CIOs Worried About UCITA

NeXuSnine pointed out that CIOs of major companies are starting to fight UCITA. Personally, I like the argument floated by UCITA's supporters: "Large businesses, theoretically, should be able to negotiate contracts with vendors that protect and exclude provisions they don't want." In other words, these UCITA supporters knew small businesses and individuals would get screwed, but they figured big companies wouldn't mind because they write their own rules anyway. Now, even some big businesses are worried UCITA goes too far.

Re:It's about time big business realized...

There are some well known minor issues with old IBM host cards in non-IBM computers. In fact, new IBM computers have standard ISA and PCI, so they have these issues too.

Also, in the old days, IBM bundled host integration software with a special version of OS/2 that only ran on PS/2 machines. As far as I know, the modern versions still require client licences -- they're not free.

Anyway, your version of the story is essentially correct. However, I wouldn't put it past an IBM sales rep to push IBM brand clients to a bunch of PC-illiterate mainframe guys.

Re:It's about time big business realized...

Nowhere near as reliable and foolproof as a dumb terminal, however. And considerably more expensive to maintain.

Re:What really worries me about this

This is a point worth exploring further.

Has anybody heard how Larry Ellison of Oracle weighs in on this? Is he equally in favor of it?

How about Scott McNealy at Sun? (granted, he knows almost nothing about computer software, and is a pure management type, but he must know a little about software licenses and how Sun profits from them)

Re:It's about time big business realized...

multiply son, multiply.

funny

"get it in the serial port". I like it.

Re:How are people in other countries affected?

I don't think any evil uncle sam came over and twisted you legislatures arm.... Anyway as far as raising Drug expenses because Patents last longer there is some interesting info comming out of drug companies.... The Patent time does not make much diffrence to them anymore. Patents are "failing" them in a very diffrent way than has been discussed on slashdot. Apperently the "useful" marketing life of a durg is currently under five years and fading. It's not that someone will infringe on the patent but that another substance that fulfills the same need with less side effects tends to come out in less than five years now. The drug companies cannot fully milk their patent time.

Re:What are you talking about?

So Microsoft is going to produce a special run of CD's with software developed especially for the Jamaican market? Yeah, right.

And when the Jamaican gov't passes consumer protection laws that prohibit certain software licensing practices M$ will comply meekly of course. Yeah, right.

There's a difference between de facto and de jure and this is a good example. No laws don't "apply" in other countries but as the original post makes clear, they will still have an effect.

Re:The NCCUSL needs oversight and/or investigation

Check out who's on it ... it's fat cat city for a bunch a mostly not too brillian guys who get to golf a lot.

Re:It's about time big business realized...

Take the incompetent manager who negotiated the deal out back and shoot him lest he breed. And if all you needed was simple emulation to the mainframe, take the IT person who didn't whack the manager upside the head and choke some alternatives out of the vendor outside too.

At my place of work, we contracted with a vendor and installed this new system. It was a year late being deployed, they refused to even try to get the software to work with hardware we felt was superior stating we had to buy our servers from company X and no other, and it still doesn't do everything the vendor promised us.

We haven't paid them a dime due to the number of contract breaches they have commited. It is actually funny. Everytime it gets around to when we should make a payment they fly some people in and "work on issues." When we ask them when are we going to get the next set of features we've contracted for we get the runaround. We're now looking into options to replace this million+ dollar system. We can afford to do this because we did a good job of negotiating the contract.

This is in what I consider a medium sized company. Quite seriously, I'd place more of the blame on your staff than I would on IBM. When IBM was pitching their "best" solution where were your people negotiating for what you really needed? I guess from your example my biggest fear with the UCITA is if some incompetent legal team working for me did a bad job renegotiating the license agreement. In a mid to large sized company you know for sure they would not accept some boilerplate EULA giving the vendor free reign to arbitrarily shutdown a critical system for any reason. Every line would have to be evaluated, negotiated and ammended. Well at least we know that the lawyers on both sides of the fence will be making out like bandits.

Re:How would UCITA affect open source?

The fundamentals of the open source development model (ESR's bazaar) *are* to release early and often and to release unfinished software to create an "itch" to improve it.

Yes, and we've yet to see ESR's model in practice. All we've seen thus far is ESR chasing after reality with an after-the-fact explanation of phenomena nobody fully understands.

As to wether UCITA will be a 'disaster' for OpenSource(tm) or just a wakeup call that debunks a lot of hype, after which projects like BSD and Linux continue to carry on as interesting 'laboratory scale' Computer Science experiments, only time will tell.

One thing for certain is that commercial software development won't devolve into be a lazy backwater where 'coders' can just fiddle around in Emacs. It won't take UCITA to prevent that. Mere reality will suffice.

Re:How would UCITA affect open source?

Hey Larry, you need a new nick.

Can't you see that you're infringing on the rights of the moderators to slap you down? Your default -1 has moderators all over the system weeping at their lost opportunity.

How's a clueless Slashdot zealot supposed to waste points when your comments come pre-slapped?

Get a new nick. Maybe append a period. Maybe then that loser with the campaign (the www.girlygirl.com website or whatever it's called) to bust imposters would come to the rescue of the real Larry Troll.

The way-of-life of numerous Slashdot Moderators is at stake here. Go out there and do what's right, now.

Re:I do, too!

>leaving nothing but GPLed code anywhere on the planet.

You are hoping that Apache, Perl and ever other hunk of code without a GPL licence is gone along with commerical software under the UCITA?

What kind of myopic, GPL bigot are you?

Re:UCITA good for GPL?

>It offends me that my industry would try to screw over a hospital -- especially a non profit one.

And it offends me that someone would want to see ALL software, save GPL be 'punished' under the UCITA.

Why do you have moral outrage for not-for-profit hospitals, yet you are happy to see anything NOT GPLed squashed?

OpenSource comes in many forms, and some of it is NOT GPLed. Life sucks enough for those in the computer industry without GPL bigots running about screaming 'GPL only'

Re:How are people in other countries affected?

That would likely not go over well with a power-mad local state judge, nevermind a judge from another country. The judges of certain states tend to frown on any references to particular other states, or attempts to apply those other state's laws or precedents in their courts.

Like all American law, it would just be a quagmire for us and something for the rest of the world to laugh about.

Re:It's about time big business realized...

It sounds like whoever does your infrastructure planning needs to be fired, if you bought 17" monitors a year ago without any foresight that you'd be buying new bundled systems today.

Microchannel? He should have been fired five years ago.

Re:Maybe big business is good for something

MS contractors weren't complaining about their working environment or even their salaries. For years and years there weren't any complaints from MS temp workers. MS has had essentially the same temp policy since they started 25 years ago. Temps typically make an excellent hourly wage -- much higher than the national average for thier skills -- and they get over-time pay -- something the full-timers don't get. So when a MS Temp puts in an 80-100 hour week you can believe they aren't complaining about how much they are paid. At least not until around 1995 when the stock went through the roof and hundreds (maybe even thousands?) of full-timers became millionares. THEN the temp workers screamed bloody murder about how 'unfair' it was that they weren't filthy rich too. sheesh... And as far as the valley goes -- When you get a $250,000 signing bonus, pull in 120k/yr in salary, plus god knows how much in stock options and bonuses, etc.. i have a damn hard time feeling sorry for you working 80-100 hours a week. Many of these workers would be programming 80-100 hours a week for free anyway (witness linux and the whole open source movement) We were comparing the industrial revolution to the current tech industry -- a comparison i just don't see. I'll laugh my ass off the first time someone suggests a 'revolution' over the working conditions in the tech industry.. where you can easily retire a multi-millionare after working for less than 10 years, less than 5 years in many cases. It used to be a truism that you could never get rich working for someone else -- but now it seems that the quickest way to get rich is to work for someone else. Lets be serious -- software engineers being mistreated by their BIG CORPORATION empoyers?? What color is the sky on your planet?

Re:Slashdot Effect

I very nearly missed your poem, dude.

Go get your new Nick, with a dot on the end. You're depriving Clueless Moderators of their right to waste points, with your default -1.

And girlygirl wants to defend the rights of the original Trollmastah.

Don't you see? A new Nick is a win-win solution for all involved!

Re:Slashdot Effect

what song or poem is this post parodying?

Re:Maybe big business is good for something

Yes, well the people really upset at the present labor market in Software/computers are the rusty old Labor dinosaurs who are completely cut out of the equation.

The contractors who I have contact with are outraged that a few crybabies are trying to spoil the market for contract programmers.

Let the old "Labor Movement" fossils dry up and die. We don't need them.

Re:Not a federal law

if only it actually worked that way...

Corporate time-bombs and Crackers...

I'm so tempted to advocate them to use this, the end-luser who signs an EULA can get shut down by a cracker and can't even speak up about it, or face proper termination of their software agreement... and Micro$loth et al won't feel any need to address any of those 'cracker' problems anymore...

Yeah, it's fairly bad for some free software, but they can't stop me from using free software, and everyone else will be severly impacted by the fragmentation and corporate in-fighting that will ensue under proprietary standard wars. Some of us could make a killing while everyone else fights rising IT and licensing costs...

-- Ender, Duke_of_URL

Re:How would UCITA affect open source?

Ah... UCITA doesn't make open source illegal. Nor does it make it illegal to develope open standards.

Re:What are you talking about?

I for one have no faith that timebombs and remote shutdown commands will not be a problem for people in areas outside the jurisdictions where UCITA is enforcable. If the copyright holder doesn't abuse these measures, crackers will.

Shrinkwrap for Free-software?

How about we put together a tar/zip format that presents a shrinkwrap license that you must click thru before you can look at the source/docs/etc...

-- Ender, Duke_of_URL

Paradox: UCITA may be nail in closed-source coffin

If open source software can provide the same
capabilities, and allow users & CIOs to examine
the source to make sure there are no remote
controlled timebombs, what advantage (apart
from proprietary lock-in) could closed source
vendors offer their clients?

It seems that IS departments might well review
their reluctance about trusting OSS, with its
perceived risks, when compared to the virtual
certainty of getting screwed by closed vendors
under UCITA.

Re:It's about time big business realized...

Methinks that "last batch" of PCs was purchased in 1991. A little strange to still be complaining about it, especially because a 486 is still a fine terminal emulator.

Re:Maybe big business is good for something

Ok. I would like to know the name, e-mail address, mailing address, or phone number of even ONE UNION of software engineers in the united states... did you forget about the laws that president Regean passed on unions vs the air trafic controllers?

We told them so!

It is good to see that there are some people other than us looking at the consequences of this unconscionable piece of legislation. This abrogation of our rights should be considered treason by any legislator who would vote for and any executive who would sign it.

Re:Better tech solution

[Brian+Feldman]

The state of trolling on slashdot is just sad. At one point, trolls were actually funny. Now, what do we have? Retarded, unoriginal lameness. I'd appreciate it if the idiot trolls would go away, and maybe we'd have some insightful and intelligent trolls.

--

Re:It's about time big business realized...

Yes, it is pretty horrible.

And to think that on nearly any Unix, a user can remotely log into the box, issue su and give the root password, and remotely shut down the entire box....

Horrible. Simply horrible.

Re:Maybe big business is good for something

Wages/Salaries for software engineers are very high and rising fast, in spite of the fact that it is illegal for programmers to organize into unions.

Wages for some programmers, with certain skills and in certain locations, are high and rising fast. Many others are not that lucky.

It is not illegal for programmers to organize or join unions in the USA.

Re:It's about time big business realized...

The frightening thing is that if a vendor can turn you off from a remote location, so can a hacker...

The fun part about it is, that no act, no law, no death sentence, is going to stop the random malicious hacker, whether by accident, or on purpose, or for hire by a competitor, or government, to kill a business.

Its a rotten law. Period.

You know, I'm starting to not care at all.

Things that are so blatantly stupid but yet people are continuing to pursue. The Amazon patent crap, UCITA, and all this Internet control stuff as well.

If the US wants to mess up their high tech future then that's fine with me. Soon companies will patent things like hover cars, then when someone actually invents one, they will be sued. Someone will patent holodecks, transporters, and other such things that are not possible yet, but with such a general patent that they can suck blood from whoever tries to develop things further.

Oh great, now we have to add more restrictions and close up something that has made most of its damn progress by being open.

These people can't see that I guess. Well, when they are paying $100 a month to use their time-bombed Windows 20xx, stuck to one manufacturer who invented something because reverse engineering is illegal and all other companies have to pay royalties to the first making their products more expensive, and limited only to commercial dotcom companies for websites because free speech on the Internet has all but been eliminated, I guess we can say "I told you so." Because at the moment, it seems these people won't listen to reason.

Oh, did you know, next week all DVDs will have hidden software that will scan for DeCSS(no, not the webpage CSS tag remover), and a secret police squad will bust into your home, take away your computers and brainwash you.

Yeah yeah, I'm being extreme, but this is where its all leading. But as I said, I'm beginning to wonder if I should care at all. If no one listens, why shout?

Re:It's about time big business realized...

Now you need our emulator to access the mainframe from your personal computers.

Dude. x3270. Use it. Love it.

Re:How are people in other countries affected?

It's hard to say. There is a provision in UCITA that lets the software publisher pick the place where legal disputes are settled. If a UK user sues a publisher, I wonder if they will try to use that provision.

legislation

And when big business' talk, congre$$ listens

Agreed. IBM is cool.

I picked up some old RS/6000 servers and workstations from a local company and they didn't have the OS media for them (AIX) so I called IBM and explained to them that I was just a hobbyist and would have to resort to "piracy" (that's a bit of a strong word in this case) if I couldn't get it from anywhere else. They were pretty cool though, within a week I had AIX 4.21 shipped to me free of charge and they even told me to give it to anyone else as long as they were just hobbyists. Very cool. Now SGI on the other hand... not a help at all unfortunately.

Re:Maybe big business is good for something

You have a good point about unions, and the industrial revolution, but I just don't see how it applies to the current tech industry. Wages/Salaries for software engineers are very high and rising fast, in spite of the fact that it is illegal for programmers to organize into unions. Companies that everyone loves to hate, such as Microsoft and AOL, may be criticized for their agression to their competitors, or even criticized for harming the end user/consumer, but they are usually not criticized for the way they treat their employees. The tech industry is arguably the best industry to work in, as far as working conditions go -- companies in california are at war with each other to provide more attractive working environments to try to lure in programmers -- giving things like every other friday off, hundreds of thousands of dollars signing bonus if you agree to stay for a few years, huge amounts of stock options, no dress codes, no set working hours, sheesh, where else do you find pool tables and free beer, etc. AT WORK? And all this is in spite of the fact that there are no programmers unions.

Re:You can't shut me up.

[rodgerd]

No, but the credibility of someone who claims to be an authority on a topic because they looked over the shoulder of another person is minimal.

Re:Nonsense

[Oblio]

Well of course there is no cartel provision- the question is whether UCITA provides incentives to cartelize.

I personally don't see this as happening at all, as the primary characteristic of cartel markets are strongly oligopolistic suppliers with opportunities for collusion. Of course software doesn't really fit this description, and since barriers to entry for IT solutions are relatively low, cartels aren't something that I would be concerned about as an IT manager.

OK, you are a lawyer so riddle me this:

There is a beast called a contract, and there is a beast called a transaction. Transactions have implied contracts ( implied warranties of merchantability, etc. ).

I have always respected the contract, but more and more, we are shifting limitations of use into an implicite contract of transaction.

UCITA supports the concept of taking my rights away without my signiture. (of course, VHS tapes are sold under implicite license as well and I don't really have a problem with this). I guess my real beef is that EULA's are very difficult to understand, and people are losing their rights without fully understanding what they are giving up. To my mind, this is transaction by misdirection (fraud?).

Of course, I'm talking about "little rights" above, and not natural rights, but still- how can you support this?

Re:What are you talking about?

[Forge]

Yes, but all three of the posts I quoted are clearly talking about making law de jure. Of course legislation in one country or state potentially affects people living elsewhere. Just like environmental policy in the Caribbean affects the water I drink. But you don't see Jamaica offering me representation in their government, like the original poster feels he's being unfairly denied in the Virginia legislature.

Many years ago someone in high office was asked to explain why people vote. After much consideration he distilled it to an "Enlightened Self Interests".

The representation Jamaicans have in some parts of the US comes from the huge numbers of Jamaican with dual Citizenship living in some communities. Our interests generally don't stray far from what Black Americans want so it's not noticed as a "Jamaican Lobby". It's there though.

There are 2 aspects to this law. One is what parts of the license can be enforced in court and the other is what technical changes can be made to the actual code.

A license which is only acceptable under UCITA will be unenforceable in Jamaican court and you would have a hard time prosecuting a Jamaican for violating it here. Therefore the 1st aspect isn't such a great concern.

A "remote shutdown" backdoor is another matter. If there is some way to get it to work over significant distances ( say between washington and Virginia ) then It can also be made to work here. This would give an american company the right to hide behind the Virginia courts and enforce UCITA in places where it is clearly illegal.

Remember Noriaga ? He was violating american law but Panama didn't seam to mind. The US sent the troops in and dragged him to trial in a US court then sent him to an American prison.

Most laws become international by default.

What are you talking about?

[Otter]

That makes sense until you realize that this law if passed would be enforced in 3rd world countries.

Huh? Maybe I'm missing something here, but these are state-wide laws. They don't apply to other US states, let alone to other countries. This isn't the WTO.

Again, maybe there's something I'm not aware of, but reading the UCITA resources at badsoftware.com doesn't suggest there's any international issue here.

Re:What are you talking about?

[Otter]

Some stuff that I don't necessarily agree with, and then the crux of the issue:

There's a difference between de facto and de jure and this is a good example. No laws don't "apply" in other countries but as the original post makes clear, they will still have an effect.

Yes, but all three of the posts I quoted are clearly talking about making law de jure. Of course legislation in one country or state potentially affects people living elsewhere. Just like environmental policy in the Caribbean affects the water I drink. But you don't see Jamaica offering me representation in their government, like the original poster feels he's being unfairly denied in the Virginia legislature.

Re:What are you talking about?

[JDax]

Huh? Maybe I'm missing something here, but these are state-wide laws. They don't apply to other US states, let alone to other countries. This isn't the WTO.

Again, maybe there's something I'm not aware of, but reading the UCITA resources at badsoftware.com doesn't suggest there's any international issue here.

• In what country is the largest software corporation in the world located?
• What company's software does 90+ % of the *world's* desktops supposedly run?
• What software company easily has the $$$ to pay off the right people to pass such a law?
• What software company would benefit the most from this?
• What company would most likely wish to have the same type of control *everywhere* in the world (in a "consistent" fashion) their software runs?
• What company could easily "move their headquarters" (on paper) from one of those states in the Pacific Northwest, to Virginia?

Right. &nbsp Same answer to all 6 questions.

;-)

Re:What are you talking about?

[Otter]

Don't any of you people understand how laws work? I can't believe the parent post has gotten sent to +3. Let's try this point by point.

From the original post: It's bad enough that Americans get to petition elected officials to vote down this law. Here we don't get to comment on it because we have no elected reps in the US. That makes sense until you realize that this law if passed would be enforced in 3rd world countries.

No, state laws are not even enforced in other states, let alone in other countries. Just like your country's laws don't apply to me and why I don't get representation in the Trinidad government.

Not all of them and not immediately but it will come. What dose a little country like Jamaica or Trinidad do when American corporations with a wage bill beyond our GDP backed by Uncle Sam starts to brutalize our people under an unjust law that isn't even ours.

What do you mean, "it will come"? Either Virginia law applies in foreign countries or it doesn't. (Answer: it doesn't and it won't.)

From bendude: Don't you remember that whole DVD bust thing a few months ago. US (almost) Laws being enforced in lesser countries.

No, that was Norwegian law being imposed in Norway.

From JDax, an argument hanging on the idea that: What company could easily "move their headquarters" (on paper) from one of those states in the Pacific Northwest, to Virginia?

Doesn't matter -- the issue is where the customer is, not where this company is based. And even it did, it wouldn't affect other countries.

By the way, I think UCITA is outrageous -- a view shared, incidentally, by the Federal Trade Commission. But the idea that it's enforceable in other countries is absurd.

Re:What are you talking about?

[bendude]

Don't you remember that whole DVD bust thing a few months ago. US (almost) Laws being enforced in lesser countries.

Re:Slashdot Effect, or What Song is This?

[thulldud]

I instantly thought of "Bringin' Home the Oil" from an old TV commercial. I doubt that the tune was written just for that, and I don't remember it well enough to be sure if it fits these words.

So, tell us what tune to use next time. And, btw, are you going to archive these brain droppings somewhere?

Re:Slashdot Effect

[unitron]

Sevice or Kipling?
Yeah, I know, you've never kippled.

Re:What really worries me about this

[unitron]

If accepts a standard of measure that calls Microsoft a large software company (as opposed to a gargantuan one), can any other companies qualify for that appellation? Especially if one excludes "large hardware*and*software companies" such as IBM?

Bill G's new job

[gelfling]

I guess this is what Bill G means when he says he is the chief architect. Er..... chief lobbyist. Uh.... chief investment litigator.

Great opportunity for Open Source!!!!

[crovira]

Hey, this is a great opportunity for Open Source software.

[Sales voice-over pitch]

How can you know that your vendor isn't setting you up for UCITA extortion later?

Don't buy software without the source code.

I say let those who would try this idiocy try to spread it far and wide. It will just hasten their demise.

Re:Great opportunity for Open Source!!!!

[Spoing]

I know that many folks here already know the issue. For everyone else....

www.gnu.org/philosophy/ucita.html

From the article: "You see, UCITA says that by default a software developer or distributor is completely liable for flaws in a program; but it also allows a shrink-wrap license to override the default. Sophisticated software companies that make proprietary software will use shrink-wrap licenses to avoid liability entirely. But amateurs, and self-employed contractors who develop software for others, will be often be shafted because they didn't know about this problem. And we free software developers won't have any reliable way to avoid the problem"

Here's a summary of the point: Free software can't avoid the increased, default, liability because a shrink-wrapped licence can't be applied to something that isn't shrink-wrapped!

That means that if you write something, and include a licence in a text file that says "no warranty", the "no warranty" licence doesn't apply -- you're still liable even if you never make a cent!

There are numerous other reasons why this -- to grab a quote from Ghostbusters -- is "A bad thing" for free software.

Come to think of it, the UCITA probably applies to Shareware, "free" programs from various web sites, and other non-shrink-wrapped commercial software, too. There's another angle...

Re:What About Software Retailers?

[IntlHarvester]

Veerrry interesting ... One of the supposed positives of the UCITA is that consumers actually have the reasonable option of saying "No, I don't agree to your licence - give me my money back." (Which as the whole Windows Refund thing proved, doesn't really exist right now -- a big argument why EULAs are not currently enforceable.)

If the retailers can easily opt out of the return clause, we have a situation where software companies can take your money, try to force a ridiculous clickthru EULA on you, and refuse to give a refund when you don't agree. Yow! One wonders if this has any chances of passing in consumer rights states (California, midwest).
--

Re:How would UCITA affect open source?

[um...+Lucas]

Well... People buying %50,000+ software licenses will probably avoid any UCITA hastles... Maybe vendors will realize it and explicity state in their licenses that UCITA will not be enforced on those packages.

However, if all desktop software is given a more restrictive license, there realy isn't that much that people can do about. Linux can't step into to Windows' space yet... As a mattr of fact projects like WINE will probably get wiped off the map relatively quickly... So many other projects, like GPG, FreeVMWare, StarOffice, Koffice, etc... would all be forced to relocate out of the country or be abandoned... They'ed no longer have meanst o provide compatibility... Or even if they did, individual users might use that software, but large companies won't want to run the risk of using "illegal" software to manage their operations

Re:Current SW Licences

[um...+Lucas]

I think that one of the worst clauses in the world is the one that states that Windows license aren't transferable from one computer to another.

Why should a company who might be completely satisfied with their software and only want to upgrade their hardware have to repurchase their software all over again?!? I mean, I understand that Microsoft doesn't want people to buy 1 CD and install it across the corporation, but what real justification (besides profit margins) can Microsoft have for disallowing the transferance of a software license from one machine to another, supposing the first one is headed to the scrapyard or something like that?

Re:Who's pushing this law to begin with?

[wakko]

MICROSOFT - they've said so publicly and one of their flunkies was very involved with the drafting.

MICROSOFT - How will you be legally screwed today?
--

Current SW Licences

[wakko]

Does this effect current licences that people/companies have already agreed to?
--

Re:Current SW Licences

[aufait]

It depends on the state. The Maryland version of UCITA has a Section 4 that states:

And be it further enacted, that a presently existing obligation or contract right may not be impaired in any way by this Act.

However, it looks like an addition to the original text. My guess is that the Maryland Senate explictily made sure that it is not retroactive. Can not make any statements for the other states.

Re:Current SW Licences

[aufait]

Hate to follow up to myself!

I am currently working on a letter to my Maryland Representatives stating some of my objections to UCITA. I would like to include some real life examples of abusive contract terms so I am asking slashdotters for help.

I need some pointers to the more outrageous licensing restrictions. Any help will be appreciated.

Re:Current SW Licences

[G.A.+Heath]

Well, as I understand it, retroactive laws are unconstitional here in the US. However the constition has been ignored often if doing so benifits the Government or big buissiness. So, if UCITA is enforced retroactively then we would begin to see lawsuits and appeals until it reaches the supreme court. Should UCITA be struck down a new law could be passed to the same effect and the process would have to be repeated again. So if UCITA is treated retro-actively then we would be in a world of pain, and if I'm not mistaken it contains language to make it retroactive. On another related note a state law can not interefere with contracts (licenses fall under this) that precede them, see the U.S. Constitution artical 1, section 10.
//******************************************* ********

Re:Current SW Licences

[Spoing]

As I understand it, the UTICA licence would be retroactive; UTICA would superceed the previous licence. (Corrections/affirmations appreciated.)

Re:Maybe big business is good for something

[J�r�me+Zago]

Let the old "Labor Movement" fossils dry up and die. We don't need them.

Unfortunately for you, don't think that the current shortage in skilled IT people will last forever... The money we get in that field is so hyped that many people who would have completely ignored this subject two or three years ago are now following courses and will soon enter the market. And companies are now training people from other backgrounds themselves to save on wages.

If you don't understand what I mean, please read this

Re:How to kill UCITA the Corprate Way

[Bobzibub]

If crackers do learn to use this (agree=-they will), I'd bet the first targets will be those software producers throw the switch on their customers.

Would that be poetic justice?

-B

Not a federal law

[delmoi]

What you have to relize here, is that this isn't a US law. Its a state law. And states have no power to do any kind of diplomacy with other nations. The US government should have no interest in protecting this law overseas, so it shouldn't matter.

[ c h a d &nbsp o k e r e ]

Re:Not a federal law

[JDax]

What you have to relize here, is that this isn't a US law. Its a state law. And states have no power to do any kind of diplomacy with other nations. The US government should have no interest in protecting this law overseas, so it shouldn't matter.

Very true, however alot of the concern is that if enough states pass these types of laws, then that's when the feds often step in to make an equivalent federal law - witness the recently revoked federal 55 mph speed limit law, which started off as a bunch of state laws.

There has been mumbling on high about having more federal regulation of these issues in general, and if that does come about, and international committees come together to discuss it, you may end up with a treaty...

No this hasn't happened, but the U.S. does have some interests overseas. &nbsp For example our embassies and consulates - which are "technically" considered resting on U.S. soil in a foreign land... and of course the military installations. &nbsp But most importantly, U.S. companies (and there's quite a few) in other countries. &nbsp How would they be impacted, unless they're are singled out as exceptions within the law?

Just adding some food for thought...

What about the rest of the world?

[Xofer+D]

UCITA would be pretty bad if passed in the USA. I'm from Canada, and as far as I know there is no UCITA equivalent up here. Theoretically I shouldn't be worried too much, but I am since Canada often follows the US' lead on policies like these. In the meanwhile though, I'm confused by one thing, derived from the fact that companies do not make different software for Canada. We even use the same US-crypto software as the US does. What happens when somebody doesn't like something my company does and turns off my software?

Well, I suppose that my employer would get upset and launch a suit against the vendor if the vendor didn't turn our software back on after we complained nicely... but would they win?

IANAL, so I'm not sure but it strikes me that Canadians and Canadian companies aren't covered by the same legislation, excepting international copyright law. Wouldn't this make UCITA a dangerous tool for vendors to use? Any time software ends up outside the US they'll be liable for damages from their time bombs, etc. Does anyone with more knowledge have a take on this?

Re:It's about time big business realized...

[Wah]

and when you think about having a remote absolute shutdown "feature" standard...I mean, that's just stupid.

--

80 - 100 hours of work, or of presence?

[cyberdonny]

After all, you also need some time to play pool, have a couple of beers, read the papers, surf the net, etc.

scary stuff

[romco]

If the UCITA allows a software company to;

1. Put code in their software that checks that
you are using it according to thier software
agreement.
2. Put code in that allows them to terminate the
use of the software if you are not using
it as per their agreemment.
3. Disallows any "reverse engineering".

Then it would seem to me that that software company could force you to upload every thing you do with that software and everything related to
you do with the software (check to make sure the other computers on the network are not interferring with the software etc.) and because they do not have to show you their code they would'nt even have to tell you they are doing it.

This would probably be an extreme view but companies tend to push laws to the limit and I am sure some will try it.

and we were worried about the goverment wanting to be big brother...

You can't shut me up.

[anonymous+cowerd]

> Under UCITA, a software company can make it an actionable breach
> of contract to say anything they don't like about their product.

Maybe that holds for the dumb sucka that actually opened the shrinkwrap, or clicked on the "I agree" button in the EULA dialog box. But whoever they are, they can't stop me from publicly proclaiming that their shitty software sucks, because I didn't buy it, or install it, or agree to any contract. All I did was look over some other guy's shoulder while he muttered curses as he wrestled with that big bag of bugs. And I ain't gonna tell you whose shoulder either, and you can't make me.

Yours WDK - WKiernan@concentric.net

...another card-carrying ACLU member...The ACLU is your friend!

Re:You can't shut me up.

[rodgerd]

The point is, only the guy who installs software has "assented" to the EULA. The next guy who sits down at the console would seem to be legally immune. This is a lapse, I suppose, on the part of those anal-compulsive types who dream up all that legal rubbish.

Actually, Office 2K require users who log in to Windows to "sign" the EULA if they have not done so already. And whilst trying to work around that is still possible, it won't be for anyone who wishes to maintain a credible profile.

Did you know that the NT Server EULA now prohibits benchmark testing without prior approval by the Microsoft Corporation? I guess it's Mindcraft or no craft at all.

This has existed for quite some time, and most database vendors have similar clauses in their licensing. The difference is that under UCITA they will be legally enforcable - probably by the FBI or similar if the DCMA cases we've seen recently are any indication.

Re:You can't shut me up.

[anonymous+cowerd]

The point is, only the guy who installs software has "assented" to the EULA. The next guy who sits down at the console would seem to be legally immune. This is a lapse, I suppose, on the part of those anal-compulsive types who dream up all that legal rubbish. The obvious response is that users would have to click through a EULA dialog box every time they load the program. Also, they'd have to include verbiage that would prohibit user "A", who started the program and clicked through the EULA, from leaving his desk to go to the rest room, during which lapse an unauthorized, non-EULA-assenting user "B" might sit down at the console and perform God only knows what kinds of nefarious, EULA-violating offenses. But even that wouldn't stop me from reporting on what I witnessed watching over the contractually-bound user's shoulder.

By the way, just last Friday I went through the install for Windows NT Server v.4.0 on my company's new Accounting server. Unlike probably 99%+ of the people who run the NT install program, and to the considerable annoyance of the head of Accounting who was eager to get it over with, I actually read the entire OEM EULA, rather than just holding down the "Page Down" key until it beeps and then hitting "F8". Well, here's yet another reason why the Microsoft lawyers all need to be hanged. Did you know that the NT Server EULA now prohibits benchmark testing without prior approval by the Microsoft Corporation? I guess it's Mindcraft or no craft at all.

Yours WDK - WKiernan@concentric.net

The general public ...

[aUser]

For any action to be effective, we need to get the support from the general public on this. If they knew and understood the issues at stake, they would support us wholeheartedly.

But believe me, they still haven't got a clue.

A pound of flesh

[stuce]

The whole fact that a license I have not read
can apply to me only because it says so, really
bothers me. Someone should make a license that
says you choose to agree to it if the package is
opened, and the license state the person agreeing
has to give you a pound of flesh or some such.
Then do the exchange with someone you trust and
take each other to court! We need to set some
precedence in court that such licenses are total
bull!!

Separate powers btwn Buyer, Distributor, Vendor

[Rares+Marian]

Until we stop blaming the world's problems on genetics, laws, technology, economy, philosophy, or gov't we're going nowhere.

What needs to be setup is a trilateral deadlock just like constititution has setup for gov't. And it needs to be respected taught and explained to everyone. We're going down in an orgy of cynical impotence.

Unions are a cop out. Get your voice out.

[Rares+Marian]

Nuff said.

Bad idea Microsoft would adapt easily

[Rares+Marian]

It's been pointed out before. Companies are not stupid. They'll find the threshold that shuts people up. In the end they win regardless of open soutce or free software. The time they lose is if companies like Reynolds Metals stick to their guns.

Re:Maybe big business is good for something

[y6y6y6]

I agree that big business needs to do something radical to protect it's investment. But this is trying to use old legal tricks to handle problems raised by a new paradigm. It won't work. You can't review without permission? If I post a review here and ask everyone to mirror it there will be too many reviews for the lawyers to track down and slap everyone. Same with most of the nastier parts of the UTICA. I'm really leasing? I buy most of my software on eBay. Try stopping that.

If it passes there will be lots of law suits that big business will eventually lose. Even if they win the law suit, it will be largely ignored. They need to find a better solution than standing in front of a tidal wave and ordering it to turn around.

I suspect that things like this will come and go quite a bit over the next twenty years until something more balanced is achieved
.

I can't believe they said this...

[Dinosaur+Neil]

UCITA supporters argue that the measure gives predictability and uniformity to software licenses.

UCITA lets 'em uniformly and predictably say, "It's our software, and you're lucky we even let you touch the box!" No other industry has this kind of "protection"; how is it that legislators are taking this seriously in the first place?

On the bright side, this really should end up drawing some more public attention to open vs. closed source arguments...

Maybe if Newsweek or Time or one of those other weekly news rags smelled blood in the water, they could write something that draws the ire of the end user community... Hmm, I feel a letter-to-the-editor coming on...

Re:Who's pushing this law to begin with?

[fanatic]

MICROSOFT - they've said so publicly and one of their flunkies was very involved with the drafting.

Who else has so much to gain from a law that immunizes the vendor for the consequences of crappy software?

Re:If *I* Were CIO

[god_of_the_machine]

Why would any member of this cartel break ranks and give me what I want, when I wouldn't be able to get it from any other vendor?

I don't know about that part -- you see big companies break from cartels all the time (look at the Venezuelan oil companies most of the time). I think that some vendors will be driven to sign non-UTICA contracts from free-market based principles. If not -- you're right that all-Open Source will be the only way to go for most any organization.

How are people in other countries affected?

[Kamran]

I live in the UK and was wondering whether anyone knows how UCITA would affect other countries, if it was accepted.

Re:How are people in other countries affected?

[bendude]

Why don't we, as a group, concentrate on these back doors - thus making them too hot to include in mission critical software?

Re:How are people in other countries affected?

[JDax]

As far as I know, unless another country chooses to pattern their own laws after this, only through a treaty between countries, would this extend beyond the U.S. borders. &nbsp And as a FYI, treaties are pretty difficult things to enact here in the U.S.!

Re:How are people in other countries affected?

[elbuddha]

"Currently this doesn't effect ... anywhere outside of Virginia."

Not true. Once passed in Virginia, all a aoftware vendor has to do is set up an office in Virginia, and state "The terms of this liscense agreement are bound by the laws of the Commonwealth of Virginia" or some such.

One state is too many, and its already too late. Where were these CIO's a few months ago?

Re:How are people in other countries affected?

[MRK]

Certain countries (not many mind you) ban the sale of region restricted dvd players. If more countries banned their sale, the MPAA, etc would lose that stupid battle.

I think the same argument applies here -- UCITA or no, if many other countries prohibit the sale of backdoored software a la UCITA, software manufacturers won't avail themselves of their new-found U.S. rights. Hit them where they pay attention -- in the wallet.

Re:How are people in other countries affected?

[sstrick]

Currently this doesn't effect the UK, or for that matter anywhere outside of Virginia.

However it is a precedent and I wouldn't be supprised if the UK or EU use this template for modelling there own laws.

Re:How are people in other countries affected?

[spiralx]

However it is a precedent and I wouldn't be supprised if the UK or EU use this template for modelling there own laws.

I'm not entirely sure if I remember this correctly but I believe that the High Court over here in the UK ruled that end-user license agreements were not valid and had not power in law, so something like the UCITA as it stands could not become law over here. Of course they could still try to get the rest of it passed...

Re:How are people in other countries affected?

[miles_thatsme]

I don't think that other countries will likely simply 'model' their legislation after this bill. But as Big Money has vested interests in it in the US, pressure will be applied through the WTO to enforce the provisions in other countries.

Their clout enforcing intellectual property issues is astounding--here in Canada it looks like we will be required to extend the duration of patent rights in conformity with the WTO (read US), which will rapidly inflate our drug expenses.

I can't even imagine what the precedent is assumed to be... there certainly isn't one outside software (imagine renting a car whose engine cuts out on the highway because you exceeded the allowed mileage, or the company didn't like your monitored driving habits).

I think we're looking at the revival of intellectual serfdom, where one cannot buy anything to generate their own profit, but rather is required to rent at an arbitrary and changing price fixed by the intellectual nobility. I'm surprised software companies haven't already thought of software-for-shares arrangements already. Welcome the new economy.

Re:How are people in other countries affected?

[habib23]

While legally this would not affect non-US users, it will in fact have an effect, especially if it is adopted in the majority of states. The software produced in the US will likely contain the enforcement mechanism for the self help provision of UCITA. As a result, the company will have the ability, if not the legal right to shut down your software (or is it their's now?) at will. Not legally, mind you. But that won't stop crackers, either.

Re:Early adopter bonus

[tree_frog]

Erm,

isn't this just the prisoner's dilemma (or it's extension into a multiplayer situation, the "Common good" problem, as discussed by Mancur Olsen in The Logic of Collective Action)

However, the situation as you describe is only correct on the assumption that it is a one-off game. When the situation you describe is repeated, then things are rather different. This is the situation described by Robert Axelrod in The Evolution of Co-operation

In a repeated situation, whilst free riders can be a problem in the short term, in the long term they are not. Many different scenarios exist, depending on the intelligence of the players and the potential for misunderstanding either the situation or the way that others are playing.

I don't think that your analysis is sound, because the situation is not a one-shot play, but a repeated game. State governments are elected, so there is the potential for laws to be repealed at regular intervals, or for new laws (such as the inapplicability of shrink-wrap contracts) to be passed.

However your point about the applicability of laws in differing states, and the relationship between them is well made. Sounds like there could be a realy nice little BSc or MSc project in examining this sort of thing as a spatially distributed economic game.

Regards

treefrog.

Re:It's about time big business realized...

[Kaht]

The frightening thing is that if a vendor can turn you off from a remote location, so can a hacker...

You think that's the frightening thing?
The frightening thing isn't having to spend an hour or two reinstall software a cracker *glare* trashed, the scary thing is when a company says "buy this $8 000 000 000 computer or we'll turn off your current computers."
The real enemy is in the corporations.

Hmmmmmm

[el_guapo]

Anyone consider that the wide-spread adoption of this putrid law could give open source a serious shot in the arm? (i.e. be a Good Thing for open source) This may be all the nudge a lot of companies need to give up on M$ and other closed-source/proprietary crap. Lessee, I'm a CIO/IS manager type, I need a new app/OS/whatever, M$ licensing says after I buy/install it, if I make them mad, they can remotely nuke my box until I give in. GPL stuff says "Here, take it, play with it, poke at it" I think I'd try and make the GPL stuff do what I needed. Is this a valid point or do I need to stay away from the oven cleaner?

Re:Hmmmmmm

[Spoing]

Is this a valid point

I wish it were. Filter the comments to this story limiting the score to 2 or higher and you'll see a few reasons why this is really bad for open source.

or do I need to stay away from the oven cleaner?

Hey, I'm a libertarian. As long as I don't have to either deal with or pay for your personal habits, go for it!

I agree he's overstating it quite a bit.

[Chagrin]

I'll have to agree with you. At McKessonHBOC, I've never seen any (complete) incompatibility with any emulator. I myself took a liking to Linux's X3270 emulator. IBM "Host on Demand" that comes with Netscape Communicator also worked well.

Re:UCITA + Digital Millenium Copyright Act.

[fawlty]

There are some additional bad scenarios that occurred to me. I don't know if these are possible under UCITA and DMCA.

I have heard someone citing the reverse engineering clauses as preventing companies from creating compatible competive software, like creating Word importers for StarOffice through reverse engineering. Would the UCITA+DMCA mean that if you had your family photos in some database (lets call it Photos2000) and for some reason they/you disabled the software, no one would be legally allowed to recover the photos from the database without the software? Would that be reverse engineering?

Another scenario: Last year, someone found that Real was sending private user information back to Real without the users knowledge or permission. Before that, someone discovered a bug in Windows OS registration that sent the user's private information back to Microsoft regardless of how the user checked the "Don't send my info" box. Would the UCITA+DMCA make this software network-eavesdropping illegal as being reverse engineering? Would the AIM/Microsoft fiasco be considered reverse engineering?

Does someone have the answers to these?

--"Net increase in greed."

These rules could apply to you, too.

[Eric_Grimm]

Forum selection and choice-of-law clauses tend to be enforced in contracts, even if the parties have no power to negotiate. See Carnial Cruise Lines v. Schute, 499 U.S. 585 (1990); The Bremen v. Zapata Offshore, 407 U.S. 1 (1972).

Presumably, most vendors will include such clauses in their contracts, seeking to channel disputes into jurisdictions where UCITA has pased (California and Virginia will be big battle-states). The really smart vendors will set up an industry-favorable arbitration forum and insert a clause that says "all disputes will be arbitrated before [Industry Forum] under the law of [pick a UCITA state].

Hate to rain on your parade, but just because you are in England does not mean you get to avoid this statute. Just ask all the Names from the United States who had to litigate their claims against Lloyd's of London in English courts.

Eric C. Grimm

CyberBrief, PLC

Ann Arbor. Michigan

Eric.Grimm@CyberBrief.net

Re:Maybe big business is good for something

[rustman]

Very few tech workers want to be in a union now. There have been various attempts by the AFL/CIO to organize the San Francisco web sweatshops. But at this point in time here, it's easier to just get a job somewhere else than it is to unionize. But times will eventually change. And as more giant corporations dominate the landscape, there will be a need to unionize. Small shops almost always take better care of their workers than big corporations.

contradictions

[Daniel_]

Is it just me, or does this bill seem a bit contradictory to the Micro$oft trial. One one hand, a coalition of states are punishing Micro$oft for predatory buisness practices, and now this bill is introduced which essentially legalizes this behavior!

Re:What About Software Retailers?

[Pahan]

The store return policy only changes things a little: find some software package you wanted to buy for a while or some old software package that costs $15 or so. Or perhaps a Linux distribution. Then, buy something else. Disagree with its EULA. Come back. Exchange it for another piece of software that you don't want. Repeat proceduare until satisfied. Then, exchange it for the software you wanted in the first place. Theoretically, this will work: as far as the store can see, you've bought, opened, and returned (ruined) a dozen or so items because of their EULA and UCITA. You wound up buying and not returning 1 software package, a package which is open-source anyway. I don't know whether this would work in practice, and bear no responsibility for any losses resulting from my suggestions.

... See, I am getting into the license game too.

Contact is a "Meeting of the Minds"

[Trollberito]

Quite frankly, a contract is supposed to be a meeting of the minds, not a seller forcing their terms down a buyer's throat. If there is a contract involved where I have no input, then it's not a contract and I can modify It as needed until I am satisfied with it. UCITA be damned.

UCITA good for GPL?

[CSErwin]

I must confess that I have only marginally followed the UCITA posts, but it seems to me that the UCITA could be good for the GPL and opensource in general, especially among small businesses.

What small company would want to hold itself hostage to a proprietary software vendor by opening itself up to the kind of external control that the UCITA provides? To say nothing of licensing fees, give those small businesses access to open and free solutions, and software companies that exert UCITA powers could be in real trouble.

I work for a small non-profit hospital doing clinical decision support, and with our database vendors we are already sensitive to a growing trend from licensing of software to licensing of access: vendors ask us to warehouse our data, and we purchase access to it. Under this model, if we alter our relationship with a vendor, we not only lose access to our data, but to all work (reports, analyses, results) done on that data that we don't have in hard copy.

The result of this shift in licensing has been to pull many of our database solutions in house, and it is only a matter of time before we start working with other non-profit hospitals to develop common and open solutions.

The UCITA essentially gives all software vendors the same "off switch" power that our warehouses have. I think under that model, those without the clout to negotiate UCITA exemptions will seek alternatives, just as we have.

-CSErwin

Re:UCITA good for GPL?

[Greyfox]

It offends me that my industry would try to screw over a hospital -- especially a non profit one. And I've heard tell of it happening. Life sucks enough for those in the medical industry without us making it worse for them.

3rd world.

[Forge]

It's bad enough that Americans get to petition elected officials to vote down this law. Here we don't get to comment on it because we have no elected reps in the US. That makes sense until you realize that this law if passed would be enforced in 3rd world countries.

Not all of them and not immediately but it will come. What dose a little country like Jamaica or Trinidad do when American corporations with a wage bill beyond our GDP backed by Uncle Sam starts to brutalize our people under an unjust law that isn't even ours.

The Caribbean population in New York is probably big enough to push against this sort of thing but what about other states ?

What really worries me about this

[freddie]

Is that this means that M$ is now getting into lobbying, and even if UCITA fails, they'll probably be in there trying to get similar laws to pass for a long time.

BTW I don't know why articles about UCITA always refer to it being backed by 'large software companies'? Is there any other company involved besides M$$??

Re:How would UCITA affect open source?

[Rob+Kaper]

It seems, on the surface, that this (or a similar law) would dramatically boost open source software. One sure way to kill proprietary software is to make it fatal!

This is the most common UCITA misunderstanding. It's not about closed or open source software. UCITA makes a distinction between software that is distributed under a shrink-wrap license and all other software.

Shrink-wrap distribution (and *only* SW-dist) is allowed to waiver all responsibilities, while other distribution (e.g. Internet downloads) automatically mean full responsibility for the author(s).

This would be a disaster for open source. The fundamentals of the open source development model (ESR's bazaar) *are* to release early and often and to release unfinished software to create an "itch" to improve it.

It's understandable many people associate the UCITA with open and closed source, but I wish more people would realize that's not what it's about and that that is exactly the reason it's so scary. UCITA does not only screw consumer rights, but also developer rights.

Re:UCITA hurts software companies, too

[chialea]

one word: Microsoft.

if they don't have it, they'll make you so miserable you'll sell to them. under utica, this is pretty damn easy.

Lea

Re:It's about time big business realized...

[Syberghost]

As far as I know, the modern versions still require client licences -- they're not free.

IIRC, you're required to have client licenses for the number of users, whether they're using IBM's program or anything else.

Those Linux 3270 or 5250 users are supposed to be licensed to.

Of course CIOs are fighting UCITA

[Graymalkin]

Any intelligent and savvy CIO will naturally fight UCITA, shrinkwrap licenses and licenses that can be changed at any time are a company's mortal enemy. If UCITA passes in your state it would mean patent and licensing laws would be a standard part of CIS curriculums in colleges.

Re:your sig

[Graymalkin]

yeah save your comment for the other thousand people who did NOT see the intentional error ;)

Your .sig wins the prize!

[Black+Parrot]

> So Linus, what are we doing tonight?
> The same thing we every night Tux. Try to take over the world!

That's great. I wonder what percentage of geeks are closet P&B fans?


--

Re:Maybe big business is good for something

[smf]

Well, actually they [big companies] ARE criticized for their treatment of employees. Microsoft recently got pilloried in the press [and the courts] for their more than cavalier treatment of what they strategically refer to as "temp" workers.

Further, providing signing bonuses, pool tables, etc. in exchange for 80 - 100 hour weeks doesn't usually [sometimes in retrospect] seem such a bargain.

Re:Proprietary software is about lock-in

[Mark+Shewmaker]

Of particular concern to the open source movement (which of course is an ultimate form of open standard) are the conditions meant to discourage open standards. For instance draconian prohibitions on reverse-engineering.

I'm trying to address at least that problem in the Open Patent License under development at www.openpatents.org. For instance, in order to be able to (given some other conditions) potentially use any of the software patents of everyone who has licensed all their software patents under one of the Options of this agreement, not only do you have to similarly license all your software patents as well, but you also have to license other "patent-like" IP that covers things such as look & feel copyrights and reverse engineering restrictions.

So even if reading were illegal, that is if reverse engineering restrictions were valid, a company that needed to use hundreds of patents potentially freely available to them if they were to agree to that sort of Option of the Open Patent License, would probably find it cheaper agree to one of those Options rather than both attempt to use legal means to hide their product from the eyes of their customers and license all the patents they need.

As long as there's a way to opt-out of the patent system and UCITA restrictions among agreeing participants, I'm guessing that most companies will find it cheaper to opt-out of those restrictions when possible when faced with the alternative of endlessly charging each other for red tape.

(International legal reform getting rid of these sorts of restrictions on reading and thinking would be a much better answer, but I think convincing businesses to save money and increase stability and growth might be an easier solution for the short term.)

Nonsense

[werdna]

Please identify the cartel provision? Of course there isn't one. UCITA is just contract law, for gosh sake, and contracts is the least cartel-centric area of law there is. To the contrary, it promotes competition.

I the market really, truly cares about a provision, then a competitor will enter the market and offer the provision, thereby breaking the cartel.

The market forces will assure that overreaching can't happen -- certainly not at the level of large corporate license negotiation. Even where it does happen, nothing in UCITA makes it more or less likely to happen -- self-help provisions can be found in contracts today.

COMPETITION will determine which provisions for software are meaningfully applicable to consumers in relevant markets, just as COMPETITION led to the abandonment of the copy-protection "cartel" in the 80's.

A natural response to the pitch

[werdna]

How can you know that your vendor isn't setting you up for UCITA extortion later?

Easy. RTFC.

How would that be different?

[werdna]

What makes you think these provisions can't occur without UCITA? That is the thing about contract law -- its private laws, and two parties can enter into just about any deal they want. The trick is not to buy from idiots who offer only provisions you can't stand.

If the market really, truly cares about the provision, they'll soon be out of business. If the market doesn't care, then, you're just whining about the results of free enterprise.

In any case UCITA isn't necessary for these things to happen, and it won't be sufficient to make them happen.

Re:Does it Apply Abroad? Probably, Yes.

[werdna]

I would tend to agree with Eric. It is common to see language incorporating international treaties or provisions, such as INCOTERMS, or the law of "third party" nations, particularly in international transactions. As understood, it is fairly routine to enforce such provisions.

I'm really not sure what uncertainty about this point Cem Kaner's remarks, cited in the article, was addressing. Cem?

How is UCITA different from Status Quo?

[werdna]

The article proposes, quoting the views of a corporate CIO, that UCITA shifts bargaining power. Yet it does not say how. Yes, UCITA has provisions concerning self-help, but how is this any different than the status quo with respect to a negotiated agreement?

For years, I have found overreaching vendors who seek such provisions in their agreements (or vendors who give notice that their software permits them to engage in self-help in their documentation, without a specific estoppel provision). To permit this is mindloss for the buyer in many cases of course, but might be acceptable in others. It seems to me PRECISELY the sort of thing that can be (and presently is) hashed out in a routine negotiation.

UCITA didn't introduce the practice, and isn't necessary for the practice to exist.

I have negotiated hundreds of license agreements, and have found that the size of a corporation has precious little to do with the "clout" of a negotiation -- the bottom line is typically whether a vendor has meaningful competition for a particular piece of software.

And usually, the deciding factor for terms such as these in a negotiation has more to do with whether there is a competitor with a product at a comparable price. I have found that many clients don't give a hoot about self-help (intending to pay their bills), if it means they can get the software for a few thousand dollars less a year. (In practice, the denial of service frequently provides equivalent clout to internal self-help).
In other cases, the client would be nuts to permit self-help before making his initial deposit. Particular factors determine what makes sense, and what does not.

In short, the provision comes up with some frequency in non-UCITA scenarios, and I see no reason why UCITA will or should change the dynamic in any meaningful way for negotiated software licenses.

There are many good reasons to quibble with UCITA (and, BTW, if I were king, I wouldn't have the self-help provisions in it), but this just doesn't seem to be the big deal the article suggests.

On the choice of law issue discussed in the article, I'm not sure what Cem was talking about -- my experience is that courts fairly routinely honor choice of law contract provisions -- indeed, even those specifying choice of law using international traties, such as UNCITRAL's terms, or the law of other countries. However, I'll confess that I haven't researched the question recently, and would love to see some more detailed discussion on these points.

But the issue does raise one important point. There are very few things that cannot be written in or out of a contract. In most U.S. jurisdictions, the limits are basically federal preemption, the implied duty of good faith, and unconcionability. (There are a few others) UCITA, implemented as state law, cannot modify federal preemption, does not modify the duty of good faith, and I don't believe substantially modifies the unconcionability standards. Thus, the only question concerning bargaining clout is the clout the parties had prior to UCITA. I don't see it tilting the balance one way or the other in a negotiated agreement -- at least in the sense that is the subject of the captioned article.

Re:Maybe big business is good for something

[MadAhab]

Your comment may not be flamebait, but it's not very bright either:

without big business you'd probably still be working at a factory for minimum wage

Aside from being rather questionable economic theory, this makes me wonder, who would be running that factory?

There is nothing good about taking away all consumer rights; the fact that the UCITA takes these away from individuals and big business alike should be a clue that something stinks. It's a disaster for large businesses and small, and sets a terrible, terrible legal precedent in trying to enforce contracts that are "agreed to" before they are seen.

How would UCITA affect open source?

[Sun+Tzu]

It seems, on the surface, that this (or a similar law) would dramatically boost open source software. One sure way to kill proprietary software is to make it fatal!

Disclaimer: This post should not be construed to mean I support UCITA. I think it is doomed to the spectacular failure it so richly deserves. In any free market for mission critical software, a vendor explicitly waiving UCITA's stupid provisions will have a huge advantage of any rivals retaining the right to "cut you off". I think the business supporters of this legislation are amazingly shortsighted.

Re:How would UCITA affect open source?

[um...+Lucas]

No, but it could stand to bar any form of reverse engineering... Even if the only purpose of it is to be able to interoperate. That pretty much kills off a LOT of opensource projects, right there. So in essense, it would bar opensource... Openstandards would only last until a company decided to extend them a smidgen more. By keeping those changes proprietary, they could "rightfully" sue anyone that was able to communicate with their software that was using a non-approved application, on the grounds that the only way the client software could commuicate with the server is if someone had reverse engineered the protocol... It could become very scary very quickly if UCITA passes.

Re:If *I* Were CIO

[DaveHowe]

If I were the CIO of a large company, I would be worried that my negotiating position would be much weaker with UCITA. After all, it pretty much creates a legal software cartel. Why would any member of this cartel break ranks and give me what I want, when I wouldn't be able to get it from any other vendor?
I agree - the canonical example of this (Microsoft) has been doing this for years, purely on a pricing scale basis. If they suddenly get the legal RIGHT to enforce whatever shrinkwrap they want, don't you think they will grab it with both hands?

But my real concern would be that the legislation could trigger an even greater decline in the quality of shrinkwrapped software.
Yep - if you are not allowed to claim for faulty software costing your business billions, not allowed to even TELL anyone it has done so, and not even entitled to have a set of terms you can sign (as they can vary the terms of your licence at any time) why should they care about software testing? It's not as if the total dismal failure of a firm due to their software's miswritten routines dropping the firm into legal hot water can even be reported...
--

Re:Maybe big business is good for something

[GnrcMan]

The Washington Alliance of Technology Workers. They are the ones that fought against Microsofts "temp" worker practices. (Admitedly, the end result has sucked for both MS and the workers, but none the less, a union).

--GnrcMan--

Re:Maybe big business is good for something

[GnrcMan]

Oh, BTW (please don't think I'm defending Reagan, see my sig)

Reagan didn't pass that law. ATC's are federal employees. When you get hired as a federal employee you must swear a bunch of things, including not commiting treason and not striking. As far as I remember, those laws were in place before Reagan. The ATCs were fired because it was literally illegal for them to strike. Still is, though IIRC Clinton pardoned the original ATCs.

--GnrcMan--

My letter to Reynolds Metals

[Rares+Marian]

I want to thank John Rudin for speaking out against UCITA. I'm wondering if it's possible to link some statement to the front page of your site. Microsoft and several other Big Names cannot be allowed to get away with this.

It should be right out in the open. Otherwise you can expect losses in your company's stock value from wasted dollars on forced services from
companies you are dependent on. Also there needs to be an offensive. Some sort trilateral deadlock scheme needs to be setup between vendors distributors and buyers much like the separation of powers in the US Constitution.

You could choose to ignore this since I'm not an experienced investor.
However, in the long run I believe this is very dangerous.

Thank you.

Incidentally I came upon your site from a news site called slashdot.org. I followed the link to the article at Computerworld.com. I then typed Reynolds Metals in the location box of Netscape 4.7 for Unix (SuSE Linux Operating System Distribution specifically). Netscpae did a keyword search which led me to your site.

For word of mouth use the net. For product visibility to the general public use a mall. It works.

Early adopter bonus

[kevin805]

In the type of wacko libertarian economic theory books I tend to read, there is frequently discussion of the "free rider problem". I will explain the free rider problem in brief, then I think it will be really obvious how this applies to UCITA.

Assume you have a bunch of people living in a flood plain. Joe's Dam Company comes by and says, hey, everyone, if we built a dam across the river, it wouldn't cost that much, and you would be able to stop worrying about getting flooded. Let's assume he's right. Let's further assume that it's worth $250 to each resident to not have to worry about getting flooded, and it would cost $100 per resident to build the dam.

The dam will never get built.

You see, from each residents point of view, the dam will get built if enough people agree to contribute to building it. But everyone, not just the people who pay for the dam, will benefit from it. So, if some resident just says, I'm not paying, he isn't statistically going to make a difference in whether the damn gets built. The dam will either get built, or not get built. If he contributes, he's out $100 dollars. This is the problem of free riders.

How does this apply to UCITA? The dam represents reasonable laws as opposed to the UCITA. The free rider is the state that wants to attract software publishers by passing UCITA. If a state were to adopt the UCITA, it might attract software vendors, all other things equal. So all the states have an incentive to be the first on their block to adopt UCITA. The whole gain (from a state's perspective) of the UCITA is in their control. The damage caused by UCITA, that is, it being adopted nation-wide, is only partially under their control. They must assume that UCITA will eventually become law, and therefore, they must pass it first, to attract the software vendors.

Of course, this assumes that if, for example, Virginia has passed UCITA, and I, in California, buy software from a Virginia company, then I am bound by Virginia law. Well, the license agreement will no doubt say that it is governed by the laws of the state of Virginia, and the laws of the state of Virginia say that it applies. But I'm in California, where a shrink wrap agreement has no force, so the clause that says it's covered by Virginia law isn't relevant. So if it's valid, then it's valid; but if it's not valid, then it's not valid.

IANAL, of course, and the rulings of courts generally have no connection to reality, or logic. I'm seriously considering moving as soon as I have a little money saved up (and am out of school) to some other country where the politicians can actually be influenced by logic and the laws are written by economists, not by corporate lawyers.

--Kevin

Re:Does it Apply Abroad? Probably, Yes.

[brunes69]

Ok then. Say I live in Israel, and decide not to abide by the UCITA. The software company decides to take legal action, summoning me to X court in Virginia. What the hell do I care? *I* just don't go, and they can't do anything. The US has no power to arrest me outside of the US, let alone summon me to court there.

I do, too!

[Greyfox]

Because all of a sudden the CIOs will start reading those shrink wrap licenses and realize what's in them. And no sane CIO would allow any of them that I've ever seen. And it kills yet another piece of MS FUD -- the "Who do you sue if something goes wrong" FUD. MS already refuses to accept responsibility for more than $5 worth of damages in their Windows license (If I recall correctly.)

I believe the UCITA will kill all commercial software within 5 years, leaving nothing but GPLed code anywhere on the planet. I can only hope that the companies pushing for it don't realize what they've done until it's far too late.

Negotiation of contracts

[mikera]

One of the things that really infuriates me about the UCITA rationale is the assumption that licenses can be negotiated by buyers. There seems to be this crazy notion that as long as a contract is signed/clicked then it must be fair.

That is utter bullshit. Anything sold to large numbers of buyers isn't usually open to negotiation. You have no power to negotiate shrink-wrapped software licenses, period. Sounds like some legislators need to take a look around the real world.

When there is such an imbalance of negotiating power, this would suggest that you need some pretty firm legislation to protect the small buyers and limit the powers of the sellers, and not the other way round.....

Re:UCITA hurts software companies, too

[xant]

Well, Microsoft surely depends on a lot of third-party resources as well. They may have the clout to exact blood and properly-worded contracts from their vendors (heck, my employer might too) but their development process could still be hurt.

On the other hand, you may be right. I never said it hurts ALL software companies:-)

what the hell is the UCITA

[aozilla]

For all the slashdot articles I've skimmed about this evil UCITA, and all the websites published about it, I still haven't been able to find a reasonably unbiased (nothing will be completely unbiased) summary of what exactly the UCITA is. This is not solely failure to RTFM (although reading the entire 300 page UCITA would work), I have been to 5 different pages so far after a search on google, and every one of them so far has been useless (it's bad, here is a list of people who think it's bad, blah blah blah bullshit).

Does it Apply Abroad? Probably, Yes.

[Eric_Grimm]

I am a little concerned ablut some of the non-lawyers holding forth with their personal opinions about how they think that software purchasers abroad are somehow immune from UCITA.

Forum selection and choice-of-law clauses in tend to be enforced in contracts, even if the parties have no power to negotiate. See Carnial Cruise Lines v. Schute, 499 U.S. 585 (1990); The Bremen v. Zapata Offshore, 407 U.S. 1 (1972).

Presumably, most vendors will include such clauses in their contracts, seeking to channel disputes into jurisdictions where UCITA has pased (California and Washington will be big battle-states, Virginia has already passed it, subject to an implementation delay). The really smart vendors will set up an industry-favorable arbitration forum and insert a clause that says "all disputes will be arbitrated before [Industry Forum] under the law of [pick a UCITA state].

Hate to rain on your parade, but just because you are in England (or Canada, or Indonesia) does not mean you get to avoid this statute. Just ask all the Names from the United States who had to litigate their claims against Lloyd's of London in English courts.

Eric C. Grimm

CyberBrief, PLC

Ann Arbor. Michigan

Eric.Grimm@CyberBrief.net

What About Software Retailers?

[sjritt00]

An area I haven't seen addressed yet is software retailers. The way I read UCITA, if I purchase software at Wal-Mart, take it home, start to install, and decide against clicking to accept the provisions of the agreement , I can then take the opened package back to Wal-Mart for a full refund. In the past, most retailers have only allowed exchanges on opened software as a prevention against piracy. Looks like now they'd have to accept the return. I imagine that they could get around the problem by providing a hard-copy of the agreement prior to sale, but that'd be an administartive headache for a place like Best buy that stocks several hundred software titles. If I was a retailer in Virginia I'd have nightmares of thousands of /.ers descending on Virginia outlets the first day UCITA took effect, buying stuff, and then all returning it the next day. (Of course a protest like that would never happen).

Re:What About Software Retailers?

[aufait]

The way I read UCITA, if I purchase software at Wal-Mart, take it home, start to install, and decide against clicking to accept the provisions of the agreement , I can then take the opened package back to Wal-Mart for a full refund. In the past, most retailers have only allowed exchanges on opened software as a prevention against piracy. That isn't the way I read it. From Maryland's Senate Bill 142 Section 2 21-613(B)(3)

The dealer is not bound by the terms, and does not receive any benefits, of a n agreement between the publisher, and the end user unless the dealer and end user adopt those terms as part of the agreement.

The dealer (viz. Best Buy) can opt out of the any terms of the EULA by specifically not agreeing to them. Since Best Buy currently puts its 'no refunds for opened software' policy on the back of the sales receipt, they are explicitly not agreeing to that particular term of the EULA.

It will kill it.

[rodgerd]

Not only does UCITA make a direct attack on free software, by given the weight of law to any attempts by a company to frustrate hackers who try to reverse engineer protocol and file format capabilities, it provides a tool to prevent proponents of free software even discussing its advantages.

Under UCITA, a software company can make it an actionable breach of contract to say anything they don't like about their product. One of the reasons that free software has become more and more popular is that it has moved beyond being interesting to people who want to hack on source code or who care about freedom as a political concept; people are now using free software because proponents of Linux, *BSD, Apache, etc, have managed to convince people that free products can do the job better than non-free ones.

Consider: if UCITA had existed, Larry Wall might have found himself violating a license arrangement in developing Perl by including sh, awk, and sed features in the language. And even if he didn't, he wouldn't have been able to tell people about the virtues of Perl unless owners of the awk code had been prepared to allow him to explain that Perl is like awk, only better.

Likewise, how do you explain that Linux+Apache works better as a high-volume web server than Windows 95 + Personal Web Server? Microsoft could claim that the latter was suitable to run an ecommerce site with - and no-one who actually used the software would be able to disagree without being targeted for legal action. Oh, and a sudden inability to use the machine Windows was on.

Or, for a more concrete example, when it became apparent an early Service Pack for NT (1 or 2, I forget now) was corrupting NTFS volumes under certain circumstances, Microsoft refused to admit there was a problem. It was only after mainly Internet based lobbying and discussion of real world use of the SP that Microsoft were eventually forced to admit there was a mistake and correct it. Free software advocates can cite this as an example of why not to put data at the mercy of a closed-source company. Under UCITA, Microsoft could have sued anyone who claimed that the Service Pack was faulty, ignored the problem, and prevented anyone thereafter using it as PR. Sure, a bunch of people would have lost their data, but they're only customers.

Erk!!

[Chris+Johnson]

waitaminute....

Microsoft could intentionally take a piece of software I wrote, use it in some improper manner or figure out some way that my program can be made to fail on their machines, and then SUE ME FOR DAMAGES???

Ack!!! Stallman is right. This is a very serious problem! It's not even a question of whether joe blow could sue me if he wanted to- this apparently gives blanket permission for anyone or anyTHING, up to and including MS, to sue free software developers anytime they feel 'damaged'! It's a weapon, plain and simple.

At least things aren't going to change much if you are already resigned to being a _criminal_... in fact this makes the definition of 'criminal' potentially ridiculous and not commonsense at all. Instead of "What was your crime?" "I reverse engineered somebody's program" which is vaguely criminal-seeming, it could be "I wrote a text editor and gave it away for free and Microsoft deployed it on 600 desktops and upgraded a dll and my text editor broke so they are suing me for $50,000 in damages." To which the average person would say, "Huh??"

This is _messed_ _up_. When you read RMS on the matter, don't think solely in terms of end-users, individuals, potentially being able to sue free software authors and win. The worse problem is that it makes it possible for a Microsoft to set up a situation where somebody's software breaks in well-documented and accounted-for circumstances, then take that information and sue the developer under UCITA, obliterating them. Yes, this would be both cynical and blatantly using the legal system as a game and a weapon. Yes, it'd be unprecedented evilness. But lord, would it be effective and profitable to just shut down anybody giving away software by creating situations where their stuff failed and 'caused harm' and then suing.

Ack! This is almost too messed up to imagine. I have to wonder if the legal system itself, juries, judges would rebel at following through on the implications of all this. Surely in order to act on legislation of such evilness, human beings have to be convinced that it is in fact both 'the law' and just? There might be cases of "Your honor, in accordance with UCITA we find the defendant Guilty, as we were directed to do. We fine him One Cent..."

Patents?

[Ed+Avis]

Maybe if this is successful, big software-using companies might start lobbying against software patents too?

After all, for every large software publisher like Microsoft or Lucent who benefit from software patents, there are a dozen equally large software users who lose out from the market distortion and lack of competition that software patents cause.

Re:It's about time big business realized...

[Syberghost]

That's funny, when I dealt with IBM it was more like:

Our emulator works best, but it's free with the mainframe so no problem. If you need a couple extra CDs for it, we'll give you those free too. We'll even pay for the shipping.

They'll work on any PC.

If they don't work on a specific kind of PC, call us and we'll figure out how to make it work.

You should upgrade some of your PCs. The emulator won't give you good results on something that slow.

Buying new PCs from us? You have to specifically request monitors, we don't sell PCs with the monitor included, it's *ALWAYS* a seperate item, except on the PS/1.

Are you sure that was IBM you were dealing with? Your assertions run completely contrary to all my dealings with them.

Of course, perhaps your dealings were in a market size I'm not used to. I've only dealt with IBM in companies ranging from half a dozen employees to the Fortune 50 corp I work for now.

The UCITA: Perfect for a scam!

[B.D.Mills]

Make Money Fast! Get Rich! And it's perfectly legal!

Just follow these simple steps:

1. Write crappy software.
2. Put a few "bugs" in the software. Random data corruption is always a good bug to fake.
3. Market crappy software.
4. When users complain about bugs, point to licence agreement and say "we're not responsible".
5. If anyone complains, sue them.
6. If anyone decompiles program looking for the bugs, sue them.
7. Get rich off the lawsuits.

Oh, damn, Microsoft have beaten me to it....

--

Maybe big business is good for something

[mind21_98]

Lately I've been hearing from the hacker/geek community that big business is no good and should be abolished.

We need big business to be alive.

This is the step in the right direction to ensure the survivial of big corporations. Sure there's some companies like AOL who want to screw others, but without big business you'd probably still be working at a factory for minimum wage. And you'd have trouble making a good enough living to even own a house.

As far as I can say, this is the best thing business is doing right now.

(note to moderators: this is not flamebait)

Re:Maybe big business is good for something

[Izubachi]

And this is not a flame, but, none the less, you're incorrect. If it wern't for UNIONS and social activism, we'd still be working in factories at minimum wage. Big buisness is the epitomy of capitalism, it is the end product. Remember exactly what was going on near the end of the industrial revolution. Big buisnesses were providing plenty of jobs for people, but those people had to work in unsanitary conditions, for low pay, and they had no choice. It was either the factories, or the streets. Unions and socialist ideas changed all of that (all though the unions soon became corrupt, but that's a different story). The big buisnesses didn't just decide one day, "Hey, why don't we provide sanitary conditions for our workers and pay them fair wages and stop making children work, losing quite a bit of revenue at the same time!". They're function is to gain money, and that's it. Sometimes, if the right person is in control, they'll try to do this without screwing the workers, but usually, not. That is why there has to be a counter-balance of social activism to offset this money-making policy. And the same thing applies today. The big buisness will be given a major advantage with this UCITA bill, and they WILL use it. If there was something to counter-balance this new bill, then everything would be just peachy, but there isn't. So, this bill is not going to be beneficial to consumers.

UCITA + Digital Millenium Copyright Act.

[Ungrounded+Lightning]

(Sorry to diverge. I tried to submit this as a reply to the article. But I already posted a direct reply to the article on a different piece of the issue, and the Slashdot software thinks this is a repeat and won't post it. This thread seems the most closely related.)

The UCITA and the DMCA seem to interact tightly.

UCITA's "self help" provision says companies can write code that they can turn off if there's a dispute - by remote control or time-bombs - before the dispute is resolved in court.

DMCA makes it a felony to defeat such software "protection" schemes.

Discovery in the court case of the original dispute would expose the defeat of the protection scheme, even if it hadn't already been obvious from the continued operation of the company.

So the software purchasers are totally at the mercy of the software vendors.

And the software vendors don't need to announce the protection schemes. So there's no way to tell if they're there without reverse-engineering (which is almost certainly banned by the license under the UCITA and may be a crime under the DMCA), or finding out when the software stops working - at which point you're a felon if you even try to turn it back on to keep your business running.

Nasty.

Who's pushing this law to begin with?

[Greyfox]

Your average Joe isn't pushing this law. You know who's pushing this law? BIG BUSINESS! That's right. Who's pushing the DMCA? BIG BUSINESS! They'll merrily strip you of rights guaranteed you in the constitution in order to make a buck.

Humor: _Dilbert_ on UCITA

[Seth+Finkelstein]

Check out the Dilbert strip series Bill Gates' Towel Boy

I didn't read all of the shrink-wrap license agreement on my new software until after I opened it.

Apparently I agreed to spend the rest of my life as a towel boy in Bill Gates' new mansion

This helps virus writters

[molog]

Let's say I write a virus that will cause damage to hardware or just destroys or corrupts files. Whatever. If I have a little thing that tells the user to accept a license then my malevolent little program can do what ever it wants and the person can't do a thing about it and because of the license if they publicly complain I can go after them! You know what someone should do this in Virginia just to show how stupid this law is.

Molog

So Linus, what are we doing tonight?

Oh how history repeats itself.

[argoff]

Yes there were those who thought that pro-slavery and the anti-slavery sides could peacfully get along. But the pro-slavery guys just kept pushing it, and pushing it, and being harsher on slaves, families, runnaways, until they just pushed it too far (they succeded from the union). I guess they just believed that slavery was a basic right. That without it there was no INCENTIVE bring forth America's glorious textile industry. And since they PUT EFFORT INTO IT, that is acquiring and training slaves, they only naturally assumed that ownership was their right. Of course slavery started out as indentrued servitude that had an EXPIRATION, but the slave owners quickly changed that. Only prestigious and respectable busisness men had slaves, and only thiefs would free them. Of course in hindsight, if only they realized that slavery wasn't a PROPERTY RIGHT they might have been able to avoid the harsh consequences that brought about it's end.

David

I like the UCITA!

[www.sorehands.com]

I can advertise software that will be able to do anything. Then once, they click on the "I Accept" button, they are SOL. I does not matter if the machine wipes their drive, and destroys their monitor.

I can pirate software, then include it in my program. How would anyone know, unless they decompile portions of code? But that won't be allowed under the "click wrap" agreement!

[sarcism mode off]

UCITA: Call to Hackers; Legal Question

[MattBaggins]

First posting ever to slashdot. If I commit some cardinal sin, please forgive me.

1. UCITA allows for the "self help feature" to be installed in software. How many people think MS has allready hidden this feature deep in win2k in anticipation of UCITA passing? What would happen if some clever hackers were to start actively searching for it and documented how it could be exploited. How would major corporations react to find that such a security hole had intentionaly been inserted in win2k and they were not notified? I would love to see some hackers start looking for such a backdoor in order to educate people on how they had been scammed. This assuming of course, that MS really was dumb enough to jump the gun on installing a backdoor. I for one, would be willing to bet my first born that they are.
2. UCITA has a clause stating that "neither party is entitled to the source code". Now if someone uses GPL'ed code and then re-releases it under UCITA without the source, will they get away with it? The infamous "embrace and extend"? Most people argue that the GPL will supercede UCITA, and I agree that it should. What bothers me is that the GPL has never been tested. The GPL falls into the same trap as the EULA in that it is questionable in its ability to be enforced. How certain is the open source community that the GPL will hold water if tested in court against the UCITA?

Here's what you need to do

[ajs]

You need to go to your management, wherever you work and say:

"There's an effort to get all 50 states to pass legislation called UCITA that removes the last vestige of liability from software vendors. It also makes it legal for them to insert back-doors into the software that, hypothetically, only they would be able to use to shut down your software if they feel that you've violated your license.

What I need you to do is a) ask yourself if you are comfortable with the current no-warantee nature of software let-alone new laws to further limit liability b) think about the damage that will be caused when the "hackers" figure out how to remotely shut down your software and c) start thinking about what our company should be doing to either support or oppose this law."

That's it. No frills. No "evil empire" scenario. Just present it in terms that they will understand and cannot afford to ignore. Anyone who can keep a business running will recognize the danger, here.

First Born Children and Root Beer

[Greyfox]

I've been thinking about adding a "At some point we may demand first born children from you. Or root beer." to the license on the code I send out. I wonder what legal would make of that...

Great Anti-UCITA site - http://www.badsoftware.com

[Seth+Finkelstein]

http://www.badsoftware.com

Plenty of excellent resources and arguments.

How to kill UCITA the Corprate Way

[Valkyre]

The most important point nobody here seems to be mentioning is the fact that a remote shutdown system could be easily cracked and used maliciously. Someone is going to find out how to trigger the kill switch, and then we'd have a streak of DoS attacks that could cripple entire corperations. CEOs don't care about user inconveniences, but they'll think twice before allowing their entire corprate infrastructure to be knocked offline by some 12-year-old script kiddie.

It's about time big business realized...

[bons]

Here's a fun situation. I work for a large financial company. We use IBM mainframes (gotta love COBOL). Here's how the negotiations seem to have worked out:

Thanks for buying our mainframe

• Now you need our emulator to access the mainframe from your personal computers.
• We'll sell you the emulators if you only run them on our PC's.
• But look, you only have to deal with us. No incompatability!
• You should upgrade your PC's. Our emulators won't run well on something that slow.
• Of course you need to buy new monitors. We don't sell computers without monitors!

So, the vendor gave us a decent price, all we ended up paying for was a lot of new 17 inch monitors to replace our year old 17 inch monitors, which replace the perfectly good 15 inch monitors. For obvious reason, the used monitor market in this town is doing a good business (We're not the only game in town, Some companies are giving them away...)

The PC's are another story. We have been sold the worst chunks of hardware I can imagine. These motherboards are designed to never have a single component upgraded, so they're useless to anyone who gets our old ones. (Our last batch had microchannel...) At this point we could always get smart and say no and keep using the current system. However, when the vendor, under UTICA, can turn your system off, you are really at his mercy.

The frightening thing is that if a vendor can turn you off from a remote location, so can a hacker...

I wait for the day when a company's major competitor signs an exclusive contract with a vendor and the vendor turns off that client's software...:)

-----

Proprietary software is about lock-in

[tilly]

You try to lock someone into your product, and arrange that they cannot switch. It is when you have achieved lock-in that you can crank your profit margin.

Given the existence of subtle dependencies in software the achievement of lock-in has historically been surprisingly easy. The main problem is that after being burned so many times in one area customers are eager to run to anything resembling an open standard. The second problem is that given the reproducibility of software it is very easy for customers to not stick to the limits you want to enforce. Not surprisingly many of these limits have to do squeezing every penny, and more of them have to do with discouraging the existence of an open standard.

What UCITA is about is achieving through law more than can be achieved technologically. Of particular concern to the open source movement (which of course is an ultimate form of open standard) are the conditions meant to discourage open standards. For instance draconian prohibitions on reverse-engineering. Of particular concern to any CIO with a brain is...pretty much everything. :-(

I wish the CIOs all of the best.

Ben

The NCCUSL needs oversight and/or investigation.

[Ungrounded+Lightning]

The National Conference of Commissions on Uniform State Laws adopted UCITA in July. The conference recommends commercial code law and sends it to the 50 states for their adoption.

This organization seems to be a multi-state collection of regulators (i.e. members of state executive branches) acting as a national legislature. They debate in private (or at least with zero press coverage) and are heavily lobied. They construct the text of proposed laws and submit them to the state legislatures simultaneously.

So the general public goes from nothing to a bunch of identical bills simultaneously submitted in state legislators all over the country. And if they want to oppose them, or even modify them, they have a war on dozens of fronts, against a very organized group that has almost achieved its objective. They almost certainly lose in several states, after which the proposed legislation, in its original form, becomes a de-facto national standard. So they can't even modify a line.

Such laws are pervasive as federal laws. But they draw power their power from the several states, which are not as limited by the federal constitution. And there's no central place to repeal these laws - you have to get ALL the states to go along simultaneously.

I think that, at a minimum, the organization needs some serious sunlight - in the form of investigation and exposure to press - or alternative press - coverage of their operations and deliberations. (At least that way people could find out earlier when their ox is about to be gored, and maybe have a chance to head off bad legislation when it's in the formative stages.)

Beyond that, there's the question of whether it's proper for state executive branches to participate in the crafting of multi-state legislation. Is it intrusion on another branch's prerogatives? Is this one of the powers that is supposed to be reserved to the Federal government? Are "sunshine laws" violated?

This kind of coup is hardly unprecedented: It's is how we got a federal constitution in the first place: The Continental Congress set up a committee to propose some amendments to the Articles of Confederation (their "constitution"). The Federalists took over the committee, drafted the US Constitution, and bypassed the Continental Congress, submitting it to the states directly. It had a "bootloading" provision that when more than a fixed number of the states adopted it, it started, the adopters were detached from the Continental Congress (leaving it without a quorum) and attached to the Federation, and the rest of the states were out in the cold unless they signed up, too. (The Bill of Rights was the result of a rear-guard holding action by the Anti-Federalists, an allegedly minor concession they won in return for surrendering in a battle they were already losing.)

If *I* Were CIO

[Slothrup]

"Large businesses, theoretically, should be able to negotiate contracts with vendors that protect and exclude provisions they don't want."

If I were the CIO of a large company, I would be worried that my negotiating position would be much weaker with UCITA. After all, it pretty much creates a legal software cartel. Why would any member of this cartel break ranks and give me what I want, when I wouldn't be able to get it from any other vendor? But my real concern would be that the legislation could trigger an even greater decline in the quality of shrinkwrapped software.

On the other hand, if the measure passes and vendors make full use of it, the drive to all-Open Source could become unstoppable.

UCITA hurts software companies, too

[xant]

What I want to know is, who the hell is HELPED by this dog? Here's why big software companies get it in the serial port:

The company I am a developer for, a MAJOR ERP vendor, ships many many different applications with each new release. We certify each release with a subset of 3rd-party software, including:
- The operating system (Windows plus a dozen or so Unixes, Mainframe OS's etc.)
- The middleware product
- Certain office suites which integrate with our stuff
- Reporting tools such as Crystal
- Web servers (the first two that popped into your head, for example)
- etc.
The list goes on and on. More importantly, we also BUILD our software with a bunch of 3rd-party products, which provide everything from the middleware API to the STL we use.

Now imagine how screwed we'd be if we couldn't count on support contracts and liability contracts from any of those vendors? The quality of our product would become a random quantity based on how charitable those 3rd-party vendors were feeling today. And we'd be forced to ship this crap to our customers, passing the joy on to them. Sure, we'd be somewhat legally protected from the wrath of our customers by the UCITA, but just because they couldn't sue us doesn't mean they have to buy from us. They'd probably go back to developing everything in-house or buying only from vendors who provide 100% of the functionality from a single site. As of today, I doubt there is a single vendor who can claim THAT.

Even big companies don't have leverge

[rgmoore]

The article comments that big companies should have enough leverage to negotiate non-UCITA contracts if they don't like UCITA's provisions. A very interesting quote from one software purchaser gives the lie to that statement:

"Microsoft basically owns our desktops. We have no clout with Microsoft," said Roth. With other vendors, once their software becomes part of a mission-critical system, the vendor knows it. "I don't have a choice of saying, 'No, I don't want your product anymore.' I'm in tight with them. I have to have it," said Roth.

IOW, software companies naturally have a dominant negotiating position with corporate customers because of migration costs. If that's really true, why do companies need UCITA? You've got me.

Of course this is exactly the argument that ESR uses to show that businesses need free/open source software. If you get mission critical software from a sole source vendor, they already have your balls in a vise. All UCITA does is to make that a bit more explicit.