Feeds

UCITA drafters don't go far enough for Red Hat

Warranty sticking point

  • alert
  • submit to reddit

High performance access to file storage

The group that drafted the controversial UCITA legislation has approved a handful of changes designed to address concerns raised by Open Source advocates, but those changes may not go far enough to win the approval of Red Hat's lawyer.

The National Conference of Commissioners on Uniform State Laws approved several changes to its Uniform Computer Information Transactions Act, which is supposed to be a model for state legislatures to consider.

Among the changes approved by the NCCUSL last week were some that addressed concerns voiced by the Open Source and Free Software communities:

  • A state's consumer protection law now trumps UCITA.
  • Software contract terms that prohibit criticism of that product are unenforceable.
  • A software contract may not prohibit reverse engineering that is done for the purposes of making a piece of software work with other software.
  • Open Source software is exempt from UCITA when that software is not sold for a profit.

But that last change doesn't go far enough, says Carol Kunze, a lawyer working for Red Hat on UCITA issues. Before the commission's meeting, Kunze wrote a letter asking the group to kill UCITA altogether. Red Hat and other Open Source companies have long objected to UCITA's requirement that Open Source software provide warranties to customers.
Kunze says the new changes stop short of exempting Open Source software a customer has purchased from carrying a warranty. And software distributed for free would still be required under UCITA to carry a warranty if there's a charge for installation services or an accompanying maintenance contract.

The bottom line, says Kunze, is that any Open Source programmers trying to make money from their software would have to carry up-front warranty disclaimers saying there are no implied warranties beyond those that are granted, like proprietary companies do in their click-wrap agreements. "Open Source/Free Software would have to adopt the proprietary practice of having an upfront agreement with the user, something that many Open Source/Free Software programmers don't want to do, if only to disclaim the implied warranties," Kunze says.

Kunze also worries about the combination of UCITA with the laws in several states that prohibit warranty disclaimers. "Should a state adopt UCITA, but amend it by disallowing warranty disclaimers for consumers, Open Source/free software may be forced to carry mandatory warranties," she says. "I am reminded of Bruce Perens' statement in Open Sources: Voices from the Open Source Revolution (1999): 'If free-software authors lose the right to disclaim all warranties and find themselves getting sued over the performance of the programs they've written, they'll stop contributing free software to the world.'"

Commission officials say some of the changes in the UCITA model bill were prompted by the many concerns expressed by Open Source and Free Software advocates. But Carlyle "Connie" Ring, chairman of the UCITA drafting committee, says the changes are a good compromise for the Open Source community. "No one comes out at 100%," Ring says. "We all give a little bit."

Ring clarifies that the new UCITA would exempt from warranty an Open Source product that was sold for the cost of the media it was on, such as a $3 Linux CD set. But a Red Hat boxed set selling at Wal-Mart for $60 would fall under UCITA's warranty provisions.

"If you're packaging that as a commercial product, then you're in the business that every other software purveyor is in," Ring says. In Ring's way of thinking, you then should abide by the same warranty rules as the rest of the industry.

Ring predicts the software warranty debate could go two ways: through state legislatures working on legislation such as the commission has recommended, or through the U.S. Congress. Ring doubts that Congress would exempt commercial software from carrying warranty disclaimers.

Acknowledgment of GPL, reverse engineering

Kunze is also interested in a couple of other changes to the UCITA model legislation. One is an acknowledgment that a notice license -- such as the GPL or BSD licenses -- is not governed by UCITA, as opposed to contractual licenses. She says while this acknowledgment doesn't really change the existing law, it may be useful in helping people understand licenses such as the GPL.

Kunze is more concerned about the reverse engineering provision in UCITA, which, like the warranty change, may not be of much help to Free Software programmers. The change to allow reverse engineering for interoperability purposes basically follows the Digital Millennium Copyright Act's language, she says, in requiring that reverse-engineered information must not have been "readily available" to the programmer.

So what's that mean? "'Readily available' may mean that an attempt must first be made to obtain a license for the information," she says. "What's more, it's not clear whether conditions on the information, such as payment, may be imposed. Given that Open Source/Free Software does not generate license income, any required payment may put this option out of reach. Any benefit from this reverse engineering clause may prove elusive."

What's next?

The original UCITA model legislation was the first proposed by the National Conference of Commissioners on Uniform State Laws that the American Bar Association threatened to oppose, says John McCabe, legislative director for the NCCUSL. The changes to UCITA will now go back to the ABA for approval in mid-2003.

Meanwhile, the NCCUSL will pitch the new UCITA language to state legislatures across the United States, including to the two states that have already passed UCITA laws, Maryland and Virginia. Ring says his group will recommend that the two states adopt the changes they haven't already addressed.

But Red Hat's Kunze predicts UCITA will continue to be opposed by consumer groups in states where it's considered. "Given that the recent changes still do not satisfy its opponents, it's not clear whether UCITA will now be successful in getting adopted in other states, particularly with the added charge that it would force Open Source/Free Software to adopt proprietary practices in having agreements with users," she says.

© Newsforge.com

Related story

You can help reverse the UCITA today

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.