Manifestation of Assent

Some considerations and guidelines for creating software licenses that are enforceable.

There's been an interesting academic argument going around in certain legal and open source circles about how to make sure that our software licenses are enforceable.

Most open source licenses you'll find at www.opensource.org and all proprietary software licenses you'll find anywhere are to be interpreted under contract law. They can be enforced, like other contracts are enforced, against both a licensor and a licensee.

Contracts can almost always be enforced against a licensor. If a licensor promises you the source code or promises not to interfere with your lawful uses of the software, he is bound by those promises as long as you reasonably relied on those promises when you accepted the contract. The general rule is that the author of a contract is bound by his own words.

In most jurisdictions, contracts can be enforced against a licensee only if the licensee agreed to be bound to the contract.

There are two things that a licensor must worry about, then, when creating a software license:

  1. What are the terms of the license I want to enforce against a licensee? Rather than confuse everyone, I'll say nothing more about the content of contract licenses in this article, except to note that in most jurisdictions the parties can agree to almost any damn fool thing they want, except those things which are against public policy. I'll probably write another article about this someday.

  2. How can I make sure that a licensee agrees to be bound to the license? This is the important issue of contract formation.

Here's where I always get flamed on SlashDot or license-discuss. The law usually requires that the party seeking to enforce the terms of a contract be prepared to prove that the other party agreed to those terms. There must be some clear manifestation of assent by the "obligee" (i.e., the obligated party) that can be presented as evidence to show that a contract was actually formed between the parties.

Many cases have been lost because the licensor's procedures for contract formation were faulty and he cannot present evidence manifesting assent by the licensee.

In the early days of proprietary software, all software licenses were documented by a writing signed by the parties. Signed documents are the most obvious form of manifestation of assent. When you contract for real property, for example, written documents are often the only acceptable manifestation of assent. But this procedure is no longer typical for software. With mass market distribution of software we now use shrink-wrap, click-wrap or browse-wrap techniques to manifest assent.

Even as the technology changed to accommodate mass market software, the courts continued to struggle with contract formation issues in the software context. Simply uttering the magic words "click-wrap" didn't automatically win the case. Licensors continued to lose where they hadn't done what was reasonable to make sure that the licensee became aware of the license and had an opportunity to read and manifestly accept the license terms, before he began to use the software.

Notice that the law never requires that a licensee actually read the license terms. If you're foolish enough to agree to something without reading it, the courts say, you can't claim foolishness as a defense. (Insanity, however, remains a defense to contract formation, as does "infancy"--meaning, in many states by some perverse historical twist, anyone under the age of 18.)

I finally realized yesterday, after engaging in a particularly acrimonious debate on this topic with some friends of mine, that one reason I'm being flamed is because I keep referring to this issue as the "click-wrap notice." I'm confusing the technology with the legal principle, and the terminology is earning me battles I don't need.

What I really mean to say is that the law requires some manifestation of assent to prove that a contract was actually formed.

We lawyers like to play what-if games with each other in which we imagine strange scenarios, such as, does the mere fact that the licensee knew that there was a license when he used the software manifest his assent to form a contract? What if the cable repair guy installed the software and the user didn't even know the software was there? What if someone told his insane 17-year-old son to accept the license and install the software for him?

The answers are the same in each case: Look for a specific statute in your jurisdiction that covers the situation or go ask the judge what she thinks.

Obviously I can't punt that way when my own client asks me what to do to ensure that contract formation is done correctly. That is why I suggest to clients distributing end-user software over the Internet that they present the end-user with a dialogue box requiring the licensee to AGREE with the license before they get the software. (Usually this is called "click-wrap".) Clicking, previous courts have held, can be an acceptable manifestation of assent. When done correctly, a click-wrap procedure is an easy and effective way to accept licenses.

It isn't the only manifestation of assent possible, and indeed click-wrap doesn't work in many situations. For example, FTP downloading procedures aren't amenable to click-wrap procedures. For another, click-wrap can become onerous when licensors require clicking for each package in a multi-package distribution. In some situations it may be more appropriate to implement a splash-screen to indicate license terms. It may be that prominent notices in the product documentation will suffice to ensure that knowledgeable users knew about and assented to the licenses.

Contract formation cases present fact-specific and jurisdiction-specific legal questions that don't always have easy answers. I hate to let a judge decide if I don't have to, because most judges are technically incompetent on software matters and it takes too long to educate them.

Instead what I recommend is that licensors, in consultation with their attorneys, do the best job they can to obtain a manifestation of assent when they license their software. Open source licensors have to do that also. Click-wrap may be the technical solution in some situations, but other creative solutions are available. Just do your best to do it right.

Lawrence Rosen is an attorney in private practice in Redwood City, California (www.rosenlaw.com). He also is general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (www.opensource.org).

Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Sounds like a Lawyer trying to drum up business

Anonymous's picture

what I recommend is that licensors, in consultation with their attorneys... [emphasis mine]

Hmm.

One also gets the impression that there is a hidden agenda here, in which making people uncertain about the enforceability of existing licenses might be used as a lever to encourage people to adopt new licenses created by the Open Source Initiative.

Taking the licenses under which most Free Software is licensed (GNU GPL & BSDish), it is clear that there is no need for assent, because to be bound by their terms one must have done something that would be forbidden under normal copyright law, so either you have manifested assent, or you are in violation of the copyright.

The exceptional Open Source license that comes to mind is Apple's APSL, which as I read it insists that if you modify the code, and deploy it on one machine, internally in your business (which would be allowed under normal copyright) you need to tell Apple about it. To enforce that condition you probably do need to prove assent.

Personally, I take this as a sufficient demonstration that the Open Source Initiative screwed up when they accepted the APSL.

If they were not stupid enough to accept such licenses in the first place, then they would not now need to be advising people to hire lawyers.

How does the GPL fare under this analysis?

Anonymous's picture

How does the GPL fare under this analysis? From a non-lawyer's perspective, the language of the GPL seems well-crafted to address the licensing difficulties you have described, but does it hold water from a legal standpoint?

sPh

Re: How does the GPL fare under this analysis?

Anonymous's picture

Extremely well.

What the article COMPLETELY MISSES is that the licencee

either (a) agrees to the licence

or (b) is committing a criminal offence.

So bang goes his argument that you can't enforce it because you can't prove the licencee agreed. If you find a violation you just ask him whether he wants to fix the violation or be reported to the authorities.

Cheers,
Wol

Uniform Commercial Code

Anonymous's picture

The article ignores the Uniform Commercial Code, which says,

basically, that if you pay for something you have the right to

use it. The seller can't impose extra conditions after he's taken

your money. Therefore, if you don't get to see the click-wrap

agreement until after you have paid, you can click it freely

without being bound by anything it says, if clicking it is

necessary to get to use what you paid for, and the extra

conditions weren't spelled out on the label.

Some idiotic court decisions in the 2nd circuit have muddied

the water where software is concerned, and (IIRC) Maryland

has rescinded the UCC, but in most of the U.S., the UCC still

holds.

That doesn't stop many vendors from trying to see what they

can get away with.

Re: Uniform Commercial Code

Anonymous's picture

I have always held click-wrap licensing invalid for software that has already been purchased. If I must
crack code in order to enforce my
obvious right to use what I have
purchased, I will do so.

As for unpurchased software (free download, misc.),
any arbritary licensing is probably valid as no money has
been paid for use and so the obvious right to use does
not exist.

"Default" copyright gives less rights than GPL, correct?

Anonymous's picture

I'm not sure that the author's comments mean that GPL requires explicit "manifestation of assent" techniques (click-wrap) to prevent violations.

If someone steals a book, they have agreed to no license, but are still bound by the copyright, and can't legally redistribute copies of the book or derivative versions of it.

If someone downloads GPL'd software, they only have those rights because the GPL specifies them. So, is the exercise of those rights itself "manifestation of assent"? I doubt it.

However, see how this would play out in a real case. I release "Closed Linux 1.0" with no source code under a proprietary EULA, and am hauled into court by Linus. If I claim that I agreed to no license, then the judge concludes I violated copyright law. If I claim I heard from a friend that Linus was okay with people making copies, I've still obtained no permission to redistribute, and the conclusion is the same. Etc, etc. until we reach the point that if I refuse or disclaim assent to the license or any part of it, my actions are illegal because they violate Linus' copyright.

If I'm correct, then the GPL would have added strength in that violators are guilty of *criminal* activity under copyright law, versus simply breaking a contract.

Is there any part of GPL (or other significant licenses) where a material violation of the license is possible without breaking copyright?

Any thoughts about this?

Re: nonsense: stealing does not invoke copyright

Anonymous's picture

> If someone steals a book, they have agreed to no license, but are still bound by the copyright, and can't legally redistribute copies of the book or derivative versions of it. <

Bull*****. If someone steals a book, he is _not_ bound by the copyright. For example, he does _not_ have the right to make personal copies, resell the book, read it or whatever else. He is not allowed to make _any_ use of the book, not because of copyright (which regulates what you may and may not do with what you acquired as your own property), but because you must be in legal possession of something to use it.

Copyright and fair use come into play when you _acquired_ a book in a transaction.

The same goes for the GPL. If you steal some GPLed source from a server you are not supposed to have access to, this gives you neither the rights under the GPL nor under copyright law. If somebody derives his own version of some GPLed software and sells only binaries, and does not allow you redistribution, then neither copyright nor GPL will permit you to redistribute either the binaries or the source (in case you could get hold of it somehow). Only the original copyright holder has any chance to do something about that: he can let the courts order the company to cease redistribution of his code.

That is the reason the FSF is paranoid about copyright assignments: if there is no copyright holder willing to go after violations, the recipient is powerless to claim his rights under the GPL. The GPL is designed for protecting the rights of the user, but the law makes this enforceable only by the author.

For that reason, a GPL without legal backing and determination by the original author is teethless.

Re: nonsense: stealing does not invoke copyright

Anonymous's picture

Okay, so I should have said "buys a book." But in either case, the point is still the same (please read the rest of my post): the user has no rights to modify and redistribute *until* they agree to the GPL.

So what I'm asking is, do we have to worry about people agreeing to the GPL explicitly in order to make it enforcable? I contend the answer is no, since if no agreement is reached, copyright makes violations illegal.

I agree with you on the need for a clear copyright holder. It is the lynchpin of GPL enforceability.

Re: Manifestation of Assent

Anonymous's picture

Nice article.
At first I thought you were going to assert that open source licences are not enforceable. But you didn't,
and maybe I know why. Please let me know what you thing of the following statement:

Open source licences do not need click-wrap because they do not enforce any limitation on users. Open Source software can be used by anyone under any condition and copied everywhere.
Not having obligations, Open Source users are free to ignore that, on the top of each file, there is a licence
statement. The licence is not for their eyes.
Now, the matter changes when someone is going to incorporate open source software in his own product. Anybody wanting to use somebody elses software _has_ to look at the code, or at least at the documentation. And if the licence terms are prominently shown in there, they cannot fail to read them. As far as the manifestation of assent goes, engineering your software so that it uses someone else's software should be at least as significant as clicking through a web form.

Oh, IANAL, as you had probably guessed.

Re: Manifestation of Assent

Anonymous's picture

Perhaps not, under the GPL at least, if you give copies to another party, it applies to you.

So you can copy GPL stuff all you want for yourself and ignore the licence, but if you copy and give to another, it applies to you.

A Nony Mouse

Open Source is not just GPL+BSD

xtifr's picture

Anonymous writes: "Open source licenses do not need click-wrap because they do not enforce any limitation on users."

In other words, they are true licenses; they grant the user license to do things he could not do by default under copyright law. This is true of the most common open source licenses (GPL/LGPL/BSD/Artistic), but it's not necessarily true of all Open Source licenses. I think.

Apple's infamous "all your mods are belong to us" license, for example, has an impact on users. BSD/GPL are only relevent to those who distribute code, while the APSL, or whatever it's called, attempts to restrict users of the code. With the GPL, you can make whatever changes you want for your own personal use without worrying about the GPL, because copyright law doesn't prevent you from modifying your own legitimate copy of something. However the APSL, which the FSF judges non-free, but the OSI (foolishly IMO) judged to qualify as open source, tries to assert ownership over your personal modifications. A license like the ASPL may well require some sort of manifestation of assent..

Of course, IMO, any license that requires a manifestation of assent is NOT a free software license. The fact that the "open sores" folks consider such a thing acceptable is one reason I don't pay much attention to 'em any more.

Re: Manifestation of Assent

Anonymous's picture

I agree with you on enforceability, but I disagree on your reasoning. Someone could easily repackage all of RedHat under a shrink-wrap EULA and redistribute it without reading a single line of source.

However, as I point out in my post below, they can only do so under the copyleft provisions of the various licenses. So, because of copyright, they have no right to violate my license, *even if they have not agreed to it*!

It's like this. RMS could say to himself: "I'm not going to pursue anyone for copyright violations on my software unless they refuse to provide source code." And he would be able to do so. No license, no need for assent. But by attaching the GPL, he has himself agreed to set aside certain of *his* rights, but only if you agree to his license terms. So he has created a situation where people can copy, distibute, and modify his software and be confident that they have the legal right to do so. But if they don't agree to the license, or claim not to, they have no such rights.

At least I think so.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState