SAN MATEO (07/31/2000) - Just five years ago, the Web was still a tiny subset of the world of computers; no one had heard of Amazon.com Inc., and most people called their travel agent if they wanted to book a vacation to Hawaii.
The rapid pace of technological and business innovation since then has turned the world upside down. Business has taken the Internet, once largely a community of academics, and turned it into an economic machine. In the process it has changed the way many industries do business, and is on the verge of changing many more.
That rapid change, and the fortunes to be made and lost because of it, is driving new laws and proposed laws affecting everything from buying real estate to using software. Specifically, the Digital Millennium Copyright Act (DMCA), the Uniform Computer Information Transactions Act (UCITA), and database legislation currently before the U.S. Congress are attempts to keep pace with rapid technological and business changes.
"The rise of the Internet is the cause of these new laws," says Skip Lockwood, Washington-based coordinator of the Digital Future Coalition (DFC), an organization dedicated to intellectual property issues, and 4CITE (For a Competitive Information and Technology Economy), a coalition formed to either reform or oppose UCITA. "We are dealing with companies that are not used to the Internet and they are terrified of it."
Lockwood points to the recording industry and MP3 debate as an example of how technology can shake up an industry.
"You've got an industry that has set itself up successfully. Then, all of a sudden, the technology has come along and scrambled the pipeline," Lockwood says. "They feel very uncomfortable in this shifting environment."
Industry groups on all sides have sought to influence these laws to turn the atmosphere of change to their advantage. But the laws have the potential to do more than just ensure that record companies stay in business.
"UCITA, Title One of the DMCA, and the database legislation is a three-legged stool," says Jonathan Band, a Washington-based attorney specializing in these issues at the law firm Morrison & Foerster. "These three things acting together set frightening rules on how people can use information in the future."
Who owns what on the Web?
Passed and signed into federal law in 1998, the DMCA was designed to implement treaties with the World Intellectual Property Organization (WIPO). But it has since evolved to include additional provisions on related matters.
A provision set forth in Title One seeks to outlaw piracy of intellectual property, such as movies, music, and other copyrighted material, and imposes criminal penalties for the circumvention of technological protection measures.
But many observers question the wisdom of outlawing circumvention.
"The problem at a theoretical level with Title One is that it targets technology rather than use of technology," Band says. "By outlawing technology, you outlaw legitimate uses, too."
For example, groups representing the movie industry, the Motion Picture Association of America, and the DVD Copy Control Association have filed lawsuits against Web sites offering a downloadable tool called DeCSS, which allows users to crack the encryption in DVDs. The people who reverse-engineered the DVD protection system weren't doing it to facilitate piracy, Band says, but rather to ensure Linux compatibility. (Until recently, a DVD could only be played on a Wintel DVD drive.)In April, First Amendment attorneys took up the cause of those sites posting DeCSS, filing an appeal claiming the postings are constitutionally protected free speech, and that the encryption technology does not meet the criteria of trade-secret infringement. The DVD cases are still pending, with one set for trial this month.
"A lot of provisions in this law have the potential to chill uses of information, especially among competitors," Lockwood says.
The DMCA does make provisions for exceptions to Title One. Several exceptions have already been carved out to allow reverse-engineering for interoperability, encryption research, and security. Furthermore, the U.S. Copyright Office is currently accepting comments on possible additional exceptions. In particular, libraries and universities have concerns about being able to use digital content for educational purposes.
Companies that have concerns about their content being hijacked without permission also have an arsenal of new technological tools at their disposal (see "Protecting intellectual property on the Web," www.infoworld.com/printlinks).
Title Two of the DMCA offers ISPs "safe-harbor protection," which protects them from liability for acting as an information conduit.
"Title Two, on the whole, is a good statute," Band says. "It provides a degree of certainty for service providers, so that they know what their exposures are."
But ISPs must remove material if a copyright-holder claims it is an infringement. If the Web site operator says it will contest the claim, or if the copyright-holder does not pursue its lawsuit, the ISP may repost the information. This was the situation in Metallica's case against Napster: The rock group sent Napster a list of users who were infringing on its copyrights.
"Napster disabled lots of people, but told them if they were not sued in 10 days that they could ask that their material be reposted," Band says. "Napster could put them back up and be protected. Safe harbor still applies."
New catches to buying software
UCITA governs software licensing, and although it hasn't generated the kind of publicity that Napster has it could transform the way consumers and businesses buy software.
Designed as state law, the UCITA draft legislation was created by the National Conference of Commissioners on Uniform State Laws (NCCUSL) to bring uniformity to and facilitate interstate commerce. That group then sends the law to state legislatures to be passed. So far only Maryland and Virginia have passed the law.
Essentially, UCITA interprets software not as a product but rather as intellectual property that must be licensed. People who buy books own them and can resell, burn, or give them to someone else. UCITA states a software licensee does not own the software purchased and so is not granted the same rights. A software "lease" sets rules for how the software is used, how long it can be used, and whether or not it can be given to someone else. As a result, UCITA seems to have the potential to severely limit how companies use software.
The following are some examples.
* Electronic self-help. UCITA allows a vendor to build back doors into its software that enable the vendor to enter and shut down the software with or without the licensee's permission (see related article, below). Some UCITA opponents have said building such back doors into software could present a serious security risk.
"If a software publisher puts in that capability, anybody who finds out about it can use it," says Stanley L. Klein, a computer consultant in Baltimore. "If an electric utility uses software with a back door, somebody could break in and shut down the power."
Other observers question how vendors will ensure that licensees are not violating their agreements.
"The only way a vendor can find out that you are violating the terms of their license agreement is by monitoring your use," Lockwood says. "It [seems like] Big Brother."
* Shrink-wrapped license enforcement. UCITA makes the terms of shrink-wrapped licenses more enforceable. Every time a user clicks on the "I agree" button the licensee company is bound to those terms. Even large IT organizations use a significant amount of shrink-wrapped software.
"No one in business should be allowed to agree to any click-wrap of any sort without referring it to management and legal counsel," Klein says.
* Reverse-engineering. More enforceable shrink-wrap licenses in effect outlaw reverse-engineering, observers say, which can make managing an enterprise even tougher. For example, if a company wants to switch its database software, it can't write a program to transfer the files from one system to another.
Instead, it would have to convert the data into an ASCII flat file and then import it into the other product. Any proprietary formatting of the data would be lost.
Companies may also lose access to their own data if the vendor says the licensee isn't living up to the terms of the agreement.
"And in a case of a dispute where your license becomes voided, you can no longer access your data," Klein says.
* License transference. The law makes it possible for a publisher to prohibit a customer from transferring the license to another party without their permission. For example, if one company acquires another, the acquiring company does not get the software unless the software maker approves the transfer.
Klein has seen at least one license agreement specifying that sale of more than 50 percent of a company shall be considered a transfer of license.
"I bought Corel Linux's backup and recovery utility," Klein says. "Their license has this provision. I was flabbergasted when I saw it."
* Warranty disclaimers. UCITA allows vendors to disclaim warranties. For example, a software product that doesn't work could not be returned if the customer has agreed to a click-wrap license disclaiming an implied warranty of merchantability.
The U.S. Federal Trade Commission is examining the issue of software warranties and is currently accepting public comment on the issue (see www.ftc.gov/os/2000/05/hightechforum.htm for more information).
Although these provisions are considered extreme by many observers, UCITA has not yet raised the hackles of executive-level management, because it doesn't affect sales or revenue streams. IT and legal departments would work most directly with the law, Morrison & Foerster's Band says, and these departments at most companies are considered cost centers, so they don't raise red flags.
But as more money goes to license negotiations, executives may begin to take notice.
Putting more time into negotiations may offer some protection. One attorney recommends that corporate users "opt out" by specifying in their licensee agreement that UCITA does not apply to that agreement.
"Parties to a software license agreement, and other 'computer information transactions' covered by UCITA, are free to negotiate to avoid UCITA and choose another source of governing law," says Jim Boeckman, a partner at the law firm Vinson & Elkins, in Austin, Texas.
But Boeckman warns that the opt-out provision doesn't apply to UCITA's electronic self-help provision. Vendors can still repossess software if they think you've violated your license agreement.
"Until now, there's been a lot of skepticism whether these shrink-wrapped licenses are enforceable," Band says. "UCITA says this is a contract, so all arguments that have existed in the past go out the window. The only hope you have is that the Supreme Court will rule that it's pre-empted."
Whether it will get that far is questionable.
"Proponents say, 'No, you don't need any provisions to protect libraries and archives because copyright law pre-empts these license terms,' " the DFC's Lockwood says. "The problem with that is that federal copyright law pre-empts only when there is a conflict between state law and federal law. Things such as fair use and archives are not spelled out in copyright law. So there is very seldom a case where federal law and state contract law would be in disagreement."
To avoid many of UCITA's provisions, IT executives must tread carefully when negotiating software license agreements.
Regulating data use
Originally part of the Digital Millennium Copyright Act, but dropped in the conference committee of the Senate and House, H.R. 354 would set rules on the use of information in databases. Supporters of the bill include Lexis-Nexis, the National Association of Realtors, and other large database producers.
"Bills like H.R. 354 are designed to slow everything down so that big companies can get a better hold and understand what's going on before the competition outstrips them," Lockwood says.
At issue is the kinds of information eligible for copyright. For example, courts have ruled that facts are not copyrightable, Band says.
"If I go out and create a database of recipes on cakes, I do not own the rights to the use of flour, milk, and eggs," Lockwood says.
But according to Richard Stallman, founder of the GNU project, H.R. 354 would allow database owners to copyright facts.
"H.R. 354 would effectively allow facts to become private property, simply through their inclusion in an electronic database," states Stallman in an essay about the database legislation titled U.S. Congress Threatens to Establish a New Kind of Monopoly (see gnu.cs.ntu.edu.au/philosophy/new-monopoly.htm).
"Ominously, many collections of public records, maintained by companies on contracts to governments, would become property of those companies."
But H.R. 354 would cut off database information from start-up, value-added, information-aggregator companies.
For example, Band says, take a person that wants to create a listing of houses for sale to target high-income individuals. "I could go to www.realtor.com once a day to see what's there and come up with a listing of the newly listed homes in a certain price range to list on my Web site," he says. "That's a nice value-added service, and all I'm copying is the price of the house, the general location, and the size. H.R. 354 would make that illegal."
A competing bill, H.R. 1858, has the support of companies that oppose H.R. 354, including Yahoo Inc., AT&T Corp., and many dot-com start-ups. It offers more protection without preventing the value-added uses of information that are lawful today, Band says.
"A lot of Internet businesses are based on aggregating information," Band says.
"H.R. 354 could really stifle the growth of all kinds of Internet businesses."
Shopbots, such as Price Watch, that search the Web and aggregate price information are prominent examples of the kind of value-added information services that H.R. 354 could make illegal. Consider eBay Inc.'s suit against Bidder's Edge Inc. The company sought to prevent Bidder's Edge from crawling its site, claiming that Bidder's Edge was going onto its site 100,000 times a day, thereby placing a burden on its systems. Rather than claim intellectual property infringement, eBay alleged that by searching items listed for sale the shopbot for auction sites was trespassing on its site.
Although a federal court granted a preliminary injunction against Bidder's Edge, the company has gotten around the ruling by allowing users to search eBay listings in a separate window. Bidder's Edge has also filed an appeal; the case is still pending.
Such shopbots create a commodity market for many products -- a frightening prospect for some companies. The scope and accessibility of the Internet cuts the middleman out in many industries and has the potential to do the same to many more.
"Everyone wants a free market until it's their market that has intense competition," Lockwood says. "Then they want protection."
Observers argue that existing laws should well enough govern the rapidly evolving computer and Internet industries. But as long as powerful interests have fortunes to gain or lose, laws will continue to be proposed and passed.
Lockwood believes that in any case, big pieces of legislation should be avoided.
"Things are too fluid to be creating restrictive laws," Lockwood says. "We talk about scalable servers and scalable sites. That's what should be going on in the legislative process rather than these omnibus, let's-do-it-all-in-one-fell-swoop pieces of legislation."
Send comments to Senior Editor Jessica Davis (firstname.lastname@example.org).
Defining material breach
Among the litany of complaints about the Uniform Computer Information Transactions Act (UCITA) laid out by opponents of the legislation is concern about provisions that cover material breach.
Opponents say UCITA's material breach language is slanted in favor of software vendors, which get a lot more power to determine whether a breach has occurred.
With "self-help" remedies also included in the law, vendors will be able to use drastic measures more readily, they fear.
Supporters of the legislation, however, say UCITA was drafted based on an American Law Institute summary of case law from across the country and uses essentially the same language found in common law with regard to material breach.
In a legal sense, a contract's material aspects are the fundamental expectations of the two parties. This might be as basic as stating what operating system a software program will run on. Some contracts also spell out actions that would breach the contract. Contracts also sometimes define immaterial breaches -- lesser actions that don't affect the overall performance of the contract.
Under current commercial code, if a contract dispute can't be reconciled, a third party, such as a court or arbitrator, steps in to determine whether a material breach has occurred, and the burden of proof is on the party making the accusation, says Skip Lockwood, coordinator of the Digital Future Coalition (DFC).
"What changes under UCITA is that the onus is no longer on the vendor to determine that the licensee is wrong," Lockwood says.
Lockwood and other opponents of UCITA warn that the law gives too much leeway to software vendors to determine that a material breach has occurred and also to impose a self-help remedy. "The vendor gets to be judge, jury, and executioner," Lockwood asserted.
But Carlyle Ring, Virginia commissioner of the National Conference of Commissioners on Uniform State Laws (NCCUSL) and chairman of the UCITA drafting committee, says putting material breach standards into UCITA creates a uniform statement of the rule, and uniformity of the law across the 50 states is a key goal of UCITA.
Under UCITA, when customers make a standard commercial purchase of a software product, they are legally entitled to take the items back or request an exchange, Ring says. The drafters "very consciously provided" for customers' rights to reject a software product bought in a store, he adds. But in a negotiated software contract, which typically calls for delivery in installments, UCITA clarifies what material breach rule applies, he says.
UCITA has raised additional concern because, according to opponents, it allows a software licensor to pull the plug on a program remotely or put in motion a process aimed at canceling the license, says Jonathan Band, a lawyer at the Washington office of Morrison & Foerster.
"Material breach is a significant concept in any contract law because that triggers everything in terms of remedies," Band says. "The big problem with UCITA, of course, from many people's perspective, is material breach triggers the self-help provisions."
"That remedy in the minds of many of the licensees does not have enough protections around it to make sure it won't be used improperly," says Susan H.
Nycum, a partner at Baker & McKenzie's Palo Alto, Calif., office.
According to Ring, these concerns are a red herring because self-help is a remedy only under a negotiated contract, in which case all of the stipulations of the self-help process are spelled out and agreed to.
"The argument is that big software companies may be very hard-nosed about what they want to include in the contract as the definition of what a material breach is," Ring says. "My own experience is that I've been able to negotiate exactly what a material breach is."
Nycum also says that UCITA classifies the breaches a software vendor might commit as immaterial breaches, whereas things the licensee might do are classified as more serious material breaches.
Opponents also worry that UCITA creates a number of defaults that apply if a contract leaves questions open.
Randy Roth, director of corporate purchasing at Principal Financial Group, in Des Moines, Iowa, calls UCITA "a prescription for litigation," citing its default definitions, which could result in a company being accused of committing material breach.
Roth says a license for software that runs on a mainframe typically says it can be used by an undetermined number of people. But UCITA says if no number of users is specified, there is a default to a "reasonable" number."From there it goes into an argument over what's reasonable," Roth says.
* Electronic Frontier Foundation (www.eff.org): EFF's mission is to protect digital free expression, empower people to maintain privacy and control digital identity, and ensure that systems are built to respect people's rights.
* The U.S. Copyright Office (lcweb.loc.gov/copyright): This Web site offers a section on new and pending legislation, copyright law, the Digital Millennium Copyright Act (DMCA), and links to other resources.
* The Digital Future Coalition (www.dfc.org): The DFC Web site offers extensive information on the DMCA, H.R. 354, and UCITA.
* 4CITE (www.4cite.org): The Web site for this anti-UCITA coalition includes the latest UCITA-related news, background information on the law, and a wealth of UCITA-related links.
* Share (www.share.org/UCITA.html): The UCITA page of this volunteer-run organization outlines the company's opposition to UCITA in detail.