About a year ago I was working with another attorney to change the Maryland UCITA statute to be friendlier to open source. UCITA, the Uniform Computer Information Transactions Act, is a model code intended to be adopted by all states so that there is uniformity to the law of software licensing. UCITA provides default rules that apply when a software license omits essential terms. Another purpose of UCITA is to define what license terms are against public policy and thus cannot be enforced even if they are included in a license.
In many respects UCITA is like the Uniform Commercial Code. For example, the UCC sets rules to prevent a merchant from foisting shoddy goods on an unsuspecting public. In that same vein, early versions of UCITA stated that it is against public policy for a software license to disclaim the implied warranties of merchantability and fitness for a particular purpose.
UCITA requires, regardless of what the license says, that a licensor provide warranty protection if the licensed software turns out not to be fit for the ordinary purposes for which it was intended or to conform to the promises made in its documentation or marketing materials.
Damages for breach of warranty can be substantial. In appropriate situations, a licensee can recover for any loss resulting from the breach, the difference between the value of the software accepted and the software delivered, and even incidental and consequential damages.
The makers and distributors of open-source software cannot afford these implied warranties. If software is given away along with the source code, then how does an open-source licensor recover the cost of the warranties? That's why all open-source licenses declare that the software is made available as is and without warranty.
Maryland is one of the few states that has adopted UCITA. The implied warranties in the Maryland law were unacceptable to the Open Source community. After hearing our arguments, and to correct this situation, the Maryland legislature adopted the following amendment to UCITA:
The warranty [of merchantability and fitness for a particular purpose] does not apply to a computer program if there is no charge for (1) the source code, (2) making copies, or for use of those copies, (3) modifying, and (4) redistributing the computer program.
UCITA is adopted state-by-state. To help avoid dealing with this issue piecemeal, representatives of the Open Source community then sought the adoption of an amendment to the uniform code itself. The Maryland statute was submitted for consideration by the National Conference of Commissioners on Uniform State Laws (NCCUSL), the author of UCITA.
Instead, the provision the NCCUSL committee adopted reads as follows:
(a) Except as provided in subsection (b), the warranties [of merchantability and fitness for a specific purpose] do not apply to a computer program if the licensor makes a copy of the program available to the licensee in a transaction in which there is no contract fee for the right to use, make copies of, modify, or distribute copies of the program.
(b) Subsection (a) does not apply if the copy of the computer program is contained in and sold or leased as part of goods or if the transaction is with a consumer licensee that is not a software developer.
The replacement of “and” with “or” toward the end of subsection (a), and the omission in that sentence of the requirement that the source code be available, are very important changes. It means that companies that bundle their “free” software with software for which they charge license fees—as Microsoft does with Internet Explorer, for example—are eligible for the warranty exemption even though they do not satisfy any of the other criteria of open-source software. It guts the entire purpose of the amendment.
The addition of subsection (b) is another dangerous trap for the unwary. The second part of that subsection means that the warranty exemption is fine when the software is distributed to other software developers, but as soon as the software is distributed to real users or customers, the implied warranties are required. Thanks, but no thanks!
A letter from the National Association of Attorneys General, signed by attorneys general from 32 states, was submitted to the UCITA Standby Committee on November 13, 2001. It contains criticisms of UCITA in general, but contains no substantive proposals for any amendments of any kind. The letter effectively states that there are no conceivable amendments of any kind that might be proposed to improve UCITA as suitable law for computer information contracts.
As long as UCITA doesn't adequately address concerns about its fairness and effectiveness, including the concerns of the Open Source community, it will not likely be adopted by enough states to make it useful. We must remain vigilant, state-by-state, to prevent the adoption of this flawed law.
Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.
Lawrence Rosen is an attorney in private practice, with offices in Los Alto Hills and Ukiah, California (www.rosenlaw.com). He is also executive director and general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|diff -u: What's New in Kernel Development||Aug 20, 2014|
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
- diff -u: What's New in Kernel Development
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Tech Tip: Really Simple HTTP Server with Python
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Monitoring Android Traffic with Wireshark
- New Products
- RSS Feeds
- Returning Values from Bash Functions
- Raspberry Pi: the Perfect Home Server