Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

W O R K S H O P

Software Legislation: Read the Fine Print

December 1, 2002
By Sean Doherty

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Da Bomb
	Sites To See
	Utica Fact
	Utica: Shrinking From Its Duties?

It's Round 2 for the Uniform Computer Information Transactions Act (UCITA), which arrives at state legislatures next year with a new look. And if your state adopts the recently retooled contract law, read your software license carefully or risk signing away your right to reverse-engineer or even publicly critique software.

UCITA is aimed at making the sale or license of software and other computer-based information consistent from state to state and among the U.S. territories. Only two states, Maryland and Virginia, have adopted the act so far. The National Conference Commission on Uniform State Laws (NCCUSL), the group of state-appointed lawyers, judges and law professors that drafted UCITA, revised UCITA earlier this year to allay concerns that it gave software vendors and information-service providers an unfair advantage over IT organizations and consumers.

A Rev. 2 UCITA may not be enough to sway the other 48 states to adopt it, however. The new version of the proposed law still carries much of the old baggage: Opponents argue it gives vendors excessive control in the licensing of their software and information services, and its broad and complex content sometimes raises more questions than it resolves: When does embedded software falls under its authority?, for instance. There is some debate over whether UCITA is even necessary at all, since there's plenty of overlap between it and existing legislation, including state contract laws, the Uniform Electronic Transactions Act (UETA) and Uniform Commercial Code (UCC) already in use in many states.

UCITA makes the sale or licensing of software and other computer-based information, such as online databases, a contractual or licensing arrangement. That's a departure from how most software purchases are handled today, as a sale under copyright law. Copyright law lets you use software for noncommercial reasons like research, teaching, product-testing and reverse-engineering once you've purchased or licensed it. You can't reproduce and redistribute it for profit under copyright law, though.

The scary part about UCITA is that big-name vendors like AOL Time Warner, Intel, LexisNexis, Microsoft, Oracle and PeopleSoft get lots of leverage in how they define the terms of contracts and licenses--limiting your copyright privileges. You won't have as much bargaining power in custom-license deals with CRM (customer relationship management) and ERP (enterprise resource planning) software companies, for instance, since the act lets vendors prohibit you from reverse-engineering their products, except for the purpose of making them interoperable with other software. Shrink-wrap licenses will continue to be the norm for off-the-shelf purchases under UCITA (see "UCITA: Shrinking From Its Duties?").

Say you purchase a Web application that generates forms for your e-business customers. The forms use information stored in a back-end database that hous-es your customers' credit-card number and other personal information. The application runs fine--until someone posts your customer information and credit-card account numbers on the Web. You suspect a hacker has exploited the Web application. Under current copyright law, you could reverse-engineer the Web application to investigate or fix the security hole, and even post your findings and voice your opinion about the security hole in an online discussion group.

But under UCITA, you'd have fewer options if the vendor barred you from reverse-engineering it. That leaves you to buy another application or risk litigation by breaking the license to get to the bottom of the problem.

The newest version of UCITA does come with some promising changes that could benefit IT, however. One of the biggest is the removal of an allowance in the original version that had let vendors remotely disable software if a user allegedly violated a license agreement. That's a hot button: It's akin to evicting a tenant without giving him due process. The new version of UCITA also specifies that the act does not replace existing state consumer-protection laws for unfair and deceptive business practices like price-fixing and other monopolistic actions. And it makes it clear that UCITA doesn't apply to free, open-source software such as Apache and Linux kernels. So you have the same freedoms as before with that kind of code.

Not all software-related contracts fall under UCITA's purview. While UCITA includes contracts for accessing computer information, the Internet and online electronic transactions and multimedia works, it excludes contracts for the distribution of printed information and for regulated telecommunication services and products.