Article Title: Look Before You Click, part 2
Article Byline: Despite recent court victories, EULAs are still in a legal grey area... but new legislation could change all that
Article Body: Written by: Bruce Rolston

In the summer of 1993, Seattle-area computer consultant Mark Reich was hired to help a Minnesota construction company with its Washington regional office. The contractor, Mortenson, had just replaced the office's computer network; it asked Reich to reinstall some software. Reich brought the software to the Bellevue office, and with the help of some techies, unwrapped and installed it on the new computers. He then walked away, and probably forgot all about it for a while. He had no way of knowing that his simple actions would end up costing the company $2 million in damages, and that a provision in the EULA he'd clicked through meant they'd never see a penny of it.

End-user licence agreements (EULAs) are familiar to computer game users, and yet opaque. How much do you really know about them? If you click "I agree" when you install the next computer game, are you legally bound by all that fine print you didn't really bother to read? And what's the government's stance on the issue? In this second part of our series on EULAs, you'll find out how EULAs can sometimes be serious business, and that new legislation may make it even more important that you look before you click.

We don't know how much scrutiny Mark Reich, or the Mortenson staff, gave to the detailed licence agreement on the package of Timberline Software's Precision Bid Analysis, eight copies of which he'd picked up and delivered to the office that first summer day. It was a pretty standard EULA, really, similar to any other piece of software. It included the usual provisions on copyright and intellectual property... and two other, very commonly found lines.

The first will come as no surprise to anyone who's read their own EULA. "You agree that your use of the program acknowledges that you have read this license, understand it, and agree to be bound by its terms and conditions." The EULA also contained warranty and liability information, and while one specific provision there is not found on all software by any means, it's still pretty common.

"Neither Timberline [the developer] nor anyone else... shall be liable to you for any damages of any type... arising out of the use or inability to use such programs... even if Timberline has been advised of the possibility of such damages."

Seven years later, lawyers for Mortenson would try to convince a court there's no way that could be legal. They'd never even seen the license, for pete's sake. Reich had done all that. And now, thanks to the software, the company was on the hook for a $1.9 million difference between what the software had told them it would cost to build a new medical centre, and what it had really cost them, all due to a known bug in the Timberline software. Even if a "shrinkwrap license" was legally binding, that software Reich installed had trashed their business: wasn't the program's developer at least partially responsible?

No, said the Washington State Supreme Court in a landmark decision for the software industry this last April. Even though it came out that Timberline knew the bug existed, even though they'd sent a patch to some of their other customers; even though no one from the construction company had ever knowingly signed their rights away (other than the techies clicking "I agree"); the company was still blameless, all because of the terms of that EULA, the court ruled in a 7-2 decision. "The license was set forth in capital letters on each diskette pouch and on the inside cover of the instruction manuals... The license was also referenced in the opening screen of the software program. This gave Mortenson more than ample opportunity to read and understand the terms."

Can software makers hide behind a EULA? At least in the state of Washington, it seems they can.

Okay, so you can't sue the company. But if you break a EULA, can the company sue you? Yes, a federal appellate court ruled in 1996, in the case of ProCD v. Zeidenberg. The case concerned Wisconsinite Matthew Zeidenberg, who in 1994 had lifted ProCD's SelectPhone national phone number database off CDs he had bought, and put them on his own for-pay website. ProCD, who had invested $10 million in compiling the numbers and stood to gain nothing, promptly sued under terms found in the SelectPhone EULA. But Zeidenberg managed to convince a local court that, since he couldn't possibly have read the EULA before he paid for the product, the terms could not apply to him... and he could do what he wanted with the software.

Not so fast, the federal judges said. Lots of transactions (they mentioned insurance policies, airline tickets, toaster warranties) involve the consumer not seeing the fine print until after money has changed hands. Take a music concert ticket, for instance. "The back of the ticket states that the patron promises not to record the concert; to attend is to agree. A theater that detects a violation will confiscate the tape and escort the violator to the exit.

"One could arrange things so that every concert-goer signs this promise before forking over the money, but that cumbersome way of doing things not only would lengthen queues and raise prices but also would scotch the sale of tickets by phone."

Making software companies put the EULA on the outside of the box, as Zeidenberg lawyers were arguing should have been done here, would also be bizarre, they said. "Vendors can put the entire terms of a contract on the outside of a box only by using microscopic type, removing other information that buyers might find more useful (such as what the software does, and on which computers it works), or both." Taking Zeidenberg's argument seriously, the judges concluded, would either "drive prices through the ceiling or return transactions to the horse-and-buggy age."

Strike two to the software buyer. Still, it's important to remember that courts being what they are, the consumer's really only down in the count right now. A court case in another state, or a Federal Supreme Court decision, could still go the other way. It's safe to say no one in the software industry is looking forward to another EULA case - and that the threat of one has kept the demands put on consumers by EULAs more moderate than they might otherwise have been.

Frankly, from the legal decisions so far, there's no reason you can't "agree" to just about any condition through a EULA. Your next piece of software could conceivably demand your consent to scans of your computer files looking for hacks (as Verant recently considered imposing on EverQuest players.) Clicking "I agree" could even conceivably entitle a software company to have the right to ping your computer in a way that would shut a game down, if it thought you were in violation of the EULA terms. You might even be asked to sign away your First Amendment rights to publicly criticize the software itself. But would those kinds of measures be legal? It's not clear whether they are or not, and so the ambiguity itself surrounding the legal status of EULAs has been a significant factor in keeping some software makers from pushing the envelope, even if they wanted to. No one wants to push what has turned out to be a convenient concept that one step too far and risk the courts striking a license agreement down.

Instead, software industry lobbyists are pushing now to enshrine the concept behind these license agreements in state law, to give them a consistent playing ground in all the states. The Uniform Computer Information Transactions Act (UCITA), drafted in 1999, contains measures to shore up the legal backing for EULAs.

An amendment to the American Uniform Commercial Code, UCITA needs to be passed by each state's legislature to go into effect there. So far only Maryland and Virginia have ratified it: after it goes into effect there in the coming months, it's fair to say EULA cases in those jurisdictions will very likely go the industry's way. Software industry lobby groups (including the Business Software Alliance and the Software Information Industry Association) are pushing hard to get it approved in other states, as well. They are being fought on a state-by-state basis, however, by a loose coalition of anti-EULA groups, including Consumer's Union, the National Consumer Law Centre, Computer Professionals for Social Responsibility, and recent presidential candidate Ralph Nader. The Federal Trade Commission and the attorney-generals of many states have also expressed public concerns the new law.

What UCITA does (among other things: it covers all manner of electronic transactions) is essentially codify the "shrinkwrap licensing" practice as it's now used. A software company in a UCITA-friendly state could in theory put any reasonable restriction on the use of its software in a EULA, which consumers would be expected to respect and understand. Basically it removes the uncertainty of waiting for the next court case. It's not all negative for the consumer though: the buyer's right to return software for a full refund if he cannot agree to the terms of the EULA will also be enshrined in law. As well a EULA will not be able to bind you to any conditions that are "unconscionable and unenforceable."

Opponents of UCITA say that still amounts to a big negative for the consumer, though. The proposed legislation specifically allows for all kinds of EULA provisions that no software developer has dared to try yet, such as being able to remotely shut down your software if a buyer is behind on his payments. It's not just the consumer watchdogs, either. Critics of sloppy practice in the software industry are concerned that stronger legal protections will only give the industry more of an excuse to produce buggy or broken code than it has already.

One of those critics is Florida Insitute of Technology law professor Cem Kaner. In his anti-UCITA website, he describes his impressions of the real reasoning behind UCITA. "For example, in a meeting a couple of years ago, one of the 10 [drafting board] members made a comment about user errors made by 'dumb customers.' A lawyer representing several publishers replied, 'Dumb customers? That's redundant!' Almost everyone in the room seemed to think this was hilarious."

In an interview, Kaner said UCITA is a big step backward, for everybody. "There are no consumer protection improvements, though there were some smoke and mirrors [amendments] adopted in Maryland and more will come in Virginia. The bill is still a disaster for the free software community and for, in my opinion, small software publishers.

"[Because] the bill has met with a lot of resistance, a lot of lobbying money was poured by software publishers and computer manufacturers into the last election... we'll see what happens in the future. This has been dismaying, because many of the leading publishers' attorneys were willing to make some sensible compromises. If the ideologues who ran the drafting committee had been more willing to compromise, we'd have a uniform bill. Instead, we're seeing a bill that is as extreme as I think it can get, and it will never achieve near-universal acceptance. Rather than increasing certainty and simplifying commerce, it is just another pollutant."

Industry commentator Mark Minasi says the industry will become even more complacent if the law is changed to back up the limited warranties and liability clauses found in many EULAs.

"The difference is that they used to just get away with it, and we all kind of looked forward to the day that lawsuits or a Naderish person could push the industry in the correct direction. Now they can just say 'hey, we're legal.' Think of it this way: thousands of wives get abused every day because ... well, because it's possible. But legalizing wife abuse would make things worse. For years, we've been subject to 'user abuse.' It's insulting that now it's legal [in some states]," said Minasi, author of The Software Conspiracy: Why Software Companies Put Out Faulty Products, How They Can Hurt You, and What You Can Do About It.

The rising debate has also drawn the attention of the federal government. In recent months, the consumer protection branch of the Federal Trade Commission has taken a new interest in the EULA issue. The FTC, which had done some cautious eyebrow-raising in the early drafting stages of UCITA last year, called together representatives from across the industry for a two-day public forum on consumer protection and high-tech services at the end of October. "Nothing could be more important in this new marketplace, I think, than the issue of what information consumers will have, [or] need to have prior to purchase," said FTC consumer protection head Jodie Bernstein at the time. "That's one of the critical issues for us and critical issues for the industry as well."

But the FTC has stopped short of getting openly involved in this issue so far, leaving it up to the legislators of individual states. "We will continue to be very interested in how the the development of different state law models relates to federal warranty law," said the commission's Eileen Harrington, who chaired the forum.

The FTC is still considering whether there is a role for it to play here, Harrington, the commission's director of marketing practices, said. "We really don't know that there is a 'next,' other than continued thinking and studying."

But David Rice, a law professor at Roger Williams University, insisted at the forum that the FTC should be playing a role, not in the state commercial law sense, but in its role as the national guardian of truth in advertising and packaging. "I don't think we ought to be getting into FTC regulating the terms of the contract... [but instead] saying the deception prevention mission of the Commission leads us to conclude there ought to be affirmative, timely disclosure of selected material."

In plainer words, Rice told the FTC, make the publishers put the major points of the EULA on the box itself. "Common decency says if you're going to take it away inside, tell them on the outside... common decency, common sense. The essence of disclosure law says the consumer ought to know at the right time what it is that they're buying."

That kind of approach just makes sense, agrees game developer Derek Smart, who adds he wishes the industry and regulators would stop pursuing favourable legislation and litigation and just give customers the information to make an informed choice before purchase.

"A product's EULA, or at least the most important excerpts, should [always] be printed on the box or included as an insert in the box packaging," said Smart, lead designer behind the Battlecruiser series. "This way, while you are browsing the software, you can read it before taking it home. Publishers spend an insane amount of money on fancy boxes which only end up taking up shelf space, especially when the game inside ends up being a multi-million dollar dud. For this reason, I believe that they can trim the box -- remove those annoying flaps, too -- and spend another five cents in an externally mounted EULA."

But Kaner fears if the FTC was going to do anything, that time has passed with the likely election of a Republican government. "With the election of George Bush, we'll see a new FTC leadership and probably no protection from that front."

If the FTC does end up dropping back out of the picture, the would just leave pressure on the individual state legislatures to reject or amend the UCITA as the opposition's only recourse. If people don't start speaking up about thisnow, while UCITA's still in the early stages of being debated in most states, then in a few years it may be too late, Minasi warns. "At the moment, The Empire is winning, and the Alliance is in hiding off on Hoth or someplace like that."

Anyone can see the rationale behind UCITA: it does seem high time to end any lingering legal gray area surrounding EULAs, doesn't it? But the bad-software opponents have a strong argument against the legislation in its current form. It seems only obvious that, so long as consumers are not allowed see and compare licensing terms before purchase, the laws of the marketplace will only continue to favour games and other kinds of software that are pushed out too early, are inadequately supported, or simply don't work. But if customers could find out which companies stood behind their product, it could conceivably alter their buying decision, and encourage responsible practice. Otherwise, these ongoing moves to shore up the legal value of EULAs could end up increasing the number of buggy games and "mass market betas." Perhaps, just like the consumer, the 48 state legislatures still considering this new legislation should be urged to look before they click.

Related Links: