Tuesday, November 15, 2005
SPYBOTS and End User License Agreements
What do those complicated legal things that we "accept" when we install software mean?
A recent string of articles in ZDNet New included
Spyware spat makes small print a big issue
Makers of spyware are trying to assert that the End User License Agreement (EULA) for their product disallows the study of the product by those who would create countermeasures.
The article quotes Charles H. Kennedy of Morrison & Foerster LLP who is an adjunct professor of cyberlaw at Catholic University Law School. Being nearby, I figured I would ask him to fill me in a bit on EULA's. Last I had heard, they were an area of law that had not been tested.
He sent me back a link: http://www.webopedia.com/TERM/E/EULA.html
Later he wrote a great summary of where EULA's stand and gave me permission to share it, here.
----------------- beginning of quoted message
From: Kennedy, Charles H. [mailto:CKennedy@mofo.com]
Sent: Monday, November 14, 2005 5:03 PM
To: Fields J Ctr AFPCA/TAOT
Subject: EULAs
Dear Mr. Fields:
As the Wikipedia article I sent points out, an end user license agreement ("EULA") is just a contract connected with the sale of information, usually a software product, that sets out the rights and obligations of the buyer and seller.
In the mass market context (i.e., software sold to consumers at retail stores or online), there's been some controversy about the enforcement of EULA provisions that restrict the consumers' right to use the product or that limit consumers' legal rights in other ways. For example, a famous EULA contained in a box of software embedded on CD Roms (this is the ProCD v. Zeidenberg case) prohibited use of the information contained in the CD Roms for commercial purposes. (The information consisted of personal and household information on large numbers of American consumers.) In other cases, the restrictions contained in shrinkwrap or clickwrap EULAs required consumers to submit claims against the vendor to arbitration, or to bring lawsuits against the vendor only in certain jurisdictions. The courts generally resolve those controversies by examining whether the consumer had a reasonable opportunity to review and indicate agreement to the terms, and whether the terms are reasonable or are, instead, "unconscionable." In particular, there is some disagreement among courts and commentators as to whether a consumer can be bound by terms he did not see until after he had paid for the product.
Other problems arise under the copyright law -- specifically, the first sale doctrine and fair use.
The first sale doctrine says that when you buy a copy of a work (e.g., a piece of software), you can do what you want with the copy as long as you don't make another copy. This means that you can lend, give away or sell your copy of the software. Makers of software sometimes put terms in their EULAs that purport to restrict these rights. For example, a EULA might characterize the purchase as a mere "lease" or the mere granting of a "license," and then prohibit the lend, lease or sale of the copy to others or for certain purposes.
Fair use comes up when vendors of programs use the copyright laws, or restrictive EULA terms, to keep buyers from copying the software for the purposes of reverse engineering or -- in the controversy I was interviewed about -- to determine whether the software is malicious. One manufacturer of game cartridges was sued for copying Sega's game software to isolate the code that permitted a game cartridge to be played. The copying was not done for the purpose of making pirated copies of the software program or Sega game cartridges -- the copier only wanted to make original cartridges that would play on a Sega console. Similarly, anti-spyware vendors don't want to make competing copies of spyware products, but just want to determine whether the spyware is malicious and should be blocked. In both cases, courts will be inclined to find that the copying was an example of fair use.
The law is up in the air on all of these issues to some extent, but that's the outline of the issues.
As to what you should read on this subject: most of the literature consists of some very tedious law review articles. I can give you a few titles if you like, but this is the sort of thing only lawyers read, and only because they have to.
Best regards,
Charlie Kennedy
Charles H. Kennedy Morrison & Foerster LLP
============================================================================To ensure compliance with requirements imposed by the IRS, Morrison & Foerster LLP informs you that, if any advice concerning one or more U.S. Federal tax issues is contained in this communication (including any attachments), such advice is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.For information about this legend, go to http://www.mofo.com/Circular230.html
============================================================================This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail @mofo.com, and delete the message.
----- end of quoted message
A recent string of articles in ZDNet New included
Spyware spat makes small print a big issue
Makers of spyware are trying to assert that the End User License Agreement (EULA) for their product disallows the study of the product by those who would create countermeasures.
The article quotes Charles H. Kennedy of Morrison & Foerster LLP who is an adjunct professor of cyberlaw at Catholic University Law School. Being nearby, I figured I would ask him to fill me in a bit on EULA's. Last I had heard, they were an area of law that had not been tested.
He sent me back a link: http://www.webopedia.com/TERM/E/EULA.html
Later he wrote a great summary of where EULA's stand and gave me permission to share it, here.
----------------- beginning of quoted message
From: Kennedy, Charles H. [mailto:CKennedy@mofo.com]
Sent: Monday, November 14, 2005 5:03 PM
To: Fields J Ctr AFPCA/TAOT
Subject: EULAs
Dear Mr. Fields:
As the Wikipedia article I sent points out, an end user license agreement ("EULA") is just a contract connected with the sale of information, usually a software product, that sets out the rights and obligations of the buyer and seller.
In the mass market context (i.e., software sold to consumers at retail stores or online), there's been some controversy about the enforcement of EULA provisions that restrict the consumers' right to use the product or that limit consumers' legal rights in other ways. For example, a famous EULA contained in a box of software embedded on CD Roms (this is the ProCD v. Zeidenberg case) prohibited use of the information contained in the CD Roms for commercial purposes. (The information consisted of personal and household information on large numbers of American consumers.) In other cases, the restrictions contained in shrinkwrap or clickwrap EULAs required consumers to submit claims against the vendor to arbitration, or to bring lawsuits against the vendor only in certain jurisdictions. The courts generally resolve those controversies by examining whether the consumer had a reasonable opportunity to review and indicate agreement to the terms, and whether the terms are reasonable or are, instead, "unconscionable." In particular, there is some disagreement among courts and commentators as to whether a consumer can be bound by terms he did not see until after he had paid for the product.
Other problems arise under the copyright law -- specifically, the first sale doctrine and fair use.
The first sale doctrine says that when you buy a copy of a work (e.g., a piece of software), you can do what you want with the copy as long as you don't make another copy. This means that you can lend, give away or sell your copy of the software. Makers of software sometimes put terms in their EULAs that purport to restrict these rights. For example, a EULA might characterize the purchase as a mere "lease" or the mere granting of a "license," and then prohibit the lend, lease or sale of the copy to others or for certain purposes.
Fair use comes up when vendors of programs use the copyright laws, or restrictive EULA terms, to keep buyers from copying the software for the purposes of reverse engineering or -- in the controversy I was interviewed about -- to determine whether the software is malicious. One manufacturer of game cartridges was sued for copying Sega's game software to isolate the code that permitted a game cartridge to be played. The copying was not done for the purpose of making pirated copies of the software program or Sega game cartridges -- the copier only wanted to make original cartridges that would play on a Sega console. Similarly, anti-spyware vendors don't want to make competing copies of spyware products, but just want to determine whether the spyware is malicious and should be blocked. In both cases, courts will be inclined to find that the copying was an example of fair use.
The law is up in the air on all of these issues to some extent, but that's the outline of the issues.
As to what you should read on this subject: most of the literature consists of some very tedious law review articles. I can give you a few titles if you like, but this is the sort of thing only lawyers read, and only because they have to.
Best regards,
Charlie Kennedy
Charles H. Kennedy Morrison & Foerster LLP
============================================================================To ensure compliance with requirements imposed by the IRS, Morrison & Foerster LLP informs you that, if any advice concerning one or more U.S. Federal tax issues is contained in this communication (including any attachments), such advice is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.For information about this legend, go to http://www.mofo.com/Circular230.html
============================================================================This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail @mofo.com, and delete the message.
----- end of quoted message