About a year ago I was working with another attorney to change the Maryland UCITA statute to be friendlier to open source. UCITA, the Uniform Computer Information Transactions Act, is a model code intended to be adopted by all states so that there is uniformity to the law of software licensing. UCITA provides default rules that apply when a software license omits essential terms. Another purpose of UCITA is to define what license terms are against public policy and thus cannot be enforced even if they are included in a license.
In many respects UCITA is like the Uniform Commercial Code. For example, the UCC sets rules to prevent a merchant from foisting shoddy goods on an unsuspecting public. In that same vein, early versions of UCITA stated that it is against public policy for a software license to disclaim the implied warranties of merchantability and fitness for a particular purpose.
UCITA requires, regardless of what the license says, that a licensor provide warranty protection if the licensed software turns out not to be fit for the ordinary purposes for which it was intended or to conform to the promises made in its documentation or marketing materials.
Damages for breach of warranty can be substantial. In appropriate situations, a licensee can recover for any loss resulting from the breach, the difference between the value of the software accepted and the software delivered, and even incidental and consequential damages.
The makers and distributors of open-source software cannot afford these implied warranties. If software is given away along with the source code, then how does an open-source licensor recover the cost of the warranties? That's why all open-source licenses declare that the software is made available as is and without warranty.
Maryland is one of the few states that has adopted UCITA. The implied warranties in the Maryland law were unacceptable to the Open Source community. After hearing our arguments, and to correct this situation, the Maryland legislature adopted the following amendment to UCITA:
The warranty [of merchantability and fitness for a particular purpose] does not apply to a computer program if there is no charge for (1) the source code, (2) making copies, or for use of those copies, (3) modifying, and (4) redistributing the computer program.
UCITA is adopted state-by-state. To help avoid dealing with this issue piecemeal, representatives of the Open Source community then sought the adoption of an amendment to the uniform code itself. The Maryland statute was submitted for consideration by the National Conference of Commissioners on Uniform State Laws (NCCUSL), the author of UCITA.
Instead, the provision the NCCUSL committee adopted reads as follows:
(a) Except as provided in subsection (b), the warranties [of merchantability and fitness for a specific purpose] do not apply to a computer program if the licensor makes a copy of the program available to the licensee in a transaction in which there is no contract fee for the right to use, make copies of, modify, or distribute copies of the program.
(b) Subsection (a) does not apply if the copy of the computer program is contained in and sold or leased as part of goods or if the transaction is with a consumer licensee that is not a software developer.
The replacement of “and” with “or” toward the end of subsection (a), and the omission in that sentence of the requirement that the source code be available, are very important changes. It means that companies that bundle their “free” software with software for which they charge license fees—as Microsoft does with Internet Explorer, for example—are eligible for the warranty exemption even though they do not satisfy any of the other criteria of open-source software. It guts the entire purpose of the amendment.
The addition of subsection (b) is another dangerous trap for the unwary. The second part of that subsection means that the warranty exemption is fine when the software is distributed to other software developers, but as soon as the software is distributed to real users or customers, the implied warranties are required. Thanks, but no thanks!
A letter from the National Association of Attorneys General, signed by attorneys general from 32 states, was submitted to the UCITA Standby Committee on November 13, 2001. It contains criticisms of UCITA in general, but contains no substantive proposals for any amendments of any kind. The letter effectively states that there are no conceivable amendments of any kind that might be proposed to improve UCITA as suitable law for computer information contracts.
As long as UCITA doesn't adequately address concerns about its fairness and effectiveness, including the concerns of the Open Source community, it will not likely be adopted by enough states to make it useful. We must remain vigilant, state-by-state, to prevent the adoption of this flawed law.
Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.
Lawrence Rosen is an attorney in private practice, with offices in Los Alto Hills and Ukiah, California (www.rosenlaw.com). He is also executive director and general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Humble Hacker?
- Server Hardening
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- ACI Worldwide's UP Retail Payments
- Open-Source Project Secretly Funded by CIA
- Varnish Software's Hitch
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide