Date: Wed, 12 Jan 2000 06:03:10 -0800 (PST) From: Phil Agre <firstname.lastname@example.org> To: "Red Rock Eater News Service" <email@example.com> Subject: [RRE]Uniform Computer Information Transactions Act =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" option. For information about RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html or send a message to firstname.lastname@example.org with Subject: info rre =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Tue, 11 Jan 2000 19:27:42 -0800 From: Cem Kaner <email@example.com> Subject: UCITA -- response to lobbyists [...] The August 30th, 1999 issue of the National Law Journal carried an article favoring the Uniform Computer Information Transactions Act. I protested to the Journal about the bias of the article and was invited to write a response, but the inviting Editor left the Journal shortly thereafter, and my response was never published. The claims made in that article, which was written by the Chairman of the UCITA drafting committee and two of his colleagues, are being (and will continue to be) repeated to legislators who are considering the Act. Perhaps your readers will find this rebuttal of interest. I grant permission to any reader to recirculate or publish this article, so long as it is attributed to me and published in its entirety (including endnotes). If you are recirculating or publishing it, please let me know. -- Cem Kaner, firstname.lastname@example.org THE UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT In the August 30th, 1999 issue of the National Law Journal, Carlyle C. Ring, H. Lane Kneedler and Gail D. Jaspen presented the proposed Uniform Computer Information Transactions Act ("Uniform law for computer info transactions is offered"). Mr. Ring chaired the drafting committee that wrote UCITA. UCITA is a proposed law that will govern all transactions involving computer software, electronic databases (such as WestLaw), downloaded books, and some entertainment products. It can also apply to computers and some other goods if their manufacturers put an appropriate notice in the product packaging. Although the Ring et al. article reported years of work on UCITA as a proposed Article 2B addition to the UCC, it failed to mention that the UCC is a joint project between the American Law Institute (ALI) and the National Conference of Commissioners on Uniform State Laws (NCCUSL). It failed to mention that the ALI called for "fundamental revision" of the draft in May, 1998 (1) and withdrew from the project in April, 1999, effectively killing 2B as a UCC project. Thereafter, NCCUSL renamed the project as UCITA and went forward alone. The ALI members of the Article 2B drafting committee refused to join the UCITA drafting committee. (2) Although authors Ring, Kneedler, and Jaspen acknowledged that UCITA is a controversial proposal, they listed only its supporters and not such opponents as the Attorneys-General of 24 states, the Bureaus of Competition, Consumer Protection, and Policy Planning of the United States Federal Trade Commission, the leading software developers' professional societies (such as the Association for Computing Machinery, the Institute of Electrical and Electronics Engineers, and the American Society for Quality, Software Division), software trade groups representing small developers (the Independent Computer Consultants Association, the Free software Foundation), the five main library associations, leading intellectual property experts (including the American Intellectual Property Law Association, Committee of Copyright and Literary Property of the Association of the Bar of the City of New York, and fifty intellectual property law professors), other copyright industry associations (such as the Motion Picture Association of America, the National Association of Broadcasters, and the Newspaper Association of America), and every consumer advocacy group that has looked at the bill. (3) UCITA will have profound effects on intellectual property rights and the quality and security of computer software. INTELLECTUAL PROPERTY Under UCITA, almost all software-related transactions will be licensing transactions. When a consumer buys a copy of Microsoft Word and a copy of a book about the program, the software transaction would be a license while the book transaction is a sale, even if the two items were side by side, the customer bought them both from the same cashier, and the software license was not available to the customer until after she paid for the product and took it away. Under UCITA 102(a)(42) a transaction can be a license even if the licensee is given title to the transferred copy. This is a shift from long-established treatment of intellectual property in the mass market. To see the history of this issue in copyright law, shepardize Jewelers' Mercantile Agency v. Jewelers' Pub. Co., 155 N.Y. 241 (1898) (rejected the fiction of a lease offered to all comers that restricted transfer of the book and use of information in it); Bobbs-Merrill Co. v. Straus, 210 U.S. 339 (1908) (rejected a restrictive notice on a book that prohibited the buyer from reselling the book for less than a minimum price. Under the first sale doctrine, publisher lost its property interest in an individual copy of a book once it sold that copy. The restrictive notice could not transform a sale into a license); RCA Mfg. Co. v. Whiteman, 114 F.2d 86 (2d Cir. 1940) (Licensing language on record albums could not convert a mass-market sale into a license.) For patent law, look at the doctrine of exhaustion, starting with Motion Picture Patents Co. v. Universal Film Manufacturing Co. 243 U.S. 502 (1917). According to authors Ring, Kneedler, and Jaspen, "UCITA is intended neither to avoid nor to contradict the large body of existing federal intellectual property law." Others vigorously disagree. For example, the American Intellectual Property Law Association (4) protested to NCCUSL that UCITA "eliminates the 'first sale' doctrine" (which allows the owner of a copy to sell it or give it away). Under UCITA 503(2), "a term prohibiting transfer of a party's interest is enforceable, and a transfer made in violation of that term is a breach of contract and is ineffective." A vendor who puts a no-transfer clause in the license achieves a market-wide restriction -- equivalent to elimination of the first sale doctrine. By allowing vendors to enforce such restrictions in the mass-market, UCITA allows them to evade the federal balancing of private and public rights in intellectual property.(5) Reverse engineering is another example of the intellectual property reach of UCITA. Reverse engineering is a normal engineering practice.(6) Clauses barring reverse engineering have been enforced in negotiated licenses, but not in mass market cases.(7) Some software publishers want to ban reverse engineering in the mass market. Despite authors Ring, Kneedler, and Jaspen's claim of UCITA's neutrality on this issue, UCITA makes contractual use restrictions (no-reverse-engineering is a use restriction) prima facie enforceable. Individual courts might rule that such a restriction is invalid under federal law or against public policy, but it will take several expensive court cases before software developers will know whether they can still lawfully reverse engineer mass-market software in the face of a shrink-wrapped contract term that claims that they cannot. The AIPLA letter noted that "The President of . . . [NCCUSL], Gene Lebrun, wrote . . . that it is 'expressly stated in Section 2B-105 [that] Article 2B does not displace or change intellectual property law.' . . . We are extremely concerned that the proposed UCITA draft is not consistent with . . . the assurance of President Lebrun." UCITA Reporter Ray Nimmer complained of "distortions" in the debate on UCITA, identifying as a "misrepresentation" "that UCITA allows licensors to prevent licensees from commenting about the products. This allegation makes nice copy and superficial impact, but is simply untrue. You can scroll through the UCITA draft and will not find any such provision." (8) Opponents quickly point to UCITA section 102(a) (20), which defines "contractual use restriction" as "an enforceable restriction created by contract which concerns the use or disclosure of, or access to licensed information or informational rights, including a limitation on scope or manner of use." Section 307(b) states that "If a license expressly limits use of the information or informational rights, use in any other manner is a breach of contract." Under the statute's own definition, a nondisclosure clause is a contractual use restriction. Under Section 307(b), such a restriction is enforceable. These provisions may keep vital information from the marketplace. Consider the following restrictions, downloaded (July 20, 1999) from www.mcafee.com, the website for VirusScan, a mass-market software product, on July 20, 1999. "The customer shall not disclose the results of any benchmark test to any third party without McAfee's prior written approval." "The customers will not publish reviews of the product without prior consent from McAfee." Clauses like these are enforceable in traditional, negotiated licenses, and they are used to block magazine reviews.(9) UCITA arguably extends the enforceability of such clauses even in mass market products. Perhaps they will eventually be found to conflict with public policy but until then, the plain language of UCITA will have a chilling effect on criticism of mass-market products. SOFTWARE SECURITY UCITA section 816 allows software vendors to place disabling codes in software and to activate them remotely (such as by sending an e-mail) to shut down a customer's use of the product. Such disabling codes create a hole in the customer's system security. UCITA section 816 remedies for wrongful use of such codes are probably not triggered if the software is shut down accidentally or by a third party (such as a cracker who learns the code or a disgruntled former employee of the vendor). Self-help was portrayed in the UCITA meetings as something essential to protect the interests of small licensors. However, the only group attending the UCITA meetings that represents only small licensors, the Independent Computer Consultants Association, urged NCCUSL to reject self-help. It recommended that licensors be protected without creating the disabling code security risk to customers by statutory authorization for recovery of attorney fees by licensors who obtain an injunction to terminate misuse of the software. This proposal was repeatedly rejected. CONSUMER PROTECTION UCITA is hostile to customers of all sizes. It validates post-payment presentation of material terms and permits licensors to put in a form contract a term that allows them to keep changing terms. Licensors can exclude incidental and consequential damages even when an agreed remedy fails of its essential purpose. The drafters rejected proposals from the software engineering professional societies (ACM, IEEE, and ICCA) to allow customers to recover damages caused by defects that were known to the licensor but not documented or disclosed to the licensee. Instead, the standard form exclusion of incidental damages allows the licensor to charge a support fee (such as $5 per minute on the telephone) when a consumer calls to complain about a defect that was known by the licensor when it licensed the software. Software products are often sold in the mass market with hundreds or thousands of known defects. (10) For additional detailed notes on consumer impact of UCITA, see the articles in the note. (11) Authors Ring, Kneedler, and Jaspen say that "UCITA alters no state laws relating to the applicability of consumer protection to databases, consumer services or software." In contrast, 24 Attorneys General and the Administrator of the Georgia Fair Business Practices Act said that UCITA's "rules deviate substantially from long established norms of consumer expectations. We are concerned that these deviations will invite overreaching that will ultimately interfere with the full realization of the potential of e-commerce in our states." (12) The Attorneys General also said that UCITA's "prefatory note and reporter's comments incorrectly present the proposed statute as balanced and as leaving 'in place basic consumer protection laws' and 'adding new consumer and licensee protections that extend current law.' . . . [I]n instances in which provisions are described as new consumer protections, such as the contract formation and modification provisions discussed below, consumers actually have fewer rights than they do under present law. . . . NCCUSL . . . should revise the explanatory materials accompanying the statute to scrupulously identify the instances in which the policy choices embodied in the statute either extend or resolve controversies in current law and to clearly explain whether such extension or resolution favors sellers/licensors or buyers/licensees." NOTES (1) Jean Braucher, "Why UCITA, Like UCC Article 2B, is Premature and Unsound", UCC Bulletin, July 1999, www.2BGuide.com/docs/0499jb.html. (2) (www.2BGuide.com/docs/50799dad.html). (3) See www.badsoftware.com/oppose.htm and www.2bguide.com. (4) Letter to NCCUSL, July 16, 1999. (5) Robert P. Merges, "Intellectual Property and the Costs of Commercial Exchange: A Review Essay," 93 Mich. L. Rev. 1570, 1613, 1995; Mark A. Lemley, "Beyond Preemption: The Law and Policy of Intellectual Property Licensing," 87 Cal. L. Rev. 111,1999, http://papers.ssrn.com/paper.taf?abstract_id=3D98655. (6) Cem Kaner, Article 2B and Reverse Engineering, UCC Bulletin, November, 1998, 1, www.badsoftware.com/reverse.htm. (7) Sega Enterprises Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1992); Vault Corp. v. Quaid Software Ltd., 847 F.2d 255 (5th Cir. 1988). "Correcting Some Myths About UCITA", http://www.2bguide.com/docs/rne.html (8) "The Test That Wasn't" August 1999 PC Magazine 29. According to that article, Oracle "formally declined to let us [PC Magazine] publish any benchmark test results." (9) Cem Kaner & David Pels, Bad Software: What To Do When Software Fails. (10) Federal Trade Commission letter www.ftc.gov/be/v990010.htm; Steven Chow (a member of the UCITA drafting committee) "Proposed Uniform Computer Information Transactions Act: Bad For Commerce And Innovation" www.2bguide.com/docs/citopp.html; Cem Kaner, "Comments on Article 2B" (section-by-section analysis) October 1998, www.badsoftware.com/kanerncc.htm; "Bad Software: Who is Liable" (analyzes software economics and UCC 2B) May 1998, www.badsoftware.com/asqcirc.htm; and (11) "Article 2B - Report from the November 13-15, 1998 Meeting", www.badsoftware.com/uccnov98.htm. (12) Letter to NCCUSL, www.badsoftware.com/aglet1.htm and www.badsoftware.com/aglet2.htm. _______________________________________________________________________ Cem Kaner, J.D., Ph.D. P.O. Box 1200, Santa Clara, CA 95052 http://www.kaner.com http://www.badsoftware.com Author (with Falk & Nguyen) of TESTING COMPUTER SOFTWARE (2nd Ed, VNR) Author (with David Pels) of BAD SOFTWARE (Wiley, 1998) This e-mail communication should not be interpreted as legal advice or a legal opinion. The transmission of this e-mail communication does not create an attorney-client relationship between me and you. Do not act or rely upon law-related information in this communication without seeking the advice of an attorney. Finally, nothing in this message should be interpreted as a "digital signature" or "electronic signature" that can create binding commercial transactions.