CNN Uses P2P Video & Adds Terrible EULA

Futurepower(R) writes "CNN's use of software called Octoshape presents an incredibly abusive EULA. If you agree to the EULA, you agree that CNN can use your bandwidth, and that you will pay any costs. Also, you lose the right to monitor your own network traffic. You can't even use information collected by your own firewall. Quoting the EULA: 'You may not collect any information about communication in the network of computers that are operating the Software or about the other users of the Software by monitoring, interdicting or intercepting any process of the Software. Octoshape recognizes that firewalls and anti-virus applications can collect such information, in which case you not are allowed to use or distribute such information.' "

good luck with that

Does anyone actually believe that click-through licenses are valid? If asked, one could always say that they let their cat chase the mouse around until the software worked.

Re:good luck with that

[Shakrai]

Does anyone actually believe that click-through licenses are valid?

Who gives a shit if it's valid? Is the no-monitoring part enforceable? They gonna install DRM on my machine that makes sure I'm not capturing packets? They gonna push that DRM out to my gateway to make sure I'm not capturing them there?

This is what happens when you let the lawyers draft the EULA without even consulting with the techies.....

Re:good luck with that

[fuzzyfuzzyfungus]

You will, if you get sued over it. Obviously, the terms are ludicrous and nigh-unenforceable. This doesn't mean that they won't be enforced; just that they'll probably be enforced selectively to, say, silence critical reviews.

Re:good luck with that

[mcgrew]

Contracts are legally binding

Only if it can be proven that both parties to the contract agreed to the contract. If you set up an agreement with a company over the phone, your recorded voice proves it's you. When you take out a loan your signature proves you agreed to it.

With a clickthrough EULA there is no proof. When I install software on someone else's machine, and I click the EULA, how can they be held to it? If the EULA is on the box, how can they prove who opened the box?

Re:good luck with that

[cdrguru]

The issue is privacy. Since they are "borrowing" user's bandwidth this exposes other users potentially personally identifying information to the first user. Now you can track other user's activities (within a fairly narrow scope) by using information that can be gathered on your own computer.

I suspect they had to put this in because of this potential. Would it fly if it was clearly exposed what was happening in EU countries? I doubt it. How about if they said:

By using the CNN service you will be receiving information about other user's online activities as they will be receiving information about your activities. This is an essential part of the service that cannot be disabled. By accepting this agreement you acknowledge that no part of your activities on the CNN web site or other related services may be private, secret, anonymous or in any way protected from every other user of the CNN web site or other related services.

Would that be better?

Re:good luck with that

[mcgrew]

So for free services like this, exactly what consideration am I putting up? They're giving me software/media/etc., but I'm not giving them anything. I'm pretty sure mutual consideration is one of the required elements of a contract -- am I missing something here?

CNN is putting up a website. Web sites are supposed to be accessable. What did I have to give up to read your post, to which you own copyright? To have a EULA for web content is antisocial at best.

Imagine putting a dollar bill in an envelope and writing a EULA for taking the free dollar on the envelope. Would you seriously expect that anyone would respect that EULA? Well, that's what CNN did, and the fact that they expect anyone to respect their EULA shows that they're not exactly living in reality.

Re:good luck with that

[mcgrew]

Last time I checked what the website was supposed to be was up to the owner to decide

And last time I checked if you can access a site, you can access it. A site owner can no more say "you can only access this site if" any more than a book publisher can tell you you can't resell the book or rip off the cover (which publishers have tried to do).

If you don't want your work seen, don't put it on the internet. It's up to the owner to decide what to post, NOT how I may or may not access it.

Practically every website with any form of registered users has a user agreement

Half of all married people commit adultery, too. That doesn't make it right. Antisocial behavior is antisocial behavior no matter how many people practice it.

Re:good luck with that

[bennomatic]

I actually think your wording would be better and more honest. Add to that something saying that by using the service you are agreeing not to use information that may be available to you regarding other users' activities for nefarious purposes would be good. Naive, maybe, but better than what I see here.

Re:good luck with that

[von_rick]

What would be even more interesting would be if person A accepts EULA on a machine M1, and uses machine M2 to gather packet information from M1. Is a person bound by the EULA on any computer he/she uses but accepting it on a single machine?

Re:good luck with that

[Todd+Knarr]

Except that that goes back to a situation we discussed in business law classes. Take the case where you've paid the seller for the goods, he's accepted your payment, and all that's left is for him to actually deliver the goods. If the goods are still in his possession, say on his loading dock, and he won't give you access to them, you have to go through the authorities to get them (or sue him for non-delivery, demanding your payment back). But if he's released the goods into your possession but is preventing your access, eg. he's shipped them to you but the shipping container's sealed with locks and he won't give you the keys, being owner and in possession of the goods you're allowed to call a locksmith to remove the locks and gain access to your property. You can't unduly damage the seller's property in the process, but you aren't helpless.

Applying that reasoning to the case where the seller delivers the goods sealed with a piece of tape saying "By breaking this seal you agree to additional terms contained inside.", breaking that tape would be legally meaningless. You own the goods, the seller has delivered the goods into your possession, the seller has no more legal right to demand agreement to terms regarding your property.

Another analogous situation: you pay for your groceries, take your bags and head to the door. On the way, a supermarket employee stops you and asks you to complete a survey. You refuse and he says "I'm sorry, we can't let you leave with your groceries until you do.". Not only can you ignore his demand, if he tries to stop you you can call the cops and have him arrested for unlawful restraint.

Which all comes to the question: if the seller has accepted your payment and delivered the software into your possession, does he have any legal right to demand you agree to additional terms at all? If he doesn't, what gives any legal force to the idea that doing what's neccesary for you to gain access to your goods constitutes agreement to a demand the seller has no legal right to make?

Re:good luck with that

Right. If I sign a contract it does not apply to you, unless we are the same entity(acting as a cooperation).

So, ISPs and Schools that provide internet access don't have to comply. If I install it, or we install it as part of a corporate venture, I can't data mine the results.

It's not about restricting the rights of regular end users, it's clearly targeting people who would use the p2p meta data for personal profit. The only time it would be enforceable is if evidence was gather via discovery or is publicly disclosed.

Of course, folks here at slashdot like to panic and worry, regardless of if there is any real concern, so they do.

Re:good luck with that

[mcgrew]

There are no terms of use for a hardbound book. No publisher can say on the cover "by opening this book I agree to...".

Licenses aren't for end-users, they are for publishers. If I buy a copy of Garage, Inc (with its Free Speech for the Dumb cut), I can do anything with it I damned well please short of distributing copies (or, since they have the DMCA, cracking its DRM if it has any).

Re:good luck with that

[billcopc]

"Borrowing" implies they give it back after they're done using it. There is no such thing as "borrowing" bandwidth. They are "using" bandwidth, other people's bandwidth, to deliver their content without having to foot the bill.

Now I'm all for P2P and decentralized communities, but CNN does not fit the description. They are a corporate entity encroaching on other people's property.

Re:good luck with that

[commodore64_love]

>>>Who gives a shit if it's valid? Is the no-monitoring part enforceable?

No it's not enforceable, because it's invalid. ;-) Yes I went-round in a circle, but let me back that up with a Supreme Court ruling, which invalidated Paypal's EULA back in 2006, and ultimately led Paypal o hand-out $50 or $200 refunds to its customers. The Justices determined that consumers can not sign-away their rights, and therefore large sections of the EULA were declared invalid/illegal. I suspect if the justices reviewed CNN's EULA, large portions of it would also be declared invalid because "citizens can not sign away their rights as protected by law".

It's your bandwidth. It's your computer. And it's your home. You have a right to monitor what passes into & out of your own home, and no EULA can override that legally-protected right. Therefore if I ever use CNN, I'll just keep running my bandwidth meter and counting how many megabytes I used today. Screw em.

Re:good luck with that

[SanityInAnarchy]

I have no problems with corporations using P2P to cut costs.

Where I have a problem is when they also want to revoke rights.

If they just used BitTorrent to deliver streams, no problem, I applaud that. Maybe multicast would be better for some streams, but whatever. If it's really a problem, I can limit my upload, or block them from uploading at all.

However, when their EULA prevents me from reading my own logs (much less any of the above shaping), that's when I have a problem.

Really?

[dcollins]

Does it really say "you not are allowed"?

So then CNN is taking responsibility for my system

[rindeee]

Since the EULA requires me to be hands-off, is CNN then going to assume legal responsibility for my system. In the event that a vulnerability is exposed in their P2P software, are they responsible for patch management and compliancy assurance? Should my system become compromised and, say, used as a distribution point for kiddie porn because of their EULA requirements, can I assume their legal council will represent me? How about we turn this around on them. They've removed all responsibility for security from the user, so demand it from them.

Re:OK, then...

[Spatial]

I always wondered about stuff like that with EULAs in general.

What happens if you replace the EULA with your own terms before installing, and therefore never agree to anything they said at all? It occurs to me that the agreement not to modify the software is actually in the EULA, so what are they going to do about it?

Re:Great EULA

[LordKaT]

The problem is the wording. Essentially, the EULA prohibits you from doing any packet sniffing - on your own network - without CNN's express written consent.

Re:It becomes illegal to read your own firewall lo

[LordKronos]

No, I don't think I missed any point, but I think you missed mine? Why did they add this clause to the EULA? You think they did it to stop you from looking at your firewall logs? Huh? What do they have to gain from that?

cdrguru made a relevant point. The most likely explanation for why they did this was to "protect" the privacy of their other users, since this is something like a bittorrent application. I was simply pointing out that since they can't actually protect anything, they should have just notified users of the shared info rather than pretending like they can legalese such shared info out of existence.

I also was not saying you shouldn't worry about the EULA or anything. I was saying why their approach to setting up the EULA was backwards.

Re:Tin foil hat

[DMUTPeregrine]

No, it isn't. THEY didn't agree to the EULA, they're not bound by it. Just you.

Re:This language sounds good to me.

[psydeshow]

Sorry, but multicast is the best way to scale video feeds to an unlimited number of viewers.

P2p is only marginally better at scaling because you can decentralize the connections. There is still a 1-to-1 relationship between the number of viewers and the number of data streams on the wire.

P2p gives you the same amount of traffic, in other words, just not all coming from one source. It's easy to imagine how that would be less efficient, since you're setting up many more connections per stream in order to discover peers and pull in all the bits.

Multicast provides real scalability by ensuring that there is only ever one stream of data per router, no matter how many viewers are watching it downstream.