Most people would agree with you that the EULA gives the company the right to do whatever it says in that agreement. Most people would be wrong however. The legal consensus and in a very real sense from the time of Sarbanes/Oxley and the recent legislation passed by congress explicilty forbids the type of program that the Warden is these types of progams have been illegal by definition, EULA notwithstanding.

Now as far as I know no two parties may enter into a binding agreement where one or both parties know or are aware that such agreement contravenes a law passed at any level from municipal right on up to federal. All corporations that maintain a business presence are bound by the laws of the United States and seeing as S/O The Patriot Act and OTHER legislations have dealt directly with this type of software and have expressley forbid corporations to make use of such then the EULA becomes incestuous and the binding portion of such an agreement itself becomes illegal.

Therefore if The Warden is determind by a court of competent jurisdiction to be in violation of any law then the agreement is breached by the author of the EULA (Blizzard) and damages both actual and punitive can be assessed.

Let us take an example.

party one buys a copy of a CD with DRM Software on it that is intended to protect the interests of party two.

party one plays such CD on his PC

Software that is used to hide the DRM's Processes to party one is installed on their PC without their knowleddge or consent. Without the Knowledge and consent is important here by the way. In order for any software to have an opportunity to inform party one or request their consent it must be installed using a unique installer that provides information about that software. Bundling the software into the installer of a Second piece of software then including the vague "Allow ___________ to install ...software in order to ____________________ Accept Cancel..."

Does not give party one Knowledge or gain his consent. Repeat DOES NOT GIVE party one knowledge nor does it gain his consent.

to continue... Party one then notices that his credit card has been used by someone not himself who obtained his credit card via an exploit of the DRM Software of party two. Given forensics tracks this down and can prove it beyond a resonable doubt.

Now in a tort situation who would be liable for the loss of the data (specifically the credit card information) party one party two or the Hacker (party three?) In our civil system party two is liable as he did not obtain consent and even if he had he would have had to gone to all measures possible to rotect his software from being so exploited as to cause data loss.

If all this sounds vaguely familiar it should it was in fact EXACTLY what SONY was accused of and found in violation for and is paying fines and legal cost for and settling lawsuits for loss of data for NOW.

Blizzards software may appear benign but it is their software and it must be properly maintained even once a consent is properly obtained as it stands "The Warden Utility" is in violation of many state laws and several federal ones and all it will take to cause them to recall this utility is to have someone step up and say I lost data because of Warden. The moment that someone claims that Blizzard will be forced as was Sony as was Microsoft as was Apple as have a host of other companies US and Not US have, to cease and desist the manufacture maintenance etc etc until a court can look at it. In the current court environments say in Californias Ninth Circuit where such suits would be brought Blizzard had better be seriously contemplating voluntary recall of this software unless they want to be recalling 10+million copies of its software and issueing refunds etc and paying fines and settling lawsuits.

Folks the bottom line here is that the 4th amendment covers companies as well as the federal government. That simple

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/34/1450#1450