FRAMINGHAM (08/09/2000) - The group that drafted the Uniform Computer Information Transaction Act (UCITA) has backed off slightly from one of the more controversial measures in the proposed software-licensing law -- a so-called self-help provision that allows vendors to remotely disable the software they sell to users. But that may not be much solace to corporate users.
At its annual meeting, which ended last Friday, the National Conference of Commissioners on Uniform State Laws (NCCUSL) agreed to end the self-help provision for mass-market software sold via retail channels. However, the provision remains in effect for other types of software such as customizable applications that are purchased by companies.
Software vendors could take advantage of the self-help capabilities allowed by UCITA to cut off users who they claim haven't paid their license fees or who allegedly have violated their contracts in other ways, such as by having more end users than their licenses allow. That's one of the reasons opponents have claimed the draft law gives too much power to vendors at the expense of their customers.
Carlyle Ring, a former general counsel at Atlantic Research Corp. in Gainesville, Fla., who heads the UCITA drafting committee, said the prohibition of self-help actions by vendors of mass-market software was originally included in a version of the licensing law approved by the state of Maryland in April.
Officials attending last week's conference "thought that it was a change that alleviated some measure of concern" for users, Ring added.
UCITA, which was sent to the legislatures of all U.S. states and territories for their consideration in July 1999, seeks to bring a set of consistent rules to software contracts and licensing agreements. But it has been plagued by controversy almost since the NCCUSL, a Chicago-based organization with representatives from all 50 states, first began drafting the law back in 1996.
Maryland and Virginia are the only two states that have adopted UCITA thus far.
The law has drawn considerable opposition from corporate CIOs, who are particularly worried that the self-help provision will pose security risks to their systems and give software vendors the upper hand in licensing negotiations.
Cem Kaner, an attorney and a computer science professor at the Florida Institute of Technology in Melbourne, Fla., said the change made to UCITA last week is "insignificant" for corporate users.
Although consumers would be exempt from the self-help provision, a company that buys a large quantity of off-the-shelf software likely wouldn't fall under the definition of mass market, he said. In addition, any applications purchased via a site license wouldn't be free and clear of the provision, nor would virus updates and other software products bought through a subscription service, according to Kaner.
But the biggest drawback for companies isn't that their software could be turned off, Kaner said. Rather, it's the potential for vendors to open up security holes in corporate systems through self-help mechanisms. "UCITA imposes no liability on the vendors," he said. "They create a hole in your security at no risk to themselves." And the self-help provision is only one of a number of items in UCITA that have been criticized by end users and other opponents. The amendments made last week by the NCCUSL "do not address the broader concerns raised by UCITA," said Jonathan Band, a partner at Morrison & Forester LLP in Washington who is representing the American Library Association and some software developers who also oppose the draft law.
But Ring argued that the self-help provision can't be included in software contracts by vendors unless end users give their specific consent. Ring said he negotiated many technology contracts at his former job and frequently had vendors change contracts to include terms that were more acceptable to Atlantic Research.
Addressing the broader concerns, Ring added that further changes to UCITA also are possible. "We continue to look at areas of concern," he said. "If we were perfect, we'd get it correct the first time, wouldn't we?"