Consumer friendly FTC may demand software works to spec

UCITA outflanked? Good grief, this is Communism...

Analysis Consumers may soon get a better deal for packaged software, and be able to buy it instead of licensing it under onerous terms. Despite the strong lobbying efforts of US packaged software publishers, the US Federal Trading Commission (FTC) could well come out on the side of the consumer.

The restrictions associated with software licensing have produced something of a consumer backlash, because outright sales give consumers far more rights, and this view may have found some sympathy at the FTC. Against all expectations, it now looks as though the controversial Uniform Computer Information Transactions Act (UCITA - a so-called model law intended for enactment by every state, the pre-cursor of which was called Article 2B of the Uniform Commercial Code) may not be rubber stamped by many state legislatures.

There is also the possibility that if state implementation is delayed or the provisions in UCITA are modified, this could provide a reason for federal authorities to step in and do some harmonisation at the federal level - sweeping away UCITA in the process.

Why should software be different?
The FTC has decided it wants to investigate why software is treated differently from other consumer products and made available under restrictive licenses, thereby making it possible to disclaim implied warranty protection. It recently held a public forum to examine high-tech warranty issues. Although the FTC did not get its concerns addressed when it submitted comments to the National Conference of Commissioners on Uniform State Laws (NCCUSL - the body responsible for developing UCITA), it has certainly managed to gain centre stage now.

The FTC introduced into the discussion the Magnuson-Moss Act, which should apply to consumer software sales. This gives consumers some important rights - for example warranties must be available for review prior to purchase, and not inside the shrink-wrapped box. Warranty is a key issue, because if software is deemed to be tangible goods (and the arguments as to why it should not be so regarded suit only software publishers) then the Act says that implied warranties cannot be disclaimed, meaning that if a software vendor makes a claim in an advertisement or interview that there is some functionality in a package, it should be there and it should work.

It doesn't take a great leap to come to the realisation that this is dangerous stuff: if software has reasonably to do what it claims to do, there will be many unhappy vendors but some much happier users. It could also preclude the premature release of software with many known, serious bugs. At the moment, UCITA makes it possible for software publishers to disclaim any implied warranties.

Maryland, home of the licence agreement?
So far, UCITA is only in force in Maryland (from 1 October), but it is now possible for software publishers to draw up their licences under Maryland law, and reap the one-sided benefits of UCITA. Although it has been passed in Virginia, it will not be in force until next July after an impact review - assuming this is not negative. It is known that Virginia's enthusiasm was driven by a hope that software vendors might set up shop in the state if it was an early mover. Delaware, DC, Hawaii, Illinois, New Jersey and Oklahoma are currently considering UCITA in their state legislatures.

UCITA is state law and it is being used to restrict provisions in federal copyright law. From a user perspective, it is the end of consumer rights for shrink-wrapped software (or click-wrapped, if obtained online). UCITA makes it legal for consumers to be denied sight of a software licence before paying for it - despite the "conspicuous" disclosure of material terms for pre-sale review provision - by allowing users to return the software after reviewing the licence terms. In practice, it is very difficult to obtain a refund, since the dealer usually claims that the software publisher should be approached, and vice versa. Even so, the licensor or supplier must pay the costs incurred in returning software, according to UCITA.

The anti-UCITA submissions to the FTC are diverse and articulate. The IEEE said that it was concerned that what should be a sale was transferred into a licensing transaction that potentially permitted the enforcement of onerous, burdensome and unreasonable contract provisions that could include the prohibition of criticism of the software and limitations in selling or disposing of the software.

Federal "fair use" law and statutory copyright law that allowed reverse engineering for the development of interoperable software and security testing was undermined. Warranties were disclaimed and software defects known prior to sale did not have to be disclosed to the buyer, or fixed, and users could be prohibited from identifying problems. Software publishers could also make it expensive and burdensome for purchasers to protect their rights. Finally, remote disablement of the software could be triggered innocently - through a so-called backdoor provision. Users have no recourse whatsoever against software vendors for either known or unknown bugs.

It's all your fault

Cem Kaner, the author of Bad software, noted that in the good old days, Apple's Orchard magazine encouraged customers to reverse engineer and modify Apple ][ system software. Kaner also pointed out that software publishers usually waive any technical support fee for bug work-arounds - but only if a customer insists. One of the more iniquitous requirements by Microsoft in its MSN membership agreement is that it reserves the right to change the agreement without notice by posting details online, and that users are responsible for regularly reviewing such information or it would be assumed that continued use meant acceptance of the new conditions.

Just as bad was a CompuServe reference to Terms of Service that were not to be found on the Web site. Kaner also draws attention to the software publisher's desire to bring software outside consumer protection law, so that there can be no market in used software; publicity can be controlled; and there can be no remedies or warranties.

Richard Stallman, the GNU GPL pioneer, draws attention to the fact that Microsoft Word stores users' data in secret formats designed to make it difficult for other programs to access the same data. He also notes Microsoft's sensitivity in the click-wrap licence to Microsoft Agent that prohibits anyone from using "the character animation data and image files to disparage Microsoft, its products or services".

Software publishers are a bit shy about coming forward to defend UCITA, and tend to work through trade associations like the Washington Software Alliance (global sponsors: Preston, Gates, Ellis - Bill's Dad's law firm no less). The WSA made some very contorted arguments in favour of UCITA, suggesting that requiring warranties on packaged software would threaten the vibrancy of the US economy, and make it hard for small software companies to survive. The WSA soon gets to the heart of its global sponsor's concerns: "The open source... software movement is one of the major sources of competition to the Microsoft operating system" and sets about castigating Red Hat's licence which, after all "gives you legal permission to copy, distribute and/or modify the library".

The SIIA tries to make the case for software being different and hints at licensing not being a one-off charge. Its argument that the open source movement disclaims warranties, and the implication that so should the publishers of proprietary software, is fickle, as it well knows. Those offering source code to the public domain free of charge have a reasonable right to expect not to be sued for doing so, but consumers who pay for a proprietary product should have a right to expect it to work reasonably - which is just what UCITA doesn't guarantee. Most wicked of the SIIA however is the implication that "all interested parties" agreed the final text of UCITA: user comment was not canvassed by NCCUSL. Claiming that UCITA preserves "bargaining flexibility" is quite simply untrue.

You're already a subscriber

Mark Bohannon, general counsel of the SIIA remarked that there is no one-time sale, and that the user enters into "an ongoing subscription relationship" which sounds suspiciously like the death toll for once-only payments for software and a herald for annual licensing fees (.NET anyone?) for software. It is a canard for the SIIA to claim that this is necessary for ASPs, since their situation is quite different from a consumer sale, or a normal business sale come to that. UCITA artificially makes software different from the purchase of books.

It will not be known for some time whether the FTC decides to act over UCITA, but if it does, federal law can pre-empt state law and so give consumers a fairer deal. At present, UCITA protects bad software companies that are concerned that they could be made responsible for buggy software. A big lobbying effort is being organised by the major software publishers (and NASDAQ, which no doubt sees the writing on the wall if there is accountability). Consumer organisations are organising opposition, and are getting significant support from major software users like Caterpillar and Prudential Insurance.

The international implications of this domestic US law are considerable, because US-based software publishers try to inflict essentially the same legal agreement throughout the world. It will be interesting to see if the European Commission decides to play a role in looking after European consumer interests. ®

Related stories:
Virginia passes controversial software licensing law
MS-backed US law could destroy consumer rights to redress

Other stories you might like

  • Apple's latest security feature could literally save lives
    Cupertino is so sure of Lockdown Mode it's offering $2m to bug hunters to break it

    Apple's latest security feature won't be used by most of its customers, but those who need Lockdown Mode could find it to be a literal life saver.

    The functionality, coming with iOS/iPadOS 16 and macOS Ventura, dramatically shrinks an iDevice's attack surface by disabling many of its features. It's designed to protect the small number of Apple users who, "because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware," Apple said in a statement. 

    Lockdown, thus, effectively reduces the number of potential vulnerabilities spyware could exploit to compromise a device, cutting the possible routes into surveillance targets' kit.

    Continue reading
  • Has Intel gone too far with its Ohio fab 'delay' stunt?
    With construction unceremoniously underway, x86 giant may have overplayed its hand

    COMMENT The way Intel has been talking about the status of its $20 billion Ohio fab project, you would be forgiven if you assumed that construction on the Midwest mega-site has been delayed in light of Congress struggling to pass a large subsidies package that would support new American chip factories.

    When Intel delayed a groundbreaking ceremony for the Ohio manufacturing site two weeks ago out of frustration over the subsidies inaction, some headlines may have given you the impression the semiconductor giant was putting off construction entirely.

    However, an Intel spokesperson made it clear to The Register and others at the time that the start date for construction had not changed.

    Continue reading
  • Hive ransomware gang rapidly evolves with complex encryption, Rust code
    RaaS malware devs have been busy bees

    The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly overhauled its malware, including migrating the code to the Rust programming language and using a more complex file encryption process.

    Researchers at the Microsoft Threat Intelligence Center (MSTIC) uncovered the Hive variant while analyzing a change in the group's methods.

    "With its latest variant carrying several major upgrades, Hive also proves it's one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem," the researchers said in a write-up this week.

    Continue reading
  • What do you mean your exaflop is better than mine?
    Gaming the system was fine for a while, now it's time to get precise about precision

    Comment A multi-exaflop supercomputer the size of your mini-fridge? Sure, but read the fine print and you may discover those performance figures have been a bit … stretched.

    As more chipmakers bake support for 8-bit floating point (FP8) math into next-gen silicon, we can expect an era of increasingly wild AI performance claims that differ dramatically from the standard way of measuring large system performance, using double-precision 64-bit floating point or FP64.

    When vendors shout about exascale performance, be aware that some will use FP8 and some FP64, and it's important to know which is being used as a metric. A computer system that can achieve (say) 200 peta-FLOPS of FP64 is a much more powerful beast than a system capable of 200 peta-FLOPS at just FP8.

    Continue reading
  • Meta's AI translation breaks 200 language barrier
    Open source model improves translation of rarer spoken languages by 70%

    Meta's quest to translate underserved languages is marking its first victory with the open source release of a language model able to decipher 202 languages.

    Named after Meta's No Language Left Behind initiative and dubbed NLLB-200, the model is the first able to translate so many languages, according to its makers, all with the goal to improve translation for languages overlooked by similar projects. 

    "The vast majority of improvements made in machine translation in the last decades have been for high-resource languages," Meta researchers wrote in a paper [PDF]. "While machine translation continues to grow, the fruits it bears are unevenly distributed," they said. 

    Continue reading
  • Tracking cookies found in more than half of G20 government websites
    Sorry, conspiracy theorists, it's more likely sloppy webdev work rather than spying

    We expect a certain amount of cookie-based tracking on retail websites and social networks, but in some countries up to 90 percent of government sites have implemented trackers – and serve them seemingly without user consent. 

    A study by IMDEA, a research facility in Madrid, Spain, evaluated more than 118,000 URLs of 5,500 government websites – think .gov,,, etc. – hosted in the twenty largest global economies (the G20) and discovered a surprising tracking cookie problem, even among countries party to Europe's GDPR and those with their own data privacy regulations.

    On average, the study found, more than half of cookies created on G20 government websites were third-party cookies, meaning they were created by outside entities typically to collect information on the user. While the proportion of cookies issued by third-party trackers ought to be zero on a government web site, some (in Russia for example) had as many as 90 percent of the cookies come from known third-party cookies or trackers.

    Continue reading
  • Iceotope attracts funds for liquid cooling from global investors
    Round led by Singapore's ABC Impact, which sees growing market for the technology in Asia

    UK-based liquid cooling company Iceotope has scored £30 million (c $35.7 million) in a funding round led by Singapore's ABC Impact private equity provider, which sees a growing market for the technology in Asia.

    The investment syndicate providing the funding comprises Northern Gritstone, British Patient Capital, Pavilion Capital, and an existing investor, Edinv. Also included is SDCL Energy Efficiency Income Trust, an investment company dedicated to energy-efficiency projects.

    According to Iceotope, the investment syndicate also includes nVent, a specialist in heat-management systems and enclosures. In addition to investing, nVent has formed a trading agreement with Iceotope on modular integrated solutions for datacenters, edge facilities, and high-performance computing (HPC) applications.

    Continue reading

Biting the hand that feeds IT © 1998–2022