Feeds

Vista's EULA product activation worries

Walking on thin ice?

Reducing the cost and complexity of web vulnerability management

EULAs and the legal term "self help"

Now let's face it: lots of software products contain features that disable themselves upon some condition. For example, trial software will work for a period of time - say 30 days, and then stop. And you agree to that when you download and/or install it. It says so right in the EULA.

Spyware contains EULAs where you agree not to disable or delete it. Are you bound by that contract as well? As discussed previously, the answer is not so clear. Sony got into trouble by putting very restrictive EULA terms on its music/data CDs, which gave it a bunch of rights just cause you decided to listen to music - including your agreeing never to listen to the music overseas. As I noted earlier, the terms of an EULA are generally considered to be enforceable even if you didn't read it, understand it, or have any ability to negotiate it.

However, there is another principle in the law. If a contract (for example, an EULA) is breached, you have to right to sue and to collect damages. Generally, you would have the burden of proving a breach of the contract, and prove the existence of some damages, and then possibly the right to obtain other kinds or relief - like an injunction or other court order.

In addition, other statutes, like the US or international copyright laws may give companies like Microsoft other rights and remedies, including access to federal court and statutory damages, and even possible criminal enforcement by the FBI.

Now if Microsoft breaches the contract it wrote, the Vista EULA, what are your rights? Well, according to the terms of the agreement you agreed to, "you can recover from Microsoft and its suppliers only direct damages up to the amount you paid for the software. You cannot recover any other damages, including consequential, lost profits, special, indirect or incidental damages".

So if your entire network is shut down, and access to all your files permanently wiped out, you get your couple of hundred bucks back - at most. And, as far as I can tell, there are no warranties on the license, no assurance (like the kind you would get on a toaster oven or a lamp) that the thing actually works or does any of the things advertised. What is worse, if you just want to get your money back (assuming Microsoft doesn't want to give it to you) then you have to file a lawsuit (probably in Redmond, Washington) under the laws of Washington State, and if (and only if) you can prove your case, and your damages, can you get your money back.

You aren't entitled to, upon your belief that there was a breach of contract, simply walk up to the cash register at your local Fry's or Best Buy and take a couple of hundred bucks from the till. This is called "self help" (or theft) and is not generally allowed as a contract remedy.

But the Microsoft Vista EULA, like many other software license agreements, gives the owner of the software (remember that's Microsoft because you didn't buy it, you just licensed it) the right of self-help. They have the right to unilaterally decide that you didn't keep up your end of the contract, for example you didn't properly register the product, you weren't able to demonstrate that it was genuine, and so on, and therefore they have the right to shut you off or shut you down. So, what gives them the right? Apparently, the very contract they now claim you violated.

Case law examples of software being disabled after a dispute

In the early days of computers, there were several cases where software developers determined that licensees didn't make appropriate payments and therefore shut down the computer programs.

In 1988 in Franks & Sons, Inc v Information Solutions, Inc the software developer installed a "drop-dead" code in the program. When the customer failed to pay as promised, the developer activated (or allowed to be activated) the drop-dead code, which kept the customer from accessing the software as well as any stored information. The problem was that the customer didn't know about the drop dead code. Under those circumstances, the court found that it would be "unconscionable" to allow the software developer to hold the licensee ransom, essentially using self-help to shut down the business until he was paid. The court noted:

Public policy favours the non-enforcement of abhorrent contracts. Here, without the knowledge of plaintiff, defendants have included a surprise in their product which chills the functioning of any business whose operation is a slave to the computer. If the plaintiff had known about this device at the time it entered into the contract with the defendant then the result would be different. Here it would be unconscionable for the Court to give credence to this economic duress.

However, it wasn't clear whether the sole problem in that case was the fact that the "drop-dead" software was not disclosed, or that the developer, by using the undisclosed code, was holding the licensee hostage.

In 1991, in American Computer Trust Leasing v Jack Farrell Implement Co, 763 F Supp. 1473 (D. Minn 1991) the software developer, in a dispute over payment for the software, remotely deactivated the software. The contract provided that the developer, who owned the software, could remotely access the licensee's computer in order to service the software and that if the licensee defaulted, the agreement was cancelled. When the licensee didn't pay, the developer told them that they were going to deactivate the program - which they promptly did. The licensee's lawsuit for damages failed because, the court noted, the deactivation was "merely an exercise of [the developer'] rights under the software license agreement..." This was true even though the agreement did not specifically state that self-help was a proposed remedy.

Security for virtualized datacentres

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.