this go through so that they can be shot down by the courts. Don't get me wrong, I'm not in favor of excessive litigation, but some things definitely need to be tried in court. The deCSS thing is one of those things. This may well be another. Personally, I'm glad that the CDA was actually passed and then erased by the courts. What's the old saying, something like, "The undefined is the most dangerous?" If companies aren't explicitly told that they can't do this, they may very well do it.

IANAL, so they may already be told they can't do this. But if there's currently no legal basis one way or the other, I'd take a court decision over a law any day. Court precedents do a lot more to help you in present day America, with its highly litigious environment, than actual laws do.

Why UCITA is going to fail

[Effugas]

UCITA is dead in the water, and here's why:

You're a manager at a large corporation. You employ thousands of people, some very experienced, others that you're just beginning to train.

Let me tell you what you can't afford. You can't afford the liability of any of your thousands of employees having the ability to commit the company as a whole to damn near anything. It's one thing to be liable if an employee pirates something. It's something completely different if you have to have your very expensive lawyers evaluate every single software EULA that any piss-ant department might be exposing your company to.

A mandate to only use standard EULAs is the end result from corporations, and suddenly most software companies have no chance of defeating Microsoft(whose EULA has to be accepted) or Open Source Software(whose licenses are standardized and non-threatening by default.)

Lets not forget that benchmarking restrictions apply just as strongly within a company--oops, now your managers aren't allowed to ask your engineers which database server would best fit your business's needs. More importantly, lets not forget that using a given piece of code could suddenly obligate your entire company to a full disclosure on how that code is being used--running a database on MSSQL? Oops, maybe in the next revision they'll say they have a right to retrieve "performance metrics" and "critical statistics" automatically...oh, don't try to firewall them, they'll remotely disable your server anyway...

And it'll all be legal. Violations of personal privacy pale in all sorts of aspects to the vitriolic reaction against violations of corporate privacy.

Now, nobody's stupid. This isn't going to happen, folks. UCITA's going nowhere, because it's just too much risk to too many people with far too much money.

The only reason this is even a topic of discussion is because more lawyers see a fountain of money flowing from the lawsuits than they see a fiduciary duty to their retained corporate clients to disclose the tremendous amount of legal risk such an ill-advised bill would create.

Never in the history of law has an unlimited amount of liability been enforceable in a unidirectional contract negotation! The fact that such a bill got thoroughly rejected in the United States Congress should say more than a little about the advisability of such a dangerous standard of liability.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

A very unrestrictive license

[roystgnr]

What is the GPL but a very restrictive license then?

A very unrestrictive license.

Think about it. Every license starts at what you get with copyright law. Every EULA-esque license out there wants to *take* away those rights:

"You have a license to use this software, but:
You can't disclose performance benchmarks.
Or you can't make a backup copy.
Or you can't disassemble it.
Or you can't run it in an emulator or an unlicensed player/computer."
Or whatever they can think of to push the limits:
"You can't read it's files with a competitor's product.
You can't store it's files on a competitor's server.
You can't use it except in conjunction with the following list of other software.
We can remotely disable it if we believe you have broken this license.
You must succumb to the power of the Dark Side."

With the GPL, on the other hand,
"You have a license to use this software.
You have all rights copyright law gives you with this software.
In addition, you get these rights:
The right to modify or recompile the software and use the modified software.
The right to distribute the software or it's modifications under the GPL, as long as you distribute the source as well upon request.
The right to charge a fee for that distribution (not for the license or the source code, though)."

In other words, You don't even need to agree to the GPL to use GPL'ed software. However, if you don't agree to the GPL, you just have the ordinary copyright law restrictions to deal with, and you don't get the extra rights the GPL affords you; you can't modify or copy the software.

Granted, it's more restrictive than public domain software, but it's less restrictive than about every commercial license out there.

If the GPL were found to be legally invalid (which I don't expect to see), it wouldn't mean GPL'ed software suddenly became public domain; it would mean that GPL'ed software suddenly became restricted as per copyright law until it could be released by the authors under a different license.

One problem.

[Apuleius]

You say:

Let me tell you what you can't afford. You can't afford the liability of any of your thousands of employees having the ability to commit the company as a whole to damn near anything. It's one thing to be liable if an employee pirates something. It's something completely different if you have to have your very expensive lawyers evaluate every single software EULA that any piss-ant department might be exposing your company to.

A mandate to only use standard EULAs is the end result from corporations, and suddenly most software companies have no chance of defeating Microsoft(whose EULA has to be accepted) or Open Source Software(whose licenses are standardized and non-threatening by default.)

So far so good, except:

if UCITA passes, a UCITA-esque EULA could become the standard EULA, and if some network protocol for some proprietary app somewhere becomes an industry standard, the prohibition on reverse-engineering would nail Open Source groups to the wall and ream them with a wheedwhacker.

Corporate interests and UCITA should collide.

[Apuleius]

There is something that bears mentioning:

Overall, corporate interests should be antithetical to UCITA.

Imagine how lovely it would be for an insurance company to live with the fear that their entire WAN can be knocked out of operation by an irate software company. No more billing until they pay up whatever is disputed. And how just swell they must feel knowing that UCITA's proposed disabling codes could be hijacked by a disgruntled employee of some software company. Gee, won't they love to see that happen to their actuarial software.

Pretty much any financial firm, be it a thrift of some kind or a brokerage, or anything, should find UCITA to be nauseating. For a bank the thought that their software writers could be protected from a liability even if they know that there are backdoors in the ATM protocols or what-have-ye.

Then there are the airlines, also, very much a WAN-dependant industry with little in the way of a fallback if they lose their software.

Why am I saying this?

Because a well directed effort could get insurance-industry-dominate Connecticut and the state of New York not just to ditch UCITA, but to pass a "you gotta be kidding" type resolution.

Although UCITA passing would not mean that a company would have the audacity to try to use a UCITA-endorsed contract in dealing with a large software customer like a bank, it is still in the interests of many corporations in the US to lobby to give UCITA a well-deserved smackdown.

Hmmm

[Signal+11]

*sarcasm type=dripping*

Yeah, I'm sure Satan will love this clause: "Note, this contract need not be read to be enforceable..."

Wonderful! Now you can sell your soul without even knowing it!

*/sarcasm*

the duck blind

[Signal+11]

These words are wonderful, yet they are falling on deaf ears. Yes, of course WE know that this must be stopped - but what does the average consumer know about this? Nothing. Guess who's voting these people into office: the average consumer. Net result: we can clamor all we want, but until public opinion changes en masse, we will have accomplished nothing.

Richard, Eric, Bruce, and everybody else on the soap box - step down for a moment and look around. Our message is going nowhere. People see the software, they use the software.. but they aren't terribly interested in whether they have to pay for it or not. "Does it work? Great, I'll take one."

We've been patting ourselves on the back long enough now. The honeymoon is over - let's knuckle down and start talking to the press. We need to boil these issues down to 1 page press releases, fliers, websites - and we need to make this accessible to the average consumer. We need to get them up in arms. I don't care how - make it a controversy. Invite RMS, ESR and the board of MPAA directors to a Jerry Springer show and let them throw chairs at each other - BUT MAKE IT HAPPEN. Turn this thing on it's head - it sounds like just another holy war now to the media - what's the interest? Put a spin on it - make it controversial. GET US A SPOT ON 60 MINUTES!

A lame attempt at explanation

[The+Famous+Brett+Wat]

The author of the comment to which I am responding seems to know more about the state of law than I do (I am not even an American, let alone a lawyer), but here are the salient points as I understand them.

The main point of this law is that it finally makes the legality of a "software license" -- click-through or otherwise -- a definite thing. Software companies have been doing this "license" thing for a long time, but to my knowledge there has never been any legal precedent established as to whether they are in fact enforcable. Why is their enforcability in question?

Let's look a little at what a software license is. Software has been granted protection under the auspices of copyright law, which means there are certain things you may and may not do by merit of the fact that the software is a copyrighted work. Software licenses tend to re-state these terms, but you would have been subject to them anyway (even without the license terms) because that's what copyright law dictates. Software licenses also tend to extend these terms by such constraints as prohibitions on reverse engineering and disclaimers of warranty. Compare this to the GNU GPL which conditionally waives rights available to the copyright holder. Copyright normally prevents you from making duplicate or derived works; the GPL conditionally permits these actions.

Therein lies the crucial difference. I do not need your agreement in order to grant you privileges, but I do need your agreement for you to waive your rights. You have certain rights and prohibitions under copyright: the GPL relaxes or abolishes some of the prohibitions, and the BSD license relaxes even more, but a typical software license tries to take your rights away.

Now we move to step two: non-negotiability. You can, if you wish to do so, enter into an agreement with another party under which you waive certain rights or adopt certain responsibilities. That is what contract law is all about. Contracts are negotiated. This "software license" thing that you have to click through or rip open is not a contract. It is rarely disclosed up front, you have no opportunity to negotiate it, and you do not sign it. These fatal flaws in the scheme are weasel-worded around by such phrases as "by opening this package, you agree". Balderdash! Opening the package is the clear right of anyone who has purchased a product! You should not have to give up additional rights in order to use what you have rightfully purchased! Nor should you have to agree to a click-through license. There is a strong legal argument, I believe, in the notion that you have not agreed to a license just by clicking on "I Agree" -- it was simply a necessary action in order to use the product. It smacks of coercion, and a coerced contract is no contract at all.

Finally, what are we talking about here anyway? A license, or a contract? It looks like a contract, because you are expected to agree to it, but it calls itself a license. What's the difference? In my ignorant non-lawyer way of understanding things, a contract is a set of terms to which two parties mutually agree, whereas a license is a conditional grant of rights by an authoritative party. You do not have a right to drive: you must first obtain a license to do so. Nor do you have the right to bear arms if you live in a country which requires all firearms to be licensed: it is, rather, a privilege that the government grants you. So what's with this "software license" crap? Who gave the software companies the right to dictate to me what I can and can't do with software beyond the scope of copyright? The GPL and BSD licenses are true licenses because they grant privileges to the end-user; privileges which the software author is in a legal position to grant under copyright law. Any "thou shalt not reverse engineer", or "thou shalt not complain", or "thou shalt not say bad things about us" are unmitigated nonsense with no legal weight in a license unless the law already grants the copyright holder the option to assert these rights. Alas, we see a move towards granting many of these exact rights with the "Digital Millennium Copyright Act".

This is what the UCITA is about. It is a broad approach to making whatever language the software companies decide to put into their license terms legally enforcable. It establishes once and for all that a "software license" is a one-sided contract that you do "sign" by opening the packet or clicking on "I Agree", and thus opens up a whole new range of antisocial and unethical behaviour to the realms of legality.

That, at least, is my impression as an uninformed non-laywer who would almost certainly not understand the legislation even if I read it (and I haven't). Caveat lector.

The copyright holder of this post, The Famous Brett Watson, hereby places it in the Public Domain (P) 2000.

Infotainment vs. Calls to Action

[weston]

One of the things I like about stories like this is that you get information on HOW TO DO SOMETHING ABOUT IT. There's not just a mention of why you should be alarmed. There's not just a portent of trouble. There's an email address to someone you can contact if you're interested in actively working towards a solution.

Most of the mainstream media is really just entertainment. It's informational too, but hardly ever says anything about how you could be involved. Hence the term Infotainment (and I admit, it's a laughable term, and smacks of copywrighter syndrome, but I sort of like it). Possibly, it's as damaging as no news at all... in the same way as being continually exposed to calls for help from drowning people without doing anything about it might be.

(Except without the drowning people. I think I waxed a bit dramatic there.)

Anyway, I'd like to see more of the "how you can help" style. Probably won't come to USA Today or even CNN anytime soon, though. Thanks to Stallman and Slashdot saying something about it.

(Admirable how Bruce Perens encouraged people to donate to the EFF over on Technocrat.net, too. )

Civil disobedience, anyone?

[B.D.Mills]

Stallman has talked about this before. It's a serious issue that must be fought, tooth and nail, with lobbying and with civil disobedience, if necessary.

Civil disobedience? A fine idea, but one must choose a method of civil disobedience that would be appropriate for the issue at hand. I suggest that the place to apply the civil disobedience pressure is the place where such software is usually sold.

Here is how such shink-wrapped software is usually sold:

1. Software retailer sells software to a sucker ^H^H^H^H^H^H customer in a pretty, shrink-wrapped box.
2. Customer takes software home.
3. Customer starts to install software. Uh, oh, license agreement.
4. Customer has to agree to the license because they have little chance of getting a refund if they don't agree.

Now my civil disobedience version (made available to all freely under the GPL):

1. Software retailer sells software to a customer with a laptop in a pretty, shrink-wrapped box.
2. Customer opens shrink-wrapped box in the store, right in front of the staff.
3. Customer starts to install software on the laptop. Uh, oh, license agreement.
4. Customer disagrees with the license agreement.
5. Customer asks for the refund. (Most license agreements have a refund clause).
6. Store droid points to sign that says "no refunds on opened software".
7. Customer points to refund clause in software license agreement. Customer asks why the license agreement cannot be read without opening the box and voiding any chance of a refund from the store.
8. Customer keeps insisting on the refund until the refund is paid or the store closes.
9. If store calls the police, the customer leaves quietly with the police, but then later serves a lawsuit on the store for breach of contract and other misdemeanors by the store.

Do this enough, and stores will begin to get the idea that selling shrink-wrapped software isn't such a great idea, after all.

An important point to consider when considering civil disobedience within the software store is that such stores do not take enough responsibility with respect to these agreements. In particular, the store does not give the customer an opportunity to read the text of the license agreement before purchasing the software. Either the FULL TEXT of the license agreement must be printed on the box, or the store must give the customer a copy of the FULL TEXT of the agreement to read before money changes hands.

Shrink-wrapped software isn't always where you expect it, either. I found one such example in a printer I recently bought, and if I didn't agree with it, I was not allowed to use the printer drivers. This shows how disruptive shrink-wrapped license agreemeents can be.

Disclaimer: I am describing the usual method of purchasing shrink-wrapped software within Australia. Your mileage may vary....
--

cite and quote it correctly

[/]

The quote is by Pastor Martin Niemöller. The correct quote is:

"When Hitler attacked the Jews I was not a Jew, therefore I was not concerned. And when Hitler attacked the Catholics, I was not a Catholic, and therefore, I was not concerned. And when Hitler attacked the unions and the industrialists, I was not a member of the unions and I was not concerned. Then Hitler attacked me and the Protestant church -- and there was nobody left to be concerned. " [As quoted from the Congressional Record, 14, October 1968, page 31636]

Stallman == hero

[prizog]

Stallman has talked about this before. It's a serious issue that must be fought, tooth and nail, with lobbying and with civil disobedience, if necessary.

Many people are going to say that RMS is a crackpot or a communist. If he were a crackpot, he would talk for hours about this stuff, but never produce anything. Instead, he's slaved over keyboards for years, destroying his wrists to build free software for all of us to share.

Some people here have never actually read anything by RMS, and they don't understand why he, and many others, think that proprietary software is bad. I recommend http://www.gnu.org/philosophy/philosophy.html as a starting place.

E-mail

[ucblockhead]

The e-mail I'm going to write to my state senater:

"By reading this e-mail, you agree to vote against any and all bills endowing "click-wrap" license agreements enforcable"

I don't get it

[klmartin]

Ok, I just read the article again. Let's see.

• UCITA says that by default a software developer or distributor is completely liable for flaws in a program; but it also allows a shrink-wrap license to override the default. Well, guess what. This is pretty close to the law as it now stands. Manufacturers of anything whatsoever are liable for any defect or flaw in whatever they manufacturer -- this is why "product liability lawsuits" are so popular with personal injury lawyers. And, yes, you can at least attempt to get the purchaser to waive this, although consumer protection laws generally forbid this for transactions involving consumers. The other point, I suppose, is that UCITA may be interpreted (as the author of the article suggests) that only a shrink-wrap license (as opposed to some other form of license) would be able to effect a waiver of liability. This might be too. The problem of liability for open source software has been with us for a long time, and basically has been ignored because it's very rare to see a product liability suit for software. I doubt UCITA will change the general tort principles that apply to such suits ("A law in abrogation of the common law shall be construed narrowly."), so individuals will still be able to argue assumption of risk (which is a damn good argument for free software; after all, you get what you pay for).
• UCITA has another indirect consequence that would hamstring free software development in the long term -- it gives proprietary software developers the power to prohibit reverse engineering. Again, this is already the case. You can't use it if you don't have a license, and all they have to do now to keep you from reverse engineering is bury in the license "PURCHASER agrees not to reverse engineer the PRODUCT." By doing that it becomes a promissory consideration of the license, a breach of which destroys the license's consideration, making it revocable at will. Again, this is all common law. Don't need a statute for that. All a law that says the same thing will do is change the language used in the lawsuit. The only attack to a no-reverse-engineering provision in a current license agreement is unconscionability -- and if you win that you have to surrender your license and the fruits of your reverse engineering.
• They could change the license retroactively at any time, and force you to delete the material if you don't accept the change. This would violate Article I, Section 10 of the United States Constitution. No state may pass a law which impairs the obligations of a contract which was lawful at the time it was entered into. UTICA cannot read provisions into license agreements which were entered into prior to UTICA's adoption: this would violate the sanctity of contract, which is something that American judges just won't accept. If the license you agree to allows for "retroactive changes" then, yes, you might be subject to them, but then you get into illusory contract doctrine -- and remember, "A statute in derogation of the common law shall be construed narrowly."
• They could even prohibit you from describing what you see as flaws in the material. Unlikely. Such a term would be highly unlikely to stand as a in violation of public policy, that being free speech. In fact, in California it's probably illegal to sue someone for publically denouncing your software, because of SLAPP laws.

Of course, this is a secondary analysis from an article that was probably written without advise from legal counsel. I don't know where to find the text of this proposed law (was it authored by the American Law Institute like most uniform encodings, or is it a freelance effort?), so I can't give a more meaningful commentary.

Don't Panic Over Straw-Man Arguments....

[John+Murdoch]

RMS, once again, disappoints me. As the leading light of the Free Software movement he certainly has an important perspective to share on many issues--but in this article he simply reiterates many of the straw-man arguments that others have raised.

Simply put, the spectre of UCITA that he raises is that UCITA permits vendors and buyers to agree to contract terms. UCITA does not, in so many words, legalize Trojan Horses (so-called "self-help measures") without buyer consent. Nobody in his right mind is going to buy a TrojanWare shrinkwrap app. But "self-help" measures permit custom software developers to ensure that they get paid. They can only use self-help if the client agrees to them, in the contract.

Can Microsoft, IBM, Oracle, or another software giant force an onerous contract down your throat? Nope--markets do, in fact, work. In 1989 Lotus had a cast-iron lock on the spreadsheet market, WordPerfect had a lock on the word processing market, and Xerox had a lock on desktop publishing. Lotus 1-2-3 still has a dozen or so users, somewhere; Corel can't give away WordPerfect; and I'd bet most SlashDot users can't even name the erstwhile Xerox product that owned the DTP market. (Hint: Corel Draw was created as an add-on product for it, and Corel now owns it.) Lest you think that Microsoft hegemony can keep a bad product alive, two words: Microsoft Bob.

If you thought the world was going to end on New Year's Eve, you'll probably get panicked by UCITA as well. You shouldn't be--this isn't nearly as scary as the doomsayers are claiming.

UCITA is a TERRIBLE idea and needs to be stopped.

[Animats]

It's a big issue. UCITA is an absolutely terrible idea. It's so bad it was rejected as a proposed addition to the Uniform Commercial Code by the American Law Institute. But there are ongoing efforts to push it through the state legislatures, despite opposition by the Federal Trade Commission, many of the state AGs, and almost all major consumer groups.

Cem Kaner is a lawyer who's spent years fighting this. (He hates me, but I think he's a good guy.) His web site has a good summary of the situation, although it's out of date. Nobody seems to be tracking where this is in each state legislature, and somebody should be. It has to be opposed state by state now, and it may sneak into law in some states when nobody is watching.

UCITA is a VERY BAD THING

[JustShootMe]

I found out that ProFTP has been sending nastygrams to ISPs under the DMCA holding their users accountable for not registering their software. (I always get these mixed up, could be FTPPro... find out for yourself. It was on Bugtraq a while ago.)

The UCITA will take this despicable process to the next level. Make no mistake - we are at war with these people. UCITA must not be allowed to pass for the same reason that the offending parts of the DMCA need to be overturned. They're going too far.

If you can't figure out how to mail me, don't.

The Law Makers - a syllogism

[radar+bunny]

The biggest problem with this entire thing is that those who have the most to gain, also have the easiest means to make the law come about. consider these premises:

1) The people actually passing the laws (congressmen, legislators) know very little about computers, and so in an odd (ironic) way they really don't have a way to know the benifits/dangers from this law.

2)The lawmakers are going to try and become informed about this, but will turn to the very software makers that benefit most from this law for that information.

3) Money buys influence in Washington. (how much could Micro$oft "contribute").

Conclusion: So, the Law Makers are going to have a financial stake in being influenced by those who benefit

Now think about this pemise:

1) In many people's minds "open software"="freesoftware"=cheap bastards. That is to say that a lot of people see the open source movement being led by people who just don't want to have to pay for what someone else worked hard to make.

2) Again, in many people's minds "opensoftware"=hacking=criminals. I could ad to this, but I think we've all seen enough mainstream news stories about "criminal hackers" and not enough about "hackers as programs who give away their source code.

3) The Opensource/Freesoftware Community isn't the richest community out there, and there isn't a lot for "campaign contributions".

conclusion: The large corporations can portray the opensource community to the uneducated (in these matters) law makers as whinny criminals who bring nothing to the table.

Im not trying to say its all about money here, but Money at least buys access to talk to these guys. And, perceptions are important. And, the Legislators really don't know enough yet about this issue to vote yet. Just think about this. Go out and read all the news stories in the mainstream press (the ones these legislators read) and see what they say about opensource and about the DVD issue. Now you think what they WILL think.

The best way to counter this is with "clear information" This means sending polite and informative emails to legislators with links to news stories, even news posts about this issue.

It's our world now. But how can we really say that if we don't speak up once in a while.