Software Licenses Get Worse

Slimbob wrote in with the word about UCITA, a wonderful little law that, if passed allows for remote shutdown of software if you violate the license, make shrink wrap license more enforceable, and outlaw reverse engineering, amongst other gems. Get more details here. Thanks to C.Scott Ananian for sending us a UCITA page, with the TeX version of the letter to be sent and more information.

their b-board url

http://forums.infoworld.com/thre ads/get.cgi?115803

Let's look at WERDNA's claims and comments

[cemkaner]

WERNDA identifies and criticizes some of the points made in the InfoWorld articles:

CLAIM -- UCITA will "prevent the transfer of licenses from one party to another without vendor permission"

WERDNA'S COMMENT: "Of course, this can be (and often is) accomplished under the status quo with a commonly used contract provision. I actually prefer the common law default to the language of UCC2B, but I don't see this as either new or particularly egregious."

KANER'S RESPONSE: UCITA section 502 allows publishers to restrict transfers of MASS-MARKETED works. This was rejected by the United States Supreme Court back in Bobbs-Merrill Co. v. Straus 210 U.S. 339 (1908), which settled the existence of the First Sale doctrine. Similarly, for patented goods, read the literature review and discussion of Motion Picture Patents Co. v. Universal Film Manufacturing Co. 243 U.S. 502 (1917), which established the doctrine of exhaustion.

Without UCITA, I don't think that a ban on transfer of a mass marketed software product (such as giving a used computer game to your cousin when you're done with it) would be enforceable under current law. I certainly have never seen a case that upheld such a restriction in a mass marketed software product.

CLAIM "allow vendors to disclaim warrantees"

WERDNA'S COMMENT: "Vendors can presently disclaim warrantees."

KANER RESPONDS: Oh yes, vendors can disclaim the implied warranty of merchantability under UCC Article 2. But they have to do this CONSPICUOUSLY. Courts have interpreted that requirement consistently in decisions involving software, consumer products and commercial products. They have rejected disclaimers that were not available to the customer until after the customer paid for the product. I'm not going to walk through all the cases. For citations, read the literature review in my book, BAD SOFTWARE: WHAT TO DO WHEN SOFTWARE FAILS. The only exceptions that I found to the general rule (post-sale disclaimers are flatly unenforceable) involved either (a) a longstanding relationship between trading partners, which involved so many transactions that the disclaimer of implied warranties could be treated as part of the course of regular dealing between the parties or (b) a decision based on the Roto-Lith precedent, which has since been overturned by the 1st Circuit (which said it was bringing 1st Circuit caselaw into conformance with Step-Saver, a case that rejected a shrink-wrapped disclaimer of implied warranties).

UCITA sections 2-207 and 2-208 allows publishers to enforce a disclaimer of implied warranties even though the customer is unable to see the disclaimer until after paying for the product and taking it away. No other law in the USA today allows this.


CLAIM "outlaw reverse engineering."

WERDNA'S COMMENT: "I believe you can review the last draft in vain to find a provision outlawing reverse engineering."

The draft doesn't ban reverse engineering. It allows vendors to ban reverse engineering of their products. The section that allows this is 102(b)(16) which defines a "Contractual use restriction" as "an enforceable restriction created by contract, which restriction concerns the use or disclosure of, or access to licensed information or informational rights, including a limitation on scope or manner of use."

A ban on reverse engineering is a restriction on the use of the product (a limitation on scope or manner of use of the product). UCITA repeatedly authorizes contractual use restrictions in software licenses.

Reverse engineering was discussed at length at the last national meeting of NCCUSL, the body sponsoring UCITA. NCCUSL passed the Perlman Amendment, which read:

"If a court as a matter of law finds the contract or any term of the contract to have been unconscionable or contrary to public policies relating to innovation, competition, and free expression at the time it was made, the court may refuse to enforce the contract or it may enforce the remainder of the contract without the impermissible term as to avoid any unconscionable or otherwise impermissible result."

This language, especially the reference to "innovation" and "competition" was felt to protect reverse engineering.

The Article 2B/UCITA drafting committee revised this language as follows:

"If a contract term violates a FUNDAMENTAL public policy, the court may refuse to enforce [it]. . . TO THE EXTENT that the interest in enforcement is CLEARLY OUTWEIGHED by a public policy AGAINST ENFORCEMENT of that term."

I've capitalized a few words to highlight the several things that you will have to prove to a court before the court can refuse to enforce a term. This set of restrictions is even narrower (gives judges less freedom) than current law that governs the power of judges to refuse to enforce terms that violate public policy (see the analysis of public policy conflicts with contracts in the Restatement of Contracts 2nd, published by the American Law Institute).

Note also that the UCITA language drops Perlman's explicit protection of "public policies relating to innovation, competition, and free expression." Instead, we don't know what policies UCITA is talking about.

So, on a case by case basis, software developers can go to court to either attack a contract or to defend themselves from attacks on them by software publishers. After spending a zillion dollars in the trial and appellate courts, the individual developer hopefully wins the case (and so only suffers the loss of the zillion dollars plus huge amounts of wasted time). But a win by one developer doesn't mean that the next developer in the next court will win. For example, a shrinkwrapped arbitration clause was ruled enforceable in the 2nd Circuit (Illinois law) but was ruled unconscionable and unenforceable in New York. So it will take years and many court cases before developers can safely reverse engineer mass market products (safe from threats of enforcement of a law on the books, safe from having to spend a zillion dollars in defense costs). Until then, it will be easy to intimidate most developers with the threat of enforcing the clause. Can you afford to defend yourself against a lawsuit, where even if you win, you still have to pay all your legal expenses?

WERDNA finally calls on readers to read UCITA. By all means, try to read this 200-plus page draft statute. Good luck. I know contract law professors who have studied the statute carefully and concluded that it is unteachable. I have attended all of the UCITA/2B meetings since February 1996 and seen lawyer after lawyer, experts in commercial law, struggling to make sense of the statute. The Reporter (senior author) of UCITA has included many Notes in the draft statute but these have been included over many years, many drafts. The comments don't all match or correspond with the language in the draft, making reading yet more confusing.

The last point that I'll respond to is the cheap shot attack:

WERDNA: "ask yourself why critics aren't really citing its language"

OH COME ON! WE'VE CITED THE LANGUAGE POINT BY POINT, QUOTE BY QUOTE IN DOZENS OF LONG, DETAILED LEGAL ARTICLES. NO, THE NON-LEGAL PRESS WON'T PRINT THESE CITATIONS. BUT YOU CAN GET MANY, MANY OF THESE ARTICLES ON THE NET. Try my website, http://www.badsoftware.com, e.g. http://www.badsoftware.com/kanerncc.htm. Or look at the many papers referenced in http://www.2bguide.com. Or read the federal trade commission's analysis at http://www.ftc.gov.

UCITA has been under development, in various incarnations, for about 12 years. It will finally be resolved, one way or another, this summer when NCCUSL either dumps the thing or sends it to the states (some of which will certainly approve it if they receive it from NCCUSL). By all means, try to read the statute. And then follow the Association for Computing Machinery, the IEEE-USA, the Independent Computer Consultants Association, and the sw-test-discuss software testers mailing list (organizations that represent working programmers) and the many other organizations of publishers, customers, libraries, and writers and express your own concerns about UCITA. Tell the NCCUSL representative in your state to make this turkey go away.

Thanks,

-- Cem Kaner, J.D., Ph.D.

Re:H4X0RS

[topdogg]

Think of it. A whole new world where every piece of software has a little hole, So anyone with the smarts to use it could just start taking down companies all over the world! Hmm this will be fun watching the government do this. You thought what Clinton did was bad, Hurmp, that was nothing, wait until you see about 50,000 crackers working on shutting down the government with this neat new bug. Oh but wait it's not a bug it's a feature.

Re:Samba should be safe

The SAMBA developers in Australia might be safe, but if the Samba suite becomes illegal to use in the US, or on shaky feet, you won't find it in commercial environments. Once the law is enacted all Microsoft has to do is make one additonal change that requires a RE to work around.

However, this whole thread strikes me as pro-OSS FUD. Some people participating in this discusison are even openly advocating the dissemination of pro-OSS FUD.

Re:This comment sums it up right here...

> The only good thing that could come out of this is giving OSS a huge boost, but there are a lot of industries that will be hurt by this no matter what.

The counterparts in Canada (for encryption software) and the rest of the world are going to get a massive boost as imports into the states. Imagine this someone walks into a store in say L.A. Every pice of software has in large bold letters: Made in Australia or Made in Brittan or Made in Canada, Made in France or Made in China... ;)

I am curious how this will affect exports from the States, will software that is complient with this be illegal outside the states.

Re:Take a breath, and RTF Bill!

[werdna]

We'll just have to agree to disagree, then. There is no obligation of "obviousness." The requirement that certain warranty disclaimers must be conspicuous is trivially satisfied by a font change (or ALL CAPS), as everyone here is used to seeing the routine disclaimer language concerning fitness and merchantability. Further, all shrink wraps generally permit as a matter of course (particularly after Pro-CD v. Zeidenberg) the return of the product if the agreement is unsatisfactory. And, of course, after Pro-CD, there is substantial authority that the "time of contracting" arises when the agreement is reviewed, not when the tender of payment is made.

Finally, I note that nothing in Todd's posting contradicts the proposition that warranties can be disclaimed under the status quo. Indeed, UCC expressly permits the same to be disclaimed.

I am aware of no case holding that a UCC warranty disclaimer is ineffective because it was given in a shrinkwrap, but would be pleased to see one cited if this is so. Indeed, the 7th Circuit cases seem to militate to the contrary, but that is a subject for a different forum, I think.

Anti-UCITA petition

[ellisj]

From inf oworld:

One simple thing you can is to sign our e-mail petition, which reads as follows:

"In light of the concerns previously expressed over proposed UCC Article 2B by a variety of interest groups, and the lack of time such groups have had to study and respond to its new reincarnation as a uniform act, the undersigned urge the National Conference of Commissioners on Uniform State Laws to not approve the Uniform Computer Information Transactions Act at this time."

If you agree, "sign" the petition by sending an e-mail to us at ucita@infoworld.com with any
additional comments you'd like to make and your name, title, company, city, and state. The results will be presented to the NCCUSL commissioners in Denver to help demonstrate to them
that the concern about UCITA is widespread.

Re:Take a breath, and RTF Bill!

[Todd+Knarr]

We'll just have to agree to disagree, then. There is no obligation of "obviousness."

UCC Article 2, paragraph 2-316, subsection 2, and I quote:

(2) Subject to subsection (3), to exclude or modify the implied warranty of merchantability or any part of it the language must mention merchantability and in case of a writing must be conspicuous, and to exclude or modify any implied warranty of fitness the exclusion must be by a writing and conspicuous. Language to exclude all implied warranties of fitness is sufficient if it states, for example, that "There are no warranties which extend beyond the description on the face hereof."

The language specifically says both "written" and "obvious". I would say that hidden inside the box so that you cannot read it until after you have paid is the exact opposite of "obvious" and/or "conspicuous".

And yes, all warranties can be disclaimed under the UCC. However, under UCC2 they cannot be disclaimed after payment is tendered and the goods are delivered ( ie. after you pay for the software and have the box in your hands ). All the portions of the UCC are worded such that delivery of the goods and acceptance of them by the buyer is considered sufficient evidence of a contract. The only question would be whether delivery of the goods occurs when the buyer takes physical possession of the software, or when the buyer opens the package containing the diskettes. I would suggest that, if you bought a car, paid in full and took possession of the keys, then found a tag in the ignition that said that by removing it you agreed to certain other terms not in the agreement you signed before you paid, you would be hard-pressed to find a judge who would rule that the dealer could modify the contract unilaterally after closing the sale.

Re:How long until internet connections are require

[IntlHarvester]

If I recall correctly, certain versions of Office 2000 (such as the Student Discount version) will have Internet Registration.

Hopefully Microsoft learned something from the "Channels" and "Windows Update" disasters and left that little feature out of the corporate desktop version.
--

Re:GPL

[Rombuu]

The guy said free software (i.e. the GPL) doesn't have restrictions on it. That is a false statement. I agree with most of what you said, except for: If you actually WANT to write software that restricts people's freedom, I can see why you wouldn't like the GPL, but otherwise, it's a Good Thing

I think what you meant was If you actually WANT to write software protects your rights, I can see why you wouldn't like the GPL, but otherwise, it's a Good Thing.

Very serious DoS

[JennyFreeman]

Imagine if someone found out how to delete windows remotly using this thing.

Within about 20 minutes you can delete windows of every computers hard drive in an office.

How much fun could hackers have?

What we need is impartial enforcement

[sheck]

To me, the real issue here is not that EULAs are going to suddenly be more enforcable (after all, it is a legal binding agreement - if you break it you should be willing to live with the consequences that you originally agreed to - even if that means that you lose the right to run the software) but that the body responsible for the enforcement is the issuer of the license.

This is same as having a law that would allow landlords to unilaterally evict tenants. It is a case where all the power in an agreement between two parties is held by only one of the parties.

Its clear here that no consideration was given to GPL'ed software. If the 'vendor' has the unilateral authority to block usage of software by users in violation of the user agreement. Where does that power reside in free software where anybody can be a vendor? Since anybody can be a vendor, does that imply that anybody can block the misuse of GPLed software? Can I shut down my competition because they are in violation of the GPL? Are we going to end up in a world where everybody is a software police officer an there are no courts or judges?

What is needed is an impartial third-party, whether it be the courts or a separate Software License Tribunal, to whom vendors and users alike can argue their cases. We do need license enforcement or the GPL is useless but we need that enforcement to unbiased.

That's my two cents.

Mesa

[Cary]

Isn't Mesa just an implementation of OpenGL?
This doesn't seem to fall under the proposed
Facist legislation.

Re:Mesa

[Tarnar]

hey hey hey, don't be calling it an OpenGL implementation.. Mesa is a graphics lib that is GL compliant but not officially. so as far as RE goes.. It might be. I'm no lawyer but i do know it was made without SGI's help.. and they own OGL.

Re:Mesa

[elyard]

SGI doesn't really own OGL in the sense of a proprietary ownership. Rather SGI (along with every other major UNIX workstation vendor) oversees the standard.

Already exists

This already exists in the form of keyservers. If the keyserver crashes, your copy prompts you to save, and then you twiddle your thumbs for a while.

I'd question what would happen if something happens and your copy quits, but if you weren't violating the license.

Also, are they going to have me sign a contract? Or will they depend on the 'legality' of the EULA? I think I'd sue someone if they tried to enforce a EULA. Either that or send them a EULA myself.

-B

Re:Already exists

[Alexey+Goldin]

> This already exists in the form of keyservers. If the keyserver crashes, your copy prompts
>you to save, and then you twiddle your thumbs for a while.

You wish. The software I am using for editing GDSII files (microelectronics masks format) just shuts itself down without bothering to save data or making sure that database stays uncorrupted.

Anyone has pointers to free UNIX GDSII software (except for MAGIC)?

Re:Already exists

[haapi]

My experience with this was with CAD/CAM board lay-out and HW modeling software. At least it was a well-known, understood-before-buying requirement that the software would only work for so many users for so many weeks. Then we had to call the vendor to get new codes and bludgeon our Accouting Dept. to promise them money. So this provision doesn't bother me as much as the "no reverse engineering" clause.

Re:How long until internet connections are require

You mean an "ex post facto" or rectroactive law?

10 cents worth of contract law

[alkali]

Here are two basic issues in contract law:

What contracts can't you make? I can't agree to work for less than the minimum wage. I can't agree to rent an apartment without hot water. I can't agree to sell my organs. Putting it another way, while I might agree to do these things, I can't be held to that agreement.

What are the default terms? If I agree to paint your house, but we don't set a time for doing it, and you sue me when I don't do it, I can't avoid the lawsuit by saying I'll paint your house in the year 2019. The court will say that the parties understood that I would do the job in a reasonable time (perhaps a month). In cases like this, where the parties don't address a particular point in their agreement, the law will generally supply a default term in order to make the contract enforceable.

Keeping the foregoing in mind, this proposed law does the following things: (1) It tells you what kind of software licenses you can't agree to -- and by the sound of it, not very much is out of bounds. (2) It tells you what the default terms will be when a license doesn't fill everything in.

The suggestion that this proposal represents some sort of government intrustion into the software maker/consumer relationship doesn't seem fair. Under this law, every consumer gets enough rope to hang themselves with; there's very little that's prohibited. As for the default terms, you're free to contract around them if you don't like them. By libertarian lights, this law is -- if anything -- too slanted in favor of consumers.

(That doesn't mean it's a good law, of course; it just means that if you consider yourself an anti-government sort, you should understand what this proposed law would[n't] do.)

Re:10 cents worth of contract law

[Steve+B]

As for the default terms, you're free to contract around them if you don't like them. By libertarian lights, this law is -- if anything -- too slanted in favor of consumers.

This statement would be true if copies of Windows 2000 or whatever has words on the outside of the box to the effect of "Software includes remotely triggered self-destruct feature. Microsoft reserves the right to disable this software at any time if Microsoft believes that this software is being used in violation of license".

The sleaze factor of this law is that it makes enforceable provisions which are unknown to the consumer at the time of purchase (i.e. neither disclosed before breaking the shrinkwrap nor matters which the "reasonable man" of the lawbooks would already expect).
/.

Re:10 cents worth of contract law

[alkali]

From a libertarian free-market-absolutist standpoint(*), there's no problem with such licenses as long as you can reject the license and obtain a refund as soon as you have an opportunity to read the terms. Alternatively, such licenses would be OK as long as manufacturers could put on the box a binding statement that the consumer will not be bound by any license terms not disclosed on the box, and customers could avoid software not bearing that statement.

(* Which I don't necessarily endorse.)

American Law?

[Outlyer]

One other point. IF this is an American law, if a software company attempts to shut down a piece of software in a country with no agreement to upload this (ridiculous) law, would the company have the right to sue (the living hell out of) the company?

Re:American Law?

[clawson]

...all it would take is for Microsoft or whoever to get the countries to adopt similar laws.

China would be the first, and probably easiest one (sorry about that). And especially if MS cut a deal with China to make a new software plant to make and package (not program...) the China-specific software, which would of course be distributed by most of the current pirate shops, thus legitimizing them...

So, is this just a small taste of what it is like to live in a totalitarian state, where even conflicting laws can be applied arbitrarily to weed out the Undesirables and keep everyone in line?

Civil disobediance as a result?

If I ran a demolition company, and Microsoft decided to stop my use of Office, ruining my company, the first thing I'd do the next day is load all the demolition equipment on the trucks, drive to Redmond, and bulldoze every building on the Microsoft campus if this law kept me from suing them for proper damages.

The proposal formerly known as UCC 2B

[Froomkin]

By way of background (missing from the article from InfoWorld), UCITA was until recently the proposed UCC 2B. The proposal to add a provision to the Uniform Commercial Code to deal with software licenses was until recently a joint project of the American Law Institute (ALI) and the National Conference of Commissioners on Uniform State Laws (NCCUSL). The proposal was so awful, and attacked by so many people (especially legal academics!) that the ALI pulled out. This is unusual.

NCCUSL historically is less likely to throw roadblocks in the way of a proposal once a drafting committee says it's done. On the other hand, this one is so controversial, for so many, many reasons, that there is a little hope that the steamroller can be stopped. Uniform Commissioners are political appointees, usually by state governors, so if you or your firm happens to have any pull in your state, a word to the (un)wise might help. Furthermore, even if it passes NCCUSL it then has to be adopted state-by-state, so there's another chance to fight it.

For my account of why an earlier draft was bad for e-commerce (the latest draft is bad in slightly different ways) see 2B as Legal Software for Electronic Contracting -- Operating System or Trojan Horse?.

A. Michael Froomkin
U. Miami School of Law,POB 248087
Coral Gables, FL 33124,USA

Re:Government Selling Out

[Royster]

You're talking as if Government were some monolithic boogeyman who is out to stick it to the little guy. There are several layers of government in our system. This draft has been proposed by a committee of representatives from the states. If a draft passes the committee, it will have to be acted upon by the state legislatures. Business has the money to pay lobbyists to write and promote this legislation. We have to power to let our disapproval be known to our Governors and legislatures. Use it.

How long until internet connections are required?

How long until internet connections are required to install software that registers itself? Ore reuqires a 'net connection each time you run it? Or maybe just periodically?
* What if you reinstall it?
* What if you reinstall you're whole HD (after a crash)?
* What if you upgrade to a whole new machine?

I think SW vendors need to address these 3 issues before thay can even think of any sort of auto-remote-kill-the-pirates-and-a-few-honest-guys -along-the-way-oh-well protection scheme.

Re:Chances are you already have:

[Royster]

Fine, GCC is general purpose software. It should be open source. Similarly the MRI software being hosted on a Linux OS. But I seriously doubt if the MRI application itself is open source. It's possible, but I doubt it.

In my own field of Insurance, there aren't enough qualified programmers to support OS software for this industry. There also isn't enough glory to get anyone in OS interested. From this I conclude that OS software specific to my industry will never exist.

Illegal to reverse engineer?

Is no one worried about this little idea? With this wouldn't M$ be justified in suing the people who work on Samba or any other bit of free software that attempts to work around proprietary extentions?

Re:Illegal to reverse engineer?

most software liscenses already contain "no reverse engineering" clauses. of course i doubt they'd legally be able to do much if you violdated that; legitimizing that by outlawing it specifically could have heavier effects..

Re:Illegal to reverse engineer?

[Manax]

This has been discussed above... It would only be illegal AFTER the laws have passed. Creating crimes out of actions after the fact, I think, is unconstitutional.


--
"I'm a hacker, not because I was programming when I was 13, but because I'm human."

Re:Illegal to reverse engineer?

Legitimizing it by outlawing reverse engineering specifically will get all sorts of people "reading the source" of OSS projects. (I.e. the legal staff at commercial software vendors.) It will eventually pock-mark the Source tree of all kinds of OSS projects. It could even end up jailing the hackers who did the reverse engineering.

Re:How long until internet connections are require

[qmrf]

As long as StarDivision ceased all RE activities the second the law was passed, they'd be fine. You can't be charged for a crime that wasn't yet a crime when you committed it. (though I feel silly for forgetting what this principle is called) Now, MS and other big companies could (and, I have no doubt, would) try to sue the OSS crowd for RE the second this law passed, but the charges would be thrown out, despite the amount of money MS would be willing to throw at the legal system. If RE the product was legal when they did it, then they're fine, whether it becomes illegal or not. If their actions were illegal when they took them, then they're in trouble, whether this law passes or not.

Kick ass! **PASS** **PASS** **PASS**

I'm sending off notes to my reps right now.. This sucker is the best shot-in-the-foot the software privateers could possibly pull off (well, perhaps not but close!)..

I don't know about you guys, by with the current commercial licences out there plus this will get our company policy to read: Nothing but OSS licences!

Muhahaha..

BYE

[Derek]

See ya around. *sniff*

-Derek

Re:Its fine to look at the bright side but...

[Dead+Mike]

Seems to me that there were similar worries early in the satellite TV days with the crypto boxes for the big dishes...that was solved when someone exploited the back door and then put the solution out on USENet. Now you can buy a card/SmartCard that allows you access to every channel able to be demodulated from your geographic location...including HBO, etc.


Linux is a small kernel...the I/O drivers are Open and Free...just give the underground a chance...I guarantee you will be approached on the internet 2 days after your settop box/cable provider goes UCITA!

Re:UCITA

[Espressoman]

I don't care about remote shutdown of software at all - if you bought it, you agreed to the license and serves you right if you violate the terms.

I don't care about requiring permission for pass-along - if a software company wants to spend millions of dollars overseeing and enforcing this, whilst at the same time alienating their customers, well go for it.

I *do* care about the reverse engineering clause. All of you in the US need to LOBBY against this NOW. The whole open source community has utterly relied on reverse engineering to produce software which supports a large variety of hardware and interoperability with other software. Your graphics adapter drivers, your sound drivers, your SCSI drivers, your TV card drivers may all well be the result of reverse engineering. Take that away and what do you have?

Remember Halloween I? That paper identified the possible strategy of closing and obfuscating protols and file types to prevent the open source community from having access to them. If we can't work with the rest of the world all the progress of the past ten years will be lost.

Outlawing reverse engineering will mean the end of working with MS filesystems, exchanging files with MS (and other) programs, communicating with computers which use closed protocols.

This scares the you-know-what out of me, and it should do the same for you too.

Big marketing breakthrough for sourcexchange

It seems to me that sourcexchange should be contacting large corporations and asking them to contract open source developers to write replacements for mission critical software components. All sourcexchange has to do is point out the immense danger that UCITA poses to their business operations.

Great News for OSS

[Perlguy]

I hope these morins put themselves out of business!

What corporation would be willing to take this risk? Not a smart one I hope...

Consider this:
Disgruntled employee acquires companies list of serial #'s and posts them on the 'net. Then the corporations software could be remotely shutdown by the software vendor for license violations...

Bring it on, I am moving more and more to a complete OSS working environment, this should help speed the process!

Re:Great News for OSS

[clawson]

Is it clear whether network providers could extend these UCITA laws to the networks? What about ISPs that "require" you to use their software to use their network services? If there are problems, then the ISP says it's with their software, and therefore not warranted. oh, and by the way, their software contract does not allow you to do this-and-that service, so we're shutting off your service anyways...

The web site for that person's travails with Comcast and @Home should be enough evidence to the contrary to shut up the "but it can't happen here" people.

It will. And once companies figure out they can make some good money by it, it'll spread like a bad case of Ebola.

To whom may we complain?

[Evro]

A previous post pointed out that this "law" will be passed by some state attorneys-general, and "a few state legislatures." How does that enact national law? Is that not the task for which Congress was expressly designed?

And to whom do we express our rage? As far as I can tell, the worst part of this "law" is not the clause that allows vendors to auto-destruct software -- though that is admittedly horrible -- but the part which states that the creator of the software cannot be held liable if the software sucks. What the hell is that? I mean honestly, what the hell is that? How can that even be under consideration by lawmakers (RESPONSIBLE TO THE PEOPLE, RIGHT?)?

What if the auto industry tried something like that? What kind of cars would we be pumping out if auto makers were not responsible for the quality of their merchandise? Sure, I guess nobody would buy the newest Mustang if it had a bad habit of exploding over 25 mph, but are they claiming that that would be good-enough punishment for the manufacturer? Where are we? Am I in the right universe?

Some may say that the situation is much different with software. But I contend that it is exactly the same. Let's say NASA used Windows as the operating system on the next space shuttle or something (as if). As America watches the in-cockpit camera, we see the blue-screen-of-death pop up and ten seconds later the shuttle blows up. Oops, MS says, but not our fault! See! Look at the license!

Maybe that's an overexaggeration, but there are many situations in which failure of software is simply not an option. If we remove all responsibility for responsible programming, what kinds of programs will we end up with?

But then again, every time I start up emacs it tells me that it's distributed with "ABSOLUTELY NO WARRANTY". And it's a pretty solid piece of software. So I don't know where that leaves this argument. :-(

Here are the paragraphs in question:

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

What's to stop any software company from adding a line like this to their program? What's stopping them now?? Is it the "applicable law" part? Somebody please tell me. I know there must be something or else every software maker would have implemented this already.

-----BEGIN ANNOYING SIG BLOCK-----
Evan

GPL

When he said Free Software, I think he meant software under the GPL. Under the GPL, Free doesn't mean gratis, necessarily. It means having rights and privileges to do what you want with your software. If you want to charge someone for a copy, go ahead. If you want to burn CD's of it for all your friends, go ahead and do that, too. If you actually WANT to write software that restricts people's freedom, I can see why you wouldn't like the GPL, but otherwise, it's a Good Thing.

Re:GPL

[Le+douanier]

That's two point of view. If you want to protect your IP by restricting other people then feel free to do it but if you want to give up some of your IP rights for the community then feel free to do it, that's what free licenses allow you to do and the GPL not only allow you to do it but allow you to protect your IP so it won't be used in commercial software. That's not because you use/make closed software that you are evil, this is just a choice.

BTW: the GPL give you very few restrictions about the USE of the software and these restrictions are about preventing loopholes allowing people to close GPL'd stuff. The GPL is very restrictive about DISTRIBUTING software (which isn't the same as using). You're not allowed to distribute GPL'd stuff in binary only form without any access to the code.

The GPL is a good thing because it fills a gap in the free licenses community, but this don't mean other license are not bad or better, they just are different and can be called better or worse only when you try to apply them on your code (ie: for what you want to do it can be worse to apply the GPL than the BSD license and vice-versa).

Re:GPL

[sinan]

Actually he said OSS ( I think he meant GPL) is not the answer, Free Software ( i.e. NOT GPL but non-restricted Free software , as in antlr from www.antlr.org) is the answer. He was using Free to mean NOT GPL.... in my opinion.

Sinan

Uniform Acts

[David+Jensen]

This would be a uniform act that is done on a state-by-state basis in the US (La. does not generally participate in the uniform acts).

The law would define what the default is if the commercial transaction is covered by the state and your contract is silent on that point. Large companies will not tolerate most of these default provisions.

Many of the default provisions violate consumer protection statutes, so they will not be effective against home users either. The people who will get screwed if the software publishers have their way are the small businesses that cannot get a company to change the terms and conditions but are not protected by consumer protection laws.

This is a state by state operation. Even if Washington State rolls over for their software publishers, other states can make it illegal or economically irrational to license software under UCITA because it is against public policy. They can further stop the effect of this law by extending consumer protection statutes to all purchases who are not the position to negotiate terms and conditions of the license.

Encourage your state to pass consumer protection laws that say that any company that uses shrinkwrap agreements to license software have:

• Warrants that the product may be tested for 30 days and can be returned for any cause that the customer cause for a full refund at that time;
• Self-help reposessors must provide a bond of $1,000,000 or more against any damages that may be caused by self-help repossession;
• Companies must at least refund all money spent, at any time during the life of the license, if the product fails to work as described in any documentation from the company.

UCITA is a bad idea.

Re:Uniform Acts

[firewood]

> Encourage your state to pass consumer protection laws that say that any company that
> uses shrinkwrap agreements to license software have:
> Companies must at least refund all money spent, at any time during the life of the
> license, if the product fails to work as described in any documentation from the
> company.

Does any significant major OSS/GPL/commercial application completely comply with all its documentation 100%?

If not, this is a refund-at-will proposal (e.g. buy RedHat 7.x; wait until 10.x comes out; say that some lunix utility in 7.x doesn't fully act as it says on the man page or README; get a full refund, RedHat goes bankrupt...)

Re:Uniform Acts

[Royster]

This is a state by state operation. Even if Washington State rolls over for their software publishers, other states can make it illegal or economically irrational to license software under UCITA because it is against public policy. They can further stop the effect of this law by extending consumer protection statutes to all purchases who are not the position to negotiate terms and conditions of the license.

Haven't you ever seen a shrinkwrap term that states that the licence will be interpreted under the laws of state X? This is how the law, even if passed by only a few states, will influence most software purchases. Individual states can not disallow these clauses because that would be regulation of interstate commerce which is explicitly reserved to the Feds. ObDisclaimer: IANAL and all that.

Anyone wanna bet a lobbyist wrote this bill?

[Platinum+Dragon]

....give vendors the right to repossess software by disabling it remotely

What gives them that right?"

The letter of the law, it seems. A similar concept is already in force; anyone suckered into buying a Divx player agreed to this cute little statement in the Divx contractual agreement...

"YOU ACKNOWLEDGE AND AGREE THAT YOU POSSESS ONLY A NONEXCLUSIVE, LIMITED LICENSE TO VIEW THE MATERIALS CONTAINED ON THE DIVX DISCS AND THAT YOU HAVE NO OWNERSHIP OR OTHER PROPRIETARY INTEREST IN SUCH MATERIALS."

This allows them to prevent a movie from being viewed, say, if you forget to pay your bill, or a company wishes to put a movie "on moratorium".

Yes, less than 300 000 people bought those infected DVD players. Yes, it will probably die in a year or so. The ideology that birthed Divx, the concept of complete corporate control over the use of software (including the data on certain DVDs), is being adopted throughout the software and entertainment industries. The rush to create a "pay-per-listen" music format is one example; this software license bill from hell is another.

More fun statements...

"...but your warranty says that I can return it if it doesn't work as it says it would." "Too bad. We've disclaimed that warranty."

And...

"[the bill] says manufacturers are not liable for the poor quality of their products,"

These statements, and the states of mind they represent, would be unacceptable to consumers in any other product. Somehow, software manufacturers can get away with substandard products; this legislation would give that dangerous mindset legal backing.

I get the sick feeling the software lobby can get laws like this passed because the current political establishment has no idea how software works, and are unable to draw important distinctions and similarities between software products and other products. Thus, large corporations and powerful lobbies with enough money can tell the aforementioned clueless politicians how a particular law should be written, which just happens to work in their favour. I think it's time for some hackers who know how to deal with software and the Internet to get political office, before it's too late.

And it wouldn't be the fault of the company either

[tamyrlin]

Since the company already disclaimed all responsibility for the program they can't be held responsible when Joe Random Scriptkiddie deinstalls all copies of the mission critical application Foobar across an entire corporation...


/Andreas

Re:Transfer of Licence Day

[Wokan]

I like that. I've got a stupid NT Workstation CD that my college included as part of my tuition (came with a remedial language I swear I just needed the credits for). I've got ZERO use for that. Anyone else got an NT WS CD they'd like to swap for mine? :) We'll call MS at the same time and get permission. Hell, all we have to do is pair off enough people like this and we can just swap up pairs every now and then. They must have enough people that we won't likely speak to the same poor schmuck twice very often.
Digital Wokan, Tribal mage of the electronics age

Inevitable threat to OSS

[Rubinstien]

I sent an article about this to Rob a couple of
months ago and it never appeared...I'm glad to see that it now has.

I've thought a lot about this since then, and I
believe that this can ultimately become a threat to OSS development in the US. If the government
makes this law to 'protect the rights' of the
software industry it will eventually see fit to
make the 'technology' a requirement of exported software. This would enable the US to disable
software used by its enemies, as well as totally prevent the use of US-authored software with strong encryption outside the US.

OSS, by definition, couldn't meet such a requirement and would become illegal to export.

Good

The more unreasonable software licenses get, the more likely people are not to buy the software. I will assume that Microsoft will be the first to become 'unreasonable'.

Re:Breach Of Contract?

[tamyrlin]

nope.. they stated in their shrinkwrap license that they are not responsible for their software...

Re:Take a breath, and RTF Bill!

[werdna]

I would note that the "limited warranty" in most products that you refer to typically does not limit the warranties of merchantibility and fitness for purpose, which are what the shrink-wrap licenses disclaim.

Disagree. Such warranties, in my experience, are common and routine, and are hardly limited to shrink wrap licenses. Just looking around the house, I note that my stereo, VCR, DVD player, washing machine and a television set (just things for which I happened to have the documents in a drawer) all had the standard disclaimer.

Also, you keep coming back to the point that all warranties can be disclaimed under UCC2, as if this is somehow relevant. It isn't.

I understand why you would want to backpedal. The video tape proves otherwise: I wrote, criticizing the articles proposition the UCITA "allow[s] vendors to disclaim warrantees," stating that "vendors can presently disclaim warrantees." I wrote nothing else on this point.

You wrote, "I would take exception to several points here, in particular your statements about vendors disclaiming warranties."

I am pleased we no longer disagree that the article exaggerated.

As to your final question, it is simply this: 2B was a standalone provision, requiring that everything be spelled out. I agree that the statute was drafted to be more closely tuned, and to give greater clarity, to circumstances surrounding transactions involving shrink-wraps. I also agree that it is generally pro-licensor and has serious problems.

The point of my posting is that UCITA's critics are being disingenuous in their criticisms. The bill is a mixed bag, some good, some bad. The stupid polar bullshit from opponents and proponents has stood in the way of it being a very good bill.

As a lawyer practicing daily in this area, I lament the lack of CERTAINTY (whatever is the result) in these transactions. It would be wonderful if a great number of these ineffable fuzzy questions were resolved, and the prospect of a fairly balanced UCC2B could have been a great thing. Unfortunately, the radical views pushed and pulled at the thing until it became useless. Now we have UCITA, and I see the same demagoguery happening all over again.

Moreover, the exaggerations from many critical quarters has hurt "our" cause, permitting publishers to marginalize very credible critics as part of a group of knee-jerk opponents who only speak in half-truths.

This is a bad thing. We as a community need to do better. We need to insist on clear, truthful and complete accounts -- using solid advocacy of course -- rather than trying to justify after-the-fact these sound-byte half-truths so empty as to be misrepresentative in context.

Re:Take a breath, and RTF Bill!

[Todd+Knarr]

I would note that the "limited warranty" in most products that you refer to typically does not limit the warranties of merchantibility and fitness for purpose, which are what the shrink-wrap licenses disclaim. UCC2 only addresses those two warranties, and IMHO applying the rules for other warranties to them isn't correct. The two are different, and are treated differently by UCC2 itself. Almost always, reference to those additional terms is made in the before-sale paperwork, and the terms are available before you pay if you wish to review them.

Also, you keep coming back to the point that all warranties can be disclaimed under UCC2, as if this is somehow relevant. It isn't. The point I make is not that warranties cannot be disclaimed, but that under UCC2 they cannot be disclaimed in the way that shrink-wrap licenses do it and the way that UCC2B/UCITA would allow, which is a completely different point.

One final question. If the current shrink-wrap licenses are actually so acceptable under UCC2, why are the software companies so interested in pushing UCC2B/UCITA through, and why with terms so different from UCC2 so explicitly spelled out? It would seem that, if 2-217 was the only problem, it would be simpler to just print the shrink-wrap license seperately and require it to be signed at the time of sale than to lobby for changes in the law. This suggests that the software companies are worried about someone bringing a case, not under the terms of the shrink-wrap, but as a straight UCC2 case.

Take a breath, and RTF Bill!

[werdna]

One of the difficulties in working through all the hype on both sides, is that the shift from UCC2B to UCITA leaves us without a specific draft to criticize. Critics are free to exaggerate supposed defects, and of course, advocates can do the same. Anyway, before taking the article's word for it, look at the last drafts of UCC2B, ask yourself why critics aren't really citing its language, and consider well whether you are being completely and honestly informed by critics or advocates alike.

UCC2B is not all bad, and not all good, IMHO. However, some of the comments in the subject article strain credulity and, regrettably, much of it is demagoguery from various special interest groups trying to stir up dissent.

For example, shrinkwraps. Shrinkwraps are not the enemy of open source -- to the contrary, they are part of what makes the open source license "virus"es work. Some here have argued that this law can somehow have retroactive effect on already existing contracts and past reverse engineering -- Not so, indeed, a law that changed existing contract rights would be unconstitutional. In short, while I understand why the software defect plaintiff's lobby is all in a huff about greater certainty in enforcing shrinkwraps, I'm not sure that the OSS community shouldn't be planting itself squarely on the fence on the issue.

Some other points made in the article:

prevent the transfer of licenses from one party to another without vendor permission;

Of course, this can be (and often is) accomplished under the status quo with a commonly used contract provision. I actually prefer the common law default to the language of UCC2B, but I don't see this as either new or particularly egregious.

allow vendors to disclaim warrantees; and

Vendors can presently disclaim warrantees.

outlaw reverse engineering.

I believe you can review the last draft in vain to find a provision outlawing reverse engineering. Still further, it is doubtful that a state law could do so under present law without violating the Supremacy Clause of the Constitution. Indeed, the last draft of the UCC2B has an express example in the commentary expressly noting circumstances where unconsented reverse engineering is not a breach!

Why are they exaggerating if their case is so strong? Think about it. Its not.

I find great flaws in the UCC2B as do others. However, while flawed, it is not the unmitigated disaster it is held out to be by its critics (although it is certainly special interest legislation). As is often the case, the truth is more interesting.

I do believe slashdotters should educate themselves about this bill, study its provisions (the real ones, not the straw men) and judge for themselves what should be the law. But UCITA is not suprise legislation -- these proposals have been brewing now for years. Consider them carefully, and use what power you have, particularly now that it is no longer UCC, to help your legislators to separate the wheat from the chaff.

So, RTF Bill, read the commentary on both sides, and judge for yourselves.

Re:Take a breath, and RTF Bill!

[Todd+Knarr]

I went through the warranty information for a bunch of my appliances. The closest any of the dozen-plus warranties comes to disclaiming the implied warranties of merchantibility and fitness for purpose is to state that they are limited to the warranty period ( usually 60-90 days ). Better than half of them make no mention of any limitations on the implied M/FFP warranties. Not a single one attempted the sort of blanket disclaimer UCC2B/UCITA attempts to legalize.

Having read the drafts, I would say that UCITA is less unacceptable than the original UCC2B draft. OTOH, having one leg amputated at the hip is less unacceptable than having both legs amputated, too. Neither is desirable. The best that can be said is that UCITA, in a few spots, provides almost the same rights to the consumer as they would have under UCC. That's not acceptable.

And nobody has yet presented an argument for why software companies should be allowed to live up to even minimal standards. Even a used car sold as-is still has to meet certain minimum safety standards, yet UCITA wouldn't even hold software makers to that minimal standard.

Re:Take a breath, and RTF Bill!

[Todd+Knarr]

I suspect that would fall under another section of the UCC, since that was a case of attempting to return goods which you did not order. It was also not so much a matter of anyone saying that you couldn't get a refund as of the vendor saying the refund was MS's responsibility and MS saying it was the vendor's responsibility.

If you were attempting a return due to the product being defective, UCC2B/UCITA gives Microsoft's and the vendor's behavior the force of law. That would simply not be acceptable in the case of any other goods, and regardless of whether you can practically get a refund or not I don't see a good philosophical reason to establish law saying you aren't entitled to a refund for defective goods.

Re:Take a breath, and RTF Bill!

[fishbowl]

"...a vendor can only disclaim warranties of merchantability and fitness for purpose if they do so very explicitly and obviously and
before payment is made for the goods. If they fail to do this, then the buyer has the right to cancel their acceptance of the goods if
defects are found that render the product unfit for use."

Wasn't this the premise of "refund day?"

Did anybody get a refund?

Re:Take a breath, and RTF Bill!

[werdna]

Todd proves too much with his quote. For one thing, the word "obvious" does not appear there. As an aside, I didn't take issue with the use of "written," so that's a straw man.

There is substantial case law concerning the term "conspicuous," which does appear in the statute is satisified by an all-caps document. I noted all of this in the post to which he responded.

The assertion concerning payment and delivery is at odds with applicable case law which holds that when a box states that there is a shrinkwrap therein, the acceptance of an offer to sell does not take place until after the shrinkwrap is reviewed; provided there is a return option. ProCD v. Zeidenberg.

Todd to some extent misstates and largely overtstates what is the law. The use of after-payment-and-delivery limited warranties disclaiming fitness and merchantability, when a package recites the existence of a limited warranty, are common in the consumer electronics and home appliance businesses, and elsewhere in commerce. According to Todd, none of these documents have any meaningful effect, and years of litigation in which such provisions have been enforced are mistaken.

It's not that Todd is entirely wrong, however. There is another UCC issue, 2-217, the battle of the forms provision, which precludes adding terms to agreements under certain circumstances by the use of printed forms. In many cases, the exchange of paperwork resulting in conflicting terms or new material terms added afterwards *CAN* result in some terms (like arbitration clauses) being cut out of the deal. 217 cases are highly fact-specific, and shrink-wrap scenarios do involve substantial risk for the vendor who is not careful in preparing his packaging.

That, however is not the issue -- the original article suggested that UCITA is evil and radically different from the status quo because it permits warranties to be disclaimed. Such overstatements are dangerous and a discredit to those who would criticize UCITA. Todd ultimately admits that the article's point is a canard when he writes, "And yes, all warranties can be disclaimed under the UCC." Accordingly, it would appear that he should agree that the statement in the article, at least, is a wild overstatement of the problem.

On the other issues, I stand by my last posting, and suggest once more that on this point, Todd and I simply agree to disagree.

Re:Take a breath, and RTF Bill!

[Todd+Knarr]

I would take exception to several points here, in particular your statements about vendors disclaiming warranties. Under UCC Article 2, a vendor can only disclaim warranties of merchantability and fitness for purpose if they do so very explicitly and obviously and before payment is made for the goods. If they fail to do this, then the buyer has the right to cancel their acceptance of the goods if defects are found that render the product unfit for use. Under UCC2, the current shrink-wrap license disclaimers would not be valid because they are not made before payment is tendered. UCC2B/UCITA would allow such disclaimers to be valid. I simply fail to see what's so different about software that the terms of UCC Article 2 need to change, especially on this point.

Re:UCITA

[grahamm]

I believe that European directives explicitly allow reverse engineering for the purpose of interfacing. It also states that these rights cannot be removed by licence conditions. So, even if reverse engineering is made illegal in the US, the open source movement elsewhere will still be able to determine the required protocols and hardware interfaces.

Very 1984

[Chris+Johnson]

Very 1984-esque. As the phrase goes, 'may you live in interesting times'. This is the digital equivalent of the period just before the American Revolution, FWIW.
I have to sympathize with the people who argue, 'no! Don't let this pass, it will do immeasurable damage even if it _does_ force the issue of free software and make it almost unavoidable'. I sympathize a great deal, because it is deeply disturbing to watch an industry develop a choke-hold over technology, government- anytime an entity is legally allowed to hold _sole_ discretion over the survival of another entity, be that a company or a person's records or, hell, a government's records... then you have real trouble. Power corrupts, and that is more power than most people would know what to do with- especially when we're talking about the privilege to on the one hand define an industry standard operating system (yah, 'doze...) and then withhold it at whim regardless of damages. That's _damned_ scary.
And yet, I am not convinced 'we the people' have the power to reform this in time. I believe this or something like it will go through- and our humanitarian concerns (wishing business, government not to be subject to a reign of terror) will not save the intended victims of this ghastly power-seize. I think it will go through, and our world will quietly change into an Orwellian nightmare around us- with respect to proprietary software. And there will be no ground to give and no chance of negotiation- the only choices will be to submit or to _fully_ go for free software and disclaim even the idea of interoperability with the proprietary stuff- it simply will not be in the interests of proprietary software to pretend anymore.
Where this might get very ugly is protocols and networking. It won't kill anyone if computer joysticks or certain printers can't be used with open source products- this already occurs. However, attacking the networked infrastructure of the world would be deadly, and it's hard to imagine anything more important than defending the ability of the world to communicate- we cannot balkanize, we can't afford another Dark Ages, we must protect the ability of people everywhere to network with each other and exchange ideas, viewpoints, dialogue. This was important even when the danger was only proprietary stuff crowding out the older stuff and refusing to interoperate- how much more dangerous when the proprietary stuff is to be operated only by the graces of a centralised authority? This would be Jon Postel's worst nightmare, perhaps beyond his imagining.
We are looking at war.
Whether or not it turns out as bad as it might, it's best to remain firmly aware that we are looking at the prospects of literal war over these issues. There are too many parallels with civil liberties issues- first trespass into people's software 'homes', then negligence and the refusal to take responsibility for damages to said property, and now it's to be legal for companies to destroy my data or seize it without due process on _their_ notion that I did something wrong? Does this begin to sound eerily familiar to those who have learned anything about the American Revolution?
We _are_ looking at war, and we are probably stuck with it.
For me, well: I can't be terribly impressed with some of the scuzball freedomfighters, any more than the colonists were an impressive aristocratic lot. Seems like there are a lot of script kiddies in the ranks- that ego runs riot, mine included- that politicking is rampant, the whole troupe seems like either blowhards or rugrats up against trained troops with big budgets.
Yet I know damned well which side I'm on- there's no possible compromise, and my mood is more and more like the Boston hotheads causing trouble for the colonies in 1776. It's the grand imposing impressiveness of a small, mange-ridden cornered rat- and the same desperation, born of the total lack of other options.
I'm posting this from a small town in Vermont, in the United States of America, and will soon be visiting my family in Lexington- where the Redcoats marched, shed Colonist blood, and were cut down themselves in the start of the war for independence.
WE WON, DAMN IT. Remember that when this nightmarish cybertyranny madness gets oppressive. Supposing the laws are passed and working on reverse-engineered projects becomes ten years and $100,000 minimum, supposing this is quickly taken advantage of to render everything that seemed to be good strategy (Samba, windows-like interfaces, ability to talk to NT Server...) useless. Guess what? That's war for you. If you don't like it, you can knuckle under and bootlick, or you can fight back using any means at your disposal. The outcome is not pre-ordained- and there comes a point where fear, uncertainty and doubt no longer matter because there is no longer an option to bootlick. With this legislation and what it represents, I see that point approaching, and I choose to call it war, just as much a war as any physical war.

Re:Very 1984

[symbolic]

Your post is very pessimistic, and it fails to consider what many of the post have done: software vendors are banking on the presumption that consumers will be STUPID enough to purchase software with this kind dreck attached to it. Let's not forget - these companies are SELLING us something. This involves a condition whereby one party agrees to exchange THEIR money for what it is the software company is offering. This license seems to treat any revenue from these kinds of licenses as a foregone conclusion.

At the risk of stating the obvious, a company can't exist without sufficient revenue. If enough customers find this kind of agreement as hideous as it really is, they'll simply refuse to purchase the product. Revenue falls, company goes under, end of story. How many times do you think this will have to happen before software companies decide that this kind of license is tantamount to putting a loaded gun to your head and pulling the trigger?

Once a user signs an agreement, they're stuck...but no software company can MAKE you buy their product, and this is something that consumers would do well to remember. I'd just love to be able to send a letter to one or more of these companies:

To Whom it may concern:

We have been long-time consumers of your products in the past, and we are pleased with the results we have been able to achieve. I regret to inform you, however, that we are unable to continue a relationship with your company. Because we have found your new licensing requirements unacceptable, we will be replacing your software with an alternative that has far more reasonable terms governing its use.

Have a nice day.

Sincerely,
John Q. ITProfessional

Re:Breach Of Contract?

[clawson]

No, not under the "no warranty" and lack of indemnification parts...

...it would become your burden to prove anyways...

UCC 2B

[dave_bennett]

is what it was called for the last three years while it was being drafted. So why are you all surprised at this? It has been coming on for three years. Everyone has criticized it and casts votes against it and asked for it to go away to no avail. A lot of BIG $$ from the software industry behind this one.

It will most certainly effect the printing, video and audio industries as well. From past experiences it doesn't look like arguing against it in this forum at this point will do any good. (It hasn't to date.) The best thing is to get ready for the arguing at your State Government level. (I'm sure a few free copies of Windows for Government use will oil the passage of this one though.)

The biggest thing is that in the bowels of this proposal is the excusing from liability of software companies for anything arising from faults in their software... Which explains why Microsoft is such a big pusher of this legislation.

Of course, it'll put it on par with Open Source...

Dave Bennett
Chief Information Officer
Inland Truck Parts Company

Re:Hacker / Cracker Shutdown Events

[ocie]

Imagine all MSWord users in the state of California suddenly having their software nixed,
or having every Oracle database in the Pentagon frozen due to "license violation".

I say let them do it, its their foot they are aiming at. M$ may do this but you'll never see Oracle do it.

In a critical failure situation, where a machine dies over the weekend, it is in Oracle's best interests for you to be able to set up on another system on your own and make them look good, rather than telling thousands or tens of thousands of users that the Oracle database is down on Monday. If this means that there is a chance you will be running two copies of the software on one license during the transition, I think they'd take that chance rather than change losing the contract.

Re:Not OSS

[Rombuu]

Free Software has no restrictions on how you can use it.



Sure it does, it has that stupid, you can't use this in non-free software restriction.

Maybe you meant public domain?

Hacker / Cracker Shutdown Events

[Skip666Kent]

Imagine the fun when digital hooligans use the industry's own tools to shut-down enormous pools of users of a given product.

Imagine all MSWord users in the state of California suddenly having their software nixed, or having every Oracle database in the Pentagon frozen due to "license violation".

Hey, that could well be the 'blue-screen of death' of the 21st century. You won't even get the *chance* to get a good, old-fashinoed Access Violation!


] word foo.txt
] loading...
] Terminated at 005e20010fcb
] License Violation.
]_

Re:How long until internet connections are require

There's another problem with requiring an internet connection: do you really want software you paid good money for to stop working every time somebody launches a Denial of Service attack on the software maker's internet hosts? Think about it...

Software vendors abandoned disk copy protection because it became obvious they were shooting themselves in the foot. This is an even more obvious case of foot-shooting; any sensible software vendor should quickly discover it is killing sales, and abandon it. UNLESS of course they've already got their customers by the balls, and they have no choice of switching to another vendor -- hmm, sound like any software company we all know?

Samba should be safe

[Yarn]

Its developed in .au, where I doubt this law will apply.

Re:Samba should be safe

[Le+douanier]

"pro-OSS FUD"

pro-OSS: Yes certainly.

FUD: Certainly not. FUD means you invent/create cases to make poeple believe a product is not good/dangerous/... . If this law is voted then it will not be FUD but the sad reality. When some danger is true it's not FUD, FUD is about intoxicating, not about using dangers/flaws/... to advocate against a product. Ok FUD use one lie between two truth so it's easy to swallow the lie but this is lie nonetheless.

Re:Samba should be safe

Hmm....I like this idea:
RE some software...then just
send it to a friend in any country BUT
the US, and have them publish it...
There goes the law.

Self Help? Egads...

[Skip666Kent]

I vote "Self Help" as the most heineous mis-nomer since "Ethnic Cleansing".

This will -NEVER- work... (a non-pro-OSS reply)

[8Complex]

I mean... it may work on some people that are just normal people installing on two machines in their home type of thing, but when it comes down to it, when a pirate group releases their own release of a software they normally include a "crack" or patch to "fix" the software so that way all the little things in the program you woulnd't want happening, wouldn't.

They'd probably just make 1 standard system of shutting down software and the crackers would come back with 1 crack that could "fix" hundreds of pieces of software before a new version of the license checker comes out.

Now don't get me wrong about this all you OSS people, but I haven't seen very many programs that are OSS that are great in functionality and looks all at once. Linux has a lot of software, and it is all OSS, but rarely do I find a good functioning X-Windows program - and when I do, it looks horrible. I personally, can't stand using command line programs (except for one-time doing of things) and woulnd't even know where to begin if I wanted one to run in the background all the time.

Why aren't there some people that do OSS for Linux that strictly fix the GUI of the program and have nothing to do with the functionality? That'd greatly increase how good the finished product looks and also would make it more usable, by far. (I've seen program that might've worked great but I could NOT find a simple function cause it was hidden too deeply into the program).

Now, as for me, I mainly use Windows since the GUI is tuned (just wish it didn't crash so much - not like I don't crash X either though). The mouse moves EXACTLY the way I want it to - something I can't get Linux to do if I spend an hour playing with just the mouse movements. Drag and Drop works perfectly, and I have a desktop that I can drag and drop files to temporarily, if I'm in the moddle of moving files around, or permanently if I want a link to startup a program there.

Also, (it's early so I feel stupidly brave enough to take a stab at it) cut and paste and the mouse DO NOT belong together. It is inconvienient and stupid the way it works in X. I'd MUCH rather have that middle button set to something like "roll-up" for the windows and Ctrl-c,v,x set up for cut and paste commands. If there IS a way to do this, forgive me and please explain how. I am by far not an expert on X or Linux, but I am a very experienced user of different programs, and I know exactly what I like to use and what I use to make productivity the fastest for me.

8Complex

Re:This will -NEVER- work... (a non-pro-OSS reply)

"Now don't get me wrong about this all you OSS people, but I haven't seen very many programs that are OSS that are great in functionality and looks all at once."
-
Have you not seen Enlightenment?
-

Re:This will -NEVER- work... (a non-pro-OSS reply)

[Le+douanier]

I love enlightenment but I would reather talk about WindowMaker for great in functionality and looks all at once (and very small BTW).

Re:This will -NEVER- work... (a non-pro-OSS reply)

[Le+douanier]

I love Enlightenment but I would reather talk about WindowMaker for great in functionality and looks all at once (and very small BTW).

In expectation of Win2000 perhaps?

I have been wondering if alot of the hubub about these tpye of laws may have something to do with the release of Win2000 and the massive amounts of "rewrites" that win applications are supposed to need to run under it. Will future releases of win based software packages require to be a on a network? Is the minimum requirements for software in the future going to include "internet access" or "access to a phone line".

Are all these clauses mentioning the removal of quality and performance and warrenty requirements a forshadowing the release of the slowest, buggiest, least reliable version of windows yet?



I like using my machine offline

Re:Taunting the Dinosaurs

Why call it Open-Source? We have long passed that stage, is called "free-software" once again. I refuse to associate myself with OSS, could we reminde you what OSS stands for? (Hint: remember APSL)

licenses may control only the distrubution

[l984]

As I understand the main difference between
software and physical goods is a relative ease
of DISTRIBUTION. And the licenses were invented
to take control over this.

Therefore DISTRIBUTION must be the ONLY subject
licenses may limit our use of software.

Any other items in the licenses must be illegal.

This approach clears the view to restrictions
like 'reselling/giving_away the license',
'reverse ingeneering', 'product reviews' and
many others.

One thing remains unlear, though. I speak of
DISTRIBUTION, but it is not quite clear what
it means. Does 'fork()' produce another copy
of the program? Who is the user --- system
administrator sitting before the console,
client connected via network, CPU performing
machine code of the program, the running
process, the running thread, disk space
occupied by installed program. Most people will
probably say: "the box, software is installed
on". But then I recollect that clusters exist.

Anyway, the DISTRIBUTION must be the only item
software owners should be allowed to regulate.

Many organizations oppose UCITA

[cemkaner]

Here's a list (with links) to opposition letters from a wide range of organizations that oppose UCITA / (formerly Article 2B).

If you want additional information, write me at kaner@kaner.com and/or check my website, http://www.badsoftware.com.

Recently, several organizations have submitted letters to NCCUSL or ALI asking that 2B/UCITA be tabled or cancelled. Not all of these letters have been published. I'm aware of letters from:

- fifty intellectual property law professors (http://www.2BGuide.com/docs/1198ml.html)

- American Association of Law Libraries (http://www.arl.org/info/letters/libltr.html and http://www.arl.org/info/letters/Wright_ALI_letter. html)

- American Library Association (http://www.arl.org/info/letters/libltr.html and http://www.arl.org/info/letters/Wright_ALI_letter. html)

- American Society of Media Photographers (http://www.nwu.org/pic/uccasmp.htm)

- Association for Computing Machinery (http://www.acm.org/usacm/copyright/usacm-ucc2b-10 98.html)

- Association of Research Libraries (http://www.arl.org/info/letters/libltr.html and http://www.arl.org/info/letters/Wright_ALI_letter. html)

- Consumer Federation of America (http://www.cptech.org/ucc/sign-on.html)

- Consumer Project on Technology (Ralph Nader) (http://www.cptech.org/ucc/sign-on.html)

- Consumers Union (http://www.2BGuide.com/docs/cu1098.html)

- Independent Computer Consultants Association (unpublished)

- Institute for Electrical & Electronics Engineers (IEEE) submitted specific criticisms of 2B (http://www.ieee.org/usab/FORUM/POLICY/98feb23.htm l) which have not been resolved in the ways requested. The IEEE suggested in its most recent letter (http://www.ieee.org/usab/FORUM/POLICY/98oct09.htm l) that if these issues were not satisfactorily resolved, it too would recommend tabling.

- Magazine Publishers of America (http://www.2BGuide.com/docs/v9-98.pdf)

- Motion Picture Association of America (http://www.2BGuide.com/docs/v9-98.pdf and http://www.2BGuide.com/docs/mpaa1198.html)

- National Association of Broadcasters (http://www.2BGuide.com/docs/v9-98.pdf)

- National Cable Television Association (http://www.2BGuide.com/docs/v9-98.pdf)

- National Consumer League (http://www.cptech.org/ucc/sign-on.html)

- National Music Publishers Association (unpublished)

- National Writers Union (http://www.nwu.org/pic/ucc1009a.htm)

- Newspaper Association of America (http://www.2BGuide.com/docs/v9-98.pdf)

- Recording Industry Association of America (http://www.2BGuide.com/docs/v9-98.pdf and http://www.2BGuide.com/docs/riaa1098.html)

- Sacramento Area Quality Association (unpublished)

- Society for Information Management (http://www.2BGuide.com/docs/simltr1098.html)

- software-test-discuss (this is the Net's largest e-mail discussion forum on software quality control)

- Special Libraries Association (http://www.arl.org/info/letters/libltr.html and http://www.arl.org/info/letters/Wright_ALI_letter. html)

- United States Public Interest Research Group (http://www.cptech.org/ucc/sign-on.html).

Most of these letters are brief. After consultation with some other consumer advocates, I submitted a detailed letter with a section-by-section call for consumer-side revisions (http://www.badsoftware.com/kanerncc.htm).

The National Writers Union letter (http://www.nwu.org/pic/ucc1009a.htm) details writers' issues.

The Society for Information Management's letter details the concerns of large software customers (http://www.2BGuide.com/docs/simltr1098.html).

A recent advisory letter from the Federal Trade Commission (http://www.ftc.gov/be/v980032.htm) raises many of the same concerns.

Re:Many organizations oppose UCITA

Interesting, groups that have backing which use/depend on software in a big way in their business. Makes sense.

Note: I'm not for the bill, just pointing something out.

Re:Many organizations oppose UCITA

[toriver]

By the same token, the "we own your data, and hence your company" software companies probably are _for_ it...

- "Hello, this is Micros~1. You may have noticed that your customer database - hosted on SQLSRVR - shut down two hours ago. We will be happy to restart it if you put $10,000 in unmarked bills in a black bag and deposit it on the corner of..."

- "This is outrageous!"

- "Now, now, be nice - you don't want your Office installation to have an 'accident', would you? Good. By the way, make that $15,000."

Re:The 2nd provision I love

[IntlHarvester]

Most medium-to-larger businesses already "rent" their software in the form of annual maintenace and support agreements, so no news there. And yes, if your company is on a annual plan with Microsoft, they could well be still spending a couple bucks a year for some old MS-DOS PC.

I can't even imagine the hassle that Microsoft (Corel, Lotus, and so on) would have to go through to get that $10-$20 maintance fee out all the individual users and small businesses out there. Hardly likely to happen.
--

Let's get serious here.

[Hrothgar+The+Great]

There seem to be an awful lot of us suggesting that we should support the law because it's so bad that it will make free software look angelic in comparison. While i appreciate the irony of the software industry crippling itself with a self-serving uniform law, i think that the impact of this law will have severe effects on users of open source software as well. Where do you guys work? I would guess that most if not all of the companies that we work for depend on some sort of proprietary software package. Commercial software is everywhere; and even the Linux community is for the most part hoping that more companies will take notice of us and port some of their commercial software to our OS. Believe me, the consequences to all of us will be markedly visible if this legislation passes. I don't know about the rest of you, but i don't want to see this much power in the hands of the commercial software developers, even if it does make us look better in comparison. I really think that everyone should be very scared that such a law is not simply laughed into nonexistence. We need to oppose UCITA, or suffer possibly unforseen consequences.

Ooh! Please pass this law!

From what it says in the article, vendors can already decide to repossess software. A case with Revlon is cited. However this would add an air of legitimacy to it and encourage proprietary vendors to build backdoors into their software. In addition this law would allow vendors to disclaim all warranties and increase the strength of the EULA.

Given the rather questionable EULAs in effect today and the rather questionable software quality in proprietary software, I don't think any manager in his right mind would be willing to stake his job on a piece of software under the terms set forth here.

I can only see this as a boon to the open source software movement, which would offer the following over proprietary:

1) A much more agreeable license. If a license is Open Source, no one will ever try to repossess your software.

2) No warrantee, but if you're using a package and something breaks, you can at least fix it yourself in the worst case.

3) It's free. If your company merges with another one, you don't have to ask anyone for additional licenses or permission to use current licenses.

4) No proprietary file formats. No need to reverse engineer anything. Your data is not being held hostage by anyone.

5) Your terms, mostly. You can do anything you want with the software, with the only restriction being that you make any improvements you make available to everyone.

So you see, I hope this law passes because the sooner everyone is demanding open source, the easier my life will be.

Re:Ooh! Please pass this law!

1) A much more agreeable license. If a license is Open Source, no one will ever try to repossess your software.

Look around yourself sometime and watch what happens when something becomes mainstream and popular. The lawyers swarm all over it. The OpenSource(tm) model has yet to be tested in a big way in court. It hasn't become mainstream enough that anybody cares. It will become an issue when it does become mainstream. You can count on it.

2) No warrantee, but if you're using a package and something breaks, you can at least fix it yourself in the worst case.

"Fix it yourself?" Companies will not be enthusiastic about having to hire programmers to fix their problems. Companies will be even LESS enthusiastic about paying programmers to fix the problems in OTHER companies. And lastly, companies will not want to pay programmers to sit on Usenet watching for problems to fix.

4) No proprietary file formats. No need to reverse engineer anything. Your data is not being held hostage by anyone.

Companies don't reverse engineer anything. They buy a software package to do the work, and they use it. This is true today, and it will be true tomorrow. Companies are smart enough to sign clear legal agreements, and would never let their data be held hostage to 'anyone.' This arguement belongs in /dev/null.

Re:Ooh! Please pass this law!

[eponymous+cohort]

Companies don't reverse engineer anything. They buy a software package to do the work, and they use it. This is true today, and it will be true tomorrow. Companies are smart enough to sign clear legal agreements, and would never let their data be held hostage to 'anyone.' This arguement belongs in /dev/null

If you are talking about small companies that have no IT department and rely on off-the-shelf software, then what you say is true.

However, bigger companies often buy software packages that require lots of customization, and they often want it integrated into existing systems. The more open the product is, the easier this is to accomplish.

As for the "held hostage" comment. If your documents are stored in the latest MS word/excel formats, it works fine if you only use word and excel to view them, but if you want to do anything tricky with the data, maybe export it every sunday evening, and email a summary to certain employees who are logged into a certain system at the time, you are stuck using MS tools which may or may not be available to accomplish your task. If you use non-proprietary formats, you will never be "locked-in" or held hostage by a certain vendor.

Re:Ooh! Please pass this law!

[clawson]

1) A much more agreeable license. If a license is Open Source, no one will ever try to repossess your software.

Look around yourself sometime and watch what happens when something becomes mainstream and popular. The lawyers swarm all over it. The OpenSource(tm) model has yet to be tested in a big way in court. It hasn't become mainstream enough that anybody cares. It will become an issue when it does become mainstream. You can count on it.

Yes, the GPL has yet to be seriously wacked on in court.

2) No warrantee, but if you're using a package and something breaks, you can at least fix it yourself in the worst case.

"Fix it yourself?" Companies will not be enthusiastic about having to hire programmers to fix their problems. Companies will be even LESS enthusiastic about paying programmers to fix the problems in OTHER companies. And lastly, companies will not want to pay programmers to sit on Usenet watching for problems to fix.


...which is so silly because they hire contractors to tune their DBs, install their networking plant, deliver bottled water service, etc. Any company that has a motorpool either has a mechanics bay or contracts the service out to a company to deal with it. Etc.

So, the companies that don't want to have the staff to "fix" software problems themselves are fooling themselves, because they probably already do it anyways, i.e., either find/hire someone to do it inhouse or hire a contractor to do it on a one-time basis.

The building breaks? They're either big enough to have their own building maintenance types, call a company to do it, or get the building manager to get the service people out to fix the roof, repair the plumbing, etc...

It's all like a sad comedy anymore.

GREAT!!!

[Dead+Mike]

This is the best thing that could happen for open source software. The publishers are closing ranks and restricting their users more and more. We have reached a critical mass with Apache, sendmail, emacs, etc. and don't need to worry about the 'reverse-engineering' provisions of this law.

Corporations will come our way in droves if we point out that not only don't we implement UCITA and its noisome 'self-help' strictures, they can see that we don't for themselves. Also, since they own the source, _no one_ can take their software away from them. We should be trumpeting this from the highest peaks. Can you imagine what fear this will strike into the PHB's and suits when they find out that if they don't accede to punishing 'licensing terms' __________ (--Oracle, Microsoft, SAP, Peoplesoft, Baan, etc.--) (fill in the blank) will remotely disable their software throughout their enterprise, from the desktops to the server farms, into the mainframes and down to the data warehouse. Most painfully, the courts and the legislatures will let them!!! Talk about a gun to your head!!! "Sure the data is yours. Try to get at it!"

However, we DO need to beat these fsckers at their own game and protect our 'prior art' at all times when it is obvious (IIS, Exchange, Notes, etc.) that they are the ones doing the reverse engineering. In these cases we need to insist that all these products conform to the liceses they were initially released under or these anal-retentive zipperheads will find themselves in court!!! Also, we need to DEMAND participation in the standards bodies, so they cannot lock the standards (as Rational and Microsoft have done and continue to do.)

The only threat I see here is from Adobe. Anyone know if they still have any claim to PostScript?

Fine, but now its against the law

Reverse engineering the boxes is against the
law. So distributing free software based on RE
would probably be illegal too. Especially if
they use some copyprot system where only CE is allowed to run on it.

Then you are stuck. You will have the interface
that the Majority of people are willing to put
up with. Most cable customers wont care.

Take it a little farther, and maybe the settop
box wont talk tcpip to your computer any more.
Some propietary protocol instead. Suddenly
linux cant get to the net.

Then they win.

Re:Fine, but now its against the law

[Dead+Mike]

You miss the whole point of the net...if DoD can do it with SIPRNET, who says we can't (who says we haven't, hmmmm?)...after all, one man's noise is another's info...just ask the folks that design GPS receivers...that is the power of kernel hacking...that is why Projects like BOA and BO and the LRP are so important...don't forget the X.25 standard...and, remember FIDONet

And if you can do that on the net, who's to say that with micro-transmitters and NRT transmissions with Very Large Package/MTU technologies, you might come up with the next DB technology...everyone sets their own limits to how far they will allow the corporate/governmental thuggery to continue...if you think hard enough, you can solve the problem, _if_ it is important enough to you, personally.

Unbelievable

[Accipiter]

This is absolutely crazy. If you read the article carefully enough, you can pick out SEVERAL controlling issues:

....give vendors the right to repossess software by disabling it remotely

What gives them that right? If you lend a laptop computer to a friend, and he didn't return it when you asked him to, does that mean you can break into his house and take it?

....prevent the transfer of licenses from one party to another without vendor permission

"Hello, Mr. Gates. I'm selling my computer to someone, And I'd like your permission to give him my copy of Windows as well." Now, Microsoft can just as easily say "No, afraid not. BUT, he's perfectly entitled to buy his OWN copy!"

....allow vendors to disclaim warrantees

"...but your warranty says that I can return it if it doesn't work as it says it would."
"Too bad. We've disclaimed that warranty."

I've noticed on the chart that Microsoft was in full favor of this bill. (suprise!) Some other stupid items follow:

McCabe added that vendors are not permitted to exercise self-help if the vendors are aware of third parties that could suffer serious losses because of it.

So, if a company is confronted with this, they can simply say: "But we had no idea!"

Software vendors argue that they are within their rights to limit the use of their products.

Absolutely, but if you want to limit it, you limit it in the actual design of the software. You don't crumble a company's infrastructure just because of a licensing agreement.

"[the bill] says manufacturers are not liable for the poor quality of their products,"

Gee...looks like Microsoft is off the hook. Answer this: If the maker of the software isn't responsible if it sucks, who is?

"If I have to guarantee that my software will perform the way you think it's going to perform, that's going to be costly for me," Winpro's Harris says.

Actually, that's correct. Expecting Microsoft Excel to walk your dog isn't reasonable. BUT, expecting Microsoft Windows not to crash every hour, is. The idea is that Software manufacturers have to guarantee that the software will perform the way THEY claim it will perform. But if it doesn't,"...manufacturers are not liable for the poor quality of their products."

Seems to me, that software vendors want to take more responsibility when it comes to them getting their money, but when it comes to their software not performing at it's expected level, they don't want ANY responsibility. It's a 2 way street, folks. They're just trying to put up One-Way signs.

-- Give him Head? Be a Beacon?

Re:Shrink wrap vs. legacy software

[grahamm]

If anything it shows the need for "self help" on the part of users, in that users would benefit from sharing experiences and problem resolutions etc so as to reduce the cost of, reliance on and the workload of vendor support.

Uniform Commercial Code HA!

look closely kids,the UCC can only be applied to citizens of the "Federal United States"not the "citizens of the several states".this means that unless you are a gov't.employee or live on gov't. owned land you are exempt from non-positive law.
"CRACK ALL YOU WANT,THEYLL MAKE MORE"

Death Knell

[James+Ojaste]

This sounds like a death knell for commercial/closed software if it gets passed into law. Does a company *really* want to give its competitors the ability to shut down its systems remotely? How long will it take for somebody to write an exploit to prematurely trigger the self-destruct? Oh sorry, they called it the "self help feature", didn't they?

I'd much rather stick to open source, so I know that nobody else will be controlling that assembly line or office environment. Talk about a massive DoS attack...

Free haven

[Betcour]

This is going to push ever further the necessity of free haven for software : countries where laws about reverse ingeneering/software patents/copyrights don't exist. They already do that with cryptographic code which is made out of the US to get around export laws. Also BladeEnc (MP3 encoder) is made in Sweden because software patents don't apply there. Internationnal laws state that all actions are subject to the local laws where it is done, so you can't sue in the US somebody for a crime (RE ?) commited in a country where it is legal.

Re:How long until internet connections are require

[Justin+Motion]

Office 2000, AFAIK, requires an internet registration within the first 50 times you run the program.

If you re-install, and have a PIII, it'll be identified as a re-install...now what happens if you just upgrade the CPU?

A simple solution would be to embed the serials into the cdrom...A unique serial number on each cdrom.

10 years in the future....

Please place your eye to the retena scanner for product branding......Serial number already in use...you have been found guilty of software fraud, Etching advertising slogans onto retena....completed.....have a nice day

Enforcement?

I'd love to find out about how they expect to enforce this. If I'm a Forest Service ranger or what-have-you, out in the wilderness with my laptop, am I obliged to provide Microsoft with my IP address and/or modem number so they can remotely kill my copy of Windows 98 if I violated my license? For that matter, what about the database server sitting behind BigCo's ultrasecure firewall? How do Oracle (or whomever) send the "Signal of Death" to disable it?

Re:Enforcement?

We had one of those here in the states... Passed sometime around 1985 or so... It was called something like the computer fraud and abuse act and it prohibited most of those acts. But it would seem that they're willing to flush it down the toilet for this crappy law. (Mind you, they'll make the exception only for the software companies.)

Re:Enforcement?

[Stephen+Beynon]

I will be interested in how they enforce this world wide, since remotely disabeling software is certainly a prohibited in the UK by the computer misuse act 1990. I even recall a case where a company refused to pay a software development company. The software developer remotely disabled the software, and was successfuly prosecuted under section 3 of the computer misuse act.

As I understand it if a person from the US brought thier laptop into the UK, and had the software disabled remotely they they would be able to prosecute the software vendor.

Stephen

Section 3 of the computer misuse act follows:

Computer Misuse Act 1990 (UK) Section 3

3.(1) A Person is guilty of an offence if -

(a) he does any act which causes an unauthorised modification of the
contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the
requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an
intent to cause a modification of the contents of any computer and by so
doing -

(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any
computer; or
(c) to impair the operation of any such program or the reliability of any
such data.

(3) The intent need not be directed at -

(a) any particular computer;
(b) any particular program or data or a program or data of any
particular kind; or
(c) any particular modification or a modification of any particular
kind.

(4) For the purposes of subsection (1)(b) above the requisite knowledge is
knowledge that any modification he intends to cause is unauthorised.

(5) It is immaterial for the purposes of this section whether an unauthorised
modification or any intended effect of it of a kind mentioned in
subsection (2) above is, or is intended to be, permanent or merely
temporary.

(6) For the purposes of the Criminal Damage Act 1971 a modification of
the contents of a computer shall not be regarded as damaging any
computer or computer storage medium unless its effect on that computer
or computer storage medium impairs its physical condition.

(7) A person guilty of an offence under this section shall be liable -

(a) on summary conviction, to imprisonment for a term not exceeding
six months or to a fine not exceeding the statutory maximum or to
both; and
(b) on conviction on indictment, to imprisonment for a term not
exceeding five years or to a fine or to both.

Moderators != story posters

[binarybits]

The moderators don't decide which stories to post. They simply change the scores on the message boards. The stories are chosen by Rob and a few others on the /. staff, not the moderators.

Re:Remote Shutdown Exploit?

[kabloie]

The shutdown exploit is a good idea.

And guess who will get blamed when hackers (uhhh, did I get it right) figure out how to do it? The software house? HAH! The FBI and State 'Computer Crime' Task Forces will be out in force. MS (for example) will be making money hand over fist as money that could have been spent by MS on programming shows up in law enforcement agencies pockets. Tech Support with M-16s! Bah, it's already happening.

I'm having paranoid episodes again! Whee!

-kabloie

It's a good law!

[alexsh]

Folks, don't bash this law and don't fight it -- if there's ever to be a law that'd promote open source, then this is it. Let it pass! Then make sure your bosses are very well aware of it. And then see how getting open-source software into your company becomes so much easier.

Re:It's a good law!

[clawson]

Sure, it's great for OpenSource now.

But what if the rumored "WinBoard" PC that Nick Petreley posted about as an April Fools' joke came to be, and the PC as we know it, and all the stuff that works with it (USB, PCI cards, etc.), is not financially feasible to buy, much less produce? Think that Microsoft couldn't sell them at a loss for a couple of years to wipe out the existing pipeline of systems?

Then UCITA would apply to those systems. You would only be able to buy Microsoft-approved hardware. You would only be able to buy Microsoft-approved (WinBoard logo, of course) software. You wouldn't be able to RE the software easily, if at all, because there would be no point in doing it, because the Reverse Engineered stuff wouldn't be usable on any other system.

Sure, there are a lot of midnight engineers and programmers. But...

OSS works now because there is a large source of commodity hardware and platforms to use it on. It will shrivel if the systems become completely proprietary at the hardare level.

Sure, Linux on HP/UX or SparcStations. OK, maybe for old ones. But that market would suddenly shrivel as the newer machines become totally closed. So a black market begins in old, open machines. Can only go on for so long.

ISPs no longer to allow unfettered access to the network. Easy, as someone could argue that the network is as much a software (so UCITA applies) as it is hardware (but the ROM stuff could be argued to be software, too), but hardware is useless iwthout software...

The 2nd provision I love

is the ability to now rent software year-to-year.
(Good if you're the publisher.)

If you don't pay your license fee up front, you be turned off.

This can only increase software costs. Just imagine if all that old, moldy MS-DOS software in use by 30,000,000 Americans could just be turned off. Instant upgrade to Win98/2000. Cool, if you're Microsoft.

In the mid term, this is terrific news for Linux. Think about it, this only increases the price disparity between open and closed source. Not only do I use better software, but software that is much cheaper.

Re:Petition

[maynard]

Looks like Infoworld is collecting e-mail signatures for a petition against this thing. Look at the bottom of this page for details. The address is ucita@infoworld.com.

How Ironic it is that the simnet page linked from the infoworld page in your previous message, provides a NCCUSL list of commissioners, and a sample letter of dissent to mail to said commissioners, but it's only provided in MS Word .doc format. How obnoxious.

I faithfully followed those links in order to send a snail-mail because honestly these people take signed snail-mail much more seriously than email petitions, and I wanted to register my dissent with the strongest force possible. Oh well, one hopes StarOffice will read it... but still, these guys ought to get a clue.

I agree

[Larry+L]

Someone already said, "if you give them enough rope, they'll hang themselves."

True, no IT pro will risk their jobs with software that can be yanked at any time, no matter how much adobe and ms say the bill will help the customer.
Since when did they put the customer before themselves and their image?

In addition to problems already mentioned, what happens when you put a back door into a piece of sw?
Once a hacker/cracker reverse engineers that back door and this knowledge spreads, you cant really rely on that program at all.

Fsck you (Offtopic, Redundant, Flamebait)

OK, so you can't reverse-engineer. How about doing it in another country? Oh, we can't -- the software is export-restricted.

Why the hell do we always get BS laws like that? Big Brother sindrome (aka 1984 sindrome)? Cyberpunk sci-fi syndrome?

nope.

Again, the idea is not necessarily that the software is 'disabled' from an external source, but that it automatically disables ITSELF if it is not periodically 'enabled'. In other words the default behavior is for the software to break over time, thus you must punch a hole in your firewall if you want to continue using it.

Re:nope.

And if somebody happens to be launching a Denial of Service attack on the vendor's web site when my software attempts to renew itself, the software just stops working, despite the fact that I have a legitimate license to use it? What if my firwall BY DEFAULT blocks the outgoing requests? I'm sorry, but the concept of requiring my software to periodically contact an outside internet host is far too fraught with problems to be practical.

Software Subscriptions?

[rnturn]

If you need to periodically renew access to your mission-critical software by contacting the vendor, aren't you essentially subscribing to it? What company is going to be silly enough to run their company on software that they are subscribing to? Jeez, the first time the accounting department gets shut down due to the vendors not renewing the keys to the software, someone's head is gonna roll. Perhaps you can get fired for buying Micros~1!

Personally, I can't see this happening industrywide since the infrastructure that a software vendor is going to have to put into place in order to use a software enabling mechanism like this is going to be considerable. Consider the class action suit that they leave themselves open to if their key distribution server is attacked and rendered unusable for several days. Also, consider the situation where your vendor is clobbered by some natural disaster. Selecting a software vendor located closer than 100 miles of the San Andreas fault could be considered a career-limiting move! Oh sure, they could build multiple servers to serve wide geographic areas and act as backups but methinks that the expense involved is going to make this something only the larger SW vendors are going to attempt.

I wouldn't count on internet-based software key distribution to catch on too quickly (my gut feeling) but technological advances could make something like this cheaper and more accessible to SW vendors. Then it'll be the royal pain-in-the-keister that everyone's complaining about today.

Just to be safe, let's make sure that this sort of software enabling becomes about as popular as parallel port dongles. You don't hear much about those nowadays, eh?

Transfer of Licence Day

[B.D.Mills]

To our American friends, good luck fighting this stupid law. (I'm Australian, I know about stupid laws. Internet Censorship, anyone?)

If the stupid law passes, however, here's a bit of fun that you can have. Have a Transfer of Licence Day, which will work like last February's Refund Day, except that a bunch of you get together and swamp a vendor with requests to transfer your licences to each other.

It might work like this. Suppose Fred and Barney both have licences for the same software from Vendor ABC. Fred contacts Vendor ABC for permission to transfer his licence to Barney, and Barney contacts the vendor for permission to transfer his licence to Fred. If enough people do this, a vendor would be swamped with requests, and a significant amount of the vendor's time can be spent fielding these requests. The worst-case scenario for a vendor is the cessation of normal business as they use all their resources handling the requests, in the real-world equivalent of a denial-of-service attack.

Maybe you could organise something similar before the stupid law passes, to demonstrate to vendors how stupid the law will be. Call it a Bogus Transfer of Licence Day.

The stupid law also needs a clause that states that the vendor cannot unreasonably withhold permission to transfer the licence. If I want to sell my computer and all its software to Fred, it would be unreasonable for the vendor to withhold permission, surely?

Let's hope the stupid law doesn't pass.

Good. Screw 'em.

[Outlyer]

This is a ridiculous law, but it's intended to protect ridiculous people. Who cares? I've run Linux for a few years now, I've had Word Processors that make better College Reports than any commercial (LyX), better Math software (Rlab) and better programming environments, Vi, Emacs..
. If these commercial developers who make shoddy software want to cripple themselves even more, especially in the face of this OSS revolution, more power to them.
I don't need them, and neither do you.

Re:Good for OSS so this legislagion is good? No.

[PinkFreud]

Commercial software licensing has been fscked up for years. Try reading some of those licenses - the end user has little to no rights as it is.

Right now OSS supplants commercial software. Perhaps one day, it will replace it. Due to commercial software's history of being closed, often buggy, and now licensing issues, perhaps this is OSS's time to be in the limelight.

PinkFreud

Firewalls, anyone?

Aren't we missing a simple point: wouldn't it be trivially easy to set up firewalls to simply discard any requests to disable software? In other words, perhaps there IS an easy technological fix to this blatant stupidity... or is the law going to go as far as telling me I have no right to filter out packets that I regard as harmful... and beleive me, it it's disabling software, it's harmful!

UCITA info in Non-Microsoft formats.

If you want to send off a letter to your state
representatives protesting UCITA, I've transcribed
the Microsoft Word documents detailing the current
list of NCCUSL representatives, as well as the
suggested draft letter, at http://www.pdos.lcs.mit.edu/~cananian/U CITA. There's a LaTeX-formatted letter there, too:
just download, edit, print, stamp and send.
--Scott

Re:Not OSS

[clawson]

Free Software has no restrictions on how you can use it. ...which would imply that my Free Software could impose restrictions on how YOU use it, or you could impose restrictions on how others use it from your download site, backed up by UCITA, no? After all, Internet Explorer is "free", too...

O2K internet connection requirements

[DeadmEAT42]

the website states that "reasonable upgrades" won't break office, but if the case and a modem are the only parts in common with a before and after of a massive upgrade, then it'll break, definitely.

The connection-req'd editions will be [initally?] released in "high-piracy" markets, e.g. China, Brazil, student discounted versions.

Hurry up with Koffice already!

Re:Not only customers oppose UCITA

[cemkaner]

An Anonymous Coward wrote:

"Interesting, groups that have backing which use/depend on software in a big way in their business. Makes sense."

I'm not sure what this means, but if it means that the primary opponents of UCITA are large and small customers, that's a mistake.

The Association for Computing Machinery, the Institute for Electrical and Electronic Engineers, the Sacramento Area Quality Association, the sw-test-discuss mailing list, and the Independent Computer Consultants Association have all opposed UCITA. These groups all represent software developers.

And the Motion Picture Association, the Recording Industry Association, the National Cable Television Association, the National Association of Broadcasters, the Newspaper Association of America, and the Magazine Publishers of America are all publishers. They oppose UCITA as publishers, not as customers. Their gripe is the extent to which the rules favor only the software industry. These publishers find that the rules are too heavily tailored to the practice of software publishers ("Article 2B departs from this sound model [of neutrality across industries] by providing highly specialized default rules based on practices advocated by only one segment of a much broader and more diverse group of licensing industries." www.2bguide.com/docs/1298mpaa.html.)

anti-piracy schemes in place?

[Mondo54]

Aren't some of these features already in place in some software? Someone from another dept came to me the other day blaming someone in my dept. for pirating their Adobe Photoshop. On her Mac, she couldn't run Photoshop because it detected another copy with the same serial number in use on the network. What friggin BS(and why I hate Macs), and we're supposed to have a site license for it.

All this software at work we have site licenses for, but it's all for Macs. So I do a little "borrowing" for the Win95 software I need.

Re:anti-piracy schemes in place?

[clawson]

Adobe got it from Aldus. PageMaker has been this way since PageMaker 4, both on networked Macs and Netwared PCs.

With SPSS software, you have to enter a new code annually.

At the UW, it used to happen a lot with SPSS and SAS on the mainframes... someone forgot to send in the license renewal,didn't open the letter they got back with the new code, or entered the code incorrectly or just didn't enter it on time, and the mainframe-based version of the software would just not work after such-and-such a date, and it was usually a multi-day fix after the deadline date...

Really ruffed the feathers of a few profs, especially those running multi-day jobs...

Anyways.

The software industry has been allowed to create its own niche. On one hand, they claim copyright protection on their software. Last time I checked, when I've bought a copyrighted item, it had no license agreement on it. But wait, software isn't "bought" (it certainly is), it's "licensed". Someone got let out of their padded room and restraints a long time ago, and look where we're at now.

The UCITA stuff is complete, utter BS, a complete end-around.

AS much as I loathe them, why haven't the Pat Buchanan-types picked up on this loss of the way they keep batting NAFTA, the UN and the WTO as evil plots? Maybe they own too much Microsoft stock...
Oh well.

Could be the End of the UCC

[Aaron+M.+Renn]

This provision could end up being the end of the Uniform Commerical Code. Right now commerical contracts are largely governed under this "model" legislation which is passed at the state level. If the state's flub it though, the federal government has the power to override this via its interstate commerce powers. Consumer protection legislation has always had better luck at the federal level than at the state level. If the state's pass laws that allow companies to screw over consumers too badly, look for consumers' groups to lobby the federal government to pass overriding legislation. The states could see their precious contract rights laws thrown out the window! I'm planning on forwarding a copy of that article to my Congressman.

All hope is not lost

[Dwonis]

Let's remember that the US is not the only country that has programmers. If the US government meddles with us too much, they will only be missing the boat. The only thing that scares me is the braindead politicians in Canada, Australia and the UK. They might adopt similar laws, a very scary idea. If worst comes to worst, Linus may have to move out of the US, or appoint someone else as head of the Linux project (someone in the Netherlands, for instance).

Just because OSS is outlawed in the US doesn't mean the rest of us should suffer. They'll simply miss the boat in OSS, as they are missing the boat in encryption.
--------

The problem of lobbying in America !

[Khalid]

Software vendors, and among them M$ of course are now so wealty that they can spend the amount of money they want to lobby people who make decisions to have laws for them. I view this as a reaaly big problem in the american democracy, if you are rich you can more easily influence the law in the sens it suits you.

So what kind of democracy is it ? what make me sad is Europe is going exactly in the same way, software vendors are lobbying in exactly the same way to have patents on software; alas it seems in this part of the Atlantic sea that all what come from America is always good, talk about cultural imperialism.

Khalid

Re:The problem of lobbying in America !

[emc3]

The problem is that the US is not a democracy -- it's a republic. Under a "true" democracy, every citizen would be able to vote on every issue, and the majority would rule. Instead, we have something more akin to an electoral oligarchy where we are often forced to vote for the lesser evil because nobody good is running for office.

There's also the added complexity that we are a union of independent states. The meaning of the word "state" is a bit different to us (Americans) than it is to citizens of most other countries. In much of the world, the words "state" and "country" are synonymous, whereas here, we tend to think of a "state" as simply a particular geographic area within our country. But even though we tend to forget it sometimes, each state has its own laws, and that apparently is how UCITA is attempting to sneak its way into law. Several states can accept it, and make it a sort of de facto standard, unless (until?)the Federal courts overturn it.

Of course, IANAL. YMMV. TANSTAAFL.
--
Ernest MacDougal Campbell III / NIC Handle: EMC3

Oh

[Fizgig]

Well, I can answer the second part of my question from reading the end of the article. Since this is about making commerce laws the same within states (not necessarily interstate), it couldn't be done federally without bending over backwards. So it was a part of the Uniform Commercial Code, a law making commerce rules the same in states. They then made it a separate bill. It will be decided upon by the American Law Institute, which is not made up of state attorneys general but by lawyers appointed by the state (quite often the same people, I'm sure). But who do I write to?

Ok, I've found they're at www.ali.org, but I can't find a member list. Anyone?

That's easy

The answer is, the database server periodically contacts Oracle for a renewal key. If it can't contact Oracle (because of firewalling) it automatically shuts down.

Problem solved.

Re:Oh, my.

[Nail]

I am sorry to say that there is a group of people that is not as fortunate as you. And, if this legislation passes, that group is likely to grow. Are you just flamebaiting, or are you really suggesting that this legislation is OK because of your past licensing experience with large software packages?

Not OSS

OSS is not the answer. Free Software is the answer. Free Software has no restrictions on how you can use it.

I notice that Infoworld is asking people to help fight UCITA. It seems to me that the logical way to fight UCITA is to switch to Free Software. Perhaps we should visit their bulletin board and explain.

Re:Not OSS

My country is not free either. It has that stupid law obligating me to defend myself against our enemies. Only our enemies will insist on that freedom.

GPL - When freedom counts!

just being helpful

[JEP]

ex post facto is the principle you're forgetting

--

Its fine to look at the bright side but...

I realize this seems to be a boon for OSS but
we dont always get a choice to have OSS:

What happens when you get settop boxes running
CE or another interface, and that interface
is licensed monthly or yearly. In the future,
your phone, your internet connection, your
cable could all be turned off at the flick
of a switch.

You can be the licensing for settop software
will be very cordial in the beginnning. You
can also bet it wont stay that way.

Re:Remote Shutdown Exploit?

[Wokan]

Well, I don't consider myself any kind of serious coder. So I guess any self-respect or lack thereof really doesn't matter.
Hand over that remote shutdown code. I'm drooling already.
Hey, if NATO is okay with a few civilian casualties who am I to say we can't have a few. Or even better still, we target "strategic" proprietary systems. When those people or companies see what this remote shutdown has subjected them to, they'll get the idea.
Anyone got the IP of their local congressperson? I've got a demonstration they weren't expecting. ;)

Digital Wokan, Tribal mage of the electronics age

Re:Oh, my.

[Rombuu]

If you don't like the license, you don't buy the damn software, how hard is that to understand? No, people would rather run around ranting about 1984 and staying the sky is falling....

Vendors Repossesing Software?

[Shakespeare]

It will be difficult enough when a vendor can shutdown or reposses Software remotely. However, I have to wonder if they have considered the probablility that once the commercial security has been broken (shouldn't take too long either), nobody's software is safe from being cancelled. Do you chase after the cracker who killed your mission critical software (or destroyed your ability to write business letters, which could be considered mission critical) and whom doesn't have the resources to return your business to health, or do you chase the vendor, who may well have deeper pockets.

Assuming that this turkey goes through, and since it will enrich lawyers I suspect that it will, Open Source will be the only software worth having.

Take it to the Supreme Court...

[technophile]

Somehow I doubt this would ever hold up under judicial review. The whole intellectual property set-up, as explicitly set forth in the Constitution and federal copyright law, is an exchange. On the one hand, the owner of a copyright is given exclusive rights to copy, redistribute, etc. On the other hand, they voluntarily cede rights to the founding ideas to the public. Reverse engineering is therefore legal, since copyright confers absolutely no rights to any founding ideas behind a copyrighted work. I think the Supreme Court would overturn this in a heartbeat. The only sticking point is that (technically, at least), a EULA is a voluntary contract, and it is possible to voluntarily refuse to exercise one's rights under a contract. That would be legally enforceable, if the SC took the view of EULAs as full contracts. However, currently, it's more likely that extreme provisions of EULAs will be looked upon as unenforceable (at least two federal district court decisions have come down this way).

I guess the simplest way to put it is that the proposed law directly contradicts both federal copyright law and the underlying (constitutional) motives behind IP law. In that light, I fail to see how it could survive judicial review.

--
"Perfection is achieved, not when there is nothing left to add, but when there is nothing left to take away. "

I'm no lawyer but...

[Paul+Brown]

I'm no lawyer but IIRC most software licenses have a clause about the governing law in event of any dispute (usually the law of the country the software company is based in).

So I imagine that, if this law is passed in the US, its terms would be included in the licenses of an software from a US company.

Or I could be totally wrong...

Paul

If software were cars...

[IIH]

(licence contained on dashboard)

Welcome to your Microsoft Car. By opening the door of this car, you have agreed to this contact and are legally bound by its terms.

You are hearby granted licence to drive this car for purpose of leisure only, within the radius of 50 miles of point of purchase.
Should you wish to use this care for commerical purposes, or for distances longer than 50 miles, you must purchase an upgrade to this licence, details of costs are available from your local MS office

This car comes without any warranty, evnt those assumed for fitness of purpose.
If this car breaks down, we will disclaim liabilty, and not be liable for any damges resulting thereof.

This car has been fitted with the lastest cut-off system, whereby we can remotely imobilise your car in the case we are in suspicion of you breaching your licencening agreements (eg for commerical use, more than 50 miles, or listening to music in mp3 instead of microsoft format)

In no case will we be liable for the damages resulting from cutoff, not even if life or money is lost as a consequence therof. any fines for stopping in the midst of the freeway must be borne by the customer.

If you even wish to sell your car, you must contact us for permission to do so, permission may be granted in exceptional circumstances, the normal requiremnt is for a second owner to purchase the licence to use the car from us. We will retain any monies thereof, and you will also be unable to use the car hencewith.

You may not attempt to guess what is wrong with the car, if it splutters and stops, you may *not* assume that it is out of petrol and attempt to refuel. Yu must bring it to a MS approved dealer, where he will apply the required fix (for an appropiate fee). Attempting to refuel the car, will result in breach of the licence, and your car may be cut off at any day henceforth. The petrol gauge is for use of a Microsoft certificed mechanic for diagnositic purposes only.

As the car is the primary mode of transport, any other modes of transport are deemed copies, and are subject to patent laws. Any mode of device which transports a person, goods, information or thought from two distinct places will be covered. injunctions are currently in place against bicycles, wheelbarrows, televisions, and telepaths in the respective categories.

This casr is equipped with the latest map guidance, so it can tell you (and us) hwere exactly you are in the world. On each entry to the car, it will ask you "where do you want to go today?" If you answer correctly, it will transport you there. Any attempt to visit one of our competitiors will result in imediate terminition of your licence.

This MS care is fully compatible with all othe MS road users, howevrer any crashs as a result of contact with other road users will be deemed to be the fault of the non-MS road user, and MS will not be liable.

this product is only supported on MS stamdard road. For a definition of the word "supported" please see licence 345, section 4, paragraph 5, with excpemptions for cases detailed in sections 1 through 4.

Thank you for *choosing* an MSCAR, the only car that can get through an MS toll bridge in under 3 hours. Our competitors (which you are free to choose, of course, subject to fillout the relevent documentation) seem to be unable to cope with this simple transport protocol.


--

Suits love it in their infinite wisdom

It is already bad enough running on rent-ware. One of my major pieces of software is already warning me 21 days to license expiry .. CONTACT VENDOR.

That is a pretty scary reminder that my work is dependent on up keep $$$$ to someone else.

The vendors of course love this as it means a steady guaranteed cash flow. The tend toward active validation is something I want to avoid. What if you have some software that requires daily ACKs from the vendors site and your net access goes down?

As many have mentioned it opens up large possibilities for denial of service attacks. Any sysadmin worth their salt should see these coming a mile away and recommend against these options. Of course the price will be lower for active validation and the suits will go for it. Until the one day when the company goes down because the data base at the vendor is corrupt/can't be reached.

Any decision to buy software based on active validation should be made right at the very top of the chain of command (in writing) because one day that validation will fail and your work will come to a screeching halt.

I can see the lawyers circling now.

Rg

Re:It's a good law! NO

[Le+douanier]

I like Free softwares but even if this really was a law that will help Free softwares I don't want of this law. Why? Because this law is against the customer against their liberty and against technology advance. Ok this may help Free software because of this but I prefer waiting a few more years for Free software to become mainstream and do it without any law helping it by giving all the power to editors.

Airline Tickets? Rental Cars? Please.

Excuse me, but

Bryan notes that ariline tickets and rental-car reservations' licensing terms are not revealed unitl after sales are completed.

does not validate this proposed law. Both of the above transactions are short term in nature. If I don't like company A's Car/Airline policies - the next time I go on vacation I'll rent/fly with Company B or C. Movie theaters are another one that fits here - the duration of the experience lessens the aggrivation.

Software is quite different - to be proficient in software requires a MUCH greater commitment of my time - training of users, purchasing of manuals, set-up scripts, update policies etc.. etc... and that's just for applications - I won't even venture into the Operating System level where we get to learn about hardware and routing protocols.

Once you have an organization-wide commitment to a chunk of 'Office Software' let's say, It won't be so easy to walk away from that huge time investment once the vendor starts tightening the thumb screws. In fact, it becomes beneficial (in the short run, anyway) to agree to whatever terms the vendor wants - possibly including requirements about what other kinds of software (read Open Source) you may or may not have running on your computer/network.

This comment sums it up right here...

[Rayban]

"If I have to guarantee that my software will perform the way you think it's going to perform, that's going to be costly for me," Winpro's Harris says. "Software isn't like a piece of furniture -- there are many other variables."

Well... it looks like they're tired of fulfilling all of their promises. I guess they want a law to support vapourware.

Software better damned well perform as I expect it, as my expectations are based on your advertisements and demonstrations. If I see a demo that shows a petroleum accounting product doing a year-by-year budget comparison at a trade show, that feature had better be in the demonstrated version.

Imagine if your TV had "supports over 1,000 channels on the box" and only supported 100 when you actually tried to use it!

Please, please kill this law. The only good thing that could come out of this is giving OSS a huge boost, but there are a lot of industries that will be hurt by this no matter what.

Anti piracy stuff only hurts the innocent

[The+Baron]

The crazy things about all these anti piracy measures is that they always hurt the innocent and rarely hurt the pirate.

The average joe who buys the software gets hurt by these measures due to paperwork mistakes, unfair business practices(ms) and the like.

The pirate who they are meant to after just doesn't care and doesn't give them access to the back door, cracks protection etc.

Shrink wrap vs. legacy software

[Bubblehead]

This regulations are clearly made to prevent the illegal distribution of of-the-shelf software, in contrast to sofware which requires heavy support and/or customization. In fact, for that kind of software, the main revenues come from service and consulting.

It's interesting that during the past years, the business model of shrink wrapped software was changing in that direction as well: Software gets bundled and shipped without manuals (making it virtually free if you buy a new computer), and using technical support is not free any more.

This alone indicates that the need for so-called "self help" to sofware vendors is nonesense! In a professional organization, heavy service fees are paid, so (higher paid) engineers don't have to figure the software out themselves. As far as the private market is concerned, well, that doesn't seem to be UCITA's target group in the first place, which introduces even more controvercy!

Then again, this proposal already raises a lot of opposition, so I personally doubt that it will ever pass.

Ah, yes. fsck for, uh, that other word.

And for both of them, the target needs to be mounted!

--Mandoric

Re:Taunting the Dinosaurs

This all sounds well and good, but how are you going to get companies with huge investments in legacy equipment and data to change over? What many Linux users just don't seem to understand is there are other costs to consider besides the initial cost of software or some nebulous monetary value to "uptime" and "productivity".

Don't get me wrong, I agree with what is being said here about looking to OSS for alternatives to this ludicrous IP consolidation and validation. But to expect a company that has been using Office for 10 years to just scrap all their documents in that format simply because Microsoft might threaten to turn off their software is pushing it. The company will negotiate because the cost of scrapping all their knowledge is simply too high.

For example, in my company we are converting 10 years worth of legacy product drawings and documentation to a format that anybody can access via their web browser. Its a slow, costly process. Now pretend you're the boss of my company and this law passes. Are you going to scrap all past work you've done and make it unaccessible simply to avoid something that might happen? You've already got significant amounts of time and money being invested in merely getting your old product info up to date. Are you really going to scrap the remaining 90% of your electronic data or spend the money necessary to make it work under OSS software? What about specialized software that OSS doesn't feel is important or hasn't gotten around to yet?

PHBs make decisions based on what they feel will benefit them most in the short term, not the long term. This industry moves too fast to make long term decisions, even if PHBs were capable of doing so. To a PHB, they'd have to scrap nearly all their software (and data in that software), retrain their workforce, and then be dependent on the OSS makers to meet their product needs. Having OSS is useless unless the company is going to have programmers on hand to write code for their software - an unlikely scenario.

Assuming you'll use a Linux distro as a desktop OS, do you think Oracle and others selling products that run on OSS are not going to use this ridiculous law to their benefit?

Ain't gonna happen. Until you get serious numbers of a sophisticated consumer demographic OSS ain't going to mean squat to this law. Businesses will continue to hobble along with what they know and have invested in and consumers won't know any better.

My cynical 2 bits.

Re:The Smurfs Will Play...

[Alex+Belits]

The interesting part will be that actual exploit can become trivial. Get illegal copy of software or screw up registration, run it under emulator, wait for vendor to come and analyze what he sent to you. If you are lucky, playback attack will work, otherwise some analysis will be necessary, but nothing beyond stuff, registration numbers cracking requires (except that the quality of debugging environment increased since the time when people cared about cracking registrations).

Another way to cause trouble will be to mess up someone's registration process by spoofing and wait for results.

Re:Thoughtless contractual agreement.

[clawson]

Buying a house requires SCADS of signatures. There is too much to process, so it is easy to get screwed over at signing time...

I might get a real estate atty for our next house purchase...

Unhelpful

[Doug+Merritt]

If you don't like the license, you don't buy the damn software, how hard is that to understand?

That's less than helpful, and is quite similar to saying "if you don't like the laws in the U.S., move somewhere else". One could -- but it's far more constructive to work towards making the laws in the U.S. what they should be.

Also, you're neglecting the point that it's not a license unique to a particular piece of software, it is licensing terms that would apply to all software, potentially even to free/open software, if the author chooses to have it apply.

In light of that, you're saying, "if you don't like a new idiotic law, then don't ever buy any software." I like using free/open source software just fine, but it's nice to have the freedom to buy something (e.g. a game) if I want to.

Yet these new provisions would be so draconian that they would essentially do away with my freedom to buy any software.

It's not that "the sky is falling", it's that you're putting your head in the sand like the mythical ostrich (ostriches are real, the mythical part is that they hide from danger like you do ;-)

Sheya, the scheme would...

[Charlie+Bill]

...work about as well as any of the other protection schemes. OSS? Fughetaboutit--the 33L33T \/\//\R3Z D()()D2 would rule the day. Astalavista, anyone?

Re:How long until internet connections are require

[flesh99]

Nope, no internet registration is required, I have been using it about 2 weeks, and due to the fact I am on a Windows machine at work, in two week I know I have started it more than 50 times.

You know what...

[Fishbulb]

Legislation like this would only possibly hurt commercial software vendors (that make use of it).

All you would have to do is say, "GNU software has no paid-for licenses, and therefore will never have any kind of remote control over your systems or the software you use from a third party."

So much for WINE and Lesstif...

[SuperDee]

The part about this law that sounds most frightening is the reverse-engineering clause. You realize that if this passes, efforts like WINE or Lesstif would basically become illegal? I'd hate to see this happen... WINE could really advance Linux in the marketplace if it actually became stable enough to run some "real world" Windows applications. So don't dismiss this so easily.

how long till some crackers get past it?

[Madd0g11]

Dont you think that within 2 weeks if not less, some crackers will RE the damn thing so it cant be shut down remotly, and the shutdown feature should only work with a connection to the internet. But putting restrictions like that on software is just going to send more people into the open arms of Tux and the wonderful world of Open Source

Breach Of Contract?

[Coward,+Anonymous]

It has already been pointed out that there may be cases where your software would refuse run (keyserver crash, re-installation, sale of software/license to another).

If your software refuses to run, wouldn't this be a breach of contract? The software manufacturer has sold you a license so that you can use your software, but if the software prevents you from using it, the software company is in violation of the license. If I rent an appartment, and occasionally they changes the locks on the appartment so that I can't get in, this is clearly in violation of our contract, wouldn't it be the same for software?

Re:Not all fun and games for open software

[Chops-Frozen-Water]

One thing I'm not clear on: what kind of a law is this? It says that once it's ratified by a group of state attorneys general and then passed by a few state legislatures, it will become law. Since when is that how things work?

It's not. What this is is an attempt to create a law that all states will pass so that state law is the same everywhere. This makes it a state crime (not federal) and a company could go after anyone in any state, effectively creating a federal law on software licensing without involving the Federal Government. Compare this to the few states with anti-spam laws: you must transgress in that state to be able to sue. The idea here is to have all states have equal laws, and as the article says, it's possible that they will rubber-stamp the reccommendation of the organization. This seems like it could be an end-run around the US Federal controls on Inter-state Commerce, but I'm no constitutional lawyer, so I don't know how that whole thing works.
--

Imaging the jobs that this will create!

[RiotNrrd]

Position Open: Software Cracker
Description: Oh, God! Please help us! We can't live without Freecell!
Requirements: Experience with hex editors, reverse engineering, reproduction of copy-protected software, etc.
Education: N/A
Salary: IS Manager's daughter

******************** O R *************************

Position Open: Linux Tech
Description: Uh...like put Linux on our desktops and stuff...I don't know that much about it, but our intern says it's better than Microsoft.
Requirements: Knows how to install Linux - any distribution
Education: N/A
Salary: Anything you want

Thoughtless contractual agreement.

[Miskatonic]

Ugh. I've been mulling about what's wrong with IP law lately, and I've decided a large part of the problem is that large, restrictive contracts like EULAs are being granted legal enforcement. Let's face it, most people don't read through that list of conditions because it's so easy to bypass, so they waive all sorts of legal rights to the software manufacturer. If you ask most Joe Users, they aren't aware that they don't legally OWN the software, they can't modify it in certain ways, etc. User ignorance, yes, but the ignorance of the masses impacts the individual.

I think if, in order to make a EULA enforceable, the user would have to SIGN a real contract, people would become much more aware of the drawbacks of non-Free software and become hopping mad at the conditions that most vendors are trying to get them to commit to.

Re:Thoughtless contractual agreement.

[Manax]

Don't be too sure of that. Forcing people to sign is no guarantee that they will actually READ what they sign... When I bought my car, the sales dude was mildly suprised that I actually read all the things I was being asked to sign. I've also heard that buying a house takes 2 or more TIMES the number of signatures and that most people don't ever read them...
Personally, I have read quite a few of the EULAs. I don't read them in detail any more, but I still skim, looking for the differences. I suspect we are the exception, real signature or no.

--
"I'm a hacker, not because I was programming when I was 13, but because I'm human."

On the legal grounds of shrinkwrap licenses...

[tamyrlin]

http://www.microtimes.com/157/shrinkwrap.html

It is an essay on shrinkwrap licenses by Leo L Schwab.

There was also pretty good page with information about the legality of reverse engineering at www.fravia.org, but that site seems to be gone once again :( (Does anyone know of another such page anywhere?)

/Andreas

Re:Not all fun and games for open software

[LarrySmith]

>You do realize this has the
>potential to kill WINE and Samba, right?

Nay, nay. The license provisions only apply to
those who install and use the software. That
would have to be proven in court in order to
invoke the reverse engineering clause. This is
only a danger if we are not aware of it when
founding such projects. Pay attention to your
clean room, and this law is nothing but good
news for open source.

Re:Oh, my.

[Rombuu]

I have yet to buy a software package from a company (large software packages, not "oh, I need Quicken to balance my checkbook") where they did not let you read the license before you signed a contract with them.

Made in France ?

[Betcour]

It will probably be illegal in France at least, where the local privacy agency (CNIL) is very strict and won't allow a software vendor to mess with another company software without strict permissions.

Besides, the consummer defense lobby is overrall strong in Europe (they even plan to push the minimum legal warranty on all products to 2 years) and the software lobby is weak. This law seems to be made by and for the software lobby, so it is obviously very US centric.

UCITA

[tdunn]

The one provision I love is for the manufacturer to reposses the software in the event of a dispute.

Re:UCITA

[dapprman]

What crosses my mind about this possible piece of legislation is ... It will only be legal in the USA. How would this sort of policy being enforced in other countries ?

I can just picture cases emerginh against certain software companies from within the UK and Europe as users suddenly find software missing on there machines, even licenced software.

If a software company can not produce a reliable piece of commercial code, do you really think their registration subroutines are definately going to work ?

Re:How long until internet connections are require

[clawson]

It's sort of called the "grandfather" clause, although in the US there is a specific term for it, and it is essentially a Constitutional protection, so if MS did try to do this, say against StarOffice (which is a German company...good luck there), or the SAMBA team (again, good luck there because they're essentially all Aussie, no?), then even if MS prevails at some lower level it could be easily pushed to the Supreme Court...

Totally believable

[Monte]

Keep in mind that nobody buys software, they buy a license to use the software. You don't own it, and you aren't allowed to do things with it that the owners don't want you to (such as sell it to someone else). That's the fact, and somewhere along the installation line you pressed the little "whatever" button that said you agreed. This law seems to me an enforcement of what's already done today. What's getting everyone's nose out of joint is the mistaken idea that having put down money they somehow "own" the software.

And the law does have a silver lining - look at it from the point of view of someone who writes code for hire. They can now put a logic bomb in the code that shuts it down if the last payment isn't made or the check doesn't clear. Used to be illegal to do that.

Re:Totally believable

[fable2112]

Perhaps the best analogy is a music CD.

It is (I think)legal to make a single copy to a cassette so that you can play it in your car in addition to your home stereo. It is also legal to lend/give away/whatever your copy of the CD to someone else. Hell, it's even legal to sell the darn thing back at a used CD shop.

In addition, it is CERTAINLY legal to play the CD while someone else is in the house. Not so legal if you're "commercially broadcasting" with no license, but that's different.

What I don't like about this law is that it would be like saying you can't sell your CDs along with your stereo if you decided to do that for some reason. (Maybe you got a minidisc player, love minidiscs, and want all your music in that format? Meanwhile, your kid sister is getting her first ever stereo ...)

And if you want to be really inane about all this, I'm a temp. The software I use is registered to the person I'm filling in for while she's on disability. Looks like I'm breaking the law or something. :P

OSS

[LordDartan]

Open source software just sounds better and better
every day...It just amazes me how much control over the user software companies want. It's almost as bad as the insurance industry! *grin*

Re:Enforcement?-- Unauthorized shutdown

[cemkaner]

The laws against computer tampering ban the UNAUTHORIZED shutdown of the computer. However, UCITA AUTHORIZES the shutdown. If the vendor operates within the UCITA restrictions, the shutdown will not be unauthorized and will therefore not be unlawful.

Government Selling Out

[Nafai7]

This is a prime example of Government making rules to the benefit of big business rather than to the benefit of the individual.

UCITA will in no way help consumers. It WILL help out the huge mega-corps who will now have the power to play hard-ball with individual users.

This definately is a call for users to go with OSS. It's the quickest and easiest way out of the mess that proprietary vendors are creating.

As you can see, Government is making rules based on where the money is. It should be passing laws that protect the individual. I think it's in all of our best interest to fight this (write letters, use OSS--stuff like that)

I guess it's time to throw out the firewall...

[Malc]

Get real! How do they propose to enforce this? In my experience, corporations get very anal about their firewalls and network security and protecting their enterprise data. This would a security nightmare for them: to remotely disable software would require some sort of hole in the firwall. Every piece of software might need such a hole. No way would this be accepted!

I'd certainly get very irritated having to dial into my ISP when trying to use the software at home. That would only be remotely acceptable in N. America and just the few other countries that have free local phone calls. Watch how the imports of internation version of the software jump! It seems like it would be a pain for ISV's having vastly different software for different countries.

Not all fun and games for open software

[Fizgig]

Yes, I can see how this might help OSS (or whatever), but I can see how it would hurt it just as bad. You do realize this has the potential to kill WINE and Samba, right? The reverse-engineering clause would kill those. I suppose you could do something with WINE by using the programming references, but you're not going to get as far as you might by reverse engineering Windows (and no telling how liberal their definition of reverse engineering will be; you really can't be bug-for-bug compatible without doing some kind of reverse engineering).

One thing I'm not clear on: what kind of a law is this? It says that once it's ratified by a group of state attorneys general and then passed by a few state legislatures, it will become law. Since when is that how things work?

Uniform Acts

[David+Jensen]

This would be a uniform act that is done on a state-by-state basis in the US (La. does not generally participate in the uniform acts).

The law would define what the default is if the commercial transaction is covered by the state and your contract is silent on that point. Large companies will not tolerate most of these default provisions. It will only apply to you if you agree to have disputes settled under the laws of a state that has passed UCITA.

Many of the default provisions violate consumer protection statutes, so they will not be effective against home users either. The people who will get screwed if the software publishers have their way are the small businesses that cannot get a company to change the terms and conditions but are not protected by consumer protection laws.

This is a state by state operation. Even if Washington State rolls over for their software publishers, other states can make it illegal or economically irrational to license software under UCITA because it is against public policy. They can further stop the effect of this law by extending consumer protection statutes to all purchases who are not the position to negotiate terms and conditions of the license.

Encourage your state to pass consumer protection laws that say that any company that uses shrinkwrap agreements to license software have:

• Warrants that the product may be tested for 30 days and can be returned for any cause that the customer cause for a full refund at that time;
• Self-help reposessors must provide a bond of $1,000,000 or more against any damages that may be caused by self-help repossession;
• Companies must at least refund all money spent, at any time during the life of the license, if the product fails to work as described in any documentation from the company.

UCITA is a bad idea.

searching for fravia

[unc_onnected]

just found one mirror that STILL works. most of them dont though! what the heck? i hope this one doesnt get wiped too.

australian mirror of fravia.org

anyway fravia's friend greythorne is still up.

greythorne

others:

sandman

decompilation

by the way, i doubt fravia is a great source of legal advice on cracking protection. but its still one of the best sites ive ever seen anywhere on the web.

unc_

Perfect!

[JoeWalsh]

Wow. This is perfect. Perfectly Orwellian, that is:

"[...]a Microsoft public relations representative agreed that the law is designed to protect customers."


That quote is in reference to the "self help" provision of the proposed law. That provision is the one that will allow software licensors to remotely disable licensee's software. Allowing this has the exact opposite effect of protecting consumers; it exposes them to greater risk!

So, when using newspeak, remember: "protect" means "threaten."

The world is getting more Orwellian by the day.


-Joe

Give them the rope and they will hang themselves.

[Apuleius]

This is a blessing in disguise. Even a PHB would know better than
to go along with something this nasty when OSS software is
available.

A piracy crackdown is what caused Linux to get popular in many
countries outside the US. A law this severe will bring the
world domination trophy to Linus's door.

Taunting the Dinosaurs

[Signal+11]

If there's ever been a time for the open source community to make itself known, this is it. Now, more than ever, we have proof of the damage to the consumer that intellectual property concerns can do. Apparently, if we give our legislators enough rope, they will gleefully hang themselves.

Here's what you can do:

- Talk to management. Get them to see what intellectual property concerns will do to their bottom line. Then suggest the alternative: open source.

- Support things like Consumer Reports, and the Better Business Bureau.

- Inform would-be software buyers of the tradeoffs to buying proprietary software.

It's a decidedly different tact. If you're on the open-source train, I'd have a good laugh right now, because these people are putting the nails in their own coffin, free of charge -- The ultimate compliment to the OSS movement.



--

Re:Taunting the Dinosaurs

[Tardigrade]

No kidding. This (if passed and not successfully challenged), would be the ultimate push for OSS. Imagine all of these companies paying or hiring people to develop OSS-like software (though some of the software could be licensed similar to the MPEG stuff).

Good for OSS so this legislagion is good? No.

Sorry, but advancing the open source movement is not worth fscking up commercial licensing.

.DOC translations...

[JDevers]

I've posted rich text format and plain text format translations of these two documents.

ucita.txt

ucita.rtf

nccusl.txt

nccusl.rtf

1. I'm sure my ISP would appreciate it if those who are able to convert these files on their own would do so... ;)

This is something I expect around April 1st...

[tamyrlin]

The one thing that I really object to in this law is the clause against reverse engineering. I like to have the option of trying to figure out how things work... (even though I'm not good at it.)
I think the code for accessing ZIP drives under Linux was originally written by reverse engineering.
Comments in the source code indicates that the Matrox Millenium driver in XFree86 was originally written by something akin to reverse engineering.

The other clauses will probably hurt the software vendors once people start to grasp the trap. There is after all lots of free software out there.

Do you think every manufacturer will write rock solid authentication code to prevent non authorized people from deinstalling their software? I don't.

On the other hand, if we allow laws like this there could eventually be even worse laws around the corner... Imagine people selling a PC to you, and you are not allowed to install anything on it unless you pay a fee to the manufacturer, or something equally absurd.

/Andreas

My opinion: This is a VERY dangerous trend

Look around.. big business is moving faster and faster towards trying to control every aspect of our lives via technology.. by telling us what we can and cannot do with their products / IP. And the government is being pushed around by them and making brain-dead laws to let them do this. (in the name of better protection of IP) DIVX, Digital satellites with phone connections, secure digital music formats, pay-per-view style distribution, now this..

This is the 'information age' -- a revolution in information distribution just as the invention of the printing press changed life years ago. If anything, IP laws need to become more liberal, giving more power to the consumers and relying more on the honor system for enforcement.

This is still a free and democratic country. Let your respective lawmakers know your feelings on such issues, make use of your right to vote, ect.

Re:Oh, my.

[sjames]

Since you wouldn't know the terms of the license until you bought it, that means don't buy any software.

For many businesses, that's the same as telling an individual 'if you don't like the price of housing, live on the street'.

remote admin

ah! so *THAT'S* what they mean when they
keep promising remote administration
on Windows.

Re:How long until internet connections are require

[paitre]

These are issues that the vendors apparently don't care too much about, particularly since one of the provisions is that they can disclaim all warranties on their products.
Yes, OSS will DEFINATELY be a true alternative if this frightening piece of legislation becomes law. However, how useful will such OSS be if we cannot get our work done because of the reverse engineering clauses? This is both a blessing to OSS and it could also kill OSS. It is a blessing in that OSS will gain speed at rates currently dreamt about. The bad part is, is that any OSS (or even payware) that used any sort of RE to be compatable with other payware products can be killed. Imagine if this passed in Washington State. StarDivision would be dragged into court the same day on RE charges against this law wrt their StarOffice suite.

Again, frightening cannot be used to much here.

Hmm, another illegal license (in .nl at least)

[The+Impossible]

Nice. As I read it correctly it's an addition to the 'shrink wrap' license.

The best thing about it, the 'shrink wrap' license is alreay illegal in The Netherlands as accoring to dutch law you can never agree on a license when you haven't read it. (and as the license is in the box, no way you could have read it without opening the shrink wrap)

Can't wait for the first case in court between a dutch company and an american software house.

The Smurfs Will Play...

[slambo]

The back doors that this bill seems to mandate are ripe for exploit in a new type of Denial Of Service attack, especially if they are included in software as popular among the .com set as MS-ware. If you think about the most common "features" exploited by virus writers and crackers, the majority of them are on MS software and its famous integration (Word macros sending an ungodly amount of emails, screensavers that allow root access, etc.).

Viruses are often written to disable programs or destroy data. If the software vendor can disable product remotely, it won't be long before the methods are used in a malicious piece of code (a matter of weeks or even days at the most, considering how many vendors push beta or even alpha releases out the door).

All the more reason to use GPL/OSS products.

Re: Petition and Letters

Help! Somebody want to post a translation? (And moderate the above up some, too!)

Silly and off-topic

[schporto]

Yeah but if you get that new Sony dog then Excel might be able to reprogram and walk your dog for you.
-cpd

Re:How long until internet connections are require

[Skaffen]

The thing that worries me is if something like this is passed in the UK, where we don't get free phonecalls. Does it mean that we need to pay the 5p minimum call charge just to use some software we've payed for?

The end of emulators, or, start hoarding code

No reverse engineering? What the hell? I thought that the USofA was supposed to have freedom of speech and expression? What this means, of course, is that NO emulator is legal. All emulators rely heavily on reverse engineering tactics.

Could you prove that AbiWord reverse engineered word? The look a lot alike, right?

Laws like this aren't just stupid, they're outright dangerous.

Re:Illegal to reverse engineer? Absurd!!

[tamyrlin]

Exactly.. and for an absurd example:
Would it be illegal if I figured out that I could get a dos shell directly if I added a BootGUI=0 to my msdos.sys? (Assuming that it isn't mentioned in the documentation somewhere)

I also like to have at least an illusion of being able to figure out how my graphics card works...

I really hope this proposal is soundly rejected. (Not that I as a native of Sweden would have any direct problem with this law, but you never know...)

/Andreas

Re:It's a good law! Not!!

[Royster]

I support Open Source as much as the next guy, but OS can not tackle every area of software development that is needed in our economy. Would you want to trust your life to Open Source software in Medical Equiptment? Specialized software is best acquired with support from a knoledgable vendor.

Whopping Security Hole

[maphew]

I'm surprised anybody, including the software vendors themselves, would go anywhere near this thing. I'm also suprised I don't see more discussion on this theme (is it a case of, if the idea doesn't come up within the first 50 posts it gets buried? Anyway, here's my attempt to raise the security issue profile).

Say MS decides they want a very tight handle on who runs NT Server or Back Office, and they place remote shutdown code in it. How long do you think it will take for somebody to figure out how to activate that code?

If we're lucky, that unknown c/hacker will be either a braggart (a cracker, who tells everybody of his exploit) or a responsible security admin (a hacker who also spreads the exploit, albeit more gently).

If we are unlucky, it will be a more devious character, who merely keeps the exploit to himself and a few close friends. This cadre might quietly work themselves up to a "kidnapping" or hostage taking in exchange for a few million bucks or something. Or perhaps it won't be devious character and a few cohorts, but the Intelligence arm of a hostile forign government or a terrorist organization.

I use the terms 'lucky' and 'unlucky' on pupose. Yes the smart ones will be running GPL/OS and not be exploitable. But like it or not, there are many, many, many more systems and businesses dependant on propritary and closed systems. If they go down, we will go down too, just not as far.

Re:Whopping Security Hole

[I+R+A+Aggie]

I dunno...I don't necessarily think it would be
such a bad thing if people came back to the office
after a long weekend to find their entire Microsquid
software package (apps&server) shut down.

I'm talking about a Very Large Outage.

James

Petition

[Jeff+Monks]

Looks like Infoworld is collecting e-mail signatures for a petition against this thing. Look at the bottom of this page for details. The address is ucita@infoworld.com.

Time to put the /. effect to good use?

Letter to My Congressman

[Aaron+M.+Renn]

Here's a copy of a letter I just fired off to my Congressman. (Hope it's accurate...):

To the Honorable Janice D. Schakowski:

The federal government has always been a leader in consumer protection. Unfortunately, our state governments are not always so progressive. The National Conference of Commissioners on Uniform State Laws (NCCUSL) is planning to meet in July to vote on the ratification of the proposed Uniform Computer Information Transactions Act ("the Act"). The Act is a revival of the highly criticized "2B" amendment to the Uniform Commerical Code (UCC). The Act would be an unmitigated disaster for consumers of software products. Among its provisions, the Act would:

-- Drastically increase the enforceability of "shrink wrap" software licenses. These licenses are typically included inside the sealed software packages that appear on store shelves. Consumers have no ability to negotiate terms or even see what it is they are agreeing to prior to paying for the software. These licenses often contain draconian terms such as prohibiting anyone from publishing bechmarks or evaluations of the software without the manufacturers permission (ie, muzzling free speech), prohibiting the transfer of the product to a third party (ie, gutting First Sale rights under copyright law), and prohibiting reverse engineering (ie, gutting Fair Use rights under copyright law).

-- Allows software vendors to more easily disclaim any warranties and escape liability for defective products.

-- Gives specific authorization for software vendors to remotely disable software if the vendor believes its license terms have been broken -- without any finding of this fact by a court or other neutral body, no due process for accused license violators, and insufficient safeguards for customers who might not even find out they have been accused of a violation until such time as their software has been shut off. Even a threat to revoke the license of a mission critical software product could be an unfair bargaining lever against small businesses without the resources to fight back.

I urge you to investigate this matter and take steps to ensure that software consumers are adequately protected. Most software sales involve some form of interstate commerce and so federal jurisdiction should apply if Congress decides to exercise its authority in this matter. It is imperative that Congress put the states on notice that it will not tolerate legislation that harms consumers and benefits only multi-million and billion dollar corporations. It is important to act fast because if the NCCUSL approves this "model" legislation in July, it is highly likely that state legislatures will give rubberstamp approval to it just as they do to UCC changes. If that happens, Congress should not hesitate to override this anti-consumer state legislation.

Software manufacturers are already entitled to 95 years of protection under existing copyright laws, including both civil and criminal penalties for copyright infringers. It is imperative that the existing rights of consumers under copyright law are not stripped away by an added layer of contract rights granted at the state level.

For additional information on the Act, please see the article "Licensing time bomb: Software-law dispute explodes as enactment draws near" in InfoWorld magazine. This article is available on the World Wide Web at http://www.infoworld.com/cgi-bin/displayStory.pl?/ features/990531ucita.htm Additional InfoWorld articles about the Act are available at http://www.infoworld.com/cgi-bin/displayStory.pl?/ features/990528ucitareport.htm

Thank you for taking the time to consider my concerns.

Sincerely,

Aaron M. Renn
arenn@urbanophile.com

Remote Shutdown Exploit?

[jabber]

Legal and ethical issues aside...

If this becomes a technological, rather then a legal, issue; what is to prevent the vigilante anti-M$ crackers (a'la Back Orifice) from issuing a remote shutdown flood for a software made by the company of their choice?

Given Microsoft's abysmal security, there are going to be many unhappy customers, ready to convert to the next best alternative (ahem! TUX) - one that does not implement a remote shutdown back-door.

On a totally unrelated note (heh), I'm sure that no self-respecting open source software would even come close to considering this path.

We're looking at something akin to the PIII-id. They just keep on cutting the branch they sit on, don't they?

Oh, my.

[paitre]

1. This is draconian legislation (or whatever you want to call it) in every sense of the word. The software companies will not be held liable for the software to work, and they can kill "your" copy of their product on a whim.

2. The belief that the consumer market will be able to police the proposed legislation, putting companies out of business if they shut users down, is so absolutely ludicrous that it's almost funny. The average consumer deals with MS failing on a daily basis, and yet continue to purchase their products, although there are others out there. This will make it even MORE difficult to bring competition and fair play into the market. I don't think frightening can be used too much here.

3. Big Brother, here we come. This is the complete and total annihilation of any rights that a software purchaser may have had before. Not allowed to resell/give/transfer a software package without vendor permission? WTF is with micromanaging consumer use/reuse? Again, we're looking at a very scary scenario here. If this passes, what is to prevent the federal government to pass a similar law/set of laws? What is to prevent them from passing a similar law/set of laws with provisions that the NSA/FBI/CIA have access to every shred of data on every individual's computer system? This is the logical progression from such a law, and if this happens, it will become VERY difficult to get rid of.

The gist of what I read in the aforemention article is that the software companies (and is anyone really suprised that MS is in favor of this?) want complete and total control of what users can and cannot do on their computers. I can agree with the concern about piracy and RE, to an extent. HOWEVER, without RE (reverse engineering) we'd probably not even have half the products (payware and otherwise) that we have today. This is including Windows (c'mon, Xerox and Apple had a GUI LONG before MS even thought of it, and need I bring up Mesa, Samba, etc? All solid products making use of RE to figure out necessary hidden/proprietary protocols).

The only way to stop such a draconion piece of legislation is to make it crystal clear to our state legislatures (for those of us who are in the USA) that anyone who votes FOR this thing will have a bitch of a time getting reelected. We also need to make it clear that there WILL be a series of court challenges to this legislation, as I seriously doubt the ACLU will allow for this to occur.

Re:Oh, my.

For our society to function, we must maintain between us a certain degree of trust. This requires, for example, that when I make a deposit to the bank, later I will be allowed to withdraw it; or when I cook dinner the food will not kill me, etc,. Such expectations of trust do exist today, even between the worst of crooks. It is not to anyone's benefit to to blow away everything and bring more preoccupations into our daily lives. This forced acceptance (assuming you have the choice, which in most of cases you do not) will in no time bring our society to its knees. I think, your statement is a lot more anti-business than it is anti-consumer.

Sure looks that way doesn't it.

I would have to agree. I am the proud user of virtually every type of propriatary software you can imagine, but I believe there is a lot more opensource in my future after this. This is just what the opensource community needed to drive comsumers its way. Now all you need is some great configuration control panels for Linux, a great opensource installer, and a few more killer apps to make Linux the ultimate power in OSes. I'm awaiting the day, but it seems to me it is fast approaching.

"Though I be a nerd I don't want a fight to the death with my computer every time I want to get work done" -- Me.

I'm almost convinced Linux won't provide that daily deathmatch, but not quite. One day it won't and then you'll have me as a convert too.

The market will always prevail

[gavinhall]

Posted by el_steevo:

Many of the posts here are welcoming this stupid proposed law because it will be a boon to OSS.

It will.

But, moreover, it will be a boon to any commercial software vendor that does not include these silly restrictions to thier software licence.

For example, if Microsoft puts severe restrictions to it's licencing model for Office 2000, then another company, like Corel, will offer a competitive(maybe even better)product that will not have the restrictions that the Microsoft product does. This will be a competitive advantage in marketing software.

The software licencing model that a software company chooses will be a feature, and one that make me buy a product, or not.

Microsoft Office

Wouldn't it be nice to just have the end-of-the-business world button sitting there, ready to initiate this deny-usage function at every company on earth? Just crack into the DNS, rework microsoft's licensing server back to your own, and every company out there with MS Office has a complete company shutdown/delete of Office. I think you'd see this no-warranty law quickly crumble under the feet of a more-than-likely-burned court, which would immediately start awarding hefty damages to all the companies damaged... Just make sure they dont know for sure who you are - maybe host it in some country that doesnt believe in silly anti-dns-hijacking laws.

Chances are you already have:

GCC is the #1 compiler of embeded apps.. It's oss.. You've probably trusted your life to it and dont even know it..

Linux is becoming more and more common now adays.. For instance, my cousin recently had a MRI done and the data grabber and analysis computers ran RT/Linux.

Re:Give them the rope and they will hang themselve

Absolutely! Let's all get behind this and ensure it passes! When the first few cases of remote shutdown get publicised, the world, as you say, will be delivered to Linus's door.

Power to the Penguin!

Free Software == Peer Review

[Phil+Hands]

Personally, I'd much prefer that the source to the code that runs my Father's pacemaker was available to look at, and perhaps even fix. I can think of two ways of finding out that it has a Y2K problem. One is to read the source.

In every other field of engineering and science, peer review is undertaken on any serious project. So why should we allow Software Engineers to get away with it?

It's not as though the assumption of infallibility that was contained in your ``Medical Equipment'' comment was even vaguely justified.

At least you can generally trust the published breaking strain on a bolt, the same often does not hold for a line of code.

Free Software is the best mechanism anyone's come up with so far for reintroducing peer review into software development. That alone justifies it's use.