What Have You Signed Away Today? Software Makers Play Hardball With You

Andrew Brandt and William Wallace

Juno wants to sell your computer's idle time. Microsoft wanted the rights to all content passing through its Passport Web services. Some vendors want no liability for their products--even if they know about product defects in advance. And chances are, you've legally agreed to let vendors have what they want.

All it takes is clicking an "I Accept" button or ripping the shrink-wrap off a new box of software. Both software and Web services come with End User License Agreements (EULAs) or Terms of Service (TOSs), and few people read them. Until recently, buyers didn't need to. Historically, EULAs were confusing and rarely invoked--but EULA and TOS contracts have always been legally binding.

This "fine print" has suddenly become a cause célèbre as states around the country move toward adopting a set of proposed e-commerce rules called the Uniform Computer Information Transactions Act (UCTA). If UCITA is adopted nationwide, it will give ominous legal power to previously unenforceable parts of End User License Agreements--in fact, it has already started to.

It's Your Problem

Although only Maryland and Virginia have enacted UCITA, consumers around the country are beginning to feel its impact. For one thing, companies are demanding far more in their EULAs. Some agreements let a software maker perform highly invasive scans of a user's system. Others limit the methods by which consumers can seek to resolve disputes with vendors; some also attempt to restrain customers from complaining publicly about a product.

In some cases, EULAs insulate firms from liability for a defective product--even if the company knew the product had defects prior to shipping it.

Consider the case of M.A. Mortenson, a contracting firm that sued Timberline Software of Oregon; the suit alleged that defects in a Timberline bid-preparation program caused Mortenson to make a $1.95 million bidding error.

Last year, the Washington State Supreme Court ruled that Timberline was not liable for the buggy program--despite the fact the company knew about the bug before putting the software on the market. The reason: Timberline's EULA exempted the company from responsibility "for any damages of any type" resulting from use of its products.

"It [UCITA] does away with product liability so far as software manufacturers are concerned," says Gordon Pence, intellectual property counsel for Caterpillar Inc. in Peoria, Illinois. (Pence represents the company in Americans for Fair Electronic Commerce Transactions, a business coalition that opposes UCITA.)

Can You Fight Back?

Consumers' angry reaction to some of these new rules has been swift: In recent months, Juno, Microsoft, Verant Interactive, and other Web and software firms have felt the sting of a backlash against particularly unreasonable terms.

For example, earlier this spring Microsoft abandoned its reviled Passport TOS in the face of widespread criticism. The policy granted the company and unspecified affiliates the right to "use, modify, copy, distribute, transmit, [and] publicly display" any message, file, or data that users entered into the Passport site.

"We were in error for having that up there," says Tom Pilla, a Microsoft spokesperson. He said Microsoft hadn't updated Passport's terms of use to reflect its business policies, or even to adhere to Passport's privacy statement. "It was very old language," he said.

Similarly, software maker Verant Interactive quickly jettisoned plans to introduce a monitoring tool to its popular multiplayer online game EverQuest. Citing the proliferation of cheating tools, Verant wanted all game players to permit the company to scan their hard drives for illicit utilities. Users protested and, within a day, Verant rescinded the plan.

But some vendors have not changed aggressive policies. In February, Juno, the nation's largest provider of free Internet service (which recently merged with NetZero), submitted a new TOS to its users, announcing its plans to enlist them in a distributed computing project.

Much like SETI@Home--the voluntary distributed computing project that searches for extraterrestrial life--Juno's Virtual Supercomputer project requires users to install software that will use their PC while it's idle to chug through complex computations.

Juno plans to sell that computing power to third parties, and it disclaims any liability for costs or for PC problems resulting from the software or the computations. Also, though Juno spokespersons claim user participation is currently voluntary, the TOS clearly reserves the right to require participation by users of its free service, and Juno could even order users to keep their PCs on all the time to perform the computations. Juno says it must investigate this option as it strives to stay in business and turn a profit.

Not So Free Speech

Some consumer groups argue that the most restrictive EULA clauses violate users' right to privacy and, potentially, their right to free speech.

Microsoft again came under fire last year when it clashed with techie news site Slashdot over criticism Slashdot readers posted there after Microsoft released part of its Windows 2000 specification on the Net.

Microsoft demanded that Slashdot remove the posts, arguing that the comments--some of which contained the specification--constituted a violation of 1998's Digital Millennium Copyright Act, as well as a breach of the confidentiality agreement on which Microsoft had conditioned the spec's original Net release. Slashdot protested, encouraging its users do the same, and Microsoft backed down.

Critics say strict enforcement of agreements like Microsoft's would make it all but impossible for users to grouse about software publicly.

Microsoft is not alone in adopting contract clauses that may serve to muzzle critics. Vergil Bushnell, e-commerce analyst for the advocacy group Consumer Project on Technology, points to a particularly aggressive clause in the TOS for a recent version of Network Associates' McAfee VirusScan. According to Bushnell, the TOS language "would presumably prevent users--or journalists--from publishing benchmark tests or reviews of the software without prior permission from [Network Associates]." As a result, at least one publication has declined to review it.

Lisa Citron, manager of retail marketing at Network Associates, says the company is revising the TOS for the launch of its newest Office Utilities. She says Network Associates has had problems with people publishing product reviews and tests that misrepresented the product. The company's only goal, she explains, is to ensure that anything published has accurate and up-to-date information on the product's capabilities.

The CPT's Bushnell charges that UCITA's unclear provisions give companies free rein to craft egregious EULA terms. UCITA's drafters, he says, "adopted nebulous standards, rejecting more-specific language that would have ruled out contractual restrictions on free expression."

A Place For EULAS?

Even critics admit these licenses serve a purpose. Consumers want to use software, and vendors want some way to secure their licensing rights.

And many agreements have no outrageous or excessive restrictions. Some also make users scroll through or check boxes in the EULA to indicate that they've read--or lingered by--the terms within. That's a step in the right direction.

Of course, anyone can click a EULA's "I Decline" button. But if you do, you won't be able to use the software or Web service. The average user has no real, practical opportunity to negotiate EULA terms.

Meanwhile, 10 states have legislation pending that would enact UCITA. Attorneys general in 26 states oppose the measure, and some experts consider it unlikely to win favor in all 50 states this year.

But as UCITA grinds forward, this might be a good time to start reading--very carefully--before you click.

Read With Care: Buzzwords to Watch For

Here are some key terms in EULA and TOS contracts, and what they mean to you.

Computer-specific license Allows software to be used exclusively on one particular hard drive permanently attached to one PC. The software may not be used on other computers or by any other PCs attached to a network. (See Transfer restrictions below.)

Disclaimer A provision in a license that allows a person or organization to deny responsibility for problems related to the use or misuse of the product. Some EULAs include a disclaimer that purports to free the manufacturer of a piece of software from liability for the product, even if the manufacturer knows of defects in the design.

Where it applies, UCITA would make the law governing disclaimers uniform and limit the chance to collect damages in cases where a faulty product has caused actual harm.

Reverse engineering The process of examining a computer program or digital product to determine how it is constructed. This technique is used in debugging programs and in developing products that can function with the one being reverse-engineered. It can also be used to analyze and critique software.

UCITA would make manufacturers' contracts prohibiting reverse engineering legally enforceable wherever UCITA applies.

Transfer restrictions Limitations on a purchaser's ability to transfer a piece of software or a digital product to another user. Some clauses might bar giving away a copy of a product as a gift. These restrictions also apply to products bundled with software, such as game consoles and digital cameras.

Where it applies, UCITA would require uniform enforcement of transfer restrictions.