Bad Law

Why UCITA is unacceptable to the Open Source community.

About a year ago I was working with another attorney to change the Maryland UCITA statute to be friendlier to open source. UCITA, the Uniform Computer Information Transactions Act, is a model code intended to be adopted by all states so that there is uniformity to the law of software licensing. UCITA provides default rules that apply when a software license omits essential terms. Another purpose of UCITA is to define what license terms are against public policy and thus cannot be enforced even if they are included in a license.

In many respects UCITA is like the Uniform Commercial Code. For example, the UCC sets rules to prevent a merchant from foisting shoddy goods on an unsuspecting public. In that same vein, early versions of UCITA stated that it is against public policy for a software license to disclaim the implied warranties of merchantability and fitness for a particular purpose.

UCITA requires, regardless of what the license says, that a licensor provide warranty protection if the licensed software turns out not to be fit for the ordinary purposes for which it was intended or to conform to the promises made in its documentation or marketing materials.

Damages for breach of warranty can be substantial. In appropriate situations, a licensee can recover for any loss resulting from the breach, the difference between the value of the software accepted and the software delivered, and even incidental and consequential damages.

The makers and distributors of open-source software cannot afford these implied warranties. If software is given away along with the source code, then how does an open-source licensor recover the cost of the warranties? That's why all open-source licenses declare that the software is made available as is and without warranty.

Maryland is one of the few states that has adopted UCITA. The implied warranties in the Maryland law were unacceptable to the Open Source community. After hearing our arguments, and to correct this situation, the Maryland legislature adopted the following amendment to UCITA:

The warranty [of merchantability and fitness for a particular purpose] does not apply to a computer program if there is no charge for (1) the source code, (2) making copies, or for use of those copies, (3) modifying, and (4) redistributing the computer program.

UCITA is adopted state-by-state. To help avoid dealing with this issue piecemeal, representatives of the Open Source community then sought the adoption of an amendment to the uniform code itself. The Maryland statute was submitted for consideration by the National Conference of Commissioners on Uniform State Laws (NCCUSL), the author of UCITA.

Instead, the provision the NCCUSL committee adopted reads as follows:

(a) Except as provided in subsection (b), the warranties [of merchantability and fitness for a specific purpose] do not apply to a computer program if the licensor makes a copy of the program available to the licensee in a transaction in which there is no contract fee for the right to use, make copies of, modify, or distribute copies of the program.

(b) Subsection (a) does not apply if the copy of the computer program is contained in and sold or leased as part of goods or if the transaction is with a consumer licensee that is not a software developer.

The replacement of “and” with “or” toward the end of subsection (a), and the omission in that sentence of the requirement that the source code be available, are very important changes. It means that companies that bundle their “free” software with software for which they charge license fees—as Microsoft does with Internet Explorer, for example—are eligible for the warranty exemption even though they do not satisfy any of the other criteria of open-source software. It guts the entire purpose of the amendment.

The addition of subsection (b) is another dangerous trap for the unwary. The second part of that subsection means that the warranty exemption is fine when the software is distributed to other software developers, but as soon as the software is distributed to real users or customers, the implied warranties are required. Thanks, but no thanks!

A letter from the National Association of Attorneys General, signed by attorneys general from 32 states, was submitted to the UCITA Standby Committee on November 13, 2001. It contains criticisms of UCITA in general, but contains no substantive proposals for any amendments of any kind. The letter effectively states that there are no conceivable amendments of any kind that might be proposed to improve UCITA as suitable law for computer information contracts.

As long as UCITA doesn't adequately address concerns about its fairness and effectiveness, including the concerns of the Open Source community, it will not likely be adopted by enough states to make it useful. We must remain vigilant, state-by-state, to prevent the adoption of this flawed law.

Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.

email: lrosen@rosenlaw.com

Lawrence Rosen is an attorney in private practice, with offices in Los Alto Hills and Ukiah, California (www.rosenlaw.com). He is also executive director and general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix