[ Main | List of Articles | Bad Software | UCC 2B | Law of Software Quality | Digital Signatures | Bookstore | Court Cases | Links | Press Releases | About Us | What's New ]
November 1, 1996
To: Carlyle C. Ring FAX 703-448-2954
To: Ray Nimmer FAX 713-743-2082
(Note added in May, 1998. These sections have been killed. This paper is here for reference purposes only.)
Sections 2B-320 and 2B-321 insufficiently protect the licensee’s privacy. Both authorize the licensor to send data to from the licensee’s computer to itself about the licensee or the licensee’s computer. The licensee’s computer contains valuable data, often including the encryption key s/he uses for her or his digital signature.
This authorization opens a huge hole in the licensee’s computer security. This should not be allowed unless:
In contrast with this cautious approach, here is the Reporter’s note on Section 2B-320:
"In a recent case, a software vendor had included in its software code that caused the software to send an e-mail message to the vendor in the event that improper copying was occurring. That device would be a passive device under this section and does not require notice. Requiring notice in such cases would in effect defeat the impact of the antipiracy measure if the licensee chose to alter the code."
I recommend that we alter Section 2B-320 and 2B-321 as follows:
SECTION 2B-320. ELECTRONIC REGULATION OF PERFORMANCE.
(a) Subject to subsection (b) and Sections 2B-319 and 2B-712, a party entitled to enforce a limitation on use in a license may include in the information, code or an electronic or other device that restricts use consistent with the express terms of the agreement.
(b) An express term in a license authorizing the use of code or a device to enforce a limitation is required unless
(1) the code or device provides reasonable notice to the licensee prior to precluding further use at the expiration of the term of the license;
(2) the code or device merely precludes use of the information by more that the authorized number of simultaneous users or at an unauthorized location; or
(3) the information is obtained for a stated period of time less than five days and the code or device merely enforces that time limitation.
(c) Operation of a code or device that restricts use consistent with the agreement is not a breach of contract and the party that included the code or device is not liable for any loss created by its operation, but operation of a code or device that precludes use permitted by the contract constitute s a breach of contract.
(d) A party entitled to enforce a limitation on use in a license may not send electronic communications from a computer or other device, program or file controlled by the licensee unless:
(1) an express and conspicuous term in a license authorizes the sending of such communications; and
(2) the licensee is provided a copy of each such communication; and
(3) the licensee is provided with a reliable means of determining whether the provided copy of the communication matches the communication that was actually sent.
(e) Nothing in this section precludes electronic replacement or disabling of a prior version of information by the licensor with a new version of the information pursuant to an agreement.
SECTION 2B-321. DATA PROTECTION.
(a) Personal information concerning an individual or data concerning the licensee’s actual use of a licensed program, or the context, or environment in which use occurs, may not be collected, transferred, made available to, or employed by the licensor other than in performing the contract unless before collecting the information:
(1) the licensor notifies the licensee of its intent to collect the information, the manner in which it intends to use the information, and the licensee’s right to object to the collection or use of the information; and
(2) the licensee expressly consented to the collection or use of the information.
(3) the licensee is provided a copy of the information; and
(4) if the information is transferred from the licensee’s system or from a file or program controlled by the licensee, the licensee is provided with a reliable means of determining whether the provided copy of the information matches the communication that was actually sent.
(b) The limitations in subsection (a)(1) and (a)(2) do not apply to the following uses or types of information:
(1) transactional information obtained in the ordinary course when initiating the transaction;
(2) aggregate information obtained in the ordinary course regarding the use of a system or site or a part thereof owned or controlled by the party obtaining the information;
(3) information collected and used solely by a computer program in the licensee’s system and not transferred to the licensor;
(c) A licensee who consents under subsection (a)(2) may object at any time to any further use or collection. Upon receipt of the objection, the licensor shall cease to collect or use the information except as allowed by subsection (b).
Sincerely
Cem Kaner