UCITA Stalled At State Level

OscarGunther writes "Four states have passed anti-UCITA laws and Massachusetts may soon become the fifth. Meanwhile, only two states have adopted the Uniform Computer Information Transactions Act, which gives software vendors all the benefits and none of the burdens of the consequences of publishing their software. The details can be found at ComputerWorld and an opinion piece by Frank Hayes can be found here."

what states have passed anti- UCITA acts?

[the_2nd_coming]

I hope a lot more pass those kind of laws...I mean if more than 2/3 of the states pass such laws there will be a bassis to build a constitutional amendment movement :-)

Re:what states have passed anti- UCITA acts?

[Planesdragon]

Nope.

The Congress, whenever two thirds of both Houses shall deem it necessary, shall propose Amendments to this Constitution, or, on the Application of the Legislatures of two thirds of the several States, shall call a Convention for proposing Amendments, which, in either Case, shall be valid to all Intents and Purposes, as Part of this Constitution, when ratified by the Legislatures of three fourths of the several States, or by Conventions in three fourths thereof, as the one or the other Mode of Ratification may be proposed by the Congress; Provided that no Amendment which may be made prior to the Year One thousand eight hundred and eight shall in any Manner affect the first and fourth Clauses in the Ninth Section of the first Article; and that no State, without its Consent, shall be deprived of its equal Suffrage in the Senate.

If enough of the states vote for a law (such as "no UCITA" or "Alcohol is legal") and want it to be The Law of the Land, Congress can be essentially left out of the picture.

Re:what states have passed anti- UCITA acts?

[agurkan]

why not try to be polite? is it to hard to quote?

The measures adopted by the four anti-UCITA states -- Iowa, North Carolina, West Virginia and, just last month, Vermont-- are called "bomb-shelter" legislation, intended to prevent a vendor from applying, for instance, Maryland's UCITA law provisions on residents in a bomb-shelter state.

Re:what states have passed anti- UCITA acts?

[nursedave]

stupidity is not a religion...

Then why do so damned many people worship at its alter? :)

Re:what states have passed anti- UCITA acts?

[mark2003]

Let me see if I understand this correctly - the UCITA act protects companies against liability, including, I'm sure, illegal acts arrising from use of their products?

Now if only that kid who was taken to the cleaners by the RIAA had protected himself under this act he would have been fine...

Oh, hang on, he's not a large corporation with the backing of politicians, he would still have been f*cked.

UCITA... wha..?

[zoloto]

for some reason i pictured the village people doing their song. *shudder*

From the site:

According to opponents, UCITA sets default contract terms that favor software vendors and free them of liability for any software problems. Supporters say companies are free to negotiate terms and conditions, and they have attempted, unsuccessfully, to ameliorate concerns by removing some controversial provisions, such as "self-help," which would have allowed a vendor to disable a system during a dispute

looks like this was drafted by Microshaft, BSA, **AA's and our beloved government... oh wait.

You can also read from the following site:
EFF PAPER

You see, UCITA says that by default a software developer or distributor is completely liable for flaws in a program; but it also allows a shrink-wrap license to override the default. Sophisticated software companies that make proprietary software will use shrink-wrap licenses to avoid liability entirely. But amateurs, and self-employed contractors who develop software for others, will be often be shafted because they didn't know about this problem. And we free software developers won't have any reliable way to avoid the problem

Solution, lets remove shrink wrapped licencing period. That's like buying a car- THEN signing th e contract.

HEre's another one:

UCITA has another indirect consequence that would hamstring free software development in the long term--it gives proprietary software developers the power to prohibit reverse engineering. This would make it easy for them to establish secret file formats and protocols, which there would be no lawful way for us to figure out.

This is familliar. Doesn't it sound like an extention to the DMCA? Hmmm...

Re:UCITA... wha..?

Solution, lets remove shrink wrapped licencing period. That's like buying a car- THEN signing th e contract.

Agreed. I wish articles critical of UCITA would stress this point more. Once you accept that software companies have a right to unilaterally change the terms of a sale that has already occurred, the battle is lost. We don't need new laws defining what EULA terms are and aren't acceptable. We need to apply basic contract law to EULAs and get them ruled 100% unenforceable. This is a complete no-brainer to me (no consideration=no contract, end of story), but I see people here even trying to argue on the software vendors' terms, which is hopeless.

Re:UCITA... wha..?

[WNight]

Exactly. Shrink-wrap licenses violate standard contract law in many ways.

Not only is there no consideration (once they sell you the software they don't have anything to offer you, post sale, for agreeing to the contract) but the post-agreement changes to a contract have never been valid. Then there's the strong argument that shrinkwrap licenses may actually be criminal, as they attempt to prevent use of the legally purchased software until you agree to an extorive "contract".

They aren't worth the ink they're printed on. But, unfortunately, big businesses don't need a leg to stand on, they can tie you up in court for an eternity and are (for the same financial reasons) immune to charges of barratry.

address irresponsibility

[BWJones]

only two states have adopted the Uniform Computer Information Transactions Act, which gives software vendors all the benefits and none of the burdens of the consequences of publishing their software.

I've not followed this issue so I don't know which two states have adopted this, but I can guess one of them might be Washington state.

At any rate, one should hope that when one produces a product, they should have a sense of craftsmanship and ownership of that product and stand behind it. Now, I am not one who supports the litigiousness of our country right now, but if a software company writing software that controls the infusion rate of an insulin pump screws up and kills people, they should be held responsible. That is one of the checks against creating crappy or dangerous products. For instance, all of the recalls I had to endure for my Dodge pickup (ultimately the reason I bought a Toyota), were designed to protect the consumer against a faulty product. With all of the concepts of pervasive computing controlling aspects of our lives, we are going to have to hold software companies responsible for products they create that are going to be used in sensitive or critical applications.

Re:address irresponsibility

[MourningBlade]

Would you skydive with a parachute pre-packed and sold to you by some anonymous guy in a back alley?

For the same reasons no one should use an insulin pump that isn't guaranteed by a company.

If no guarantee is required to sell insulin pumps and a fellow chooses an insulin pump that is not guaranteed and it fails, he has only himself to blame (financial matters aside).

The issue is that guaranteeing something is an expensive process, just like getting an SLA for service quality you already have is most likely going to cost quite a bit. The UCITA would have you believe that a guarantee is free: it comes with every piece of software. This is not --- and should not be --- the case: I can't afford to guarantee my work, but I do promise to label my releases by how confident I am in them.

Unless, of course, you were to pay me. A lot of money. Then I could hire someone to do an outside code audit as well as do my own internal beefing up of a version I am confident in. And I could build a testing environment for it. And prove the algorithms correct. And get a custom machine built for it. That's what it takes to "guarantee" software.

Re:address irresponsibility

[WNight]

The courts are all about interpretting the word "reasonable". Nobody says a small, cheap, software product has to be flawless. It just can't contain any unreasonable flaws that due care and attention would have caught.

As in, if the customer types in a bizarre string into the zipcode box and it crashes, this is probably reasonable for cheap software. If you sell it and it turns out that it can't save documents...

If you buy a car there's an implicit guarantee that it will function as a car. No guarantee about how reliable it'll be (past a certain point) or if it'll perform as the looks would suggest, but it had better get your from point A to B. If it doesn't, you can sue the company to refund your money, plus pay for the time you wasted trying to get the lemon to work.

Why should software be any different? If you sell a product that doesn't even function as promised on the back of the jewel case, why isn't that fraud? Just because it's a CD and not a device isn't a compelling argument in my opinion.

State by State breakdown

[Sparr0]

Taken from the American Library Association

UCITA has become law

• Maryland
• Virginia

"Bomb-shelter" has become law
What is UCITA "bomb-shelter" legislation? UCITA "bomb-shelter" legislation is defensive legislation needed to protect a state's residents from being subject to unfair and overreaching provisions in UCITA even if the act has never passed in their state. As of 2002, West Virginia, Iowa and North Carolina have passed this kind of legislation. "Bomb-shelter" legislation narrowly protect software licensees from choice of law provisions that make UCITA the governing law of the contract or from choice of forum provisions that might select another state unrelated to either the vendor or the licensee as the forum for settling a legal dispute over the contract. One proposed version (New York) stipulates that only the laws of the licensee's state (i.e. the state with the "bomb-shelter" law) will apply in determining whether the license's terms are enforceable.
See AFFECT's "bomb-shelter" section:

• North Carolina
• West Virginia

States to WATCH
This state is one to watch closely because some UCITA activity has been reported. This could mean that important pre-legislative activity has begun.
Things you can do:
Contact your state library association to find out how you can help them. Educate yourself about UCITA's effect on libraries by visiting the Impact section.

• Arizona
• Delaware
• Pennsylvania
• Texas
• Utah
• Wisconsin

No legislative activity reported
Things you can do:
Contact your state library association to find out how you can help.
Educate yourself about UCITA's effect on libraries.
Review the ALA Washington Office Online UCITA Tutorial.
Keep your eyes open for workshops in your area at ALA mid-winter and annual conferences.
Request a workshop if you don't see one listed in upcoming conferences.

• New York
• North Dakota
• Ohio
• Oregon
• Rhode Island
• South Carolina
• South Dakota
• Tennessee
• Washington
• Wyoming

Re:State by State breakdown

[LostCluster]

The goal of the UCITA proponents was to make UCITA part of the Universal Commercial Code... The UCC laws are the basic laws of business that are state laws that are exactly the same in all 50 states, so that a somebody writing a typical business contract written in Texas is certain that it holds water in Maine.

Well, that hasn't gone over well... some states have made it clear that they're never going adopt this law. So the fallback is to try to get this law passed in a handful of states, and then let contract-writers use a "choice of law" clause (You've seen those, they're the part that says that if you're going to sue, you have to sue in the contract-writer's favorite state and not yours...) to force UCITA's terms on consumers that way.

Well, that's not going well eitter.... Some states are adopting "Anti-UCITA Bomb Shelter" laws that affirmatively give the rights to consumers that UCITA tries to deny, and affirmatively gives that state's residents the right to sue in their home-state courts over the issues that UCITA tries to block, and effectively overpowering a choice-of-law contract clause with a state law. UCITA is powerless in any state that has a "bomb shelter law" on the books, which effectively means that UCITA's longarm powers to reach out of the states its passed in become voided.

If you're not a fan of what UCITA represents, it's important that your state not only reject UCITA when the lobbists come calling, but that they also pass a bomb shelter law to prevent Maryland or Virgina's UCTIA laws from being used via a choice-of-law clause in your state.

UCITA is evil

Basically UCITA tries to say that software makers aren't liable for their software. Then it extends to also the platform its running on.
If UCITA passes some things that could be legal:
1.) If the winword box says it has a spell checker in it, but the program doesn't, you still can't return it.
2.) If you car has a computer the manufactor isn't responsible if it malfunctions. In fact some interpretations are that the manufactor isn't responsible for anything because it has a computer in it so they can do safety cts.

Here is some wonderful information about
UCITA

Re:who cares?

[the-build-chicken]

I worked for a company where a software company (I won't name, but lets just say it bundles installer software that can apparently be used to install your product anywhere ;) ) did this to us. They disabled our liscence...saying we only had a one machine liscence to use the product, and the install builder software had called back to the company supplying two different IP addresses...and thus, had been registered on two different computers.

I found this kind of suspect, because I knew for _sure_ it was only on our build system and that the originals were under lock and key and couldn't have been taken home...so I asked our build engineer to ring them back and ask what the two IP addresses were, so that we could isolate where it had been installed. The first address we were given was the address of the build machine...the second address...you guessed it...127.0.0.1.

We then had to explain to the guy that was handling our compaint why this didn't constitute a licence breach. Now, the serious side...you really want to give someone like this the power to pull the plug on your development system and kill your builds for however many days it takes to get through to someone with a brain? (by the way...the build box was linux...so you're not safe just by staying off windoze)

Re:who cares?

[LostCluster]

This kind of stupidity is usually the kind of dumbness that lawyers love. Anybody who knows what they're doing in the computer industry knows that 127.0.0.1 is the IP address of "localhost" and isn't a real address of another installation, but apparently this company didn't. In a fair world, that company would owe actual damages for lost productivity due to this mistake, and maybe even punitive damages because what they did was just that stupid.

But, in the tech industry we're establishing the tradition that software is always going to be buggy, and software providers are just always going to be making mistakes and we're just going to have to tolerate them when they happen if we want to have software. Microsoft seems to rely on all of the "you promise not to sue us..." clauses in their EULA on a daily basis, even though their standard EULA hasn't really been tested with the kind of lawsuits that show whether all of their anti-liablity clauses are in fact valid. This is why software publishers want UCITA passed, so that they're sure their anti-liabity clauses are in fact going to hold up.

Their worse nightmare is a law that's the exact inverse of UCITA, one that would give customers the right to hold their software vendors liable whenever they screw up... but wouldn't that be the kind of thing that'd force software vendors to test before they ship?

Lack of liability etc.

[Pettifogger]

Everyone here seems to be bemoaning the provision of the UCITA that allows exemption from liability. Personally, I don't think it's such a bad thing. Think about it this way, if all airline companies were able to disclaim liability for accidents, maintenace, and everything else, do you think anyone would fly? It'll happen here, too. This will lead to software companies either making guarantees even though they're not required to in order to capture market share. Either that, or everyone will start going open source since you can tinker with it and it doesn't cost anything, anyway. Also, does anyone know of a car company that DOESN'T offer a warranty on a new car? Now, the last time I checked, there's no law saying that car companies HAVE to offer a warranty. They do it just to stay competitive with the others. In time, it will happen with software, too. And if it doesn't, open source is going to eat them alive. Both are fine with me.

On another note, I've stopped worrying about all the legislative garbage and contract trickery some large companies are spewing out. It does a fantastic job of convincing people that they are not looking to benefit the paying customer. It's going to kill them. Maybe not tomorrow, but if they don't ease up, everyone who doesn't hate them right now will. Just remember, whenever you try to corner the market and drive up prices, people will either use an alternative or stop using your product. Don't worry... they have plenty of rope to hang themselves with. They're just putting the finishing touches on the knot.

Re:"Atlas Shrugged" becoming more likely.

[WNight]

Except that Rand had it backwards. It's the companies that are the leeches. They're trying to get laws passed that require people to purchase their services, like it or not.

Mandatory CD taxes, on the assumption that everyone is a criminal. (Hell, on the assumption that copyright violation is criminal...)

Laws like the UCITA that deny you any right to except a product to do what it's advertised to do. Hell, under the UCITA they could pretty well sell you an empty box and get away with it.

While there are some pretty stupid injury claims files by consumers, they rarely get all that much money. (The initial multi-million dollar judgements not only get reduced on appeal, but they include punative damages as well as the compensation payments.)

Businesses are also quite good at using a ton of public resources and not paying a lot for taxes. Hell, US law allows you to claim the 'average retail value' of a charitable donation... Microsoft donates hundreds of millions of dollars of licenses, literally for the cost to print them.

And then, if you're rich (as in, CEO of a business) you won't get punished for anything. Ken Lay won't get half the jail time of a clerk who embezles from 7-11, despite the fact that Ken Lay's crimes ruined thousands of people.

Yes, there are leeches out there, removing any incentive to work from the honest man. But it's not the average person doing this, it's thieves hiding behind the corporate shield.