Source

Automatically imported from: http://commons.somewhere.com:80/rre/1999/RRE.Uniform.Computer.Inf.html

Content

This web service brought to you by Somewhere.Com, LLC.

[RRE]Uniform Computer Information Transactions Act

``` [You will recall the failed Article 2B of the Uniform Commercial Code, which has now been recycled as something called the Uniform Computer Information Transactions Act (UCITA). If passed by state legislatures, this would become the basic law governing the buying and selling of digitized intellectual property in the United States. UCITA goes far beyond your normal run-of-the-mill power grab by software vendors. It really is from another planet. It is so bizarre, in fact, that the ACM has taken the extraordinary step of sending a letter to each of the hundreds of members of the National Conference of Commissioners on Uniform State Laws, who are scheduled to formally accept or reject UCITA late this month. The letter itself, and the ACM's press release announcing it, are enclosed. See also ACM President Barbara Simons' column on it at . Note that ACM's complaints are strictly limited to issues that affect ACM's technical membership. Other, even more severe objections have been raised by a wide variety of others. For example, Computerworld quotes Professor Jean Braucher of the University of Arizona Law School as saying that "UCITA enables the vendors to forbid the customers to publish results of tests of software or other criticism". (This was true of the proposed Article 2B as well.) If it is argued that any such problems will be sorted out by competition in the marketplace, one response is that mature software markets tend, for very powerful economic reasons, to become monopolies. If the Commission approves UCITA then unsuspecting state legislators, who in all likelihood have never heard one word about this issue, will almost certainly be told that it's nothing special, that there is no controversy, that UCITA represents a "consensus", and so on, in the hopes that this extreme legislation will slip quietly through without the benefit of public debate. This issue has direct and forceful implications for every single person who uses, or who will ever use, any kind of software. These materials from ACM are forwarded by permission and reformatted.]

---

This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, see http://dlis.gseis.ucla.edu/people/pagre/rre.html or send a message to requests@lists.gseis.ucla.edu with Subject: info rre

---

Date: Thu, 15 Jul 1999 09:59:35 -0700 From: Barbara Simons Subject: A press release on ACM's UCITA letter

[...]

Press Contacts: Anne Wilson, ACM 212-626-0505 annewilson@acm.org

Christopher Morgan, ACM 617-262-2044 morgan@acm.org

ACM SAYS THE SOFTWARE CONSUMER WOULD LOSE IMPORTANT RIGHTS IF THE UNIFORM COMPUTER TRANSACTIONS ACT (UCITA) BECOMES LAW

UCITA could discourage the development of reliable software and restrict the consumer's right to pursue remedies for software problems, says ACM

New York, July 15, 1999 -- The Association for Computing Machinery has voiced its support for the software consumer by opposing the proposed Uniform Computer Information Transactions Act (UCITA), to be considered for endorsement later this month by the National Conference of Commissioners on Uniform State Laws. The ACM noted that the software consumer would stand to lose important rights if the proposal becomes law. The ACM is the nation's oldest association of computing professionals, with over 80,000 members in industry, academia, and government.

UCITA is a proposed licensing law that would, among other things, redefine the legal standards for software mass market licenses, including the shrinkwrap licenses familiar to computer software users. If endorsed by the Commissioners, the UCITA proposal would then be introduced into the individual state legislatures for voting.

ACM President Barbara Simons said today, "We oppose the Uniform Computer Information Transactions Act, and are making our announcement now because the state Commissioners may decide to endorse UCITA within the next two weeks. The ACM has had a long-standing interest in ensuring the development of computer products and services that are well designed and that do not endanger public safety. Legal rules must not discourage the creation of reliable software or make it more difficult to detect and correct software problems".

Cem Kaner, a Silicon-valley based attorney and software development consultant, added his voice to the ACM's anti-UCITA stance, saying, "If UCITA becomes law, software publishers would have no duty to check their products for viruses. Furthermore, vendors could avoid paying for damage caused by a virus, and software users would have a harder time returning a defective product". Kaner is a member of the ACM's U.S. Public Policy Committee.

Liability issues

In a letter to the Commissioners, Simons noted that UCITA appears to put user interface errors in the same category as errors in a newspaper article, thus making it too easy for software publishers to avoid facing any legal consequences for defective software. Pamela Samuelson, software legal expert and member of the ACM's U.S. Public Policy Committee, agreed, saying "UCITA presumes that a software program's user interface -- the part visible to the user -- is technically not part of the program. That means warranty liability rules would not apply to the user interface. If this is the case, software developers will no longer be held to a high standard, and bad user interface designs will predominate".

Threats to Reverse Engineering

The ACM letter stresses that UCITA could also threaten normal engineering activities, especially reverse engineering, by allowing publishers to ban the technique through contractual use restrictions. Reverse engineering is a commonly used technique in the software industry and in academia. It involves studying a software program without having access to its source code so as to understand its operation. Computer software expert and ACM U.S. Public Policy Committee member Eugene Spafford warns "Reverse engineering is a time-honored, legal procedure that allows consumers and technologists to examine software for security defects, fix dangerous flaws, and develop interoperability with other software. UCITA would allow vendors to prohibit or severely restrict these activities, thus increasing the risks to the public from buggy software, computer viruses, and other all-too-common software problems".

The full text of the ACM letter to the Commissioners on Uniform State Laws is available at http://www.acm.org/usacm/copyright/

###

[http://www.acm.org/usacm/copyright/usacm-ucita.html]

ACM

July 12, 1999

Dear Commissioner:

I am writing to you as President of the Association for Computing Machinery to urge you to oppose adoption of the proposed Uniform Computer Information Transactions Act (UCITA). ACM's Public Policy Committee has been following UCC 2B/UCITA for some time. In October of last year we sent letters to Carlyle C. Ring, Jr., Chairman of the NCCUSL Article 2B Drafting Committee, and Professor Geoffrey Hazard, Jr., Director of the American Law Institute, urging that the re-drafting Article 2B be tabled. The concerns we raised then have not been addressed in UCITA.

The development of reliable software is one of the central aims of the ACM. Through our conferences, publications, and research, the ACM works to promote the development of excellent software products and computer services. Our 80,000 members honor a Code of Ethics that states, "The computing professional must strive to achieve quality and to be cognizant of the serious negative consequences that may result from poor quality in a system". The UCITA will hinder this pursuit, and result in possible harm to the general public.

UCITA makes it too easy for software publishers to avoid facing any legal consequences for defective software. Perhaps this is appropriate for some defects, but not for the ones the publisher knew about when it sold the product. Customers can't discover most of these defects with quick trials of the program - it takes skill to find them during pre-use testing. By reducing the responsibility of software publishers to detect and eliminate problems before the product is released to the public, UCITA will result in the lowering of standards in our profession.

Additionally, UCITA threatens normal engineering activities, especially reverse engineering. UCITA allows publishers to ban reverse engineering by means of contractual use restrictions. The only limits on these bans require litigation of each and every use that a computer researcher might reasonably pursue to improve a product or correct a flaw in a program. Software developers can freely reverse engineer mass-market products under current law. Without extensive litigation, over a span of many years, this right will be clouded by UCITA.

Reverse engineering is a widespread, standard, critically important activity in the software engineering and research communities. How else could we detect and investigate security risks? How else could we develop programs that impede the spread of viruses?

How else could we make products interoperable? Many of the Y2K bug fixes have required reverse engineering. It is hard enough to solve the technical problems without the creation of additional legal hurdles. By allowing the establishment of legal restrictions on reverse engineering, UCITA will have real-world effects. It will impede computer research and potentially threaten public safety as the problems with Y2K, computer viruses, and software bugs become more widespread.

Another problem with UCITA is the odd definition of "published information content". UCITA defines "information content" as information that is intended to be communicated to or perceived by an individual in the ordinary use of the information, or the equivalent of that information. The term does not include computer instructions that control the interaction of a computer program with other computer programs or with a machine or device. It then continues:

"Published informational content" means informational content prepared for or made available to recipients generally, or to a class of recipients, in substantially the same form.

In later sections, it treats "published information content" as if this included the type of information that you would find in books and newspapers, and adopts special limitations on liability. For example, express warranties are created for software, but not for the published informational content in software.

This has implications for the manner in which UCITA deals with user interface errors. Such errors are part of the program. In fact, one of the important components of ACM is our Special Interest Group on Computer-Human Interaction (SIGCHI). The researchers and product developers in this group devise scientific theory and engineering guidelines for producing reliable and usable software products. Good thoughtful user interfaces are an important component of sound engineering design. It would be a serious mistake to classify user interface errors as equivalent to errors in the content of a newspaper article, which is how UCITA treats them today.

Commissioner, the Association for Computing Machinery has a long- standing interest in ensuring the development of computer products and services that are well designed and do not endanger public safety. It is critical to our profession that legal rules not discourage reliable software or make it more difficult to detect and correct software problems. Therefore, we urge you to oppose UCITA.

Sincerely,

Barbara Simons President, ACM ```

This web service brought to you by Somewhere.Com, LLC.