A Rev. 2 UCITA may not be enough to sway the other 48 states to adopt it, however. The new version of the proposed law still carries much of the old baggage: Opponents argue it gives vendors excessive control in the licensing of their software and information services, and its broad and complex content sometimes raises more questions than it resolves: When does embedded software falls under its authority?, for instance. There is some debate over whether UCITA is even necessary at all, since there's plenty of overlap between it and existing legislation, including state contract laws, the Uniform Electronic Transactions Act (UETA) and Uniform Commercial Code (UCC) already in use in many states.
UCITA makes the sale or licensing of software and other computer-based information, such as online databases, a contractual or licensing arrangement. That's a departure from how most software purchases are handled today, as a sale under copyright law. Copyright law lets you use software for noncommercial reasons like research, teaching, product-testing and reverse-engineering once you've purchased or licensed it. You can't reproduce and redistribute it for profit under copyright law, though.
The scary part about UCITA is that big-name vendors like AOL Time Warner, Intel, LexisNexis, Microsoft, Oracle and PeopleSoft get lots of leverage in how they define the terms of contracts and licenses--limiting your copyright privileges. You won't have as much bargaining power in custom-license deals with CRM (customer relationship management) and ERP (enterprise resource planning) software companies, for instance, since the act lets vendors prohibit you from reverse-engineering their products, except for the purpose of making them interoperable with other software. Shrink-wrap licenses will continue to be the norm for off-the-shelf purchases under UCITA (see "UCITA: Shrinking From Its Duties?").
Say you purchase a Web application that generates forms for your e-business customers. The forms use information stored in a back-end database that hous-es your customers' credit-card number and other personal information. The application runs fine--until someone posts your customer information and credit-card account numbers on the Web. You suspect a hacker has exploited the Web application. Under current copyright law, you could reverse-engineer the Web application to investigate or fix the security hole, and even post your findings and voice your opinion about the security hole in an online discussion group.
But under UCITA, you'd have fewer options if the vendor barred you from reverse-engineering it. That leaves you to buy another application or risk litigation by breaking the license to get to the bottom of the problem.