Slashdot Mirror
CIOs Worried About UCITA
NeXuSnine pointed out that CIOs of major companies are
starting to fight UCITA.
Personally, I like the argument floated by UCITA's supporters:
"Large businesses, theoretically, should be able to negotiate contracts with vendors that protect and exclude provisions they don't want." In other words, these UCITA supporters knew small businesses and individuals would get screwed, but they figured big companies wouldn't mind because they write their own rules anyway. Now, even some big businesses are worried UCITA goes too far.
The point is, only the guy who installs software has "assented" to the EULA. The next guy who sits down at the console would seem to be legally immune. This is a lapse, I suppose, on the part of those anal-compulsive types who dream up all that legal rubbish.
Actually, Office 2K require users who log in to Windows to "sign" the EULA if they have not done so already. And whilst trying to work around that is still possible, it won't be for anyone who wishes to maintain a credible profile.
Did you know that the NT Server EULA now prohibits benchmark testing without prior approval by the Microsoft Corporation? I guess it's Mindcraft or no craft at all.
This has existed for quite some time, and most database vendors have similar clauses in their licensing. The difference is that under UCITA they will be legally enforcable - probably by the FBI or similar if the DCMA cases we've seen recently are any indication.
It's bad enough that Americans get to petition elected officials to vote down this law. Here we don't get to comment on it because we have no elected reps in the US. That makes sense until you realize that this law if passed would be enforced in 3rd world countries.
Not all of them and not immediately but it will come. What dose a little country like Jamaica or Trinidad do when American corporations with a wage bill beyond our GDP backed by Uncle Sam starts to brutalize our people under an unjust law that isn't even ours.
The Caribbean population in New York is probably big enough to push against this sort of thing but what about other states ?
--= Isn't it surprising how badly I spell ?
Is that this means that M$ is now getting into lobbying, and even if UCITA fails, they'll probably be in there trying to get similar laws to pass for a long time.
BTW I don't know why articles about UCITA always refer to it being backed by 'large software companies'? Is there any other company involved besides M$$??
Don't any of you people understand how laws work? I can't believe the parent post has gotten sent to +3. Let's try this point by point.
From the original post: It's bad enough that Americans get to petition elected officials to vote down this law. Here we don't get to comment on it because we have no elected reps in the US. That makes sense until you realize that this law if passed would be enforced in 3rd world countries.
No, state laws are not even enforced in other states, let alone in other countries. Just like your country's laws don't apply to me and why I don't get representation in the Trinidad government.
Not all of them and not immediately but it will come. What dose a little country like Jamaica or Trinidad do when American corporations with a wage bill beyond our GDP backed by Uncle Sam starts to brutalize our people under an unjust law that isn't even ours.
What do you mean, "it will come"? Either Virginia law applies in foreign countries or it doesn't. (Answer: it doesn't and it won't.)
From bendude: Don't you remember that whole DVD bust thing a few months ago. US (almost) Laws being enforced in lesser countries.
No, that was Norwegian law being imposed in Norway.
From JDax, an argument hanging on the idea that: What company could easily "move their headquarters" (on paper) from one of those states in the Pacific Northwest, to Virginia?
Doesn't matter -- the issue is where the customer is, not where this company is based. And even it did, it wouldn't affect other countries.
By the way, I think UCITA is outrageous -- a view shared, incidentally, by the Federal Trade Commission. But the idea that it's enforceable in other countries is absurd.
What I'm listening to now on Pandora...
This is the most common UCITA misunderstanding. It's not about closed or open source software. UCITA makes a distinction between software that is distributed under a shrink-wrap license and all other software.
Shrink-wrap distribution (and *only* SW-dist) is allowed to waiver all responsibilities, while other distribution (e.g. Internet downloads) automatically mean full responsibility for the author(s).
This would be a disaster for open source. The fundamentals of the open source development model (ESR's bazaar) *are* to release early and often and to release unfinished software to create an "itch" to improve it.
It's understandable many people associate the UCITA with open and closed source, but I wish more people would realize that's not what it's about and that that is exactly the reason it's so scary. UCITA does not only screw consumer rights, but also developer rights.
one word: Microsoft.
if they don't have it, they'll make you so miserable you'll sell to them. under utica, this is pretty damn easy.
Lea
As far as I know, the modern versions still require client licences -- they're not free.
IIRC, you're required to have client licenses for the number of users, whether they're using IBM's program or anything else.
Those Linux 3270 or 5250 users are supposed to be licensed to.
Any intelligent and savvy CIO will naturally fight UCITA, shrinkwrap licenses and licenses that can be changed at any time are a company's mortal enemy. If UCITA passes in your state it would mean patent and licensing laws would be a standard part of CIS curriculums in colleges.
I'm a loner Dottie, a Rebel.
yeah save your comment for the other thousand people who did NOT see the intentional error ;)
I'm a loner Dottie, a Rebel.
> So Linus, what are we doing tonight?
> The same thing we every night Tux. Try to take over the world!
That's great. I wonder what percentage of geeks are closet P&B fans?
--
Sheesh, evil *and* a jerk. -- Jade
Well, actually they [big companies] ARE criticized for their treatment of employees. Microsoft recently got pilloried in the press [and the courts] for their more than cavalier treatment of what they strategically refer to as "temp" workers.
Further, providing signing bonuses, pool tables, etc. in exchange for 80 - 100 hour weeks doesn't usually [sometimes in retrospect] seem such a bargain.
Certain countries (not many mind you) ban the sale of region restricted dvd players. If more countries banned their sale, the MPAA, etc would lose that stupid battle.
I think the same argument applies here -- UCITA or no, if many other countries prohibit the sale of backdoored software a la UCITA, software manufacturers won't avail themselves of their new-found U.S. rights. Hit them where they pay attention -- in the wallet.
So even if reading were illegal, that is if reverse engineering restrictions were valid, a company that needed to use hundreds of patents potentially freely available to them if they were to agree to that sort of Option of the Open Patent License, would probably find it cheaper agree to one of those Options rather than both attempt to use legal means to hide their product from the eyes of their customers and license all the patents they need.
As long as there's a way to opt-out of the patent system and UCITA restrictions among agreeing participants, I'm guessing that most companies will find it cheaper to opt-out of those restrictions when possible when faced with the alternative of endlessly charging each other for red tape.
(International legal reform getting rid of these sorts of restrictions on reading and thinking would be a much better answer, but I think convincing businesses to save money and increase stability and growth might be an easier solution for the short term.)
Please identify the cartel provision? Of course there isn't one. UCITA is just contract law, for gosh sake, and contracts is the least cartel-centric area of law there is. To the contrary, it promotes competition.
I the market really, truly cares about a provision, then a competitor will enter the market and offer the provision, thereby breaking the cartel.
The market forces will assure that overreaching can't happen -- certainly not at the level of large corporate license negotiation. Even where it does happen, nothing in UCITA makes it more or less likely to happen -- self-help provisions can be found in contracts today.
COMPETITION will determine which provisions for software are meaningfully applicable to consumers in relevant markets, just as COMPETITION led to the abandonment of the copy-protection "cartel" in the 80's.
How can you know that your vendor isn't setting you up for UCITA extortion later?
Easy. RTFC.
What makes you think these provisions can't occur without UCITA? That is the thing about contract law -- its private laws, and two parties can enter into just about any deal they want. The trick is not to buy from idiots who offer only provisions you can't stand.
If the market really, truly cares about the provision, they'll soon be out of business. If the market doesn't care, then, you're just whining about the results of free enterprise.
In any case UCITA isn't necessary for these things to happen, and it won't be sufficient to make them happen.
I would tend to agree with Eric. It is common to see language incorporating international treaties or provisions, such as INCOTERMS, or the law of "third party" nations, particularly in international transactions. As understood, it is fairly routine to enforce such provisions.
I'm really not sure what uncertainty about this point Cem Kaner's remarks, cited in the article, was addressing. Cem?
The article proposes, quoting the views of a corporate CIO, that UCITA shifts bargaining power. Yet it does not say how. Yes, UCITA has provisions concerning self-help, but how is this any different than the status quo with respect to a negotiated agreement?
For years, I have found overreaching vendors who seek such provisions in their agreements (or vendors who give notice that their software permits them to engage in self-help in their documentation, without a specific estoppel provision). To permit this is mindloss for the buyer in many cases of course, but might be acceptable in others. It seems to me PRECISELY the sort of thing that can be (and presently is) hashed out in a routine negotiation.
UCITA didn't introduce the practice, and isn't necessary for the practice to exist.
I have negotiated hundreds of license agreements, and have found that the size of a corporation has precious little to do with the "clout" of a negotiation -- the bottom line is typically whether a vendor has meaningful competition for a particular piece of software.
And usually, the deciding factor for terms such as these in a negotiation has more to do with whether there is a competitor with a product at a comparable price. I have found that many clients don't give a hoot about self-help (intending to pay their bills), if it means they can get the software for a few thousand dollars less a year. (In practice, the denial of service frequently provides equivalent clout to internal self-help).
In other cases, the client would be nuts to permit self-help before making his initial deposit. Particular factors determine what makes sense, and what does not.
In short, the provision comes up with some frequency in non-UCITA scenarios, and I see no reason why UCITA will or should change the dynamic in any meaningful way for negotiated software licenses.
There are many good reasons to quibble with UCITA (and, BTW, if I were king, I wouldn't have the self-help provisions in it), but this just doesn't seem to be the big deal the article suggests.
On the choice of law issue discussed in the article, I'm not sure what Cem was talking about -- my experience is that courts fairly routinely honor choice of law contract provisions -- indeed, even those specifying choice of law using international traties, such as UNCITRAL's terms, or the law of other countries. However, I'll confess that I haven't researched the question recently, and would love to see some more detailed discussion on these points.
But the issue does raise one important point. There are very few things that cannot be written in or out of a contract. In most U.S. jurisdictions, the limits are basically federal preemption, the implied duty of good faith, and unconcionability. (There are a few others) UCITA, implemented as state law, cannot modify federal preemption, does not modify the duty of good faith, and I don't believe substantially modifies the unconcionability standards. Thus, the only question concerning bargaining clout is the clout the parties had prior to UCITA. I don't see it tilting the balance one way or the other in a negotiated agreement -- at least in the sense that is the subject of the captioned article.
There is nothing good about taking away all consumer rights; the fact that the UCITA takes these away from individuals and big business alike should be a clue that something stinks. It's a disaster for large businesses and small, and sets a terrible, terrible legal precedent in trying to enforce contracts that are "agreed to" before they are seen.
Expanding a vast wasteland since 1996.
It seems, on the surface, that this (or a similar law) would dramatically boost open source software. One sure way to kill proprietary software is to make it fatal!
Disclaimer: This post should not be construed to mean I support UCITA. I think it is doomed to the spectacular failure it so richly deserves. In any free market for mission critical software, a vendor explicitly waiving UCITA's stupid provisions will have a huge advantage of any rivals retaining the right to "cut you off". I think the business supporters of this legislation are amazingly shortsighted.
Geeky modern art T-shirts
I agree - the canonical example of this (Microsoft) has been doing this for years, purely on a pricing scale basis. If they suddenly get the legal RIGHT to enforce whatever shrinkwrap they want, don't you think they will grab it with both hands?
But my real concern would be that the legislation could trigger an even greater decline in the quality of shrinkwrapped software.
Yep - if you are not allowed to claim for faulty software costing your business billions, not allowed to even TELL anyone it has done so, and not even entitled to have a set of terms you can sign (as they can vary the terms of your licence at any time) why should they care about software testing? It's not as if the total dismal failure of a firm due to their software's miswritten routines dropping the firm into legal hot water can even be reported...
--
-=DaveHowe=-
The Washington Alliance of Technology Workers. They are the ones that fought against Microsofts "temp" worker practices. (Admitedly, the end result has sucked for both MS and the workers, but none the less, a union).
--GnrcMan--
Oh, BTW (please don't think I'm defending Reagan, see my sig)
Reagan didn't pass that law. ATC's are federal employees. When you get hired as a federal employee you must swear a bunch of things, including not commiting treason and not striking. As far as I remember, those laws were in place before Reagan. The ATCs were fired because it was literally illegal for them to strike. Still is, though IIRC Clinton pardoned the original ATCs.
--GnrcMan--
The point is, only the guy who installs software has "assented" to the EULA. The next guy who sits down at the console would seem to be legally immune. This is a lapse, I suppose, on the part of those anal-compulsive types who dream up all that legal rubbish. The obvious response is that users would have to click through a EULA dialog box every time they load the program. Also, they'd have to include verbiage that would prohibit user "A", who started the program and clicked through the EULA, from leaving his desk to go to the rest room, during which lapse an unauthorized, non-EULA-assenting user "B" might sit down at the console and perform God only knows what kinds of nefarious, EULA-violating offenses. But even that wouldn't stop me from reporting on what I witnessed watching over the contractually-bound user's shoulder.
By the way, just last Friday I went through the install for Windows NT Server v.4.0 on my company's new Accounting server. Unlike probably 99%+ of the people who run the NT install program, and to the considerable annoyance of the head of Accounting who was eager to get it over with, I actually read the entire OEM EULA, rather than just holding down the "Page Down" key until it beeps and then hitting "F8". Well, here's yet another reason why the Microsoft lawyers all need to be hanged. Did you know that the NT Server EULA now prohibits benchmark testing without prior approval by the Microsoft Corporation? I guess it's Mindcraft or no craft at all.
Yours WDK - WKiernan@concentric.net
I want to thank John Rudin for speaking out against UCITA. I'm wondering if it's possible to link some statement to the front page of your site. Microsoft and several other Big Names cannot be allowed to get away with this.
It should be right out in the open. Otherwise you can expect losses in your company's stock value from wasted dollars on forced services from
companies you are dependent on. Also there needs to be an offensive. Some sort trilateral deadlock scheme needs to be setup between vendors distributors and buyers much like the separation of powers in the US Constitution.
You could choose to ignore this since I'm not an experienced investor.
However, in the long run I believe this is very dangerous.
Thank you.
Incidentally I came upon your site from a news site called slashdot.org. I followed the link to the article at Computerworld.com. I then typed Reynolds Metals in the location box of Netscape 4.7 for Unix (SuSE Linux Operating System Distribution specifically). Netscpae did a keyword search which led me to your site.
For word of mouth use the net. For product visibility to the general public use a mall. It works.
The message on the other side of this sig is false.
In the type of wacko libertarian economic theory books I tend to read, there is frequently discussion of the "free rider problem". I will explain the free rider problem in brief, then I think it will be really obvious how this applies to UCITA.
Assume you have a bunch of people living in a flood plain. Joe's Dam Company comes by and says, hey, everyone, if we built a dam across the river, it wouldn't cost that much, and you would be able to stop worrying about getting flooded. Let's assume he's right. Let's further assume that it's worth $250 to each resident to not have to worry about getting flooded, and it would cost $100 per resident to build the dam.
The dam will never get built.
You see, from each residents point of view, the dam will get built if enough people agree to contribute to building it. But everyone, not just the people who pay for the dam, will benefit from it. So, if some resident just says, I'm not paying, he isn't statistically going to make a difference in whether the damn gets built. The dam will either get built, or not get built. If he contributes, he's out $100 dollars. This is the problem of free riders.
How does this apply to UCITA? The dam represents reasonable laws as opposed to the UCITA. The free rider is the state that wants to attract software publishers by passing UCITA. If a state were to adopt the UCITA, it might attract software vendors, all other things equal. So all the states have an incentive to be the first on their block to adopt UCITA. The whole gain (from a state's perspective) of the UCITA is in their control. The damage caused by UCITA, that is, it being adopted nation-wide, is only partially under their control. They must assume that UCITA will eventually become law, and therefore, they must pass it first, to attract the software vendors.
Of course, this assumes that if, for example, Virginia has passed UCITA, and I, in California, buy software from a Virginia company, then I am bound by Virginia law. Well, the license agreement will no doubt say that it is governed by the laws of the state of Virginia, and the laws of the state of Virginia say that it applies. But I'm in California, where a shrink wrap agreement has no force, so the clause that says it's covered by Virginia law isn't relevant. So if it's valid, then it's valid; but if it's not valid, then it's not valid.
IANAL, of course, and the rulings of courts generally have no connection to reality, or logic. I'm seriously considering moving as soon as I have a little money saved up (and am out of school) to some other country where the politicians can actually be influenced by logic and the laws are written by economists, not by corporate lawyers.
--Kevin
Ok then. Say I live in Israel, and decide not to abide by the UCITA. The software company decides to take legal action, summoning me to X court in Virginia. What the hell do I care? *I* just don't go, and they can't do anything. The US has no power to arrest me outside of the US, let alone summon me to court there.
It offends me that my industry would try to screw over a hospital -- especially a non profit one. And I've heard tell of it happening. Life sucks enough for those in the medical industry without us making it worse for them.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I believe the UCITA will kill all commercial software within 5 years, leaving nothing but GPLed code anywhere on the planet. I can only hope that the companies pushing for it don't realize what they've done until it's far too late.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
One of the things that really infuriates me about the UCITA rationale is the assumption that licenses can be negotiated by buyers. There seems to be this crazy notion that as long as a contract is signed/clicked then it must be fair.
That is utter bullshit. Anything sold to large numbers of buyers isn't usually open to negotiation. You have no power to negotiate shrink-wrapped software licenses, period. Sounds like some legislators need to take a look around the real world.
When there is such an imbalance of negotiating power, this would suggest that you need some pretty firm legislation to protect the small buyers and limit the powers of the sellers, and not the other way round.....
On the other hand, you may be right. I never said it hurts ALL software companies:-)
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
For all the slashdot articles I've skimmed about this evil UCITA, and all the websites published about it, I still haven't been able to find a reasonably unbiased (nothing will be completely unbiased) summary of what exactly the UCITA is. This is not solely failure to RTFM (although reading the entire 300 page UCITA would work), I have been to 5 different pages so far after a search on google, and every one of them so far has been useless (it's bad, here is a list of people who think it's bad, blah blah blah bullshit).
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Don't you remember that whole DVD bust thing a few months ago. US (almost) Laws being enforced in lesser countries.
Get the Hell off my planet, you slimy mobster Bush!
Currently this doesn't effect the UK, or for that matter anywhere outside of Virginia.
However it is a precedent and I wouldn't be supprised if the UK or EU use this template for modelling there own laws.
"Do you think we could wipe out world hunger forever if scientists figured out how to make AOL's Free CD's edible?"-
Forum selection and choice-of-law clauses in tend to be enforced in contracts, even if the parties have no power to negotiate. See Carnial Cruise Lines v. Schute, 499 U.S. 585 (1990); The Bremen v. Zapata Offshore, 407 U.S. 1 (1972).
Presumably, most vendors will include such clauses in their contracts, seeking to channel disputes into jurisdictions where UCITA has pased (California and Washington will be big battle-states, Virginia has already passed it, subject to an implementation delay). The really smart vendors will set up an industry-favorable arbitration forum and insert a clause that says "all disputes will be arbitrated before [Industry Forum] under the law of [pick a UCITA state].
Hate to rain on your parade, but just because you are in England (or Canada, or Indonesia) does not mean you get to avoid this statute. Just ask all the Names from the United States who had to litigate their claims against Lloyd's of London in English courts.
Eric C. Grimm
CyberBrief, PLC
Ann Arbor. Michigan
Eric.Grimm@CyberBrief.net
An area I haven't seen addressed yet is software retailers. The way I read UCITA, if I purchase software at Wal-Mart, take it home, start to install, and decide against clicking to accept the provisions of the agreement , I can then take the opened package back to Wal-Mart for a full refund. In the past, most retailers have only allowed exchanges on opened software as a prevention against piracy. Looks like now they'd have to accept the return. I imagine that they could get around the problem by providing a hard-copy of the agreement prior to sale, but that'd be an administartive headache for a place like Best buy that stocks several hundred software titles. If I was a retailer in Virginia I'd have nightmares of thousands of /.ers descending on Virginia outlets the first day UCITA took effect, buying stuff, and then all returning it the next day. (Of course a protest like that would never happen).
Not only does UCITA make a direct attack on free software, by given the weight of law to any attempts by a company to frustrate hackers who try to reverse engineer protocol and file format capabilities, it provides a tool to prevent proponents of free software even discussing its advantages.
Under UCITA, a software company can make it an actionable breach of contract to say anything they don't like about their product. One of the reasons that free software has become more and more popular is that it has moved beyond being interesting to people who want to hack on source code or who care about freedom as a political concept; people are now using free software because proponents of Linux, *BSD, Apache, etc, have managed to convince people that free products can do the job better than non-free ones.
Consider: if UCITA had existed, Larry Wall might have found himself violating a license arrangement in developing Perl by including sh, awk, and sed features in the language. And even if he didn't, he wouldn't have been able to tell people about the virtues of Perl unless owners of the awk code had been prepared to allow him to explain that Perl is like awk, only better.
Likewise, how do you explain that Linux+Apache works better as a high-volume web server than Windows 95 + Personal Web Server? Microsoft could claim that the latter was suitable to run an ecommerce site with - and no-one who actually used the software would be able to disagree without being targeted for legal action. Oh, and a sudden inability to use the machine Windows was on.
Or, for a more concrete example, when it became apparent an early Service Pack for NT (1 or 2, I forget now) was corrupting NTFS volumes under certain circumstances, Microsoft refused to admit there was a problem. It was only after mainly Internet based lobbying and discussion of real world use of the SP that Microsoft were eventually forced to admit there was a mistake and correct it. Free software advocates can cite this as an example of why not to put data at the mercy of a closed-source company. Under UCITA, Microsoft could have sued anyone who claimed that the Service Pack was faulty, ignored the problem, and prevented anyone thereafter using it as PR. Sure, a bunch of people would have lost their data, but they're only customers.
Microsoft could intentionally take a piece of software I wrote, use it in some improper manner or figure out some way that my program can be made to fail on their machines, and then SUE ME FOR DAMAGES???
Ack!!! Stallman is right. This is a very serious problem! It's not even a question of whether joe blow could sue me if he wanted to- this apparently gives blanket permission for anyone or anyTHING, up to and including MS, to sue free software developers anytime they feel 'damaged'! It's a weapon, plain and simple.
At least things aren't going to change much if you are already resigned to being a _criminal_... in fact this makes the definition of 'criminal' potentially ridiculous and not commonsense at all. Instead of "What was your crime?" "I reverse engineered somebody's program" which is vaguely criminal-seeming, it could be "I wrote a text editor and gave it away for free and Microsoft deployed it on 600 desktops and upgraded a dll and my text editor broke so they are suing me for $50,000 in damages." To which the average person would say, "Huh??"
This is _messed_ _up_. When you read RMS on the matter, don't think solely in terms of end-users, individuals, potentially being able to sue free software authors and win. The worse problem is that it makes it possible for a Microsoft to set up a situation where somebody's software breaks in well-documented and accounted-for circumstances, then take that information and sue the developer under UCITA, obliterating them. Yes, this would be both cynical and blatantly using the legal system as a game and a weapon. Yes, it'd be unprecedented evilness. But lord, would it be effective and profitable to just shut down anybody giving away software by creating situations where their stuff failed and 'caused harm' and then suing.
Ack! This is almost too messed up to imagine. I have to wonder if the legal system itself, juries, judges would rebel at following through on the implications of all this. Surely in order to act on legislation of such evilness, human beings have to be convinced that it is in fact both 'the law' and just? There might be cases of "Your honor, in accordance with UCITA we find the defendant Guilty, as we were directed to do. We fine him One Cent..."
Maybe if this is successful, big software-using companies might start lobbying against software patents too?
After all, for every large software publisher like Microsoft or Lucent who benefit from software patents, there are a dozen equally large software users who lose out from the market distortion and lack of competition that software patents cause.
-- Ed Avis ed@membled.com
That's funny, when I dealt with IBM it was more like:
Our emulator works best, but it's free with the mainframe so no problem. If you need a couple extra CDs for it, we'll give you those free too. We'll even pay for the shipping.
They'll work on any PC.
If they don't work on a specific kind of PC, call us and we'll figure out how to make it work.
You should upgrade some of your PCs. The emulator won't give you good results on something that slow.
Buying new PCs from us? You have to specifically request monitors, we don't sell PCs with the monitor included, it's *ALWAYS* a seperate item, except on the PS/1.
Are you sure that was IBM you were dealing with? Your assertions run completely contrary to all my dealings with them.
Of course, perhaps your dealings were in a market size I'm not used to. I've only dealt with IBM in companies ranging from half a dozen employees to the Fortune 50 corp I work for now.
Just follow these simple steps:
Oh, damn, Microsoft have beaten me to it....
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Lately I've been hearing from the hacker/geek community that big business is no good and should be abolished.
We need big business to be alive.
This is the step in the right direction to ensure the survivial of big corporations. Sure there's some companies like AOL who want to screw others, but without big business you'd probably still be working at a factory for minimum wage. And you'd have trouble making a good enough living to even own a house.
As far as I can say, this is the best thing business is doing right now.
(note to moderators: this is not flamebait)
US businesses that currently accept chip and PIN/signature
(Sorry to diverge. I tried to submit this as a reply to the article. But I already posted a direct reply to the article on a different piece of the issue, and the Slashdot software thinks this is a repeat and won't post it. This thread seems the most closely related.)
The UCITA and the DMCA seem to interact tightly.
UCITA's "self help" provision says companies can write code that they can turn off if there's a dispute - by remote control or time-bombs - before the dispute is resolved in court.
DMCA makes it a felony to defeat such software "protection" schemes.
Discovery in the court case of the original dispute would expose the defeat of the protection scheme, even if it hadn't already been obvious from the continued operation of the company.
So the software purchasers are totally at the mercy of the software vendors.
And the software vendors don't need to announce the protection schemes. So there's no way to tell if they're there without reverse-engineering (which is almost certainly banned by the license under the UCITA and may be a crime under the DMCA), or finding out when the software stops working - at which point you're a felon if you even try to turn it back on to keep your business running.
Nasty.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Your average Joe isn't pushing this law. You know who's pushing this law? BIG BUSINESS! That's right. Who's pushing the DMCA? BIG BUSINESS! They'll merrily strip you of rights guaranteed you in the constitution in order to make a buck.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
However it is a precedent and I wouldn't be supprised if the UK or EU use this template for modelling there own laws.
I'm not entirely sure if I remember this correctly but I believe that the High Court over here in the UK ruled that end-user license agreements were not valid and had not power in law, so something like the UCITA as it stands could not become law over here. Of course they could still try to get the rest of it passed...
Molog
So Linus, what are we doing tonight?
So Linus, what are we going to do tonight?
The same thing we do every night Tux. Try to take over the world!
Yes there were those who thought that pro-slavery and the anti-slavery sides could peacfully get along. But the pro-slavery guys just kept pushing it, and pushing it, and being harsher on slaves, families, runnaways, until they just pushed it too far (they succeded from the union). I guess they just believed that slavery was a basic right. That without it there was no INCENTIVE bring forth America's glorious textile industry. And since they PUT EFFORT INTO IT, that is acquiring and training slaves, they only naturally assumed that ownership was their right. Of course slavery started out as indentrued servitude that had an EXPIRATION, but the slave owners quickly changed that. Only prestigious and respectable busisness men had slaves, and only thiefs would free them. Of course in hindsight, if only they realized that slavery wasn't a PROPERTY RIGHT they might have been able to avoid the harsh consequences that brought about it's end.
David
I can pirate software, then include it in my program. How would anyone know, unless they decompile portions of code? But that won't be allowed under the "click wrap" agreement!
[sarcism mode off]
Fight Spammers!
I don't think that other countries will likely simply 'model' their legislation after this bill. But as Big Money has vested interests in it in the US, pressure will be applied through the WTO to enforce the provisions in other countries.
Their clout enforcing intellectual property issues is astounding--here in Canada it looks like we will be required to extend the duration of patent rights in conformity with the WTO (read US), which will rapidly inflate our drug expenses.
I can't even imagine what the precedent is assumed to be... there certainly isn't one outside software (imagine renting a car whose engine cuts out on the highway because you exceeded the allowed mileage, or the company didn't like your monitored driving habits).
I think we're looking at the revival of intellectual serfdom, where one cannot buy anything to generate their own profit, but rather is required to rent at an arbitrary and changing price fixed by the intellectual nobility. I'm surprised software companies haven't already thought of software-for-shares arrangements already. Welcome the new economy.
I know that many folks here already know the issue. For everyone else....
www.gnu.org/philosophy/ucita.html
From the article: "You see, UCITA says that by default a software developer or distributor is completely liable for flaws in a program; but it also allows a shrink-wrap license to override the default. Sophisticated software companies that make proprietary software will use shrink-wrap licenses to avoid liability entirely. But amateurs, and self-employed contractors who develop software for others, will be often be shafted because they didn't know about this problem. And we free software developers won't have any reliable way to avoid the problem"
Here's a summary of the point: Free software can't avoid the increased, default, liability because a shrink-wrapped licence can't be applied to something that isn't shrink-wrapped!
That means that if you write something, and include a licence in a text file that says "no warranty", the "no warranty" licence doesn't apply -- you're still liable even if you never make a cent!
There are numerous other reasons why this -- to grab a quote from Ghostbusters -- is "A bad thing" for free software.
Come to think of it, the UCITA probably applies to Shareware, "free" programs from various web sites, and other non-shrink-wrapped commercial software, too. There's another angle...
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
First posting ever to slashdot. If I commit some cardinal sin, please forgive me.
1. UCITA allows for the "self help feature" to be installed in software. How many people think MS has allready hidden this feature deep in win2k in anticipation of UCITA passing? What would happen if some clever hackers were to start actively searching for it and documented how it could be exploited. How would major corporations react to find that such a security hole had intentionaly been inserted in win2k and they were not notified? I would love to see some hackers start looking for such a backdoor in order to educate people on how they had been scammed. This assuming of course, that MS really was dumb enough to jump the gun on installing a backdoor. I for one, would be willing to bet my first born that they are.
2. UCITA has a clause stating that "neither party is entitled to the source code". Now if someone uses GPL'ed code and then re-releases it under UCITA without the source, will they get away with it? The infamous "embrace and extend"? Most people argue that the GPL will supercede UCITA, and I agree that it should. What bothers me is that the GPL has never been tested. The GPL falls into the same trap as the EULA in that it is questionable in its ability to be enforced. How certain is the open source community that the GPL will hold water if tested in court against the UCITA?
You need to go to your management, wherever you work and say:
"There's an effort to get all 50 states to pass legislation called UCITA that removes the last vestige of liability from software vendors. It also makes it legal for them to insert back-doors into the software that, hypothetically, only they would be able to use to shut down your software if they feel that you've violated your license.
What I need you to do is a) ask yourself if you are comfortable with the current no-warantee nature of software let-alone new laws to further limit liability b) think about the damage that will be caused when the "hackers" figure out how to remotely shut down your software and c) start thinking about what our company should be doing to either support or oppose this law."
That's it. No frills. No "evil empire" scenario. Just present it in terms that they will understand and cannot afford to ignore. Anyone who can keep a business running will recognize the danger, here.
I've been thinking about adding a "At some point we may demand first born children from you. Or root beer." to the license on the code I send out. I wonder what legal would make of that...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Plenty of excellent resources and arguments.
The most important point nobody here seems to be mentioning is the fact that a remote shutdown system could be easily cracked and used maliciously. Someone is going to find out how to trigger the kill switch, and then we'd have a streak of DoS attacks that could cripple entire corperations. CEOs don't care about user inconveniences, but they'll think twice before allowing their entire corprate infrastructure to be knocked offline by some 12-year-old script kiddie.
What the heck is a 'sig'?
Thanks for buying our mainframe
- Now you need our emulator to access the mainframe from your personal computers.
- We'll sell you the emulators if you only run them on our PC's.
- But look, you only have to deal with us. No incompatability!
- You should upgrade your PC's. Our emulators won't run well on something that slow.
- Of course you need to buy new monitors. We don't sell computers without monitors!
So, the vendor gave us a decent price, all we ended up paying for was a lot of new 17 inch monitors to replace our year old 17 inch monitors, which replace the perfectly good 15 inch monitors. For obvious reason, the used monitor market in this town is doing a good business (We're not the only game in town, Some companies are giving them away...)The PC's are another story. We have been sold the worst chunks of hardware I can imagine. These motherboards are designed to never have a single component upgraded, so they're useless to anyone who gets our old ones. (Our last batch had microchannel...) At this point we could always get smart and say no and keep using the current system. However, when the vendor, under UTICA, can turn your system off, you are really at his mercy.
The frightening thing is that if a vendor can turn you off from a remote location, so can a hacker...
I wait for the day when a company's major competitor signs an exclusive contract with a vendor and the vendor turns off that client's software...:)
-----
No Zen is good zen
You try to lock someone into your product, and arrange that they cannot switch. It is when you have achieved lock-in that you can crank your profit margin.
:-(
Given the existence of subtle dependencies in software the achievement of lock-in has historically been surprisingly easy. The main problem is that after being burned so many times in one area customers are eager to run to anything resembling an open standard. The second problem is that given the reproducibility of software it is very easy for customers to not stick to the limits you want to enforce. Not surprisingly many of these limits have to do squeezing every penny, and more of them have to do with discouraging the existence of an open standard.
What UCITA is about is achieving through law more than can be achieved technologically. Of particular concern to the open source movement (which of course is an ultimate form of open standard) are the conditions meant to discourage open standards. For instance draconian prohibitions on reverse-engineering. Of particular concern to any CIO with a brain is...pretty much everything.
I wish the CIOs all of the best.
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
While legally this would not affect non-US users, it will in fact have an effect, especially if it is adopted in the majority of states. The software produced in the US will likely contain the enforcement mechanism for the self help provision of UCITA. As a result, the company will have the ability, if not the legal right to shut down your software (or is it their's now?) at will. Not legally, mind you. But that won't stop crackers, either.
wake up and find out that you are the eyes of the world.
The National Conference of Commissions on Uniform State Laws adopted UCITA in July. The conference recommends commercial code law and sends it to the 50 states for their adoption.
This organization seems to be a multi-state collection of regulators (i.e. members of state executive branches) acting as a national legislature. They debate in private (or at least with zero press coverage) and are heavily lobied. They construct the text of proposed laws and submit them to the state legislatures simultaneously.
So the general public goes from nothing to a bunch of identical bills simultaneously submitted in state legislators all over the country. And if they want to oppose them, or even modify them, they have a war on dozens of fronts, against a very organized group that has almost achieved its objective. They almost certainly lose in several states, after which the proposed legislation, in its original form, becomes a de-facto national standard. So they can't even modify a line.
Such laws are pervasive as federal laws. But they draw power their power from the several states, which are not as limited by the federal constitution. And there's no central place to repeal these laws - you have to get ALL the states to go along simultaneously.
I think that, at a minimum, the organization needs some serious sunlight - in the form of investigation and exposure to press - or alternative press - coverage of their operations and deliberations. (At least that way people could find out earlier when their ox is about to be gored, and maybe have a chance to head off bad legislation when it's in the formative stages.)
Beyond that, there's the question of whether it's proper for state executive branches to participate in the crafting of multi-state legislation. Is it intrusion on another branch's prerogatives? Is this one of the powers that is supposed to be reserved to the Federal government? Are "sunshine laws" violated?
This kind of coup is hardly unprecedented: It's is how we got a federal constitution in the first place: The Continental Congress set up a committee to propose some amendments to the Articles of Confederation (their "constitution"). The Federalists took over the committee, drafted the US Constitution, and bypassed the Continental Congress, submitting it to the states directly. It had a "bootloading" provision that when more than a fixed number of the states adopted it, it started, the adopters were detached from the Continental Congress (leaving it without a quorum) and attached to the Federation, and the rest of the states were out in the cold unless they signed up, too. (The Bill of Rights was the result of a rear-guard holding action by the Anti-Federalists, an allegedly minor concession they won in return for surrendering in a battle they were already losing.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
If I were the CIO of a large company, I would be worried that my negotiating position would be much weaker with UCITA. After all, it pretty much creates a legal software cartel. Why would any member of this cartel break ranks and give me what I want, when I wouldn't be able to get it from any other vendor? But my real concern would be that the legislation could trigger an even greater decline in the quality of shrinkwrapped software.
On the other hand, if the measure passes and vendors make full use of it, the drive to all-Open Source could become unstoppable.
The difference between theory and practice is that, in theory, there is no difference between theory and practice.
The company I am a developer for, a MAJOR ERP vendor, ships many many different applications with each new release. We certify each release with a subset of 3rd-party software, including:
- The operating system (Windows plus a dozen or so Unixes, Mainframe OS's etc.)
- The middleware product
- Certain office suites which integrate with our stuff
- Reporting tools such as Crystal
- Web servers (the first two that popped into your head, for example)
- etc.
The list goes on and on. More importantly, we also BUILD our software with a bunch of 3rd-party products, which provide everything from the middleware API to the STL we use.
Now imagine how screwed we'd be if we couldn't count on support contracts and liability contracts from any of those vendors? The quality of our product would become a random quantity based on how charitable those 3rd-party vendors were feeling today. And we'd be forced to ship this crap to our customers, passing the joy on to them. Sure, we'd be somewhat legally protected from the wrath of our customers by the UCITA, but just because they couldn't sue us doesn't mean they have to buy from us. They'd probably go back to developing everything in-house or buying only from vendors who provide 100% of the functionality from a single site. As of today, I doubt there is a single vendor who can claim THAT.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
The article comments that big companies should have enough leverage to negotiate non-UCITA contracts if they don't like UCITA's provisions. A very interesting quote from one software purchaser gives the lie to that statement:
IOW, software companies naturally have a dominant negotiating position with corporate customers because of migration costs. If that's really true, why do companies need UCITA? You've got me.
Of course this is exactly the argument that ESR uses to show that businesses need free/open source software. If you get mission critical software from a sole source vendor, they already have your balls in a vise. All UCITA does is to make that a bit more explicit.
There's no point in questioning authority if you aren't going to listen to the answers.