Could your business withstand the impact of having your critical software suddenly and completely cease to function, simply because a vendor’s bill was sent to the wrong address

WORRISOME NEW SOFTWARE LAW

Would you pay a lot of money for something if you’ll be obligated to follow the seller’s contract terms, but you’re not even allowed to see any of those terms until AFTER you pay your money? That’s exactly the situation you’ll be facing with software purchases, when a new law goes into effect. I.T. professionals in the U.S. need to become aware of this new law, because it can have serious effects on their work.

The law is called "UCITA" -- the Uniform Computer Information Transactions Act. It has already been passed through most of the necessary approval stages, and has a very serious possibility of becoming law as early as this fall.

UCITA was formulated by the National Conference of Commissioners on Uniform State Laws (NCCUSL). By most accounts, this group is highly respected and normally very even-handed, but has been heavily influenced in this case by a group of software vendors. The NCCUSL normally collaborates with the American Law Institute (ALI) to draft models for certain state laws, especially for the Uniform Commercial Code (UCC). Business transactions in the U.S. are made smooth by having identical or very similar laws governing commerce in all states. However, the ALI had serious reservations about the content and construction of this measure ("UCC-2B"), and withdrew their support. The NCCUSL then elected to continue with this law, with very little further opportunity for public comment, and passed UCITA as a stand-alone measure instead of making it part of the UCC.

Draft statutes produced by the NCCUSL are normally passed into law by most state legislatures, typically with few changes. The NCCUSL representatives from 40 states approved this draft, so it has an excellent chance of becoming law in some states soon. If UCITA is passed in even one state, the following provisions can or will apply to software purchases:

Enforceability of "clickware", where contract terms are not disclosed until AFTER THE SALE (during the installation of the software).

All shrink-wrap terms will become more enforceable, including restrictions against reverse engineering, restrictions against publication of benchmarks, and even "gag rules" to prohibit any public discussion or review of a software product without the vendor’s approval.

Removal of software sales from the realm of normal consumer protections, by specifically categorizing all such sales as licenses instead of the "goods" that are covered by many existing statutes.

Greater ability for vendors to disclaim warranties that currently exist, such as shipping a product without features that had been demonstrated.

Removal or restriction of the right to transfer software licenses to another party. This could have severe impacts on corporate mergers and acquisitions.

"Self-help" provisions, where vendors are explicitly allowed to install "back-door" access points to allow remote shutdown of software. Even if legal protections exist before vendors can make use of such deliberate security holes, it’s all too likely that others will find and trigger these mechanisms.

Passage of UCITA could be particularly troublesome to small businesses. It provides some protections for "mass-market" consumer purchases, and some large companies may be able to negotiate more favorable terms for software contracts. But most small businesses have neither the clout nor the resources to enter into extensive software contract negotiations, and businesses are specifically excluded from many of UCITA’s "mass-market" protections. For example, vendors can refuse to disclose contract terms before the sale. Then if the terms are found objectionable when they’re finally presented, consumers can ask for a refund of the purchase price, but vendors are not obligated to provide any such refunds to businesses.

While the draft of UCITA was approved by most NCCUSL representatives, for presentation to state legislatures, there’s still some opposition to the measure. It is opposed by a number of large software customers, by all consumer advocacy groups that have publicly reviewed it, by librarians, by security professionals, by publishers in other industries, and by I.T. professional organizations such as ACM, IEEE, SIM, and ICCA. While it’s unusual for federal agencies to comment on state laws, the U.S. Federal Trade Commission (FTC) has issued strong cautionary letters about UCITA. Finally, it is opposed by the attorneys general of more than half the states in the U.S.

Even with opposition, the measure is heavily supported by a variety of large software publishers and I.T. trade organizations, who will probably lobby heavily for its passage in the states. If even one state passes UCITA, we could have a situation analogous to that of the credit card industry, where one or a few states could have laws that are highly favorable to software companies, hoping to attract such businesses into their state.

Some people, especially proponents of the Open Source movement, argue that the large software vendors should be allowed to get just what they asked for, because of the backlash that is sure to follow. But many find that prospect too dangerous, and believe that state legislators need to be convinced not to pass such a law in the first place.

As an IT professional, you should certainly take the time to find out more about UCITA. Some good resources can be found on the World Wide Web, at http://www.infoworld.com/cgi-bin/displayStory.pl?/features/990531ucita_home, www.acm.org/usacm/copyright, and www.badsoftware.com

--Tim Plas (tplas@cloudnet.com)