Slashdot Mirror
Software Customer Bill of Rights
Cem Kaner of Badsoftware.com has written up a Software Customer Bill of Rights. Very appropriate considering our recent stories about Microsoft viruses, Dell's BIOS-clickwrap licensing agreement, etc.
← Back to Stories (view on slashdot.org)
But this is America. Consumer rights are secondary to business rights...
"Today a local man was arrested for screaming at employees of a local 'Best Buy' store after they refused to sign a contract he had printed out. Bystanders claimed that he refused to buy any of their products unless they signed said document, and that NOT signing would be a grave injustice. Our sources have told us that he is currently being held in Bellview Psychiatric Hospital, and is undergoing observation."
I am a filthy pirate.
But then IE crashed.
Just kidding! I'd never use IE.
When has any product ever "lived" up to the marketing claims? If I expected everything I bought to live up to their claims, I'd be dissapointed with every bar of soap, every beer, and every Big Mac.
If I could have manufacturer's adopt one part of the consumers bill of rights, it would be to advertise with honesty. Do not sell me a software product which does not live up the advertising.
The one part I disagree with is the reverse engineering. Companies have a right to sell software and to ban people from reverse engineering it.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
"1. Let the customer see the contract before the sale. It should be easy for customers of mass-market software products and computer information contracts to compare the contract terms for a product..." It would be interesting to see how the court opinions which make this right one of the few listed which are already enforcable would serve as precident in relation to the new agreements imposed by microsoft as one installs mission-critical updates. Would drastic changes to EULA's made by Microsoft in software updates which are all but absolutly essential for the wellbeing of your data, etc, be court enforcable? Probably not...
This is a really well written, thought out, piece of work. But the only flaw I see is: 4. User has right to see and approve all transfers of information from her computer. (Basically says end-user should see un-encrypted version of what is being sent) If this law would be to put into use, we would have more of a problem with people stealing credit cards. I agree with what they are trying to do, but this looks like (to me) as if it's going to promote exploits.
Nice piece. Very nice, and very never going to happen. At least as long as opponents are large corps with armies of slick lawyers and proponents the EFF, RMS and a few computer-educated consumers.
...
...
Remember, most computer users still think software crashes and glitches are part of life with a computer, that viruses and worms are the work of evil pirates and that Microsoft is the victim, not the cause, etc
In short: it'll never happen. Move along
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
You must not have seen the herbal essence commercials then.
some strong feelings to hold companies fully accountable for losses caused by their products' defects
I can see where this view is coming from, but seriously; the litigious culture that is developing in the USA (and therefore no doubt on this side of the pond before long) could have a grave impact on your economy.
You have to take a certain degree of responsibility for your own action. Otherwise, everybody will just be too scared to do anything, and every American will just stay in bed all day.
You NEED suppliers to be a viable business yourself; and in return those suppliers deserve a leniency from you as far as accountability goes.
In return you get leniency from your customers as far as your own liability goes.
As the owner of a small software business, I feel comfortable with the fact that whilst I cannot sue Microsoft's ass if something goes terribly wrong; neither can my customers sue my ass.
Swings and roundabout; 6 of one...
Oh, you mean that one that was patched a whole month before? Or are you talking about that e-mail attachment virus, the one for which you apparently expect Bill Gates to show up at people's houses telling them not to run the attachment?
How is it Microsoft's fault if users run the attachment? Is it Linus Torvalds' fault when there's a sendmail hole? Is that suddenly a "Linux hole?"
Just curious.
"Sufferin' succotash."
5. A software vendor may not block customer from accessing his own data without court approval.
But the software is intended to allow the user to see what Microsoft wants them to see. Encouraging users to see all their own data is circumventing the grand Microsoft plan of Digital Domination. I demand the site is removed from all search engines.
SAILING MISHAP
IMHO, there's one the omitted from the list:
11. The user shall have the right to view the source code on demand.
If I am running your software on my computer, I have the right to see what exactly it is doing. In 99% of the cases, I would not exercise this right, if I believe that the software is doing what it is supposed to do and I have no suspicions that it is doing something funny. I have a Red Hat Linux system but don't have most of the source code RPMs installed, or the full Linux kernel source installed. It's good enough for me to know that I can acquire it on demand.
And before I get flamed for sound like a clone of RMS, realize that seeing the source code is not necessarily the same as modifying and redistributing it. All Free Software is Open Source, but not all Open Source is Free Software. I would, however, object to having to sign NDAs to see source. You can tell me not to redistribute your source and I will abide by that, as that is simply following existing copyright law, but I would not accept a blanket gag order to not discuss the source at all.
Of course, this will probably never happen, but its a nice thought, anyway.
Karma: Frotzed (mostly due to the Frobozz Magic Karma Company)
This is beautiful. Make it clearer, though, that we're talking about use licenses/single purchase licenses, not source code copy licenses such as the GPL. You need to very clearly define what kinds of purchases this bill of rights applies to, or software manufacturers will wierdly try to define their products so they fall outside the bill of rights' scope.
I wonder what would happen if 40,000 slashdotters mailed a copy of this to their respective congressferrets?
The only thing I would add is to see if there's any reasonable way something can be done about the fact the BSA has made it a criminal act to own lots of software and have less than perfect archiving of license paperwork.. I don't think there's any way that could be done in a reasonable manner within this "bill of rights" though...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
What you need is some sort of consumers' organization -- some sort of Ralph Nader type thing. There is a limit as to what one screwball can do, but a whole organization full of screwballs, all making noise ... even Microsoft would have to pay attention.
Is there such a thing as a Software Consumers' Association? I couldn't find anything like that using a quick Google search.
Toronto-area transit rider? Rate your ride.
As long as software publishers can get an ear from congressmen and senators that I can't get... and can deliver cash for elections that I can't... they'll get benefits that I can't.
Just for reference, for those who don't have time to R the FA, here are the ten items listed in the Bill of Rights, without the explanation.
(Note, this does not excuse you from reading the FA, there will be a test.)
Software Customer Bill of Rights
1. Let the customer see the contract before the sale.
2. Disclose known defects.
3. The product (or information service) must live up to the manufacturer's and seller's claims.
4. User has right to see and approve all transfers of information from her computer.
5. A software vendor may not block customer from accessing his own data without court approval.
6. A software vendor may not prematurely terminate a license without court approval.
7. Mass-market customers may criticize products, publish benchmark study results, and make fair use of a product.
8. The user may reverse engineer the software.
9. Mass-market software should be transferrable.
10. When software is embedded in a product, the law governing the product should govern the software.
Bonus points if you can figure out which of the above *didn't* have a detailed explanation in the original!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Some guy posts his thoughts about how the software industry should run on his blog and it makes the front page. What happened to the "stuff that matters" clause? This isn't going to change anything.
The software and service licensing has become ridiculous over the last few years. They create these huge legalese documents, and imply agreement to them by opening a package or using a service. And, try returning a piece of software if you don't agree to the license, good luck.
While these agreements become more complex and onerous, the people creating them have taken on no responsibilities to clarify the licenses, explain the reqstrictions, etc.
If the companies are allowed to use these licenses, they should be required to have an independent citizens rights group translate/rate the license to compare it to accepted norms of how restrictive the licenses are. Rather than expecting each person to read the complete license, or have their lawyer interpret it for them; it should be analyzed by a professional and summarized in simple language. It should also carry ratings on a few key points, like how much it tries to limit product usage, resale, reverse engineering.. and, related areas like privacy protection by the company.
I went to read this article thinking I would probably end up posting and saying that the US is too litigous, that it's dumb to have agreement upon agreement, even on the side of good, and that it was probably just a bunch of whiny rights.
What I found, though, was a simple, precise set of terms that are wholly agreeable. Nothing in that document is the least bit complicated or overbroad.
Let us see the contracts before we have to agree to them. Don't take away rights we already have, like criticism and reverse engineering, and first sale. If you know about serious bugs, tell us. Don't lie about what the product does.
That's pretty straightforward, and should not be the least bit damaging to anyone selling decent software.
Y'know, I was just thinking this exact same thing on Friday - that the software industry is having a serious identity crisis at present. They can't figure out what products they're selling, and how they're doing it. They're mostly driven by the profit motive: How can we generate more profit? Which is great if the answer is, "build a better product" - but crap if the answer is compulsory upgrades, limited-time licenses, or license audits.
But there's a big one missing, particularly important in light of Symantec's foolhardy announcement:
The software can be installed on multiple machines.
I own a notebook and a desktop home server. I use both of them basically as a unit - sometimes literally, via Terminal Services or Synergy. They achieve different purposes - the server provides infrastructure (holding data, managing requests from other users [e.g., web pages], network security, MP3s), while I run actual applications on my notebook.
With this setup, it only makes sense to have a roughly identical set of software on each. I don't want my word processing solely on my notebook, and I don't want all of my security apps solely on my server.
So it's exactly that reason why this product-activation crap is odious. If I want two functionally-identical machines, I have to buy two operating systems, two word-processing packages, two versions of TurboTax and Symantec. similarly, with DRM, I'll have to buy two licenses for every piece of media I want to play. Others will follow down this path to the seedy underworld of profit-driven software.
It only seems fair that I expect to pay only once per software package. After all, I'm one guy; I'm never typing on both machines at the same time. Now, I understand why software companies are reluctant to release software that can be installed a trillion times, because it tends to get purchased, like, eight times, and then widely distributed on IRC. But at the same time, they're smacking down guys like me.
So with that in mind, I propose: Let software be installed on multiple machines. That number can be limited, and it can be small. Ten is fine - if I install software on more than ten machines, I should probably be purchasing a site license. But one is insufficient, in this day of frequent multiple-computer ownership.
- David Stein
Computer over. Virus = very yes.
Following rule 1 is mandatory if you are including non-standard terms. GPL doesn't apply, as it is an optional component.
Following rule 2 is mandatory to a limited extent. While everyone should be aware of a defect, information on how to exploit it doesn't need to be revealed. Take a look at how Microsoft handles it right now - they have a dedicated Knowledge Base containing almost every "issue" with their produces.
Following rule 3 is mandatory. Failing to obey it is equal to false advertising - also known as lawsuit bait. Take "The Sims Online" as an example: nobody has filed a lawsuit, but it is considered a high risk for the publisher...
Following rule 4 is also mandatory, but is excusable in some cases. For example, Half-Life sends the CD-key to a central server which prevents piracy, but that's it.
Following rule 7 is mandatory, period. In most countries, judges would consider this term appearing in a boilerplate contract to be increadibly ludacrous and unenforcable (unless the publisher gives the customer money or something else in exchange...)
Out of the l0 rules posted in the link, the manufaturer is bound to honor five of them anyway. Of these five rules, the cost of following them is either neglegable, or lower than the cost of breaking them (loss through litigation, loss of opportunity sales, or loss from returned products.)
The remaining five rules are optional as they can vary from country to country. But just like the mandatory rules shown above, it would cost more for the publisher to break these rules than to obey them.
I sometimes long for the 80s. Sure I might wait years for a software release, but with a few exceptions, it always worked. And it usually worked as advertised. I miss products like WordPerfect 5, it worked right out of the box. And if I had a problem I could call someone and actually get help, as opposed to a prepared statement.
So I feel it needs another article:
11. A software vendor will provide real support for the products they sell. Or A software vendor will outline in detail what; if any, support they provide and what guidelines they use.
How about the right of customers to copy distribute and modify freely. The other problems will take care of themselves.
In that case it will never work. If every piece of software can be run on N computers then businesses will buy 1/Nth as many copies, software companies will increase the price by a factor of N, and then home users won't be able to afford it. If you try to solve it by making a distinction among fields of use (home vs. business users) then I think you've just replaced one problem with another one.
There is no accounting for taste. Its far too subjective. I can't try to sue an automaker for claiming that buying a specific car will make me cool because it's "stylish".
If they claim, however something that is objective and verifiebly untrue, you should be able to sue. Say, McDonalds claiming that the big mac has x% of fat when it's not true.
No sig
has violated rights 2 and 3 a few times, has been brought to court, and has paid fair settlements (full refund on OS X purchase for users of certain hardware, $20 coupon for the Apple store if the user wishes to keep OS X). Even though Apple is my favorite software company, they have violated a few of these rights (though not many of the more horrible ones). This bill of rights would keep honest companies honest and awful companies out of business! Looks like everyone wins to me.
I suggest that he add:
Source code and documentation will be placed and maintained [updated] in bonded escrow.
If the software product or hardware product reaches end of life and the current company does not develop a follow-on product with corresponding upgrade offer to registered customers, then the source code [software and firmware and documentation in digital format] will be sent to registered software and hardware customers, and, the source code will declared open source and offered to all via internet. If the initial development company is sold, source code will be offered and sent, if requested, to registered software and hardware owners. If the initial development company ceases to exist, source code will be sent to registered software and hardware owners, and, the source code will be declared open source and offered to all via internet. If an operating system integer upgrade [v1.X -> v2.X] requires the user to purchase new operating system software or hardware, then the source code will be offered to registered customers.
Failure to make source code available when a product reaches end of life or other conditions listed above will result in the top five officers of the initial development company (and the top five of the purchasing company, if a company purchase is involved) [CEO, COO, CIO, CFO, etc] being fined no less than $1,000,000 each, not payable by insurance company or current company; and will result in their forfeiture of all of the monies the executives received from their respective companies; and, will result in their receiving three years in prison without possibility of parole.
A bill of software rights may or may not make headway. However, it would seem to me that a consumer protection label could work, since the model has been applied successfully in other industries. What I envision is some kind of up-front, package labelling like the following:
Caution! By agreeing to use this software, the vendor may access your private files at any time.
Caution! This software is unprotected and may expose you to foriegn programs (virus and worms) that may corrupt your documents.
The benefit to consumers, of course, is that no software manufacture would want to have these labels applied to their software.
So let's see. If companies allowed people to copy, distribute and modify freely, how many people are going to buy from the company and how many are going to fire up Kazaa and pick up a free "modified" version? What then motivates companies to hire people (creating PAYING jobs) to produce software if they can't expect a return on it?
We've got one story about robots putting people out of work and another with people claiming we should put people who do jobs robots can't do (like programming) out of business.
"All software should be free! lalala."
Give me a break.
Ben
Work Safe Porn
If you don't like how a software product is marketed or how the EULA works, THEN DON'T BUY THE PRODUCT. Buy from a competitor, download open source software. You do have choices people.
And how do I make that choice if the EULA is only presented after I've bought it?
Any attempt to form a "Software Consumer's Organization" will have a BSA bullseye painted on it in a heartbeat. It would be far more exciting to see the Alliance Against Fraud in Telemarketing and Electronic Commerce (AAFTEC) decide that current software licensing practices are deceptive, fraudulent and unfair to consumers.
There is no Software Consumers' Association, but I have worked with lawyers from Ralph Nader's Consumer Project on Technology and from Consumers Union on software contract law.
When public anger with an industry rises, legislators get tempted to create laws to regulate the industry. Software publishing is particularly vulnerable because so many publishers have engaged in business practices that would be considered outrageous (and unlawful) in traditional markets AND because this is no longer a wildly expanding industry / employer in the United States.
We can lay out some principles to advise those legislators, or we can lay back, and later complain that they got it all wrong.
Cem Kaner, Professor of Software Engineering, Florida Institute of Technology
Let me clarify some of the issues that I see raised in the comments:
1) My proposals are primarily in support of disclosure. For readers who prefer free market accountability to litigation, that's what disclosure rules support. To make rational decisions in an open market, the customer needs information to base the decisions on. The information rules that I advocate are not far from laws that currently govern traditional sales:
- The customer can see the contract before the sale and use that knowledge as a factor when comparison shopping (and the press can help customers comparison shop by publishing information about the contracts, such as warranty policies, support policies, etc.)
- The company is accountable for its claims. I'm not talking about claims like "our burgers are yummy." I'm talking about "statements of fact" (specific statements that can be proved true or false). Laws governing warranties, fraud, and deceptive trade practices make these claims enforceable in the traditional markets. If you can't hold the company to its claims, you can't know what you're buying.
- The company can't prevent mass-market customers (and reporters covering mass-market products) from publishing comparison studies and product criticisms.
- The company can't prevent mass-market customers from using reverse engineering to discover bugs and security holes, false claims, etc. (NOTE: Patent law protects the original ideas in a product, whether you reverse engineer them or not. Additionally, my proposal doesn't invalidate a restriction against using reverse engineering to help create a competiting product. It invalidates restrictions that bar people from doing non-competing things, like discovering problems, making this product interoperable with others, fixing bugs in products that a company no longer supports, etc.
- The company has to disclose its KNOWN defects. Note that failure to disclose significant defects in traditional goods can be prosecuted under the deceptive trade practices or unfair competition laws.
The next main theme is privacy/security related. These are ground rules, not litigation magnets. Don't transfer data from someone else's computer without permission, don't block their access to their own data (a trick that some companies use to force customers to renew licenses or agree to unfavorable new license terms) and don't cut off their rights to use software they've paid for without a court order.
This isn't about bugs. It's about misconduct.
Do we need to polish the language to make that distinction clear in the legislation? Of course. This is a set of principles, not legislation. The goal here is to present the ideas simply (while giving enough footnote-links to provide context for legally knowledgeable readers). Legislative precision comes after appropriate people accept the principles.
SO WHY BOTHER? WHAT'S THE POINT?
The software industry is increasingly vulnerable to regulation. Software publishers aren't creating masses of new jobs in the United States. They've made a lot of people angry, partially because they've been doing business in ways that would never be tolerated under traditional American sales law. The most visible representative of the industry is a monopoly that seems to be so greedy as to be willing to try to wipe out even the research / scientific / free-public-benefit community in order to preserve or trivially increase its market share.
When companies look like they're more about greed than about providing benefits to the country, they become vulnerable to regulatory proposals. If their business practices seem dishonest and their products cause widespread, well publicized social disruption, some legislators will introduce bills to regulate the industry. Every crisis is another opportunity for legislation.
Not necessarily good or wise legislation. If we want THAT, it's up to us to advise legislators. Otherwise, they'll do what they do and we'll complain about it later.
Cem Kaner, Professor of Software Engineering, Florida Institute of Technology
but how would we move forward. I think our best bet would be if we all chipped in and bought our own lobbyist, and maybe a senator or two? Someone go dig up those articles on micro-payments and figure out how long it would take us to buy a democrat (no way we can afford our own republican). And no one bring up any third parties, they can't even get on to T.V. for debates, let alone push consumer rights. And we should probably circumvent PayPal for this idea since we know eBay and any compnay they are connected with give up user information at the drop of fax, and once we bring forth this kind of heretical talk Bill and Steve-O will be on the warpath. Think of it now, in addition to the Halloween papers we could have the Labor Day papers...this is gonna' be great!!!
Not sure about that. Years of noise on /. hasn't had an appreciable effect on the Great Satan.
It's not exactly controversial to take this stand. The biggest argument against these initiatives that I can think of is that I don't believe that methods of delivering complex systems at a precisly characterized state of high quality are actually *known*. We're not really that far along as an engineering discipline.
The Free/Libre/Open-Source Software (FLOSS) movement seems to understand this, but many mass-market proprietary software developers are still able to flout this rule. Unfortunately, most computer users have become accustomed to being subservient to their software.
My own experience with most FLOSS has been much like my experience with high-speed Internet service: I can never go back. I think once people get a good taste of what using well-behaved software is like, things will quickly change. The only things that can get in the way of this change are:
This is a nice theory. Of course, so are communism, libertarianism and reagonomics (<--troll). They're all just useless, because they ignore reality.
When a big company buys a big piece of software, the license agreement is negotiated to something mutually understood and acceptable. When millions of people buy software from a monopoly in an office supply store, there is no negotiation. The monopoly gets exactly what it wants, and in this case has had the law written to its specifications just to make sure.
So fogeddaboutit. Ain't gonna be no rights unless you can come up with some big campaign contributions.
--Hi. I'm in Portland and it's raining. This appears to be a permanent condition.
Yeah, it's fashionable to want to sue Bill, but what if some guy creates some virus that brings a Linux system down to it's knees? Who do we sue? Linus? OSDL? Or will there be a double standard? Remember, if Bill gets to be sued, be prepared for your favorite OSS house to be liable as well. Otherwise it's just sheer hypocrisy to target MS. And remember, MS is made of of coders who went to the same schools as you. Contrary to OSS opinion, Bill does not write every single line of code in the products nowadays.
The difference with Free Software like Linux is that the source code is available. When you run Free Software you have just done exactly what the guy building XP over in Redmond does. So to a certain extent, you are just as responsible for the quality of the software.
Even if you don't go with that, the fact of the matter is that with Microsoft software you have no idea what you are getting and if there is something wrong, a security hole, something not working, etc. you are completely at Microsoft's mercy. But with Free Software you can change the software and it is not up to Linus to stop you.
Case in point would be the fights over preemptability, vm, and scheduling in the Linux kernel. Several people did not like the way it worked. They could see how it worked because they saw the source as well as the result on their machines. For some applications the Linux kernel just was not delivering; it was not suitable for their purpose.
But people disagreed on the right way to go, and Linus was not ready to choose. So people went off and wrote their own patches and distributed them and people used them. Now many of these enhancements are part of the 2.6 kernel.
p.By contrast, if you use Microsoft products and dislike the way they are designed, you are faced with an all-or-nothing situation. You can use them or not. There are vulnerabilities which Microsoft refuses to fix because they would have to rethink their design. This is not a problem with Free Software.
don't buy the product if you don't get to see the EULA until after you buy the product, dunce.
Last time I looked, most software packages don't have "There's a EULA in here, but we're not going to tell you what it is" written on the outside.
What happens when I buy a product and then find a hidden EULA, dunce?