I’ve recently been developing a software tool, and started researching ‘Terms and Conditions’ that I might like to apply to the product. In the process, I found the Electronic Frontier Foundation (EFF), and this link about End User License Agreements (EULA).
The EFF says “When our freedoms in the networked world come under attack, the Electronic Frontier Foundation (EFF) is the first line of defense.” which tells you a little bit about their starting point for the opinions expressed in their document. Let’s start with a very interesting point (footnote references have been removed from this extract):
Hidden within the terms of many EULAs are often serious demands asking consumers to sign away fundamental rights. Many agreements on database and middleware programs forbid the consumer from comparing his or her product with another and publicly criticizing the product. This obviously curtails free speech, and makes it more difficult for consumers to get accurate information about what they’re buying by inhibiting professional watchdog groups like Consumer Reports from conducting independent reviews.
How does this happen? People click “I Agree” to EULAs that attempt to forbid “benchmarking” — the process of measuring the performance of hardware or software in a controlled and defined environment. McAfee (a.k.a. Network Associates) was sanctioned in 2003 for including in its EULA the condition, “The customer shall not disclose the results of any benchmark test to any third party without Network Associates’ prior written approval.” And yet anti-benchmarking and anti-public criticism terms exist in many EULAs to this day.
According to terms in several Microsoft EULAs, including those for MS XML and the SQL Server, you “may not without Microsoft’s prior written approval disclose to any third party the results of any benchmark test.” Similar terms appear in EULAs for countless other applications, including one for the VMware Desktop Software, which reads, “You may not disclose the results of any benchmark test of the Software to any third party without VMware’s prior written approval.
Not only do terms like these prevent people from engaging in free speech, but they also undermine fair competition in the marketplace. Microsoft, for example, can publish benchmarks comparing its database products to open source alternatives. And yet their EULA terms suggest that the authors of open source products cannot publish the results of their own comparisons. What this means is that the only information consumers have access to is extremely one-sided and potentially biased.
As the EFF is obviously based in the USA (and I am not very familiar with US law) I was surprised to see that the EFF apparently suggest that a EULA can supersede their first-amendment rights to Free Speech. I’m sure I’ve seen American TV-dramas which imply that the first amendment is ‘inalienable’ and essentially irrevocable. In the UK, I believe (though I’m not a legal expert here either, so don’t quote me) there is the ‘Unfair Contract Terms Act’ which essentially lays down rules that state a contractual point needs to be fair and legal to be enforceable.
You may occasionally even see Terms and Conditions (T&C) that effectively say “If any of the other terms of this contract turn out to be illegal, that doesn’t mean the other terms are illegal, and they will still apply”. Here’s an example from an e-commerce website:
If any provision of these Conditions is held by any competent authority to be invalid or unenforceable in whole or in part the validity of the other provision of these Conditions and the remainder of the provision in question shall not be affected.
At the moment in the UK, there are lots of legal cases being brought against the banks for charges (e.g. for them bouncing a cheque or returning a direct debit unpaid) that exceed the cost of that transaction. I myself managed to get one of my banks to return hundreds of pounds of historic charges, though I had to start court-proceedings before they paid up. Broadly, the assertion in this case is that there is a law that says that penalties in contracts (e.g. for late payments etc.) should not exceed the actual costs to the supplier. Now, the banks know what their costs are, and it is likely that they also have one or two legal people who know about this law… but still they argue that the charges are part of the T&C of holding your account with them! If you want to find out more about reclaiming bank charges in the UK, please refer to the Consumer Action Group website. Although not related to EULA’s, this situation strongly suggests that corporations are very capable of choosing to put terms in their contracts that they are in all probability know are not entirely legal.
So, the question then has to be asked, why is the EFF so bothered by similar situations for EULA’s? In some senses, it’s great that they are… but if they really care about consumers, they should be pressing legal cases and fighting these unfair terms (of course they do do that) – and also fighting for some sort of ‘right’ to have any kind of contract assessed for legality without having to fight a particular case on behalf of an individual or a group.
My assertion is that most consumers do not know their actual rights, so, unless the powers-that-be can go around stripping unfair terms from ‘any and all’ contracts, most consumers will be flummoxed when their supplier / product manufacturer tells them something about what this term or that term in the contract says.
Another example from UK law (though again, don’t quote me) is the Sale of Goods Act. This basically says that a good should be fit for purpose, and should expect to be usable and fulfil its purpose for a reasonable period of time. Yet if you bought any product that broke after soon after a year, you would probably be told that the guarantee (warranty) period had expired and you should buy another one – assuming the manufacturer only offered a year’s warranty. As this Guardian newspaper article reports, although it can be somewhat vague, this UK law overrides a supplier’s ‘provided’ warranty period – in this case referring to issues with ipods.
To some extent, this issue has now lead to highlighting of the profitability of ‘extended warranties’ to many retailers. Simply put, say you buy a washing machine, you can probably reasonably expect it to last 5 years. If it broke-down in this period, you could try to use the Act to insist that they repair or replace it. You might have an easier time of it if you buy an extended warranty… but you are actually paying for something that you already had a legal right to! The Guardian aritcle highlighted above points to the different treatment that some Apple customers received, based on their situation with respect to their knowledge of the law.
Back to Software
OK, let’s return to software T&C’s and EULA’s. Many of the criticisms that the EFF make about EULA’s are really valid from a consumer-law perspective, but do not, surely, apply to free software? And considering the situation in other sectors, it is surely no surprise to find software companies trying to protect themselves with T&C that turn out to be less-than-legal?
There is additionally no feeling from the EFF document that computers are a somewhat different beast from other consumer ‘white goods’. White goods generally fail independently, because they are generally (mostly) independent of other things. A strained example of where they are not independent would be my electric shower and my oven. If both were on full power, it would not take many more devices in my home to be on for the incoming electrical supply to be overwhelmed. That’s why your fuse-box has a separate fuse for ‘the whole home’ which protects the wires coming from the supplier. Summary: if I turn on too many electrical items in my home, I could blow a fuse. But would the shower using 9.5kW be considered to be responsible? Probably not. The problem was caused by the sum of its parts.
In software in contrast, we already know there are an infinite number of possible interplays between software, operating system, and so on… and it so happens that our OS’s are somewhat limited in their ability to protect us from ‘bad interplays’. Microsoft Code Access Security promises some capability to reduce these interactions and improve their safety… but only if the developer uses them, and the customer demands them! If my application works perfectly in an average installed environment, but something very odd happens in a particular situation, could I have foreseen that? And should I be held responsible? After all, the customer might not have backed up their data, their hard disk may have been about to fail anyway (it was several years old, after all), and so on.
Isn’t the Amazon review system great? It is a great facility to see what other people think about a book or product. But read their terms for the submission of comments and you find:
If you do post content or submit material, and unless we indicate otherwise, you
(a) grant Amazon.co.uk and its affiliates a non-exclusive, royalty-free and fully sublicensable rights to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, and display such content throughout the world in any media; and
(b) Amazon.co.uk and its affiliates and sublicensees the right to use the name that you submit in connection with such content, if they choose.
Now, there have been a number of times when I would have loved to submit some comment or other about a product (I like Amazon enough, and I’d be happy to put a good word in for the author… or vice versa if the product was bad), but I strongly reject the T&C for that element of their service. I do not believe it is fair for them to claim the rights to do pretty much whatever they please, with my words and / or my name, without recompense. OK, so it’s hardly likely, but you could write something in a review that later became their advertising slogan and you would get nothing for it. And, because Amazon could use your words for free, it’s hardly likely that anyone else would pay to use them.
I can only recommend that you at least scan the T&C any time that you are asked to as part of a software installation, website purchase or whatever. Look carefully for information about privacy. But don’t be surprised to find terms that make you feel a little bit uncomfortable. They are probably either illegal (but will you be bothered to fight it?) or represent how they plan to make some money… and so if this ‘product’ is software you haven’t paid for, expect it. You just have to ask yourself, what are you willing to accept? And if you don’t like it, don’t install it.
And What about Small-time Software Producers?
Well, as for me, and maybe you, we need to ask ourselves what we will do to be fair, and yet protect ourselves as much as is reasonable – especially given that we will probably not be in a position to hire expensive lawyers to tell us what to do, and may not have farms of different PC machines to test our software on.
We may even need to consider what content we use on our website or in our products that may cause the customer to have to download some other plug-in or some other tool. Does that tool have T&C’s that we would be reluctant to sign up to?