UCITA lets vendors reach in and disable your software, forcing you to upgrade it

About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store

COLUMN ARCHIVE

FORUMS

COLUMN

The Gripe Line
Ed Foster

UCITA lets vendors reach in and disable your software, forcing you to upgrade it

IN CASE YOU HAVEN'T already noticed, let me point out an interesting connection between spyware and the Uniform Computer Information Transactions Act (UCITA). Intrusive software might not be there just to snoop: Under UCITA it can be there to legally disable your software when the vendor wants to force you to buy the next version.

ADVERTISEMENT

<a href="http://ad.doubleclick.net/jump/idg.us.info.opinions/article;abr=!ie;pos=skyscraper;pkey=archive_cat;skey=;paud=;saud=;sz=160x600;tile=2;ord=045918011208?"> <img src="http://ad.doubleclick.net/ad/idg.us.info.opinions/article;abr=!ie;pos=skyscraper;pkey=archive_cat;skey=;paud=;saud=;sz=160x600;tile=2;ord=045918011208?" border="0"> </a>

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

TOP NEWS

IT SOLUTION SEARCH

You didn't know vendors could leverage UCITA to force customers to upgrade? I have to apologize for that, because only recently have I come to realize that UCITA's "automatic restraints" provision makes this a likelihood for shrink-wrapped software products. I have a good excuse, though: The tangled mess that is UCITA still has surprises for even the most careful of students.

And as long as I'm apologizing, let me take this opportunity to announce that we have finally brought our UCITA section on InfoWorld.com (www.infoworld.com/UCITA) up-to-date. We'll be adding more material to it in the next few months and will endeavor to do a better job of keeping it current. I could try to point fingers elsewhere, but it's my fault it has been so long. The only quasilegitimate excuse I have here is that I do get tired of writing about this thing, as much as many of you get tired of reading about it. Unfortunately, it's necessary.

By the way, there is an excellent site that anyone interested in tracking UCITA should check out: IEEE-USA's UCITA Grassroots Network page at www.ieeeusa.org/grassroots/ucita/index.html. The Institute for Electrical and Electronics Engineers has taken a strong stand against UCITA, and the site contains valuable resources, position papers, and state-by-state tracking of the legislation. In my humble opinion, the opposition to UCITA by IEEE, the Association for Computing Machinery, and other groups representing technical professionals is the most telling evidence that the law is bad not just for customers but for the software industry itself.

In fact, I have to suspect the automatic restraints concept is one of main reasons the big software companies are pushing so hard for UCITA. On the surface, the provision (Section 605 in UCITA parlance) looks fairly innocuous, at least compared to the blatantly controversial Section 816 about electronic self-help that's been the focus of so much attention. A quick reading would give you the impression that the restraints 605 talks about are only such things as metering software that limits access to the number of licensed users or time bombs in demo software to restrict how long the program can be used. A closer look reveals more.

"Licensees generally have no problem with the type of compliance tools that the term 'automatic restraints' leads one to imagine," says Elaine McDonald, assistant director for corporate purchasing at The Principal Financial Group. "But the definition in UCITA does not really require the restraint to be automatic; in fact, it clearly doesn't exclude a restraint that is intentionally triggered by the vendor at a time of their choosing. In other words, it is possible for a vendor acting under Section 605 to exercise what amounts to electronic self-help without even the minimal protections provided under Section 816."

There is an "or" in Section 605 that's easy to miss. In describing situations where vendors can enforce a usage limitation with an automatic restraint, UCITA says it can be done if a term of the agreement authorizes its use, if the restraint prevents use that is inconsistent with the agreement, if the restraint prevents use after a state duration or state number of uses, or if the restraint prevents use after one party notifies the other the agreement is being terminated. In other words, the user has done nothing wrong, nothing in the agreement allows for use of the restraint or says that time is up, and the licensor can still turn off the software by giving "reasonable notice." (As you know from our sneak-wrap discussions, that means no real notice at all.)

UCITA is full of "terminate-at-will" language that says either party can end a license agreement when they wish unless there is a stated duration for the contract. I've urged IT managers to make sure that their negotiated contracts specify they have perpetual rights to software. But it's a rare shrink-wrap or click-wrap license that grants perpetual rights. There is a very weak presumption of a perpetual license in some cases under UCITA, but it's easily overcome by vendors that design their licenses with the intent of using automatic restraints.

UCITA says the license on a shrink-wrapped product runs out when the vendor chooses, and the first you might know of it is when you find the program's no longer there. And if a bug or hacker triggers the restraint, UCITA protects the vendor there, too. Be it intentional or accidental, if an automatic restraint wipes out your software -- even wipes out your company -- under UCITA you'll have no recourse against the vendor who slipped the software onto your system. I bet the spyware makers can hardly wait.

Got a complaint about how a vendor is treating you? Write to InfoWorld's reader advocate Ed Foster at gripe@infoworld.com.

Discuss this article in our online forums

MORE >

SPONSORED WHITE PAPERS

EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library: