Feeds

Vista's EULA product activation worries

Walking on thin ice?

Providing a secure and efficient Helpdesk

EULAs and the legal term "self help"

Now let's face it: lots of software products contain features that disable themselves upon some condition. For example, trial software will work for a period of time - say 30 days, and then stop. And you agree to that when you download and/or install it. It says so right in the EULA.

Spyware contains EULAs where you agree not to disable or delete it. Are you bound by that contract as well? As discussed previously, the answer is not so clear. Sony got into trouble by putting very restrictive EULA terms on its music/data CDs, which gave it a bunch of rights just cause you decided to listen to music - including your agreeing never to listen to the music overseas. As I noted earlier, the terms of an EULA are generally considered to be enforceable even if you didn't read it, understand it, or have any ability to negotiate it.

However, there is another principle in the law. If a contract (for example, an EULA) is breached, you have to right to sue and to collect damages. Generally, you would have the burden of proving a breach of the contract, and prove the existence of some damages, and then possibly the right to obtain other kinds or relief - like an injunction or other court order.

In addition, other statutes, like the US or international copyright laws may give companies like Microsoft other rights and remedies, including access to federal court and statutory damages, and even possible criminal enforcement by the FBI.

Now if Microsoft breaches the contract it wrote, the Vista EULA, what are your rights? Well, according to the terms of the agreement you agreed to, "you can recover from Microsoft and its suppliers only direct damages up to the amount you paid for the software. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages".

So if your entire network is shut down, and access to all your files permanently wiped out, you get your couple of hundred bucks back - at most. And, as far as I can tell, there are no warranties on the license, no assurance (like the kind you would get on a toaster oven or a lamp) that the thing actually works or does any of the things advertised. What is worse, if you just want to get your money back (assuming Microsoft doesn't want to give it to you) then you have to file a lawsuit (probably in Redmond, Washington) under the laws of Washington State, and if (and only if) you can prove your case, and your damages, can you get your money back.

You aren't entitled to, upon your belief that there was a breach of contract, simply walk up to the cash register at your local Fry's or Best Buy and take a couple of hundred bucks from the till. This is called "self help" (or theft) and is not generally allowed as a contract remedy.

But the Microsoft Vista EULA, like many other software license agreements, gives the owner of the software (remember that's Microsoft because you didn't buy it, you just licensed it) the right of self-help. They have the right to unilaterally decide that you didn't keep up your end of the contract, for example you didn't properly register the product, you weren't able to demonstrate that it was genuine, and so on, and therefore they have the right to shut you off or shut you down. So, what gives them the right? Apparently, the very contract they now claim you violated.

Case law examples of software being disabled after a dispute

In the early days of computers, there were several cases where software developers determined that licensees didn't make appropriate payments and therefore shut down the computer programs.

In 1988 in Franks & Sons, Inc v Information Solutions, Inc the software developer installed a "drop-dead" code in the program. When the customer failed to pay as promised, the developer activated (or allowed to be activated) the drop-dead code, which kept the customer from accessing the software as well as any stored information. The problem was that the customer didn't know about the drop dead code. Under those circumstances, the court found that it would be "unconscionable" to allow the software developer to hold the licensee ransom, essentially using self-help to shut down the business until he was paid. The court noted:

Public policy favours the non-enforcement of abhorrent contracts. Here, without the knowledge of plaintiff, defendants have included a surprise in their product which chills the functioning of any business whose operation is a slave to the computer. If the plaintiff had known about this device at the time it entered into the contract with the defendant then the result would be different. Here it would be unconscionable for the Court to give credence to this economic duress.

However, it wasn't clear whether the sole problem in that case was the fact that the "drop-dead" software was not disclosed, or that the developer, by using the undisclosed code, was holding the licensee hostage.

In 1991, in American Computer Trust Leasing v Jack Farrell Implement Co, 763 F Supp. 1473 (D. Minn 1991) the software developer, in a dispute over payment for the software, remotely deactivated the software. The contract provided that the developer, who owned the software, could remotely access the licensee's computer in order to service the software and that if the licensee defaulted, the agreement was cancelled. When the licensee didn't pay, the developer told them that they were going to deactivate the program - which they promptly did. The licensee's lawsuit for damages failed because, the court noted, the deactivation was "merely an exercise of [the developer'] rights under the software license agreement..." This was true even though the agreement did not specifically state that self-help was a proposed remedy.

Internet Security Threat Report 2014

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.