Slashdot Mirror

← Back to Stories (view on slashdot.org)

CIOs Worried About UCITA

Posted by jamie on from the join-the-club dept.

NeXuSnine pointed out that CIOs of major companies are starting to fight UCITA. Personally, I like the argument floated by UCITA's supporters: "Large businesses, theoretically, should be able to negotiate contracts with vendors that protect and exclude provisions they don't want." In other words, these UCITA supporters knew small businesses and individuals would get screwed, but they figured big companies wouldn't mind because they write their own rules anyway. Now, even some big businesses are worried UCITA goes too far.

12 of 158 comments (clear)

  1. Here's what you need to do by ajs · · Score: 4

    You need to go to your management, wherever you work and say:

    "There's an effort to get all 50 states to pass legislation called UCITA that removes the last vestige of liability from software vendors. It also makes it legal for them to insert back-doors into the software that, hypothetically, only they would be able to use to shut down your software if they feel that you've violated your license.

    What I need you to do is a) ask yourself if you are comfortable with the current no-warantee nature of software let-alone new laws to further limit liability b) think about the damage that will be caused when the "hackers" figure out how to remotely shut down your software and c) start thinking about what our company should be doing to either support or oppose this law."

    That's it. No frills. No "evil empire" scenario. Just present it in terms that they will understand and cannot afford to ignore. Anyone who can keep a business running will recognize the danger, here.

  2. First Born Children and Root Beer by Greyfox · · Score: 4

    I've been thinking about adding a "At some point we may demand first born children from you. Or root beer." to the license on the code I send out. I wonder what legal would make of that...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. Great Anti-UCITA site - http://www.badsoftware.com by Seth+Finkelstein · · Score: 4
    http://www.badsoftware.com

    Plenty of excellent resources and arguments.

  4. How to kill UCITA the Corprate Way by Valkyre · · Score: 4

    The most important point nobody here seems to be mentioning is the fact that a remote shutdown system could be easily cracked and used maliciously. Someone is going to find out how to trigger the kill switch, and then we'd have a streak of DoS attacks that could cripple entire corperations. CEOs don't care about user inconveniences, but they'll think twice before allowing their entire corprate infrastructure to be knocked offline by some 12-year-old script kiddie.

    --
    What the heck is a 'sig'?
  5. It's about time big business realized... by bons · · Score: 4
    Here's a fun situation. I work for a large financial company. We use IBM mainframes (gotta love COBOL). Here's how the negotiations seem to have worked out:

    Thanks for buying our mainframe

    • Now you need our emulator to access the mainframe from your personal computers.
    • We'll sell you the emulators if you only run them on our PC's.
    • But look, you only have to deal with us. No incompatability!
    • You should upgrade your PC's. Our emulators won't run well on something that slow.
    • Of course you need to buy new monitors. We don't sell computers without monitors!
    So, the vendor gave us a decent price, all we ended up paying for was a lot of new 17 inch monitors to replace our year old 17 inch monitors, which replace the perfectly good 15 inch monitors. For obvious reason, the used monitor market in this town is doing a good business (We're not the only game in town, Some companies are giving them away...)

    The PC's are another story. We have been sold the worst chunks of hardware I can imagine. These motherboards are designed to never have a single component upgraded, so they're useless to anyone who gets our old ones. (Our last batch had microchannel...) At this point we could always get smart and say no and keep using the current system. However, when the vendor, under UTICA, can turn your system off, you are really at his mercy.

    The frightening thing is that if a vendor can turn you off from a remote location, so can a hacker...

    I wait for the day when a company's major competitor signs an exclusive contract with a vendor and the vendor turns off that client's software...:)

    -----

    --

    No Zen is good zen

  6. Re:Maybe big business is good for something by Izubachi · · Score: 4

    And this is not a flame, but, none the less, you're incorrect. If it wern't for UNIONS and social activism, we'd still be working in factories at minimum wage. Big buisness is the epitomy of capitalism, it is the end product. Remember exactly what was going on near the end of the industrial revolution. Big buisnesses were providing plenty of jobs for people, but those people had to work in unsanitary conditions, for low pay, and they had no choice. It was either the factories, or the streets. Unions and socialist ideas changed all of that (all though the unions soon became corrupt, but that's a different story). The big buisnesses didn't just decide one day, "Hey, why don't we provide sanitary conditions for our workers and pay them fair wages and stop making children work, losing quite a bit of revenue at the same time!". They're function is to gain money, and that's it. Sometimes, if the right person is in control, they'll try to do this without screwing the workers, but usually, not. That is why there has to be a counter-balance of social activism to offset this money-making policy. And the same thing applies today. The big buisness will be given a major advantage with this UCITA bill, and they WILL use it. If there was something to counter-balance this new bill, then everything would be just peachy, but there isn't. So, this bill is not going to be beneficial to consumers.

  7. Proprietary software is about lock-in by tilly · · Score: 5

    You try to lock someone into your product, and arrange that they cannot switch. It is when you have achieved lock-in that you can crank your profit margin.

    Given the existence of subtle dependencies in software the achievement of lock-in has historically been surprisingly easy. The main problem is that after being burned so many times in one area customers are eager to run to anything resembling an open standard. The second problem is that given the reproducibility of software it is very easy for customers to not stick to the limits you want to enforce. Not surprisingly many of these limits have to do squeezing every penny, and more of them have to do with discouraging the existence of an open standard.

    What UCITA is about is achieving through law more than can be achieved technologically. Of particular concern to the open source movement (which of course is an ultimate form of open standard) are the conditions meant to discourage open standards. For instance draconian prohibitions on reverse-engineering. Of particular concern to any CIO with a brain is...pretty much everything. :-(

    I wish the CIOs all of the best.

    Ben

    --
    My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
  8. Re:How are people in other countries affected? by habib23 · · Score: 5

    While legally this would not affect non-US users, it will in fact have an effect, especially if it is adopted in the majority of states. The software produced in the US will likely contain the enforcement mechanism for the self help provision of UCITA. As a result, the company will have the ability, if not the legal right to shut down your software (or is it their's now?) at will. Not legally, mind you. But that won't stop crackers, either.

    --
    wake up and find out that you are the eyes of the world.
  9. The NCCUSL needs oversight and/or investigation. by Ungrounded+Lightning · · Score: 5

    The National Conference of Commissions on Uniform State Laws adopted UCITA in July. The conference recommends commercial code law and sends it to the 50 states for their adoption.

    This organization seems to be a multi-state collection of regulators (i.e. members of state executive branches) acting as a national legislature. They debate in private (or at least with zero press coverage) and are heavily lobied. They construct the text of proposed laws and submit them to the state legislatures simultaneously.

    So the general public goes from nothing to a bunch of identical bills simultaneously submitted in state legislators all over the country. And if they want to oppose them, or even modify them, they have a war on dozens of fronts, against a very organized group that has almost achieved its objective. They almost certainly lose in several states, after which the proposed legislation, in its original form, becomes a de-facto national standard. So they can't even modify a line.

    Such laws are pervasive as federal laws. But they draw power their power from the several states, which are not as limited by the federal constitution. And there's no central place to repeal these laws - you have to get ALL the states to go along simultaneously.

    I think that, at a minimum, the organization needs some serious sunlight - in the form of investigation and exposure to press - or alternative press - coverage of their operations and deliberations. (At least that way people could find out earlier when their ox is about to be gored, and maybe have a chance to head off bad legislation when it's in the formative stages.)

    Beyond that, there's the question of whether it's proper for state executive branches to participate in the crafting of multi-state legislation. Is it intrusion on another branch's prerogatives? Is this one of the powers that is supposed to be reserved to the Federal government? Are "sunshine laws" violated?

    This kind of coup is hardly unprecedented: It's is how we got a federal constitution in the first place: The Continental Congress set up a committee to propose some amendments to the Articles of Confederation (their "constitution"). The Federalists took over the committee, drafted the US Constitution, and bypassed the Continental Congress, submitting it to the states directly. It had a "bootloading" provision that when more than a fixed number of the states adopted it, it started, the adopters were detached from the Continental Congress (leaving it without a quorum) and attached to the Federation, and the rest of the states were out in the cold unless they signed up, too. (The Bill of Rights was the result of a rear-guard holding action by the Anti-Federalists, an allegedly minor concession they won in return for surrendering in a battle they were already losing.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  10. If *I* Were CIO by Slothrup · · Score: 5
    "Large businesses, theoretically, should be able to negotiate contracts with vendors that protect and exclude provisions they don't want."

    If I were the CIO of a large company, I would be worried that my negotiating position would be much weaker with UCITA. After all, it pretty much creates a legal software cartel. Why would any member of this cartel break ranks and give me what I want, when I wouldn't be able to get it from any other vendor? But my real concern would be that the legislation could trigger an even greater decline in the quality of shrinkwrapped software.

    On the other hand, if the measure passes and vendors make full use of it, the drive to all-Open Source could become unstoppable.

    --
    The difference between theory and practice is that, in theory, there is no difference between theory and practice.
  11. UCITA hurts software companies, too by xant · · Score: 5
    What I want to know is, who the hell is HELPED by this dog? Here's why big software companies get it in the serial port:

    The company I am a developer for, a MAJOR ERP vendor, ships many many different applications with each new release. We certify each release with a subset of 3rd-party software, including:
    - The operating system (Windows plus a dozen or so Unixes, Mainframe OS's etc.)
    - The middleware product
    - Certain office suites which integrate with our stuff
    - Reporting tools such as Crystal
    - Web servers (the first two that popped into your head, for example)
    - etc.
    The list goes on and on. More importantly, we also BUILD our software with a bunch of 3rd-party products, which provide everything from the middleware API to the STL we use.

    Now imagine how screwed we'd be if we couldn't count on support contracts and liability contracts from any of those vendors? The quality of our product would become a random quantity based on how charitable those 3rd-party vendors were feeling today. And we'd be forced to ship this crap to our customers, passing the joy on to them. Sure, we'd be somewhat legally protected from the wrath of our customers by the UCITA, but just because they couldn't sue us doesn't mean they have to buy from us. They'd probably go back to developing everything in-house or buying only from vendors who provide 100% of the functionality from a single site. As of today, I doubt there is a single vendor who can claim THAT.

    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
  12. Even big companies don't have leverge by rgmoore · · Score: 5

    The article comments that big companies should have enough leverage to negotiate non-UCITA contracts if they don't like UCITA's provisions. A very interesting quote from one software purchaser gives the lie to that statement:

    "Microsoft basically owns our desktops. We have no clout with Microsoft," said Roth. With other vendors, once their software becomes part of a mission-critical system, the vendor knows it. "I don't have a choice of saying, 'No, I don't want your product anymore.' I'm in tight with them. I have to have it," said Roth.

    IOW, software companies naturally have a dominant negotiating position with corporate customers because of migration costs. If that's really true, why do companies need UCITA? You've got me.

    Of course this is exactly the argument that ESR uses to show that businesses need free/open source software. If you get mission critical software from a sole source vendor, they already have your balls in a vise. All UCITA does is to make that a bit more explicit.

    --

    There's no point in questioning authority if you aren't going to listen to the answers.