US states fight controversial software law

Massachusetts could be the fifth US state to hit out at a proposed law for software transactions after a legislative committee...

Massachusetts could be the fifth US state to hit out at a law concerning software transactions after a legislative committee held a hearing this week.

The Uniform Computer Information Transactions Act (UCITA) was originally conceived to bring uniformity and certainty to the rules which apply to software transactions.

However, UCITA, according to opponents, sets default contract terms that favour software companies and frees them of liability for any software problems. Supporters say companies are free to negotiate terms and conditions, and they have attempted, unsuccessfully, to ease concerns by removing some controversial provisions, such as "self-help", which would have allowed a software supplier to disable a system during a dispute. 

Only two states, Virginia in 2001 and Maryland in 2000, have enacted the model legislation, while four states have adopted anti-UCITA measures. UCITA's progress toward state-by-state adoption appears, for now, to be stalled.

John McCabe, an official at the Chicago-based National Conference of Commissioners on Uniform State Laws (NCCUSL), which sponsors uniform laws, said a UCITA adoption bill is pending in the District of Columbia.

The measures adopted by the four anti-UCITA states - Iowa, North Carolina, West Virginia and Vermont - consist of "bomb-shelter" legislation, which is intended to prevent a software company from applying UCITA law provisions on residents in a bomb-shelter state.

The Massachusetts Joint Committee on Commerce and Labor held a hearing on the anti-UCITA bill on Monday, although no action was taken, a committee spokesperson said.

UCITA's opponents, who include library and consumer protection groups, many state attorneys general and some large software users, have claimed they succeeded in preventing UCITA's adoption in Oklahoma and Nevada this year. Despite those successes, however, they say UCITA remains a threat.

Carlyle Ring, chairman of the NCCUSL's UCITA drafting committee, said proponents will continue to press for state-by-state adoption. He argued that companies need a uniform set of rules to conduct internet transactions, and if the states don't adopt these rules, Congress will.

"The real issue is whether the states are going to work this out among themselves," he said.

Ring attributed the lack of state adoptions to the 18-month withdrawal of UCITA, under an agreement with the American Bar Association, which reviewed the UCITA and ultimately took no action on it after a special bar committee criticised the measure.

The pitfalls of UCITA

One-sided 'shrinkwrap' terms These will make many manifestly unfair terms enforceable in situations where today a judge would be free to ignore them.

Remote disabling of software UCITA's "electronic self help" and "automatic restraints" provisions give software publishers the right to surreptitiously include time bombs and backdoors in their software, exposing customers to enormous security risks.

Increased legal costs UCITA creates a host of surprising outcomes under its default rules, forcing customers to bring in the lawyers for what otherwise could be a handshake agreement.

E-commerce impact UCITA's vendor-friendly rules for e-commerce will conflict with efforts to bring order to the internet, creating less uniformity of law rather than more and exacerbating consumer distrust.

Software industry competition Disclaimed warranties and other protections for the software industry provide disincentives for companies to improve product quality and encourage the premature release of buggy products.

Bug disclosures UCITA offers protection from lawsuits to software publishers that knowingly distribute software with bugs, even if they hide the knowledge from users who suffer major damage as a result.

Sneakwrap modifications UCITA allows publishers and on-line services to materially modify terms of an existing relationship by posting changes on their Web site, changes that are unlikely to be noticed by many users.

Scope of law UCITA threatens to bring its anti-consumer rules to a variety of industries beyond software and even beyond high-tech fields.

Freedom of information UCITA helps make it possible for commercial entities to erect barriers against free exchange of information through libraries and academic institutions and even to put restrictions on criticism of their products.

Transfer of ownership Common shrinkwrap licence terms prohibiting all transfers of ownership in a copy would become enforceable under UCITA, undercutting basic principles of copyright law and possibly forcing companies to repurchase software they already have after corporate acquisitions, mergers, or restructuring.

Reverse engineering UCITA could allow software publishers to outlaw all forms of reverse engineering, even when it's done only for reasons of interoperability.

No pre-sale access to terms Software publishers are still allowed to take the traditional "terms inside the box" approach, denying customers opportunity to review terms before they buy, even in the case of online sales where providing the terms would be easy.

Patrick Thibodeau writes for Computerworld  

Read more on IT legislation and regulation