Maryland, Virginia Consider UCITA

Bob Kopp writes "The state legislatures of Maryland and Virginia are among the first in the nation to consider passage of the Uniform Computer Information Transaction Act (UCITA). The Washington Post has coverage here. " The Federal Trade Commission says that UCITA allows software companies to place "restrictions on a consumer's right to sue for a product defect, to use the product, or even to publicly discuss or criticize the product." If you oppose UCITA and live in Maryland or Virginia, you need to call or fax your legislators immediately.

Re:Maryland Legislators

[Detritus]

That page isn't useful. It's a list of federal representatives and senators. Try this page, it is the organizational structure of the Maryland House of Delegates and has links to member directories.

Here's what you do after UCITA

[JoeShmoe]

Buy a copy of the program you want to use. Pay the company with a personal or business check.

Promptly throw the entire software package (manual, CDs, license) in the garbage.

Download the "cracked" or "warez" version of the program and use that.

If they come knocking on your door about using warez, show them the cancelled check as proof of payment.

If they claim you violated the the license by using the warezed/cracked version, just ask "what license?"

I'm sick of fine print. If some company expects me to read fives pages of legal garbage each time I so much as break wind, I'm going to sue them in small claims court for the cost of hiring a lawyer to explain it to me in English.

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

Re:Here's what you do after UCITA

[coaxial]

Actually he's not; he's just throwing away his copy of the license. If he regeisters it then he always has the license. Anyway The Man only comes looking for licenses if your a major company or they think you're a big time pirate. It's not worth their or the government's effort to go knocking down the door of every junior high boy in America.

My issue with this plan is the fact that it accomplishes nothing. He paid for it and then used the warez cooy. Big deal. So instead copying the cd "for archival purposes" he downloaded his "archival copy". BFD.

Also what's the big deal about reading the license. You have an idea what is in it anyway, if not you should read it. I have a problem with licenses in general for software. You should own software like you own a car. Your Mustang is yours and you can do what you want with it, but yet it is still Ford
s intellectual property (ie you can't clone it).

Re:Here's what you do after UCITA

[PG13]

The problem is that (under UCITA) you never actually buy the product you pay for a right to use their Intellectual property. You have no legal right to use a warez version EXCEPT under the liscense they give you. By using the warez version without technically agreeing to the liscense you are probably in violation of copyright law.

The reason he was going to throw away his liscense is that until you break the seal you have not agreed to be bound by the terms of that contract. Unfortunatly in this case you are in violation of copyright law.

(It is sorta like the GPL. Only the liscense gives you the ability to use the product)

True the government won't come knocking on everyones door but precisely because of this fact does this put too much power into the hands of corporations. If contract violations were prosecuted ferverently no one would buy software with stupid contracts in them. As it is this allows the company to turn every citizen into a violator and hence force prosecution where and when they please. Big firms like Intel already have police officers working/funded by them full time.

Re:Here's what you do after UCITA

[reptilian]

No contract that is internal to the installation (as most are) and that you are forced to sign to even use what you have already paid for is valid. It is legally extremely questionable to attempt to impose such contracts.

That's EXACTLY what the UCITA proposes to fix.

Man's unique agony as a species consists in his perpetual conflict between the desire to stand out and the need to blend in.

Re:An Ode to Threaded Posts

[gargle]

You're offtopic, but you're absolutely right. It's stupid to have the default display mode 'flat' and 'oldest first'. The worst thing about this is that it makes Slashdot bewildering and incomprehensible for newcomers. And oh, get rid of 'html formatted' as the default posting format.

Re:Who do I e-mail?

[Detritus]

You should call or write your representatives in the Virginia General Assembly. This page is a good starting point, it's the official Virginia ONLINE Legislature web page. You can use it to find out who your senator and representatives are.

It could be just fair enough

[Oestergaard]

Think about it. Whenever you use a piece of software with those rediculous licences (if you do so at all), you just click ``accept'' and never think about the license again.

Basically the licences often say that ``you have no rights'' and ``it's your own fault'' etc. People ignore that now, and they think that if they don't bug the company, the company won't bug them.

If these licences were enforced, and if they could be so with backing in the law, people might start considering what they are actually agreeing to.

If this passes, I think licences might start to change. People might not accept a ridiculous licence if they know for sure that by accepting it they _will_ be breaking the law.

(funny example: licence on the drivers to the i810 motherboards on the accompanying CD say thay you may not use them commercially, eg. you cannot run windows on an i810 motherboard in your company)

This is another step towards wide use of Free Software and sane licences.

Re:Actual useful links for maryland.

[Detritus]

Here is a page that will find your Maryland legislative district and representatives based on your address and zip code.

It pains me to see the slashdot response

[ecampbel]

Obviously, this will not mean the end to magazines like PC gamers and their ilk. The legislative branch of the US government enacts laws, and it's the court's responsibility to step in and determine the constitutionality of any laws that they enact. So please don't be afraid that if this law passes, US citizens' constitutional rights will be taken away, because they can't.

Moreover, he said, some of the perceived problems with the legislation are unenforceable. Critics, for example, have said the law would allow companies to suppress critical reviews of their projects.
Judges would consider such conditions "unconscionable," which in the language of contract law means they would never stand up in court.

Also, please open your eyes about the other previsions of the law. If click licenses actually had teeth and companies could ensure that you could not use their software if you returned it, stores would not be afraid to accept returns.

Lastly, this law will end up being a good thing for free software. Instead of buying software from XYZ company who includes a very restrictive license, I'll use and improve free (as in increased freedom) software instead.

Re:It pains me to see the slashdot response

[Masem]

I've said it before and I'll say it again:

While you are correct that a court will most likely flame down the UTICA law quickly on it's first try in court, that still meant the law has passed and that for a short period of time, it will be in effect.

Our government has switched from pro-active (only passing laws that need to be passed after considerable review) to retro-active (passing all laws and letting another part of the gov't deal with the implementation and legality). Sure, you can say that's part of checks and balances, but as the courts get more and more overloaded with what can best be described as frilious cases, the quality of rulings might start to decline; What if the judge that was reviewing the first case under the UTICA was so busy that he assumed that a passed law was passed with good reason, and let the law stand?

We also need educated lawmakers at all levels of the govt'. Remember the UTICA is at a state level (which makes little sense, this is an issue of interstate commerce, the realm of the federal government). We've got a difficult enough time trying to work with all of the US Senators and Representatives, but it's a hard battle. If the lawmakers were informed and learned not just to listen to the easy money, UTICA would be laughed at, as well as things like DMCA and CDA.

Re:motivation

[Detritus]

Though personally, I don't really see this as a big deal; this kind of legislation would have to be tested in a court of law, and I don't think it would survive judicial review...

IANAL. The last time this came up, someone pointed out that legislative acts took precedence over common law. Unless someone can find a constitutional argument against the law, the court is stuck with enforcing it, even if it is a bad law.

USE THIS TO OUR ADVANTAGE!

[PG13]

Sure it might suck in that it gives companies like microsoft an obscene amount of power but consider slashdotters have way more in common with microsoft and other software companies then with the common populance.

We could include such fun provisions in software as:

"CS majors may sleep with your first born daughter at their whim"

"You must follow a direct order by anyone employed in the Computer economy"

Or just realease the new version of the GPL including the phrase

"Anyone using and/or copying this software agrees never to use microsoft products"

Re:the facism starts

[cshotton]

any state that would EVEN consider such a fascist law isnt worth living in

Maybe, but it'd be a great place to run a software business and that is exactly the motivation behind these bills. The Northern Virginia area already has more high tech workers and companies than Silicon Valley, and the VA Legislature wants to make sure it stays that way.

All the rants about personal liberties are going to fall on deaf ears in these states. Their economies are in overdrive because of the huge influx of high tech capital and nobody wants that to stop. Pouring a little gasoline on the fire never hurts, either.

The reality is that there are plenty of existing interstate commerce laws and ample contract law precedent to challenge these bills if it's ever an issue. There's no sense in getting all bunched up because a lot of politicians have had their ears bent by some high tech lobbyists. This is just business as usual for both parties (legislators, lobbyists).

If you want to complain, complain to the companies you work for. They are the ones that are pushing these bills through. Of course, if you are in the business of making and selling software, it's in your best interests to let it pass. If you're in the "business" of making and giving away software, you probably view this as an unfair advantage being granted to your "competition".

Either way, the fault lies with the companies that are pushing for this legislation. The dumb, Luddite legislatures in these states can't reasonably be expected to understand the quality issues in the current software market, can they? It's just one more example of government by the checkbook, for the checkbook, and of the checkbook. So go out and vote with yours. If you don't like the license terms, don't buy the software.

Disinformation in the 21st Century...

[John+Murdoch]

Golly--whoever the PR firm behind this campaign is, they're doing one hell of a job.

Is it me? Or has anybody else noticed that all the articles regarding this question that have appeared in major newspapers open in exactly the same fashion? "Microsoft and other software giants are pressing to get this passed" followed by "the bill will permit software companies to surreptitiously sneak into your computer system to disable software that hasn't been completely paid for."

What you're watching, folks, is a very well-orchestrated campaign in opposition to UCITA that is "planting" story themes. And newspaper writers with, um, more enthusiasm for computers than, well, knowledge buy the idea and write panic-stricken articles about the Evil Corporation and Plans to Invade Your Computer. The only thing different about this article is that the WP writer went further and actually got people in favor of UCITA (like the Virginia governor) to comment on the accusations.

Come on, people!

This is SlashDot, right? Presumably a group of people who know how to do stuff like secure their networks? People who don't just open ports at the firewall for every Tom, Dick, and Harry that wants to peek at your system? People who have sense enough to not grant root (or administrator) privileges, or to leave those privs set to the default passwords?

Riddle: If you're filtering packets at the public router, and you're doing stateful packet inspection at the proxy server, and you're doing network address translation, and you're properly securing privileges with passwords--how can a vendor break into your system?

There are only two ways that TrojanWare can exist. The manner threatened in these maskirovka articles is that an Evil Corporation invades your system and cripples your software. Right--how? If you have done a half-decent job of securing your network it can't happen. If you haven't done a half-decent job of securing your network getting your software turned off by a vendor is probably the least of your problems. You are doubtless bedeviled by all the l33t hax0r skript kiddiez from the local junior high. The only other way is if the software periodically reaches out from your system to contact the Evil Corporation to check a license--theoretically possible, but again something that you should be able to catch at the firewall. (You can typically block outbound addresses, for instance, or monitor your firewall logs to see where traffic originates from. There is no reason for Port 80 [for example] traffic to Microsoft to originate from one of your servers.)

In other words, if you have half a clue the only way TrojanWare can exist is if you actually agree to let it. And the only way you'd agree to let it be there is if the vendor can make a valid case for it.

And guess what? The UCITA provision for "self help" (which is the euphemism du jour for TrojanWare) is, in fact, there to permit vendors and customers to agree to self-help in contracts. Contract provisions permitting self-help are not binding in those states that ban self-help (including Virginia). The UCITA overturns that. That's all the UCITA does (on this matter). The people screaming about Evil Corporations Invading Your System are engaging in exactly the same kind of hype that the Y2K Survivalists did--the difference this time is that it appears to be computer industry denizens who ought to know better that are getting panicked.

Re:Disinformation in the 21st Century...

[jellicle]

You are, of course, wrong. The scheme works like this:

1) the software won't operate unless it is allowed to contact a remote server during operation. So if you want to use the software at all, you'll open the hole in the firewall.

2) If you break the license agreement or are suspected of breaking it, the next time your software tries to verify that it's authorized to operate, it won't. Boom, it shuts itself off. Remotely disabled.

And while I'm at it, there's no PR firm behind the campaign to *defeat* UCITA. There *are* a whole lot of pro-consumer groups who don't like to see the software industry writing laws which screw consumers. Microsoft has spent millions to get UCITA passed so far, the budget on the other side is approximately zero.

--
Michael Sims-michael at slashdot.org

Re:Disinformation in the 21st Century...

[John+Murdoch]

Hi Michael!

One wonders if I can change the title of the original post to "Read the Whole Post Before Replying...." You and four others (at the time I write this) didn't read all that I wrote. I specifically address the question of software that checks a license over the network in my original post. It's the second way that TrojanWare can exist:

The only other way is if the software periodically reaches out from your system to contact the Evil Corporation to check a license--theoretically possible, but again something that you should be able to catch at the firewall. (You can typically block outbound addresses, for instance, or monitor your firewall logs to see where traffic originates from. There is no reason for Port 80 [for example] traffic to Microsoft to originate from one of your servers.)

Three points:

1. First, you have to agree to it. UCITA legalizes self-help measures in the contract. It does not simply let any software vendor invade your network. If you are in the business of installing mission-critical enterprise software without reading your license agreement, you deserve what you get.
2. Second, you have to permit it. As I wrote earlier, you're monitoring outbound traffic at the firewall, right? You've done the routine thing of grouping all your servers in an identifiable IP range, right? And you keep an eye on outbound traffic at your firewall, right? So wouldn't you notice if one of your servers starts sending HTTP packets (or any other kind of permissible packet) out through the firewall?
3. Third--network outages happen. Any vendor attempting to sell software that won't run without a current connection to the Internet has rocks in his head. The gas company rips up my frame relay circuit with a backhoe--so my accounting software quits? Does anybody think that is a vendor that's going to be in the business for the long haul--like, say, through Christmas?

So what is self-help (TrojanWare) for?

Simple. Lots and lots and lots of custom software (and customized commercial software, like Great Plains accounting systems) are sold in "thirds." The bargain is

• one-third of the contract price at the time the bargain is signed,
• one-third at the time the project is delivered,
• and one-third thirty days after the project is delivered.

Lots of small software firms have found it extremely hard to collect that last third. If you have a 40% gross margin (relatively common in the industry) and you have absolutely hit all your project deadlines that last third amounts to practically all of your profit. If you have had a little bit of an overrun here, an extra cost there, and perhaps your margin has slipped a bit (extremely common in the industry) that last third may be money that you desperately need. More than one small ISV has gone broke depending upon the last third of a project to make payroll taxes, only to have the client refuse to pay. (I had to lay off one of my very best friends when this circumstance happened to us.)

So how do you collect that last third? If the client is in the same state, you can sue. But you'll spend a mountain of money (and a ton of otherwise billable time) in pre-trial litigation. If you're trying to collect the last third of a $45,000 project, you'll go through $15,000 in legal fees in a month. If the deadbeat is out of state it is even worse--you cannot sue in federal court unless you can prove $50,000 in actual damages. Trying to collect that $15,000? Forget it--it is too small an amount to sue in federal court. Your only option is to sue the client in his home state--using an out-of-state lawyer for a one-off lawsuit will only cost you more money. Bottom line: you write off the $15,000, and perhaps go broke.

A lot of small ISVs resort to Trojans. I used to work for a small ISV that dominates the market for accounting and marketing software for book publishers. They bill "on thirds" and they used to use a trojan to make sure they get paid. If you hadn't paid your bill 90 days after installation, each system user was warned that a problem existed with the system--please call customer service. If the bill was still unpaid 120 days after installation, the users were warned that a SERIOUS problem existed--please call customer service. If the bill was still unpaid 150 days later, each user was warned that their employer had not paid for the system in five months. The system would not start. The client's data was still intact--but the client now had to get around to paying up instead of jerking my former employer around. The clients were aware of this--it was spelled out in the contract. And because it was spelled out in the contract the trojan never actually got used (at least not while I was there).

But in the late 80s the Commonwealth of Virginia banned that kind of "self-help" system. And all of a sudden the deadbeats in Virginia could stiff out-of-state ISVs with impunity.

UCITA overturns the Virginia ban--it lets an ISV explicitly include trojans in a contract. Is that a bad thing? Tell you what--let's wait till you're waiting for that last third from a client, with $200 in the bank and payroll taxes due at the end of the week. It might give you an entirely different perspective on the question.

Re:Ow! My head's gonna explode!

[the+eric+conspiracy]

Well, this is a dilemma! Either support UCITA (and side with Microsoft) or oppose UCITA (and side with the MPAA).

What is the discerning Slashdotter to do?

I hesitate to suggest this in modern society, but could the answer be -

Read the legislation and think through the issues, then make up your own mind rather than have somebody do it for you.

?

Are you a man, or are we sheeple?

Re:future?

[the+eric+conspiracy]

We've been examing our records and found that you have been complaining no numerous message boards and Usenet groups about our product. This is damaging and inflammatory to us. We're going to take away your software and there's nothing you can do about it. You'll be lucky if we don't call the police on you either.

In a case like this UCITA would be ruled unconstitutional.

Congress shall make no law...

Five immortal words.

Unenforceable?

[Alex+Belits]

Moreover, he said, some of the perceived problems with the legislation are unenforceable. Critics, for example, have said the law would allow companies to suppress critical reviews of their projects.

Is it a confession that part of that law is specifically designed to assist frivolous litigation?

Re:the facism starts

[printman]

Not all software companies support the UCITA. In fact, if any of them have any brains, few will support it except the big ones.

Reason: all software companies depend on other vendors' software (compilers, etc.) Without legal means of assuring a minimum level of functioning and reliability, a software company will be on very unstable ground.

I've sent in some "official" letters from my company to the Maryland reps we have outlining many of the problems with UCITA from both the end-user and software developer perspective.

Wrong emphasis?

[ajs]

Ok, so I see several things odd about the way this is being emphasised:

1. No one is looking BACK to say "hey, is it even a reasonable starting point that software vendors don't take responsibility for the software they write?
   
2. The restrictions on reviews and benchmarks needs to be challenged so badly that I can't even thing straight when considering them. This is blatently bad for the consumer! But, very little emphasis is placed on this.
   
3. There is also very little said (only toward the end of *this* article) of the remote shut-down "features".
   

If this bill were simply:

Software shrink-wrap licenses are binding contracts as long as (a) they do not restrict more than the installation and coppying of software and introduce warantee terms (b) the consumer has a right to recieve their money back if they do not agree with the terms

I would still have problem #1, but I would be happy to let the market decide. But, the controversy over this bit seems to be drowning out the truly scary parts of the debate, so people like the Gov. of Virginia thinks this is an OK law. He never hears anyone telling him how truly awful this will be, just "I don't want to be bound by shrink-wrap licenses."

A side note: MS is pushing for refund rights huh? Can't wait for the next refund day! ;-)

DANGER!

[ajs]

You are falling into a trap that the software companies are well aware of! The "we don't have to worry, they only go after big companies" theory is fine until this law goes into effect. The goal here is to make it legal for the software to break when and how Microsoft (do we have any illusions that anyone else is behind this) wants it to. That means that the next time you hit the MS site with IE, it's quite legal for them to nuke every copy of MS products on your hard drive that you didn't license. They'll have standard plug-ins in every app you buy before you can blink. There won't be any such thing as "good guy" companies because the ones that are traded publicly will not be able to justify NOT doing it to their shareholders and the ones that are not public will feel the squeeze when most of the industry goes this way.

Isn't a free market driven by investment fun?

Who's next

[dsplat]

Many states have web sites for their state legislature. NY State's Senate and Assembly web sites include pending legislation. Presumably, similar systems are in place elsewhere. I can't search everywhere. But I think the aseembled hoards from Slashdot can. Watch what your state is doing. Rally the troops. Let's show them what a grassroots movement looks like backed by the Web.

Misconception about GPL

[copito]

(It is sorta like the GPL. Only the liscense gives you the ability to use the product)

You do not need to accept the GPL to use a GPLed product. In fact the GPL forces whoever gave you the copy to place no restrictions on your use.

But since the software is copyrighted, you are prevented by law from making derivative works outside the bounds of fair use UNLESS you accept the license. So the GPL is giving you rights you would not ordinarily have and you can choose to accept it to gain those rights.

Ordinary shrink wrapped licenses may take away rights you ordinarily have, such as freedom to discuss the performance of a software package, freedom to make archival backups, freedom to resell or lend your software, etc. You do not have a choice to use the software without accepting the license.
--