Maryland Legislature caves to UCITA, but Iowa may offer a safe haven from law

About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store

COLUMN ARCHIVE

FORUMS

COLUMN

The Gripe Line
Ed Foster

Maryland Legislature caves to UCITA, but Iowa may offer a safe haven from law

ON OCT. 1, THE Uniform Computer Information Transaction Act (UCITA) will become law in Maryland. IT managers, you'd better begin preparing your defenses now. In fact, you might want to build an anti-UCITA bomb shelter.

ADVERTISEMENT

<a href="http://ad.doubleclick.net/jump/idg.us.info.opinions/article;abr=!ie;pos=skyscraper;pkey=archive_cat;skey=;paud=;saud=;sz=160x600;tile=2;ord=181217121008?"> <img src="http://ad.doubleclick.net/ad/idg.us.info.opinions/article;abr=!ie;pos=skyscraper;pkey=archive_cat;skey=;paud=;saud=;sz=160x600;tile=2;ord=181217121008?" border="0"> </a>

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

TOP NEWS

IT SOLUTION SEARCH

Although totally outgunned by the deep pockets of the software lobby, the anti-UCITA forces, headed up by 4Cite (For a Competitive Information and Technology Economy, the anti-UCITA coalition to which InfoWorld belongs), did a heroic job of fighting against the bill while it was debated in the Maryland Legislature. And enough Maryland legislators got the message that several amendments to significantly defang UCITA were given consideration, particularly in the Senate.

The law approved by both houses, however, contains mostly cosmetic changes while leaving all the dangerous stuff untouched. You might have heard that Maryland's version of UCITA protects consumers against defective software by not allowing vendors to disclaim the implied warranty. That would be a significant change if it weren't for UCITA's narrow definition of a consumer: It applies only to those who acquire a product "primarily for personal, family, or household purposes" and specifically not for "professional or commercial purposes." Unless you buy a word processor only to write letters to Aunt Jane, it's not a consumer transaction under Maryland's UCITA and you're out of luck if the product doesn't work.

Another "fix" in Maryland's UCITA that doesn't help in the real world is an amendment to the notorious electronic self-help provision that says the right to disable software products remotely cannot be exercised in "mass-market transactions." Mass market is another term in UCITA that sounds good but is actually so oddly defined that it might not mean anything at all. (A New Jersey legislative commission, after studying the UCITA reporter's comment on mass-market transactions, noted that "In light of the comment, it would appear that the purchase of a single shrink-wrapped copy of Microsoft Office at a mass-market retail outlet such as Staples or OfficeMax by a four-person law firm would not fall within the UCITA definition of a 'mass market transaction.' ") You can bet, though, that IT purchases of any sort don't come under any mass-market protections.

Maryland's electronic self-help fix fails on another count as well. It prevents vendors from exercising self-help in a mass-market transaction, but it doesn't prevent them from including a remote disabling mechanism in a mass-market product. The distinction is important, because it's highly unlikely anyone actually will follow UCITA's formal rules for exercising electronic self-help. What is more likely is that vendors will include backdoors and time bombs for anti-piracy or other purposes. Should a customer discover that the remote disabling capability is there -- perhaps after suffering a disaster due to it being triggered accidentally -- UCITA protects the vendor from liability.

This brings me to the first and most important defensive measure every IT organization should take to prepare for a world where UCITA exists even in a few states: Starting now, demand that vendors warrant that their products are not self-help capable. Make that demand a critical part of your software procurement process. According to some readers, not only are many corporations doing just that, but several government agencies are also considering revisions to their procurement practices. This isn't surprising, particularly in the case of organizations for critical infrastructures. The possibility that any software inside the firewall could have unknown self-help mechanisms raises enormous security issues. Corporations and agencies that don't start asking vendors very pointed questions will soon be guilty of a dereliction of duty.

Electronic self-help is just the most scary item on the list of UCITA horrors. I'm beginning to compile examples from readers of anti-UCITA defense tactics, which I'll share at a later date. In the meantime, there is one thing you can push for in your state that could protect everyone against UCITA.

Several concerned corporations in Iowa have helped promote what has been called bomb-shelter legislation to protect all Iowa customers, consumers, and businesses from UCITA or UCITA-like laws in other states.

The bomb-shelter law says that a transaction between an Iowa party and a party that tries to invoke the law of a UCITA state will instead be subject to the laws of Iowa -- a fine example of Midwestern common sense, if you ask me. An amendment to this effect was passed by the Iowa House as part of its Electronic Transaction Act (HF 2205) and now awaits consideration by the Senate. Software industry lobbyists are swarming into the state like angry mosquitoes. Perhaps some of the common sense that has been lacking on either shore of the Potomac will be found in more abundance in the Midwest.

Got a complaint about how a vendor is treating you? Write to Ed Foster , InfoWorld's reader advocate, at gripe@infoworld.com.

Discuss this article in our online forums

MORE >

SPONSORED WHITE PAPERS

EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library: