UCITA: Not Gone, Not Forgotten
On Monday, the Virginia House of Delegates unanimously voted in favor of the Uniform Computer Information Transactions Act, commonly known as UCITA. The Linux Journal and others, including Richard Stallman, have voiced strong opposition to the bill, which must be ratified by all 50 states. UCITA is essentially a contract law statute that creates a common commercial contract law for computer software, multimedia products, computer databases and on-line information. While proponents of UCITA see both the computer industry and cyberspace as areas of commerce that badly need regulating, most opponents--which include both the Motion Picture Association of America and the Free Software Foundation--view UCITA as just the type of overly broad, lobbyist-friendly, innovation-stifling legislation that the computer industry does not need.
For more background information on UCITA, I highly recommend Bryan Pfaffenberger's article "Shrink-Wrapped UCITA", which warned us back in September that UCITA was bad news for both software makers and users. For more on the argument against (as well as a UCITA Fact Sheet), try the CPSR's UCITA web site. For more on the argument in favor of UCITA, visit the Software and Information Industry Association's web site.
But with the Virginia House of Delegates unanimously backing UCITA, we thought it was time to check back in with Bryan Pfaffenberger--who just happens to be a professor of technology, culture and communication ... at the University of Virginia.
David: I note that about half of the attorneys general are against UCITA, including AGs from states as diverse as Arizona and Washington state. What is different about Virginia and the other 23-odd states whose AGs have not come out against UCITA?
Bryan: For Virginia, it's simple: money. It's very important to understand that UCITA benefits a few very rich companies, notably Microsoft--and these same companies have tons of cash to contribute to political campaigns, thanks to the bull market. In Virginia, money talks--and talks big. Not only does the state have a huge and growing software industry, but it's also the only state in the U.S. that places no limits whatsoever on campaign contributions. Where companies such as AOL and Microsoft can make unlimited campaign contributions, it's a brave legislator indeed who will stand up to them. Not a single Virginia delegate voted against UCITA--and in a way, it's hard to blame them. Would you want to face an opponent who's getting $500,000 from AOL?
UCITA benefits a few very rich companies at the expense of millions of smaller businesses and consumers, who lack the money and organization to influence the political process. That's one of several reasons the Attorneys General from 27 states have publicly stated their opposition to UCITA.
David: I've read some material from the Software & Information Industry Association, but exactly what problem was the UCITA created to solve?
Bryan: The Uniform Commercial Code (UCC), drafted in the 1950s, governs the marketing of tangible goods, but provides little guidance concerning the marketing and licensing of intangible goods, such as computer software. Software publishers have tried to stick licenses on their customers by conflating an action (such as opening a package) with acceptance of license terms, but some of the licenses have not held up in court. Clearly, software publishers need and deserve clarification here; if software licenses have no legal substance, publishers cannot protect themselves against unauthorized duplication and unwarranted liability lawsuits.
But UCITA goes too far. In a series of stunning innovations, UCITA rewrites the law concerning intellectual property, commercial contracts, and product licenses in ways that are unprecedented in their break with prevailing laws and expectations. Revisions to UCC are not supposed to be innovative; they're supposed to "capture" existing practice. Observers suspect this is one of the reasons behind the withdrawal of the American Law Institute (ALI) from the UCC code revision process. Without the ALI's participation, the proposed revisions we now know as UCITA cannot become part of the UCC; UCITA is, therefore, an end run around the usual process. The ALI's withdrawal is reason enough to regard UCITA as a fundamentally flawed bill that should not receive consideration anywhere.
Here are some examples of UCITA's breathtaking innovations:
Lending or selling anything that contains licensed software will become a criminal act, unless you obtain permission from the publisher. Consumers won't be able to sell books that they purchase on CD-ROM, to the extent that the discs contain code. This provision will become a living nightmare for anyone selling a company; how could you possibly track down all the licensed software in your entire company, and get permission? Of course, this is much easier when you buy all your software from one vendor, such as, um, Microsoft. In short, UCITA subsumes several hundred years of intellectual property law under a particularly aggressive model of mass-market software licensing--which is why leading intellectual property experts and organizations oppose UCITA.
A vendor could bury an expensive, long-term contract agreement in a fleetingly visible "notice" that the consumer would probably ignore, and saddle the consumer with enormous credit card debts--which would be inescapable under UCITA's provisions. For this reason alone, no consumer should ever purchase any product from any firm that does not specifically and visibly repudiate UCITA's provisions. That is one reason why every consumer organization that has examined UCITA strongly opposes it.
And that's just the beginning.
David: I also note that both the MPAA and the Free Software Foundation are against the UCITA. Strange bedfellows, no?
Bryan: There's a reason: UCITA affects everyone. As a representative of the American Society of Magazine Publishers noted, UCITA departed from its "proper developmental pattern", and became a "cancer-like growth that has metastasized into every area it touches". Ostensibly about "software licensing", UCITA now affects any transfer of anything that contains computer code--and what doesn't contain computer code these days?
Here's why broadcasters, the RIAA and MPAA, and other entertainment groups opposed UCITA: the legislation imposes a rigid model derived from mass-market software licensing on a huge range of markets--it's a one-size-fits-all approach. But these well-funded adversaries won last-minute concessions that would appear to exempt them from the bill's provisions.
The Free Software Foundation's opposition focuses on another of UCITA's breathtaking innovations: the act's criminalization of reverse engineering. Until UCITA, reverse engineering has been consistently upheld by the courts as a free speech right; copyright, after all, protects only the expression of an idea, not the underlying idea. If you reverse-engineer a program in a "clean room" environment, looking at the program's input and output (but ignoring the actual code), you can legally write a program that emulates the original code. And that's precisely what thousands of free software authors have done--but they may not be able to do so any longer. Under UCITA, Microsoft could go after AbiSource for creating a word processor that reads Word's proprietary files.
Perhaps even more threatening is UCITA's role in establishing a liability baseline for software publishers. Consumer advocates note with dismay that the act's provisions free software publishers from any conceivable liability from defects in their code; however, you must use UCITA's provisions as a baseline in order to get this protection. Free software licenses such as the GPL may become meaningless after UCITA, exposing program authors to litigation. Since free software authors generally aren't wealthy, they will withdraw their products rather than face protracted litigation. UCITA may well have been designed from the get-go to eliminate the competitive threat from free software--a necessary step, since free software is winning in the marketplace.
David: Is ignorance of technological issues the main reason UCITA may succeed? Or is it that the pro-UCITA groups just got off to a faster, stronger start?
Bryan: It's money, pure and simple. Virginia legislators had plenty of opportunity to hear from constituents who will be adversely affected by UCITA. They patiently explained the act's implications and used non-technological analogies to explain their points. They were ignored.
David: One of the arguments in favor of UCITA seems to be "well, we've got this whole new area that is largely unregulated, and this begins to provide some regulation and clarity..." as if any law that is developed to "rationalize" this industry is inherently a good one...
Bryan: Any reasonable person would agree that it's time to update the UCC. But UCITA amounts to an attempt by a few huge, wealthy companies--notably Microsoft--to rewrite commercial law in favor of its own, highly aggressive model of consumer marketing. Powerful corporations will, of course, attempt to influence legislation in their favor, but a balanced political process counters this pressure in the public's interest. In any state that passes UCITA, you can conclude that the political process has broken down to the point that legislative bodies have become the open, undeclared enemy of consumers, workers, small businesses and communities--and should be regarded as such.
David: With 26 states having AGs in opposition and 50-state ratification necessary, how likely is it that UCITA will be passed?
Bryan: Attorneys General don't make the law. Legislators do. And if you'd like to meet a state legislator, just read any Karl Hiassen novel. I particularly recommend Sick Puppy. Hiassen is a reporter for the Miami Herald who, in a series of hilarious but disturbing works, runs a literary skewer through Florida's public servants. (The thing that amazes me is that Hiassen is still regarded as a satirist; as you'll see, he comes unnervingly close to the mark.)
David: One of the more controversial aspects of UCITA is the "repossession" of improperly used software. How do supporters of UCITA expect to enforce this?
Bryan: By means of covert "trap doors" in the code that would enable the vendor to shut you down remotely (via the Internet) if you fail to live up to the contract. But you may not even know what the contract is; even if you negotiated a somewhat better contract with the vendor than the one contained in the "click here to assent" version, it appears that if anyone in your company unwittingly clicked this button, your entire company could be held to the shrink-wrap contract.
Anyone with an ounce of computer knowledge will immediately recognize that this provision introduces a security hole of nightmarish proportions. No company should ever purchase any product unless the vendor specifically declares that the product contains no such trap door and the vendor refuses to impose UCITA on their customers.
I should imagine that Microsoft has been building precisely such trap doors in their products for some time now, waiting for the time when its pet legislation--UCITA--becomes law.
David: How dangerous is it that UCITA considers the commerce of pre-packaged software not "commercial goods" but "licenses of computer information"?
Bryan: Here's where we see the cancer-like growth I mentioned earlier. UCITA's pervasive, fuzzily written provisions could be seen to lay claim to any kind of intellectual property that is communicated by computer. And again, it discards hundreds of years of precedent in intellectual property law in favor of a highly aggressive model derived from blitzkrieg marketing tactics. UCITA is a disaster in the making for democracy, scholarship, education, literature and art. That's why UCITA is opposed by librarians, scholars, educators, legal professors, artists, musicians and all kinds of people for whom greed is not the single operative principle in life.
David: Another of the more Draconian aspects of UCITA is its ambivalence to public discussion of product flaws. This seems like an anti- slander holdover from the brick-and-mortar days, and not very aware of the role that the Internet, discussion groups and chat rooms play in promoting and disseminating information about software.
Bryan: It's not just ambivalence. According to UCITA, you can't criticize or discuss a product in any negative way.
There's a free-speech issue here, and it's one of UCITA's several provisions that are likely to be struck down in the appeals process--but not before peoples' lives, careers and businesses are ruined. Of course, why would the billionaires at Microsoft and AOL care about that?
I continue to hold on to a very faint hope that UCITA will be unmasked for what it is: namely, Microsoft's last gasp in the monopoly sweepstakes. Don't ever forget that the UCITA project leader is, not coincidentally, a senior Microsoft attorney. UCITA is, in my opinion, a thinly veiled plot by Microsoft's legal team to put their competition out of business, at the expense of anything and everything that might stand in the way, including the most fundamental notions of decency and respect for the traditions of democracy, law, and freedom. As more and more companies realize that UCITA will enable Microsoft to clean their plates, there's some hope--a little, teensy shred of hope--that this monstrosity can be stopped.
But then again, people accuse me of being optimistic.
Bryan Pfaffenberger is Associate Professor of Technology, Culture and Communication at the University of Virginia in Charlottesville.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide