[ Main
| List of Articles | Bad
Software | UCITA | Law
of Software Quality | Digital Signatures
| Bookstore | Court
Cases | Links | Press
Releases | About Us | What's
New ]
SOFTWARE ENGINEERING AND UCITA [1]
In 1995, a joint committee of the National Conference of Commissioners on Uniform State Laws and the American Law Institute began meeting to write Article 2B, a proposed amendment to the U.C.C.
Starting with the second Article 2B drafting committee meeting, in February 1996, I attended all of the meetings of the Article 2B and UCITA drafting committees. The discussion polarized early[2] and the debate became progressively polarized and bitter.[3] In 1997, the American Law Institute passed a resolution that would have required substantial change to Article 2B’s approach to intellectual property.[4] The drafting committee rejected this.[5] In 1998, the American Law Institute passed another resolution, calling for “fundamental revision” of Article 2B’s approach to contracting.[6] Shortly thereafter, then-Executive Director of the American Law Institute, Geoffrey Hazard, attended a meeting of the Article 2B drafting committee, and discussed the ALI vote in terms of the history of contract law. He stated that UCITA’s approach was far removed from traditional notions of contracting.[7] In response, an anonymous personal attack on Hazard was circulated at the meeting the next morning[8] and soon thereafter published on the Article 2B web site.[9] The Article 2B drafting committee did not make the revisions. Ultimately, the American Law Institute withdrew from the Article 2B process, effectively killing it as an amendment to the Uniform Commercial Code (“U.C.C.”).[10] NCCUSL chose to go forward alone[11] and renamed the bill as the Uniform Computer Information Transactions Act (“UCITA”) a stand-alone draft law. (Hereinafter I’ll refer to all of the Article 2B and UCITA drafting committee meetings as meetings of the UCITA drafting committee).
At time of writing, UCITA has passed the Virginia legislature but will be studied (and perhaps amended) over a year and a half, until its effective date in July 2001.[12 ] The bill has been proposed in a few other legislatures[13] and will show up in many others over the next year.
The dispute over UCITA is often positioned as a fight between software publishers and their customers, large (especially insurance companies) and small (consumers).[14 ] This oversimplifies the issue in important ways.
First, though it is true that many software publishers, and perhaps all of the publishers’ trade associations, do like UCITA,[15 ] the support is somewhat broader. For example, online information publishers, such as West Publishing and Lexis attended UCITA drafting committee meetings and expressed their support for it. [16] Another example: UCITA’s scope includes computers.[17 ] The drafting committee for UCC Article 2 has repeatedly refused to write Hill v. Gateway 2000 [18] into Article 2. [19 ] On the other hand, UCITA adopts the key holding of the case[20 ]and introduces a wide range of customer-unfriendly rules.[21] Thus, several computer manufacturers have expressed support for the bill. Finally, a few other manufacturers have supported UCITA, such as Chrysler.[22] Other traditional manufacturers, such as Reynolds Metals in the Virginia debates, have come out against UCITA.[23]
On the other side, there certainly is consumer opposition to UCITA, including every consumer organization that has spoken on the matter.[24] Other critics include the Attorneys General of Arizona, Arkansas, California, Connecticut, Florida, Idaho, Indiana, Iowa, Kansas, Maryland, Minnesota, Mississippi, Missouri, Nevada, New Jersey, New Mexico, North Dakota, Oklahoma, Pennsylvania, Tennessee, Vermont, Washington, West Virginia, Wisconsin and the Administrator of the Georgia Fair Business Practices Act[.25] The staff of the Federal Trade Commission has written two reports that are highly critical of UCITA.[26]
Larger customers are also in opposition, such as the Society for Information Management,[27] as are several retailers.[28]
But the opposition to UCITA is much broader than this. Many intellectual property specialists oppose UCITA, including 50 intellectual property law professors,[29] the American Intellectual Property Law Association,[30] the Committee on Copyright and Literary Property, the Communications and Media Law Committee, and the Entertainment Law Committee of the Association of the Bar of the City of New York.[31] According to their analyses, UCITA will have profound effects on the balance of rights among intellectual property creators, publishers, and users in the United States, allowing publishers to virtually wipe out users’ fair use and first sale rights and the doctrine of exhaustion.[32]
The libraries[33] oppose UCITA because of its impact on fair use and first sale. The library community fears that UCITA will: destroy the public (free to all users) library system, cut off libraries’ ability to receive donations of used literary works (including software and electronic books), make archiving more difficult or more expensive, limit the ability of libraries to collect materials into comprehensive collections on areas of specific research interest, force university libraries to curtail access to non-student, non-faculty library patrons, and limit the libraries’ ability to raise funds by selling outdated used materials.[34]
Trade associations representing the entertainment industry and the press,[35] that have spoken in opposition to UCITA though the recently proposed amendments,[36 ]may achieve the neutrality of the Motion Picture Association, just as amendments to exclude a wide range of transactions from UCITA in 1999 convinced the Recording Industry Association to drop its opposition.[37]
Finally, the software development community has come out strongly against UCITA. In drafting committee meeting after meeting, UCITA was presented as having the support of “The Industry.” The claim was challenged several times by many software developers, but the myth continues.
Think of this analogy: West Publishing is an important publisher within the legal community and it employs a lot of lawyers. Suppose that all of the primary publishers of legal materials supported UCITA. Would it be fair or rational to say that, therefore, the legal industry supports UCITA? Wouldn’t we want to hear from some groups of lawyers, perhaps the American Bar Association, the State Bars, and so forth?
Before you conclude, based on statements from associations representing software publishers, that the software industry supports UCITA, you must read the letters of criticism of UCITA from the President of the Association for Computing Machinery[38] and from the Institute for Electrical and Electronic Engineers (USA).[39] These are the two main professional societies in the field of software engineering. Software Engineering, by the way, is a licensed profession in Texas, Ontario, and British Columbia.[40]
The American Society for Quality opposes UCITA, at the encouragement of its Software Division.[41] This is the main professional society for quality control workers in the United States.
The Independent Computer Consultants Association, which represents individual software developers and small software service providers, sent a representative to several UCITA / Article 2B drafting committee meetings. It proposed changes (which were not adopted) and eventually came out in opposition to UCITA.[42]
The Free Software Foundation, which supports the development of open source software products like Linux, opposes UCITA.[43]
The Software Engineering Institute, which was formed by the U.S. Department of Defense to further the state of software practice, and which is highly influential in the field, opposes UCITA.[44]
These are substantial organizations. They are not wild-eyed consumer advocates. They are major players in the software industry. They all, along with several smaller developers’ groups,[45] oppose UCITA.
This paper explores the opposition of the software engineering community to UCITA. In summary, our (software engineers’) objections can be outlined as follows. The rest of this paper will follow this outline.
I. UCITA changes the economics of defective software in ways that will encourage software publishers and large custom software development firms to deliver shoddier products faster. This will interfere with the ongoing development of professionalism in our field, reduce the international competitive advantages of the American software development community, and endanger the safety and well being of the public. Here are some examples:
A. Reduced support costs associated with defective[46] products.
1. UCITA does not deal reasonably with the problem of known defects.
2. Customers can be required to pay for support, even for help with known defects.
3. UCITA pulls consumer software out of the scope of significant consumer protection laws.
4. A contract can be made non-cancelable, even in the event of a material breach.
5. Support promises and other material terms of a service contract can be changed without the customer’s consent.
6. A customer can be required to do extensive testing of a product, and be barred from rejecting the product as defective if they weren’t discovered and reported soon enough to satisfy the vendor.
7. A publisher’s contract to correct defects does not require it to correct defects.
B. Reduced competitive impact (threat of lost sales) for larger publishers who ship low grade merchandise.
1. Publishers can ban publication of benchmarks and negative reviews.
2. Publishers can limit your ability to seek third party support.
3. Publishers can restrict reverse engineering done for the purpose of developing competitive products.
4. Publishers can hide the terms of their contracts until after the customer has committed to the sale and paid for it.
5. Publishers can eliminate competition from the used software market by barring customers from transferring used copies of the software they buy.
6. UCITA’s default rules threaten the livelihoods (and thus competitive future) of tiny software publishers and independent software developers.
C. Limited accountability for issues involving public safety.
1. Self-help creates serious security risks: publishers can bury back doors in the software that allow them to send a message shutting down the software. A publisher is not liable to the customer if a third party takes advantage of this back door, creating denial of service attacks (forced system shutdowns) on all or some customers of that publisher, even though it created this vulnerability and even if it did not reveal it to the customer.
2. Publishers can probably force products liability suits into arbitration, thereby probably avoiding punitive damages, class actions, and public notoriety.
3. To the extent that UCITA is applied to embedded software, or to software that under normal engineering practice would be embedded, it limits the manufacturers’ liability.
D. Limited legal accountability for defective products.
1. The implied warranty of merchantability is essentially gone.
2. The rules governing express warranties are relaxed, making it easier to claim that no warranty was formed by demonstration.
3. There is no longer a concept of a customer’s right to a “minimum adequate remedy.”
4. The perfect tender right is repealed for most business software customers, including small businesses who buy software through non-negotiable contracts.
5. UCITA redefines “material breach” in a seller-protective way.
6. The publisher can easily set up a waiver of liability (you “agree” to not sue the publisher for defects that you have complained about) by including the waiver in the click-wrapped “license” that comes with a bug-fix upgrade that the publisher sends you.
7. Publishers can escape repaying incidental expenses (such as reimbursing customers for the costs of returning a defective product), even in the event of complaints about unrevealed but known defects.
8. In the event of failure of an agreed exclusive remedy, the customer can no longer collect incidental or consequential damages.
9. The publisher is under no duty take reasonable measures in an attempt to release the product without viruses.
10. The publisher can select the law of any state or country.
11. The publisher can choose the forum, making it difficult and expensive to bring an action.
II. UCITA interferes with basic rules governing intellectual property, affecting us as users and creators of intellectual property.
A. UCITA essentially wipes out the fair use doctrine.
1. We lose our ability to read or write benchmark studies of competitive products.
2. We lose our right to publish criticisms of products.
3. We lose our right to reverse engineer products.
4. We lose some or all of our rights to make limited copies of materials for the purpose of instruction.
5. We lose our freedom to decide what purpose we use the software for.
B. UCITA essentially wipes out the first sale doctrine.
1. We lose our right to transfer copies when we are done with a product.
2. We lose our ability to limit costs by buying used software.
3. We lose our right to borrow or lend copies or to share a copy.
4. We lose our ability to look up materials in a public library.
5. We lose our ability to buy a library card and do research in a university library, unless we are students or faculty there.
C. UCITA will allow publishers to enforce surprise terms, such as those that unexpectedly transfer all rights to our work products to vendors of our tools.
D. UCITA appears to wipe out the traditional distinctions between patent, copyright and trademark.
III. UCITA’s rules for sending and receipt of electronic communications create new risks and impose substantial and wasteful transaction costs associated with e-mail.
A. The definition of receipt is seriously ambiguous.
B. Receipt occurs even if the intended recipient never receives it.
C. Failure of actual receipt allows for double charging. Someone who orders a copy of a computer program or other online information can be made to pay for it and then to pay full price for a replacement copy, if the copy sent was lost or garbled in transmission.
D. Notification (receipt by the customer, as a matter of law) can be mere publication on the licensor’s website or delivery to an account that the allegedly intended recipient never uses and may not even realize exists.
E. Notification occurs even if the recipient cannot read the message.
F. Notification occurs even if the recipient never receives the message.
G. Notification occurs even if the message is delivered to an account that was closed by the intended recipient.
H. Notification occurs at time of delivery to the intended recipient’s internet service provider even if the intended recipient rarely checks e-mail and does not see the message for another month.
I. Notification occurs even if the message is formatted or routed in a way that makes it a target for destruction by a reasonably configured spam filter (such as an anti-pornography filter).
IV. UCITA interferes with traditional, reasonable engineering practices.
A. UCITA allows publishers to ban reverse engineering, which will have many different negative consequences.
B. UCITA treats the user interface of software as “published information content” and user interface design defects as equivalent to typographical mistakes in a book. This insertion of a legal decision into the middle of an ongoing and longstanding controversy within software engineering may set the field back by decades.
C. UCITA draws a distinction between embedded and non-embedded software that has no rational basis within engineering. Whereas today, the decision to embed or not embed software in hardware is based on a technologically-driven cost/benefit analysis, under UCITA the decision will be heavily influenced by whether the manufacturer wants to place its products under the protection of UCITA. If so, software that would otherwise be embedded will be packaged and sold separately.
D. In general, the havoc that UCITA creates within the intellectual property field throws our rights and constraints into chaos. Our work products are intellectual property. Until UCITA is resolved, our basic rights and practices are open to question.
V. UCITA interferes with the practices of independent software engineers and small consulting firms.
A. UCITA limits our ability to control costs by buying used software and used computers.
B. UCITA limits our ability to create and disband consulting partnerships by limiting transfer of software and computers.
C. UCITA creates new default rules that govern our services, such as an implied warranty of merchantability. These default rules will be nondisclaimable for most small service providers, exposing them to risks that no larger company would dream of operating under.
D. UCITA limits the ability of companies who buy software or computers to retain independent service providers to do maintenance of the software.
E. UCITA writes a new implied term into contracts for submission of ideas that will often have the effect of saying that a software engineer or content creator who fulfills a written submission contract still does not have to be paid for his work.
F. UCITA creates a new implied term into contracts for inclusion of works into a collection that invalidates transfer restrictions that were written into the black letter of the contract.
G. UCITA creates such a technically precise set of rules for self-help that it creates a trap for independents. The independent will probably know that she has the right to exercise self-help, but unless she retains specialized counsel, she will not know exactly how to exercise UCITA section 816 and is at great risk of making a technical error that subjects her to enormous liability.
H. UCITA is drafted with many ambiguities and issues that will have to be litigated. The result will be a lot of new business for lawyers, at the expense of the businesses.
VI. UCITA generally works to the disadvantage of small businesses.
A. Many non-negotiable small business transactions are non-mass-market.
B. The mass-market “protections” are generally take-aways from non-mass-market customers.
Commercial law provides a foundation for commerce. The essence of commercial law is that it should facilitate commerce.[47] Five key factors that facilitate commerce are clarity, uniformity, stability, freedom of contract and appropriate allocation of accountability:[ 48]
Clarity makes it easier for parties to understand the rules themselves, or with relatively simple instruction. They spend their time and money on commerce, rather than on lawyers.
Uniformity helps buyers and sellers avoid the misunderstandings that are caused by conflicting rules.
Stability allows parties time to develop a thorough understanding of the rules and to rely on what they already know. Buyers and sellers do not have to hire lawyers to reanalyze the same old issues. They know what risks they’re taking and who has to buy the insurance. Laws that tilt too much toward one side of a transaction do not promote stability. If one side is shabbily enough treated, it will bring political pressure to bear to get a fairer shake. Maneuvering for significant short-term advantages might be successful over the short term, but the backlash is inevitable.
Freedom of Contract allows the parties to make the agreements that they choose to make. Of course, there are assumptions underlying this freedom.[49]
Appropriate Allocation of Accountability. If a product is defective, who should pay how much? There are several approaches to risk/accountability allocation, depending on which policies are most important to serve.[50] One approach is to allocate accountability purely according to fault. If the product is defective, the seller pays.[51] But I do not think we know how to make defect-free software.[52] UCITA takes this issue seriously.[53] If we create too much pressure on software developers to make perfect products, we will kill the industry. A second approach allows the contracting parties to allocate the risks as they see fit. This is UCITA’s approach, except that in practice the UCITA seller will write the contract and allocate all of the risk to the buyer. A third approach uses risk allocation to drive technology, essentially a least cost avoider approach—a company is held accountable for a defect if the cost to repair it is less than the losses that would be caused by it.
These factors are probably familiar to legally oriented readers. I summarized them in order to provide a backdrop for a different approach, the one that will dominate the rest of this paper: quality/cost analysis.[54]
The objective behind quality/cost analysis is to minimize the manufacturer’s total cost of quality associated with a product. Under this analysis, a manufacturer is seen as spending quality–relevant money in four ways:
Prevention of defects
Appraisal (looking for problems)
Internal failure costs (defects that cost the manufacturer money in its own use or development of the product), and
External failure costs (the cost of coping with the customer’s responses to defects).
Table 1 provides software examples of quality costs.[55]
As one example of a tradeoff among the factors, it is usually cheaper to prevent a defect than to face the external failure costs caused by it. As another example, the greater the external failure cost that could be caused by a defect, the more money a company can reasonably afford to prevent or find and fix it.
Prevention |
Appraisal |
|
|
|
Internal Failure |
External Failure |
|
|
We can group the external failure costs into four categories:
Cost associated with customer complaints and product support
Lost sales, lost market share
Liability or recalls associated with public safety
Liability or recalls associated with (economic loss) defects.
The effect of UCITA is to reduce all of these costs. Even if the product does not change at all, the external failure costs associated with it will drop, probably substantially, under UCITA. To the extent that the risks of external failure costs drive investments in higher quality, the effect of UCITA will be to slash the software company’s incentive to invest in the quality of its products. In the urgent tradeoff between speed and quality, UCITA makes it less risky for the manufacturer to bring lower quality products to market sooner.
Here are UCITA’s impacts on quality-related costs in more detail:
There is significant customer dissatisfaction with software and there have been significant costs to customers and vendors. David Pels and I presented detailed data on this to the UCITA drafting committee.[56] Some of the statistics that we presented include:
Computers became a “real” consumer product in 1994, when they outsold television sets. By the end of 1995, computers and software ranked #8 in the top 10 list for complaints to the Better Business Bureau, outdoing used car dealers. The consumer market continues to grow. About 40% of American households have computers.[57]
In 1996, there were 200 million calls for technical support. At an average of about $23 per call, the industry spent about $4.6 billion on these calls. Over the past seven years, the ratio of support to total employees in hardware and software companies has grown from 1 in 12 to 1 in 6. The average amount of training for technical support staff before they are put on independent telephone answering duty is only 40 hours.[58]
In 1996, the industry left these callers on hold for about 3 billion minutes. The software industry has been one of the worst for leaving callers on hold. One study found that software companies leave callers on hold longer than any other industry studied, worse than government agencies, computer hardware companies, airlines, banks, utility companies, and others. Once you get off hold, you often reach a first-level person who can not answer your question. Wait some more for a “specialist.” The Software Support Professionals Association estimates that the average time to reach the right support technician is 30 minutes for PC/Shrink-wrap products. (This “right” person may not know the answer, but she is the right person to ask the question of).[59]
Customer satisfaction with software companies’ technical support dropped steadily from 1987 through 1997.[60]
Despite the trend toward web-based support, 84% of survey respondents in the Software Support Professionals Association’s 1998 Support Practices Survey reported increasing telephone call volumes.[61]
According to the International Data Corporation, information technology companies spent $2 billion building electronic support infrastructure in 1998, with an expected increase to $14 billion in 2003.[62] This is just infrastructure spending, not the cost of support operations.
I have not found good summary data for recent operations costs associated with web support. The picture that I get at support-related conferences is inconsistent. The cost of supporting a technical support web site seems to run around $2 per call-equivalent, but there are many more visits.[63] The cost of calls (per call) has risen dramatically, with reported averages as high as $150 or $400 per incident, probably because the simple issues have been siphoned off to the web.
For our purposes, it suffices to say that software companies spend a lot of money on customer support infrastructure and operations.
One of the fundamental assumptions of UCITA is that “[t]he complexity of software products makes them inherently imperfect.”[64] “Minor flaws (‘bugs’) are common in virtually all software.”[65] Also, “the idea of perfect software is a goal or aspiration not presently attainable, at least not without exorbitant costs that would drive many thousands of small companies out of the business.”[66]
This is a straw man. In the UCITA drafting committee meetings, the debate about accountability for defective software was not about whether software should be perfect. For example, even though I have advocated for holding software vendors accountable for known but undisclosed defects, I wrote a memo for the UCITA drafting committee explaining in detail that it is impossible to exhaustively test software products or to prove by testing that a product is defect free.[67]
But what about known defects? It might be impossible to find all the defects, but that issue does not apply to the defects that were actually found. In mass-market software, a large proportion of defects (often the vast majority of them) that reach customers are discovered and intentionally left unfixed by the publisher before the product is released.[68] Several representatives of the software engineering community, and Ralph Nader’s representative (Todd Paglia) and I repeatedly proposed that software companies should be held accountable for defects that they knew about at the time of sale and chose not to disclose.[69] These proposals typically barred consequential damages for defects that were unknown or that were revealed to the customer in the product documentation (which makes it possible for customers to avoid or mitigate losses caused by known defects). Additionally, some of us suggested that damages for known defects in mass-market products could be limited to demonstrable out-of-pocket expenses and capped, perhaps at $500 per customer. These proposals were rejected.
One of the arguments made by UCITA proponents was that failure to disclose a known defect should be dealt with under the law of fraud.[70] Sometimes, such a failure might be fraudulent—as when the seller knowingly makes a false statement about the product. But to the best of my knowledge, in the sale of goods, mere failure to mention a known defect, even a material defect, does not give rise to fraud liability. We did not ask for fraud liability. We asked that software publishers be held accountable for breach of contract if they knowingly delivered a defective product without revealing the defect.
Our proposal grew out of the special recognition in UCITA that software companies need a break because of the alleged inevitability of defects. UCITA’s handling of that break includes the de facto elimination of the requirement that warranty disclaimers and damage limitations be conspicuous and made available to the customer before the sale, elimination of the principle of minimum adequate damages, the adoption of a rule that excludes incidentals and consequentials for defects even when the agreed remedy fails, and the adoption of a more seller-favorable definition of material breach. Our proposal was a tradeoff—let the new law reduce publisher risk for losses caused by previously undiscovered defects or defects that were disclosed to the customer, but reduce the customer’s risk of losses caused by defects that were known and left hidden. Disclosure gives the customer a chance to avoid or mitigate damages, by avoiding a feature or by buying a different product (whose defects seem more palatable).
I believe that within the current state of software engineering, it is usually commercially unreasonable to attempt to create a defect-free software. Based on that belief, I agree that we should limit the liability risk of publishers and other software developers for defects that they did not know about or that they were honest enough to disclose, even if those defects cause substantial losses. But what if the state of the art improves?
Watts Humphrey raised this issue at meetings of the UCITA drafting committee. Professor Humphrey is a former vice-president of IBM, co-author of the industry’s first software license (at IBM), author of seven books on software engineering, and widely respected in the field. He presented data to the drafting committee that showed that new development methods were succeeding in producing large, complex products that were nearly defect free.[71] Humphrey’s comments at the drafting committee meetings were largely ignored.[72] Ultimately, his points were reiterated by the Director of the Software Engineering Institute, Stephen Cross, who wrote,
"The Article 2B draft assumes that software products are inherently defective and that the current quality practices in the industry will not improve. The history in other fields demonstrates that as a technology matures, the marketplace becomes more sensitive to quality issues. In fact, software quality is a growing concern to the user community, and software quality is an active current area of study. Considerable progress is being made . . . . The Article 2B proposal makes no technical sense. We feel that it would inhibit natural market forces, damage users, and ultimately limit the health and growth of this industry. While we appreciate the efforts that have been made to produce the UCC-2B draft, we must urge you to oppose its adoption."[73]
Several software companies now charge customers $3 to $5 or more per minute when they call for support. Some companies will waive the charge for a customer who calls about a legitimate (in the company’s view) defect. Others will not. According to the 1998 Support Practices Survey,[74] 31% of responding companies stated that they provide no customer support for free.[75] Customers get angry when they realize that they’ve been paying for support for a defect that the company chose not to fix when it shipped the product. For example, in a recent class action suit, a customer alleged that Compaq released a product with known software defects (Johnson v. Compaq, 1997).[76] Johnson claimed to have spent $218 on support and that his problems were never resolved. Several other lawsuits have involved a combination of bad software and support.[77]
UCITA allows publishers to exclude incidental damages.[78] The cost (long distance and support fee) of a phone call to complain about a defect is an example of an incidental expense. Suppose that a customer buys a computer game for $50. She starts to install it, is presented with the license and clicks OK.[79] Thereafter, the program fails to install. The customer calls the publisher’s help line, and is billed $5 per minute for support. After 20 minutes ($100 plus long distance expenses), the customer realizes (correctly) that this is a defect that the publisher knew about when it sold the product and that the publisher has no solution that will work on her machine. She therefore rejects the product [80] and asks for a refund. The publisher requires her to return the product (she incurs postal expenses) and sends her back a check for $50, choosing not to reimburse her for the $100 or the other incidental expenses. With the right pricing structure, the software publisher will make a net profit on this series of transactions. Under UCITA, this is acceptable.
U.C.C. Article 2 also allows publishers to exclude incidental damages.[81] The difference between Article 2 and UCITA is that in several states (perhaps half), the Article 2 seller must inform the customer before or at the time of sale of this limitation of remedies.[82] Additionally, Article 2 entitles the customer to a “minimum adequate remedy”[83] and this scenario does not appear to reflect such a remedy. UCITA allows the publisher to hide the remedy limitation until after the customer has paid for the product and started to use it, and it discards the notion of a minimum adequate remedy.[84]
Because several states would not accept the hidden remedy limitation under current law,[85] the costs associated with selling the software in its defective state are higher and less predictable than they will be under UCITA. To the extent[86] that the publisher uses a cost/benefit analysis to decide whether or not to sell a product with a known defect, UCITA reduces the costs associated with selling the defect, thereby changing the cost/benefit ratio, thereby making the publisher more likely to leave more defects unfixed in its products.
The Magnuson-Moss Warranty Act[87] provides consumers with additional warranty rights, beyond the U.C.C. For example, under the Act, a seller who provides any written warranty with a consumer product or who sells you a service contract (such as extended technical support) for the product may not disclaim implied warranties.[88]
The Magnuson-Moss Act applies to all consumer goods. Consumer goods are those which are “normally used for personal, family, or household purposes.”[89] This is a broad definition, and under current law, it almost certainly includes personal computers and most of the types of software that you’d buy in software stores.
According to the Federal Trade Commission: [90]
"The Act applies to written warranties on tangible personal property which is normally used for personal, family, or household purposes. This definition includes property which is intended to be attached to or installed in any real property without regard to whether it is so attached or installed. This means that a product is a ‘consumer product’ if the use of that type of product is not uncommon. The percentage of sales or the use to which a product is put by any individual buyer is not determinative. For example, products such as automobiles and typewriters which are used for both personal and commercial purposes come within the definition of consumer product. Where it is unclear whether a particular product is covered under the definition of consumer product, any ambiguity will be resolved in favor of coverage."
No published court rulings have settled the question of the applicability of the Magnuson-Moss Act to software, but it is generally believed that courts would rule that the Act applies to consumer software.[91] The Software Publishers Association’s Guide to Contracts[92] considered the applicability of the Magnuson-Moss Act and concluded that “It is reasonable to assume that software purchased for home computer use would be covered by the Act.” Two related lawsuits, Stuessey v. Microsoft[93] and Microsoft v. Manning[94] included a claim for violation of the Magnuson-Moss Act. In these cases, because of compression-related problems “about three in 1,000 [people] lost data after using MS-DOS 6.0” (Manning, p. 606). In these two suits, customers sued for consequential damages (Stuessey) or for a free upgrade to DOS 6.2 (Manning). Microsoft had disclaimed the implied warranty of merchantability[95] but the Magnuson-Moss Act voids the disclaimer and reinstates the implied warranties.[96] Apparently, the court accepted the applicability of the Magnuson-Moss claim because, despite Microsoft’s disclaimer, the Manning court applied the disclaimed warranty, saying that “the software was not fit for the ordinary purpose for which software is used.[97]
UCITA pulls software out of the scope of sales-of-goods law by defining the transaction as a license. Thus, you are buying an intangible, a license, not goods.[98] This pulls software outside of the scope of the Magnuson Moss Act[99] and of analogous state-level consumer protection laws such as California’s Song-Beverly Act,[100] while allowing proponents of UCITA to claim that UCITA does not change consumer protection laws. (It merely takes software outside of their scope). For the first two years that critics pointed this out at drafting committee meetings, proponents said this misrepresented the effect of UCITA. Even at the Annual NCCUSL meeting in 1998, the impression seemed to be that Magnuson-Moss applied to consumer software.[101] These days, proponents say instead that the Magnuson-Moss Act was never intended to apply to software.[102]
Under UCITA section 803(a)(1), “an agreement may provide for remedies in addition to or in substitution for those provided in this [Act] and may limit or alter the measure of damages recoverable under this [Act] or a party’s other remedies under this [Act], such as by precluding a party’s right to cancel for breach of contract.”
Support promises and other material terms of a service contract can be changed without the customer’s consent.
Under UCITA section 304(b):
"If a contract provides that terms may be changed as to future performances by compliance with a described procedure, a change proposed in good faith pursuant to that procedure becomes part of the contract if the procedure: (1) reasonably notifies the other party of the change; and (2) in a mass-market transaction, permits the other party to terminate the contract as to future performance if the change alters a material term and the party in good faith determines that the modification is unacceptable."
Under UCITA section 304(c):
"The parties by agreement may determine the standards for reasonable notice unless the agreed standards are manifestly unreasonable in light of the commercial circumstances."
There is no requirement that the contract provision authorizing changes be conspicuous or negotiable. Clauses like this show up in boilerplate[103] and few customers ever realize that they are there, let alone dream that they might authorize any change, no matter how material.
For non-mass-market transactions, which will include many of the non-negotiable, standard form transactions entered into by tiny businesses, the customer is simply stuck with the new terms. Agreeing to a contract with a modification clause is tantamount to signing a blank check. The non-mass-market customer cannot terminate the contract rather than accept a material change.
Consumers at least have the (apparent) right to terminate the contract in the face of a material change. However, the consumer first has to discover the change. Under UCITA section 304(c), the seller can specify that posting the notice to its own website is sufficient notification.[104] This approach to notification is so easy and cheap for the vendor that it is bound to become widespread, but consider the effect. Those customers who want to know what contracts they are bound by will have to constantly waste time checking a long list of websites to see if any contract terms have changed.[105]
Additionally, the consumer contract might specify a penalty for early termination,[106] making the right to cancel almost as illusory[107] as the concept of a “contract” appears to be under this rule.
The 24 Attorneys General who wrote NCCUSL in opposition to UCITA singled this provision out for detailed criticism.[108]
Here’s an example of a potential section 304 problem. One widespread marketing practice in winter of 1999 / 2000 has been the offering of $400 rebates to buyers of computers, so long as they sign up for 3 years of service from a specific Internet service provider. CompuServe is one such provider, and it lays out the terms of the deal at www.compuserve.com/gateway/promo/default.html. Here is an excerpt from those terms:
"The $400 . . . Rebates require (1) the purchase of any eligible computer; and (2) . . . a contract commitment to a 3-year (36 months) subscription . . . to CompuServe 2000 Premier Internet service at $21.95 per month. Full prepayment of the contract amount . . . is possible during your first month of service. . . . Offer subject to . . . your acceptance of CompuServe’s Terms of Service. Membership termination prior to contract commitment term requires payment of a cancellation fee plus rebate repayment."
I have repeatedly searched CompuServe’s website for these Terms of Service and cannot find them. I have sent e-mails to CompuServe asking for a copy of the Terms of Service but have not received them. I downloaded a copy of the CompuServe 2000 software and started to install it, hoping to get to a display screen, but I stopped installation at the point that the software requested my credit card number. This request came several screens after the start of installation, but before any link to a screen showing the Terms of Service.
The CompuServe transaction is an access contract. Under UCITA section 102(a)(44)(b)(IV), this is not a mass-market transaction unless it is a consumer contract.
Suppose that the CompuServe Terms of Service allow for modification of terms at CompuServe’s discretion.
A consumer will be able to cancel the contract on discovering the modification clause or in the face of material changes to the terms, but will have to repay the rebate. The rebate may have been a material factor in the consumer’s choice of computer or computer vendor, but the consumer has no right of return against the computer vendor if she objects to the access contract with CompuServe. Thus, the consumer who rejects the CompuServe Terms of Service pays what is tantamount to a $400 penalty.
The non-consumer who pays for the service and then discovers this clause in the Terms of Service has no right to cancel the contract. UCITA section 112 (e)(B) states that “a right to a return is not required if: (B) in a case not involving a mass-market license, the parties at the time of contracting had reason to know that a record or term would be presented after performance, use, or access to the information began . . . .”
From here, section 304(b) kicks in and allows CompuServe to modify its terms. The non-consumer who is “reasonably” notified of the change (e.g. by a posting on CompuServe’s website) is stuck with those terms, whatever they might be.
Under UCITA section 702(c):
"A party that refuses a performance and fails to identify a particular defect that is ascertainable by reasonable inspection waives the right to rely on that defect to justify refusal only if: (1) the other party could have cured the defect if it were identified seasonably; or (2) between merchants, the other party after refusal made a request in a record for a full and final statement of all defects on which the refusing party relied."
Imagine starting to use a new computer program. Right away, the program fails. You report the failure and the vendor says, “we will cure that.” You report another failure and the vendor says, “we decided that was a feature.” You report another failure and another and another and finally you say that this is too much, you just want to get out of this deal because the program does not work.
At this point, the seller can demand from you a full and final statement of all of the defects in the program. If you miss some (find them later), too bad. You can not rely on those as grounds for refusing the product. You can only rely on the ones you’ve reported.
Software testing is hard enough for software developers. There is no reason to expect customers to be any good at it (not even customers who are merchants because they are programmers. When they are customers, they still will not have access to the product’s underlying source code or design history that are so invaluable for competent testing). Additionally, too many defects that were challenging to find look, in retrospect, like they should have been easy to find (ascertainable by reasonable inspection).
Additionally, many if not all of these defects should already be known to the software company. Except in highly customized software, these are not manufacturing defects that occur in only one or a few copies of the product.[109] They occur in every copy of the product and they should have (and very often will have) been found in the software company’s own test lab. If the customer can find it “by reasonable inspection” then surely we can expect a group of experts in software development to be able to find it “by reasonable inspection.” Why put the burden on the less experienced, less skilled party, who has no access to the underlying source code or to the specialists’ tools that one can use with such code?
Even more unfair is the waiver created under UCITA section 702 in the event of defect that “the other party could have cured [. . .] if it were identified seasonably.” In so many cases, the defect reported by the customer is already known to the software company. In such a case, why should it matter whether the customer reported it “seasonably”? The software company knows about it and they can choose to cure it or not.
Let me suggest some common sense here. Anything that is “ascertainable by reasonable inspection” ought to be found by the software developer or publisher. Anything that was not found by them should be considered–as a matter of law—not “ascertainable by reasonable inspection” by the customer. If the software developer/publisher could not find it, it is outrageous to penalize the customer for being unable to find it or articulately describe it early in the customer’s use of the product. And if the developer/publisher did find it, it is even more outrageous to penalize the customer for failing to tell the supplier what it already knew.
Under UCITA section 612(a):
"If a person agrees to provide services regarding the correction of performance problems[110] in computer information, other than an agreement to cure its own existing breach of contract, the [. . .] person [. . .] does not undertake that its services will correct performance problems unless the agreement expressly so provides."
The customer is welcome to enter into a contract for support of the contract, but under UCITA, if the customer wants real support (the problems actually get resolved), the customer has to bargain for that explicitly. Otherwise, UCITA says the customer does not get it.
When a company ships a bad product, it risks losing sales to competitors. UCITA helps publishers reduce that risk.
UCITA Reporter Ray Nimmer complained of “distortions” in the debate on UCITA, identifying as a “misrepresentation” the claim that “that UCITA allows licensors to prevent licensees from commenting about the products.”[ 111] He said that “This allegation makes nice copy and superficial impact, but is simply untrue. You can scroll through the UCITA draft and will not find any such provision.”[112]
UCITA section 102(a) (19) defines “Contractual use term” as “an enforceable term that defines or limits the use, disclosure of, or access to licensed information or informational rights, including a term that defines the scope of a license.”
Under UCITA section 102(a)(57), a scope term defines “(A) the licensed copies, information, or informational rights involved; (B) the use or access authorized, prohibited, or controlled; (C) the geographic area, market, or location; or (D) the duration of the license.”
UCITA section 307 (b) states that “If a license expressly limits use of the information or informational rights, use in any other manner is a breach of contract.”
Suppose that a license contains clauses like these:[113]
“The customer shall not disclose the results of any benchmark test to any third party without the Publisher’s prior written approval” and
“The customers will not publish reviews of the product without prior consent from Publisher.”
Are these enforceable? On their face, they certainly look enforceable under sections 102(a)(19), 102(a)(57), and 307(b).
A clause similar to those above, enforced by Oracle, led to the article, The Test That Wasn’t.[114] According to that article,
"We planned to do something that has not been done in recent history: a comparison of database performance on the exact same hardware. Because a database software license prohibits publishing benchmark test results without the vendor’s written permission, negotiating for permission is always a challenge. . . . Oracle . . . formally declined to let us publish any benchmark test results."
As a result, PC Magazine did not publish benchmarks and customers were not able to use this information to make an informed comparison between the products.
This PC Magazine article involved a non-mass-market product. Nondisclosures are enforceable in that market today. But the plain language of UCITA authorizes use restrictions in all licenses, and that includes licenses in the mass-market.
A court might refuse to enforce such a restriction in a particular case. However, as a lawyer who advises writers, under UCITA I would be much more cautious in my advice to a journalist who wanted to review a mass-market product with this restriction than I would be today. I have discussed this clause with others who counsel journalists. They’ve told me that they feel the same way. UCITA’s wording appears to make a mass-market nondisclosure clause enforceable, whereas we doubt strongly that an American court would enforce the clause in the absence of UCITA.
Ultimately, after several expensive court battles, I think that such clauses will be found to conflict with public policy. But until then, the plain language of UCITA will have a chilling effect on free criticism of mass-market products.
This issue was raised repeatedly over the years, in the drafting committee meetings and in public debate. Rather than resorting to complaining of “distortions” or “misrepresentation”, the drafters could have simply clarified their intention in the draft. They certainly had many opportunities. The McManis and Perlman resolutions (passed respectively by the ALI and NCCUSL) were but two of the attempts to clarify the fair use issues.[115]
In the absence of a free flow of critical information from customers and magazine reviewers, how will customers decide what product to buy? Probably by reading advertisements. Who benefits from that? The largest publishers, with the largest advertising budgets.
In the case of MAI Systems Corp. v. Peak Computer, Inc.,[116] MAI restricted the use of its software (the operating system that came with the MAI computer and the system diagnostics) to “bone fide employees” of its customers. These customers would sometimes contract with third-party support organizations to maintain their computers. The support techs would come to the customer site, turn on their MAI computer, thus booting the MAI operating system and then would run the MAI diagnostics that came with the MAI computer. The court ruled that they were making copies (from disk to RAM) of these products, and that this copying was not lawful because they were not bone fide employees of the MAI customers and therefore were not licensed to use the software.
The MAI case has been criticized and the ruling based on its specific facts was overturned by the Digital Millennium Copyright Act (DMCA)[117] which permits the owner or lessee of a computer to make a temporary copy of the software for maintenance of the computer (“the machine”[118]). However, UCITA extends the MAI holding to any “information” (such as software) that is not within the narrow scope of the DMCA’s exception. UCITA’s definition of contractual use terms (section 102(a)(19)) includes limits on “disclosure of, or access to licensed information” and (under section 102(a)(57)), limits on “the use or access authorized, prohibited, or controlled.” The effect of this restriction is to let software publishers and computer manufacturers make it almost impossible for customers to use third party service organizations for software maintenance (such as the repairs that were needed to deal with Y2K defects).
A consumer issue arises out of this as well. A mass market license that restricts the use of a computer game to a consumer’s bone fide family members could be used in the same way as the MAI license to bar the consumer’s neighbor’s children for coming over and playing the game on the consumer’s computer. (Yes, of course we all know that the Business Software Alliance will not sue a consumer if the neighbor’s children come over to play games on the computer. But a parent who is trying to teach his or her children to live within the law will be put in the position of either telling the children not to invite the neighbors to play or allowing the children to breach a contract that appears to be legally valid. Honest people’s reasonable behavior will be chilled).
Anything that makes it more expensive for newcomers to develop or market competitive products serves the interests of entrenched market leaders.
Reverse engineering restrictions have been upheld in situations involving negotiated contracts,[119] but not mass-market contracts. The case of Sony v. Connectix[120] is the latest in a line of cases rejecting the idea that reverse engineering of a product sold (or licensed) in the mass-market is copyright infringement.[121] The Digital Millennium Copyright Act[122] expressly permits reverse engineering for the purpose of creating interoperable products, but it is silent about reverse engineering done to learn unprotectable ideas embedded in software for the purpose of developing a competing product.
UCITA sections 102(a)(19) and 102(a)(57) allow the publisher to define or limit the use of licensed information (including software).[123] A ban on reverse engineering is just another use restriction. UCITA section 307(b) states that “If a license expressly limits use of the information or informational rights, use in any other manner is a breach of contract.” On the face of the statute, any reverse engineering done in violation of a no-reverse-engineering use restriction is a breach of contract.
A mass-market publisher’s restriction on reverse engineering will be upheld unless a court determines that it is preempted by federal law, or in violation of a fundamental public policy,[124] or unconscionable.[125] I think that it is likely that the courts will eventually find that license terms that ban reverse engineering in a mass market are still preempted by the fair use doctrine[126] but it will probably take years of litigation to establish this. Until then, the language of UCITA will have a chilling effect on law-abiding engineers.
This is another example of a fair use issue that was raised repeatedly over the years, in the drafting committee meetings and in public debate and that was addressed in the McManis and Perlman resolutions, passed respectively by the ALI and NCCUSL, and in various other suggestions.[127] The drafting committee chose not to clarify its position on reverse engineering in the black letter, and so we have to look to the black letter as it is to see what conclusions a court is likely to reach. Doing so can hardly be called a distortion.
UCITA allows publishers to sell the product now and present the terms later.[128] The impact of this on competition is that customers never have a chance to hold two products side by side and compare terms—unless they buy copies of both products and (if they are mass-market customers) return one. The difficulty of obtaining the terms will limit the number of magazine articles that include and compare the information, and it will be very hard for any customer or journalist to know whether a given claim about a license is up to date (the manufacturer can change terms in its licenses tomorrow).
This issue was at the heart of the American Law Institute’s resolution of May, 1998, stating that Article 2B “should be returned to the Drafting Committee for fundamental revision.”[129] The Memorandum in Support by the authors of the motion (Jean Braucher and Peter Linzer) stated:
"The Draft reflects a persistent bias in favor of those who draft standard forms, most commonly licensors. It would validate practices that involve post-purchase presentation of terms in both business and consumer transactions (using ‘shrinkwrap’ and ‘clickwrap’), undermining the development of competition in contingent terms, such as warranties and remedies. It also would allow imposition of terms outside the range of reasonable expectations and permit routine contractual restrictions on uses of information traditionally protected by federal intellectual property law. A fundamental change in approach is needed."
The revisions were not made, and the ALI withdrew from the Article 2B process in 1999.[130]
The customer’s so-called “right of return”[131] does little to ameliorate the problem of hidden terms. As the American Bar Association’s Section on Science and Technology Subcommittee on Proposed UCC Article 2B put it,[132]
"1. Mass market licenses are fundamentally different in several significant respects from traditional contracts, including: a) The complete anonymity of the parties and lack of any ability on the part of the licensee to communicate with the licensor, let alone negotiate any terms; b) The fact that many provisions in a typical mass market license form no part of the “basis of the bargain,” and are often not discoverable until after the bargain has been struck;
"2. A statutory “right of return” does not give adequate protection to a licensee who has expended time and effort to shop for and purchase a product in reliance on promotional materials which conceal material aspects of the product and the terms governing its use.
"3. Licensors frequently include provisions in mass market licenses to impose restrictions or limitations which they know would discourage sales if they were disclosed prior to purchase. . . .
"4. . . . [N]one of the proposed “safe harbors” truly satisfies the basic definition of “conspicuous”: “written, displayed or presented that a reasonable person against whom it is to operate ought to have noticed it.”
"5. The economics of the market place, including particularly the need to minimize transaction costs and encourage consumer confidence in “off the shelf” products, should drive NCCUSL not to structure the law in a manner which encourages these types of practices.
"In sum, we believe that a statute that permits a licensor to eliminate virtually all of its obligations and impose significant use restrictions without effective advance disclosure only encourages sharp practice and tends to reduce the customer confidence that is essential to the functioning of a mass market."
Maybe every seller of new merchandise would like to eliminate competition from the used-products market. Wouldn’t it be great (if you were Chrysler, one of the supporters of UCITA) if you could kill the market in used cars, forcing all buyers to buy new cars instead, or force every buyer of a used car that you originally manufactured to pay you a royalty? Fortunately for the rest of us, under the first sale doctrine and the doctrine of exhaustion, sellers can not do that. If you bought something, you can sell it without interference from the original manufacturer.
Unless it is software. Or a computer.
UCITA section 503(2) says that “a term prohibiting transfer of a party’s contractual interest is enforceable, and a transfer made in violation of that term is a breach of contract and is ineffective to create contractual rights in the transferee against the nontransferring party.” This can appear as an inconspicuous term in a contract presented to the consumer or the business customer after the sale.
Additionally, to the extent that UCITA applies to the software embedded in goods,[133] such as a computer,[134] the seller can prohibit the resale of the goods by prohibiting the resale of the software embedded in them.[135]
Under UCITA’s default rules, the merchant[136] licensor provides an implied warranty of merchantability to the end user.[137] The consultant who selects, develops, or furnishes software to a customer provides an implied warranty that the software is fit for the customer’s purposes.[138] This covers the development of all custom software. For breach of contract, under the default rules, the customer is entitled to direct, incidental, and consequential damages.[139] Representatives of large software publishers and consulting firms repeatedly stated in the UCITA meetings that no software licensor could afford to offer these warranties or remedies.
It is procedurally easy for licensors to disclaim the implied warranties[140] and limit or exclude remedies.[141] In a mass-market contract, the licensor merely buries the terms in a contract that the customer does not get to see until after paying for the product.
However, independent service providers and custom software developers do not get to use standard form, impossible to modify, post-sale contracts. Contracts for $10,000 to $50,000 in services are often very short. Warranty disclaimers and remedy exclusions are surprising and unwelcome in these face-to-face deals. So the terms that apply are the default rules that no larger publisher or contracting firm would agree to.
UCITA’s proponents claim to have written UCITA to protect the interests of small licensors. As an attorney whose primary legal clients are independent software development service providers and freelance writers, I think that UCITA puts my clients under serious risk. Their services were not governed by Article 2 and they therefore did not warrant merchantability or fitness for a customer’s purpose. Instead, their duty is probably to provide workmanlike efforts. The Independent Computer Consultants Association,[142] the National Writers Union,[143] and the Free Software Foundation[144] are all advocates for independent developers of software or information, and they oppose UCITA as a threat to independents. To the best of my knowledge, no group that advocates for independents has spoken in favor of UCITA.
Software is used to control life-critical products and to make life-critical decisions. It controls cars and assembly lines, is used to design all types of machines, houses, bridges, and other structures. It is used to diagnose diseases, interpret X-Rays, look up patient history records, help insurers decide whether to approve a given treatment for a given patient for a suspected disease, and so on.
This section lists three examples of public safety and security issues that arise with UCITA.
UCITA’s sections 815 and 816 allow the vendor to shut down its software on cancellation of the software license.
Self-help for software is a complex issue. The UCITA drafting committee tried a staggering number of alternative approaches to self-help, looking for a proper balance between the rights of the vendor, the customer, and the innocent third parties who might be affected by a shutdown of the software.
UCITA section 816 provides important restrictions on the use of self-help. It is not accurate to say that a vendor can unilaterally shut down a customer’s system without reasonable notice and reasonable opportunity to respond.
Unfortunately, the risk comes simply from the existence of the back door that the vendor creates in its program. The “back door” (security leak) is the function that allows the vendor to shut down the software with a single message.
Sometimes, a defect in the vendor’s software will produce a shutdown by accident. (UCITA regards software defects as inevitable, so surely we can expect some defects in the parts of the software that govern self-help). The customer can recover consequential damages for wrongful use of electronic self-help, but a shutdown triggered by a defect would appear to be accidental, not wrongful.
Sometimes, a third party will discover how to shut systems down this way. (For example, the third party might by a former employee of the software publisher). Such a person might shut systems down for the fun of it or he might engage in extortion, either of the vendor or the customer. You might say, yes, there are criminals who do these things, but they are beyond our control. But in this case, the criminal is exploiting a security hole that is authorized by section 816. If self-help were banned, this risk would not exist.
When I mentioned the hacker problem to a proponent of UCITA at the NCCUSL meeting, he said that if anyone tried this, they’d have to face the FBI, so what’s the problem? If this is how you’re thinking, please consider this analogy. Suppose that I sold you a new refrigerator, but the contract required you to leave your kitchen door unlocked, at all hours of the day and night, in case I want to repossess the refrigerator. That open door does not just let me in. A burglar might come in too, and rob you. Sure, you can call the police after getting robbed, but wouldn’t you rather lock your door?
What kind of legislator would say that the public should have to rely on the FBI instead of being allowed to peacefully lock their own doors?
What kind of contempt for the safety of the public is reflected in a bill that allows companies to prevent their customers from peacefully locking their own doors?
Even if the contract contains a clause that forbids the vendor from exercising self-help, that does not mean that the vendor will strip its self-help code out of the computer program. That could cause side effects, making the program fail in other ways. Instead, the vendor will agree to never send a shutdown message. That still leaves open the possibility of the software might be taken down by accident or by a criminal.
UCITA lays out a structure for lawfully exercising software self-help. This isn’t done much today, but it will be done a lot more once a law specifically authorizes vendors to put these back doors in their products. I do not think that this is a desirable side effect of this statute.
Self-help was portrayed in the UCITA meetings as something essential to protect the interests of small licensors. However, the only group attending the UCITA meetings that represents only small licensors, the Independent Computer Consultants Association, urged NCCUSL to ban self-help. Instead, ICCA recommended that a party wishing to terminate use of its software should be allowed to proceed by injunction and, if successful, recover attorney’s fees. The availability of attorney’s fees goes a long way toward making it possible for a small licensor to be able to afford to obtain the injunction.[145] This eliminates the security risk, but it was never taken seriously by the UCITA drafting committee.
In the case of Hill v. Gateway 2000,[146]a consumer alleged consumer fraud, breach of warranty, and violation of the Racketeer Influenced and Corrupt Organization Act. The District Court certified the case as a class action.[147] The appellate court redirected the suit into arbitration, honoring an arbitration clause that had not been presented to the customer until after the sale. The same reasoning would support enforcement of an arbitration clause when a software defect (covered by UCITA) caused injury, property damage, or death.
The appellate opinion did not lay out the basis of the underlying complaint. According to the District Court’s summary:[148]
"Gateway offered the 10th Anniversary system through an advertisement in PC World Magazine and other media directed at computer buyers. The Hills learned of the special through the advertising. In addition, Gateway supplied information on the 10th Anniversary system to computer magazines.
"The 10th Anniversary system included Altec Lansing Surround Sound Speakers with Subwoofer, a 6X EIDE CD-ROM Drive, and a Matrox MGA ‘Millennium’ 2MB Graphics Accelerator. The Hills experienced numerous problems with their system. Their 6X EIDE CD-ROM Drive did not perform as advertised. "Gateway had advertised a ‘new blazing 6X CD-ROM Drive . . . the fastest EIDE CD-ROM anywhere.’ The Hills’ CD-ROM performed like a 4X drive and would jam while in various programs. This performance problem was allegedly due to sub-par materials used by Gateway. Moreover, a faster drive was supposedly available when Gateway made its claim.
"Gateway advertised that the Altec Lansing Speakers were the first speakers to create theater-type surround sound. The speakers came in surround sound packaging, but the Hills claim that the speakers did not have surround sound. In addition, the speakers produced static or hiss. Gateway allegedly told the Hills that Gateway did not offer the surround sound speakers and that there had been a misprint in Gateway’s advertising. Gateway offered the Hills $50 cash back and Altec Lansing 400 speakers, which were not surround sound, or a full refund.
"Gateway also advertised a Matrox MGA Millennium 2MB WRAM Graphics Accelerator as part of the 10th Anniversary system. In an effort to cut costs, Gateway allegedly substituted an inferior accelerator without informing its customers. In all, the Hills would have had to pay an additional $1,000 to obtain the system that they ordered."
Additionally, according to Hill:[149]
Inside the shipping containers “was a four-page document entitled ‘Standard Terms and Conditions.’ There was no prior notice of such a document in the advertisement, on the outside of the box, or on the order confirmation that Gateway faxed to plaintiffs.”[150]
The standard terms and conditions included an arbitration clause:
"Any dispute or controversy arising out of or relating to the Agreement or its interpretation shall be settled exclusively and finally by arbitration. The arbitration shall be conducted in accordance with the Rules of Conciliation and Arbitration of the International Chamber of Commerce. The arbitration shall be conducted in Chicago, Illinois, U.S.A. before a sole arbitrator."[151]
"The Standard Terms and Conditions” purported to become effective thirty days after receipt of the computer system without any further action by purchasers; rejection would require that the consumer, at the consumer’s expense, repackage the computer system and return it to Gateway. The “Standard Terms and Conditions” do not contemplate a signed agreement to be so bound by the purchaser. The Hills did not acknowledge or sign an agreement to the ‘Standard Terms and Conditions.’[152]
“The rules of the International Chamber of Commerce also require each side to pay an arbitration fee in advance of approximately $2,000—half the list price of the Tenth Anniversary System.”[153]
Gateway began including the ‘Standard Terms and Conditions’ in shipping containers for the first time in July of 1995. Gateway began taking orders for the Tenth Anniversary System on the last business day of June, 1995, and did not begin shipping the Tenth Anniversary System until August of 1995.[154]
We have no way of knowing whether Hill’s claims were true or false, but based on the reports in the press and on the Net, there appears to be evidence in support of his claims. According to these, Gateway shipped 10,000 of the 10th Anniversary Systems.[155] Dissatisfied customers formed The 10th Anniversary Club, to share information and work collectively with Gateway.[156] They complained about hissing speakers that were less valuable than they expected.[157] They complained about faulty CD-ROM drives (too slow, lock up, or “faulty”)[158] and about a “stripped-down” video card.[159] Sengstack (writing for PC World) said the “Matrox MGA Millenium graphics card described in Gateway’s ads (which appeared in PC World and elsewhere) was actually different from the board sold in stores. Unlike the retail version, Gateway’s card could not be upgraded with hardware . . . and it used a slower RAMDAC chip.” Sengstack reported that a Matrox spokesperson said these cards were built to Gateway’s specifications. He also claimed that a faster Teac 6X drive was available when Gateway rolled out the 10th Anniversary System.
The Hill court (7th Circuit) noted that “Hill kept the computer for more than 30 days before complaining about its components and performance.”[160] The court then decided that “Terms inside Gateway’s box stand or fall together. If they constitute the parties’ contract because the Hills had an opportunity to return the computer after reading them, then all must be enforced.”[161] Following its reasoning in ProCD, the court ruled that the contract was binding on the customer, upholding an arbitration clause that was subsequently rejected as unconscionable by two courts.[162]
We will never know whether Gateway 2000 intended or committed consumer fraud, because there will never be a public trial. Whether or not Gateway crossed the line, I am disturbed by the holding of the case because it lays out a road map that can be followed by less ethical companies who want to engage in sharp practices without fear of a public trial.
Hill’s complaint included a RICO cause of action, alleging mail and wire fraud. He filed a class action lawsuit. With 10,000 customers allegedly involved, there seems to be a public interest in having public proceedings, open to the press, so that the other customers would hear about it and perhaps participate in (or opt out of) the suit. The Seventh Circuit responded to this by saying:
"The Hills’ remaining arguments, including a contention that the arbitration clause is unenforceable as part of a scheme to defraud, do not require more than a citation to Prima Paint Corp. v. Flood & Conklin Mfg. Co., 388 U.S. 395 (1967). Whatever may be said pro and con about the cost and efficacy of arbitration (which the Hills disparage) is for Congress and the contracting parties to consider. Claims based on RICO are no less arbitrable than those founded on the contract or the law of torts. Shearson/American Express, Inc. v. McMahon, 482 U.S. 220, 238-42 (1987)."[163]
As the court itself says, the same reasoning covers claims in tort.
The UCC Article 2 drafting committee has not adopted the reasoning or the holding of Hill v. Gateway 2000[.]164 However, UCITA has embraced Gateway’s approach to contracting.[165]
Imagine that the Pinto litigation[166] had been forced into arbitration. Do you think the plaintiffs would have received punitive damage awards? Do you think that the press would have been able to cover the arbitration hearings? Do you think that the same auto-safety consumer protection laws would have been introduced? What result should we expect for software that causes personal injuries, property damage, or deaths?
I will consider the extent to which UCITA can be applied to embedded software in a later section. But here is an example. Consider the following advertisement for an after-market fuel injector computer.