Digg this story   Add to del.icio.us   (page 3 of 4 ) previous  next 
Vista's EULA Product Activation Worries
Mark Rasch, 2006-11-20

Story continued from Page 2


EULAs and the legal term “self help”

Now let’s face it: lots of software products contain features that disable themselves upon some condition. For example, trial software will work for a period of time - say 30 days, and then stop. And you agree to that when you download and/or install it. It says so right in the EULA. Spyware contains EULAs where you agree not to disable or delete it. Are you bound by that contract as well? As discussed previously, the answer is not so clear. Sony got into trouble by putting very restrictive EULA terms on its music/data CDs, which gave it a bunch of rights just cause you decided to listen to music - including your agreeing never to listen to the music overseas. As I noted earlier, the terms of an EULA are generally considered to be enforceable even if you didn’t read it, understand it, or have any ability to negotiate it.

However, there is another principle in the law. If a contract (for example, an EULA) is breached, then you have to right to sue and to collect damages. Generally, you would have the burden of proving a breach of the contract, and prove the existence of some damages, and then possibly the right to obtain other kinds or relief - like an injunction or other court order. In addition, other statutes, like the U.S. or international copyright laws may give companies like Microsoft other rights and remedies, including access to federal court and statutory damages, and even possible criminal enforcement by the FBI.

Now if Microsoft breaches the contract it wrote, the Vista EULA, what are your rights? Well, according to the terms of the agreement you agreed to, “you can recover from Microsoft and its suppliers only direct damages up to the amount you paid for the software. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages.” So if your entire network is shut down, and access to all your files permanently wiped out, you get your couple of hundred bucks back - at most. And, as far as I can tell, there are no warranties on the license, no assurance (like the kind you would get on a toaster oven or a lamp) that the thing actually works or does any of the things advertised. What is worse, if you just want to get your money back (assuming Microsoft doesn’t want to give it to you) then you have to file a lawsuit (probably in Redmond, Washington) under the laws of Washington State, and if (and only if) you can prove your case, and your damages, can you get your money back. You aren’t entitled to, upon your belief that there was a breach of contract, simply walk up to the cash register at your local Fry’s or Best Buy and take a couple of hundred bucks from the till. This is called “self help” (or theft) and is not generally allowed as a contract remedy.

But the Microsoft Vista EULA, like many other software license agreements, gives the owner of the software (remember that's Microsoft because you didn’t buy it, you just licensed it) the right of self-help. They have the right to unilaterally decide that you didn’t keep up your end of the contract, for example you didn’t properly register the product, you weren’t able to demonstrate that it was genuine, and so on, and therefore they have the right to shut you off or shut you down. So, what gives them the right? Apparently, the very contract that they now claim you violated.

Case law examples of software being disabled after a dispute

In the early days of computers, there were several cases where software developers determined that licensees didn’t make appropriate payments and therefore shut down the computer programs.

In 1988 in Franks & Sons, Inc. v. Information Solutions, Inc. the software developer installed a “drop-dead” code in the program. When the customer failed to pay as promised, the developer activated (or allowed to be activated) the drop-dead code, which kept the customer from accessing the software as well as any stored information. The problem was that the customer didn’t know about the drop dead code. Under those circumstances, the court found that it would be “unconscionable” to allow the software developer to hold the licensee ransom, essentially using self-help to shut down the business until he was paid. The court noted:

Public policy favors the non-enforcement of abhorrent contracts. Here, without the knowledge of Plaintiff, Defendants have included a surprise in their product which chills the functioning of any business whose operation is a slave to the computer. If the Plaintiff had known about this device at the time it entered into the contract with the Defendant then the result would be different. Here it would be unconscionable for the Court to give credence to this economic duress.

However, it wasn’t clear whether the sole problem in that case was the fact that the “drop-dead” software was not disclosed, or that the developer, by using the undisclosed code, was holding the licensee hostage.

In 1991, in American Computer Trust Leasing v. Jack Farrell Implement Co., 763 F. Supp. 1473 (D. Minn. 1991) the software developer, in a dispute over payment for the software, remotely deactivated the software. The contract provided that the developer, who owned the software, could remotely access the licensee’s computer in order to service the software and that if the licensee defaulted, the agreement was cancelled. When the licensee didn’t pay, the developer told them that they were going to deactivate the program - which they promptly did. The licensee’s lawsuit for damages failed because, the court noted, the deactivation was "merely an exercise of [the developer’s] rights under the software license agreement . . . ." This was true even though the agreement did not specifically state that self-help was a proposed remedy.

Story continued on Page 4 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 3 of 4 ) previous  next 
Comments Mode:
Mac Leopard or Linux he he he 2006-11-21
Anonymous
Why none of this matters 2006-11-21
Jake (7 replies)
Re: Why none of this matters 2006-11-22
Anonymous
Re: Why none of this matters 2006-11-22
Mark D. Rasch (1 replies)
Re: Re: Why none of this matters 2006-11-28
Anonymous (2 replies)
fixed 2006-12-04
editor
Re: Why none of this matters 2006-11-22
Steve Bradley
Re: Wrong 2006-11-27
Anonymous
Vista's EULA Product Activation Worries 2006-11-22
Anonymous (1 replies)
Vista's EULA Product Activation Worries 2006-11-22
Jeffrey Harris
Your own product does this! 2006-11-22
Gordon Fecyk
Vista's EULA wrong direction 2006-11-22
withheld
Vista's EULA Product Activation Worries 2006-11-22
Anonymous (1 replies)
Re: Vista's EULA Product Activation Worries 2006-11-24
Bob from Denver (1 replies)
What No-one Else Has Noticed 2006-11-24
Anonymous (2 replies)
Re: What No-one Else Has Noticed 2006-11-27
Anonymous (1 replies)
Re: What No-one Else Has Noticed 2007-01-20
Anonymous
Just a taste of what's to come 2006-11-24
BaysideBas
if Vista is being used... 2006-11-25
Anonymous
Vista's EULA Product Activation Worries 2006-12-05
Anonymous (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus