March 7, 2000

Dear Senator,

I am writing to state my opposition to the Maryland legislature enacting MUCITA (Senate Bill 142). In order to keep my letter shorter than the proposed bill, I will limit this letter to only stating some of my objections to MUCITA in regard to software purchased in retail stores. Opposition[1] to the UCITA has been expressed by 26 Attorneys General (including the Maryland Attorney General) FTC[2], software developers, every consumer advocacy organization that has examined it, large software customers, librarians, the entertainment industry (until they were explicitly exempted from UCITA), magazine and newspaper publishers, software developers, and many law professors.

This act has, from its inception, been rushed through the process by the large software manufacturers in order to reduce competition and protect themselves from liability when they intentionally release software with known bugs. Most of the 'consumer protection' aspects that the proponents of the act cite are illusionary since almost every 'consumer protection' can be waived in the license itself. In fact, most of them are currently waived in the existing shrink-wrap licenses.

Process

This act was initially proposed as an amendment (section 2B) to the UCC which requires the approval of both the ALI and the NCCUSL. The AIL objected that the draft of article 2B was too sweeping in scope and ran contrary to the existing principles of contract law. The NCCUSL pulled out of the process when the AIL would not schedule a vote until the summer of this year in order to allow ample time for all sides of the issue to respond. In a rushed hearing process, the NCCUSL passed the UCITA in July of this year. The UCITA is currently being rushed through several state legislatures including Virginia[3], Maryland., Oklahoma, and Illinois.

The proponents of this bill have not yet adequately explained why this bill is so necessary that it must be rushed through without adequate discussion. The software industry has been experiencing record growth under the existing laws. The large software producers have not presented any evidence that the current laws are inhibiting or acting as a deterrent to their industry.

Products Vs Licenses

The software industry has also not adequately explained why their product is so different from other products bought in retail outlets that it requires special exceptions to the UCC. If I buy a dictionary or encyclopedia in a book store, I have bought a product and acquire certain rights to that product including the right to resell the book after I have finished it and the right to use the information in any way consistent with copyright laws. Yet, if I buy the same dictionary or encyclopedia on a CD in a software store, I have only paid for the right to view the book and must waive any rights to resell it after I am finished with it and the right to 'fair use'. What is the difference between the CD version and the paper version that requires this change in law?

If I buy a radio in an electronics store, I bought a product with expressed and implied warranties. However if I buy a radio card for my computer, I must waive those warranties. What is the difference between those two products?

If I buy a DVD player that connects to my television, I bought a product that can be used with any television. However, if I buy a DVD player for my computer, I am legally restricted to only using it with approved operating systems. What is so different between these products that I must waive my rights under product law?

Most consumers assume that when they buy a product in a retail store and use it, they have bought a product, not entered a binding contract. Take a poll of your staff. Ask them how many have installed software and clicked on the 'I agree' button without reading the licensing agreement. Now, ask those same people if they would sign a contract without reading it first.

MUCITA would require that everyone installs software enter a binding contract. Since there is no requirement in the MUCITA that the licensing agreement be in plain English, the average consumer would either have to consult with an attorney or agree to a contract they do not fully understand.

AS-IS

Almost every license contains a term similar to: "The entire risk arising out of use or performance of the SOFTWARE PRODUCT remains with you."[4] How is a consumer to perform due diligence in order to accurately access the risk he is assuming? Any published review of the software is suspect because many of the shrink-wrap licenses contain a provision similar to McAfee's that prohibit reviews or benchmarks without McAfee's approval.[5]

There is an internal Microsoft memo [6,]. stating that there are more than 63,000 defects in the recent Windows 2000 release. While I agree with Microsoft's position that many of them are either minor 'bugs' or requests for product enhancement, I do not know if any of those 63,000 defects would put me at risk if I used their software. Microsoft will not publicly release the list so that a consumer or an independent reviewer can determine if any of the defects are serious enough to be concerned about. We are only left with Microsoft's assurances that they are not serious defects. But, Microsoft disavows these same assurances in their shrink-wrap license when they require that the consumer waive all implied and explicit warranties before using Windows 2000.

It should also be noted that Windows 2000 went 'gold' (released final commercial version) in December of last year. Since then, OEMs have been installing it and selling it to consumers. Microsoft 'officially' released Windows 2000 on February 17, 2000 to great fanfare. On February 18, 2000, Microsoft released their first service patch for Windows 2000 which included a fix for a possible security hole. Which is the more probable explanation for that timing: Microsoft suddenly found the security hole on February 17 and rushed out a fix the next day?. Or, Microsoft know about the security hole for some time but did not make this information available to the public so that it would not effect any of the positive 'buzz' regarding the official release thereby leaving all the early users of Windows 2000 vulnerable and ignorant of a security bug?

In either case, the software vendor is requiring that the consumer assume all the risk of determining if the software is appropriate for the consumers needs while controlling all the material information necessary for the consumer to make an informed decision. This is the large software vendor's idea of a balanced law.

Right to a Return

The current situation [7] regarding software returns is:

1. Every box of retail software has words on the outside of the box similar to: "You must accept the enclosed License Agreement before you can use this product...If you do not accept the terms of the License Agreement, you should promptly return the product for a refund" [8]
2. When you go to install the software, you will see an EULA appear with the following text: "If you do not agree to the terms of this EULA, promptly return the unused SOFTWARE PRODUCT to the place from which you obtained it for a full refund." [9]
3. If you click on 'I disagree' and take the package back to the retailer, they will refuse to refund your money citing their return policy: "No returns accepted on open computer software, videos, music, or video games." [10]
4. If you contact Microsoft and ask for a refund, they point to the EULA and say that they have provided a 'reasonable' return procedure.
5. If you contact the store or OEM, they will point to their return policy and say that the EULA was not an agreement between them. and you.

How does MUCITA change this situation? It doesn't appear that it will.

First, the portions of the act that effect the Right to a Return are scattered throughout the act leading to contradictions and ambiguity of which section of the act has precedence. A consumer, who wanted to litigate after both the software vendor and the retailer refused to honor the consumer's Right to a Return, has two choices: pro se or hire a lawyer. Hiring a lawyer is not a viable option when you are discussing a $100 or $200 piece of software. A pro se,. would be slaughtered in court [11] by the lawyers. They would pull a couple of sections from the MUCITA, throw in a couple from the UCC, and mix well with many confusing legal terms-of-art like bilateral agreement and collateral estoppel. The consumer would be hopelessly lost.

Second, I could not find anything in the act that says the software vendor is ultimately responsible for the refund if the retailer refuses to agree to the terms of the license. All the representatives of major software retailers (with one exception) stated that the reason that they do not refund for open software is that the software companies will not refund them if the retailer accepts returns on software. I see nothing in MUCITA that would force the vendors to refund the retailers. [12]

Section 21-613 (B)(2) appears to make the retailer responsible for the refund. But, 21-613(B)(3) appears to exempt retailers if they explicitly refuse to the terms of the licensing agreement. The notice on the back of receipts would serve that purpose.

Third, 21-113 (3) lists sections of the act that "can not be varied by agreement". Section 21-613, the only section in the MCUITA which says who is responsible for the refund, is conspicuously absent from this list. This would strengthen the retailers claim that the consumer waived the Right to z Return when the consumer saw the retailers 'disclaimer' printed on the back of the sales receipt.

Fourth, 21-113 (3) and 21-209 (B) seem to make the Right to A Return iron-clad. However, this is illusionary. Section 21-112 (E)(3)(a) contains a loop hole that allows the software vendor to remove the Right to a Return. If the software vendor puts some verbiage about "particulars of performance are contained inside", this section would apply. This particular section states: "A Right to a Return is not required."

Fifth, MUCITA does not place any liability or incentives for the software vendor to force the retailer to honor the 'refund' clause in the EULA. In fact, 21-113(A)(1) and 21-209(A), provides an incentive for the software vendor to delay the refund process as long as possible. The longer the refund process drags out, the more likely the consumer will become frustrated and decide to use the software since he is not receiving any benefit for the money he has paid. Once he clicks on the 'I agree' button, he is legally bound by the licensing agreement and any objections he previously made to the license are null and void.

Section 21-809 also leaves the customer open abuse with respect to the Right to a Return. Some software companies do not currently include support as part of the package. They will charge the consumer for any calls to their support line.[13] If a consumer experiences a problem during the installation and calls the software vendor for support, 21-809(A) allows the software company to subtract the cost of the support call from the amount of the refund EVEN if the problem was known to the software vendor when they released the software.

No consumer should be required to pay in advance in order to obtain the right to read a contract. [14'] However, if Maryland insists on passing this bill, it should be amended to include severe penalties for any software vendor that does not enforce the 'Right to a Return' policy on any retailer or dealer or will not refund the retailer for any losses incurred because of the Right to a Return clause. Barring that, the act should be amended to stipulate that if the consumer does not obtain a refund in a reasonable time, the contract is null and void including all terms that waived implied and expressed warrantees and all terms that place use-restrictions on the consumer that are not consistent with the UCC.

Authentication

Section 21-108 is contrary to all existing contract law. This section does not require that the person who 'authenticated' the record be legal competent or have the legal authority to enter a binding contract. The only requirement is that someone clicked on 'I agree'. If a minor buys a software game and clicks on 'I agree', the parents have become legally bound by the contract without any proof required that they saw or knew that the software was being installed.

Self-Help

I will leave to others to discuss the potential for the software vendor to abuse this clause. Instead, I will concentrate on the potential for abuse by third parties. Section 21-814 allows software vendors to put a 'backdoor' (a security hole deliberately placed there by the software vendor) in the software; but, it places no requirement that the software vendor inform the consumer that such a 'backdoor' exists. And, 21-401 and 21-402, allows the software vendor to waive any damages that may occur when (not if) a malicious person uses this 'backdoor' to disrupt or harm the purchaser of the software.

Conspicuous

The definition of conspicuous [21-102 (14)] is not adequate when applied to terms in a mass-market license that requires payment before being allowed to view the license. What is conspicuous to a person reading a printed document in the formal setting of a contract signing is not conspicuous when viewed on a screen when the primary focus is on installing software. Capital letters are not conspicuous when buried on the fifth or six screen of a document that is filled with mind-numbing legal jargon. Any mass-market license terms that materially effects the normal rights of the consumer should be conspicuous before the consumer pays for the product.

False Advertising

The wording on the box of most software ("You must accept the enclosed License Agreement before you can use this product") [15] coupled with 21-202(E) gives the software vendor the 'last word' in any contract formation. If you click on 'I agree' you have agreed to all terms in the license. Since almost every license has a clause similar to "The SOFTWARE PRODUCT and any related documentation is provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties or merchantability, fitness for a particular purpose, or noninfringement" [16] (emphasis added) Translation, it doesn't matter what our advertising or the box says. If this becomes a binding term, the consumer is waiving any relief from the statutes regarding any misrepresentations made by the software company.

Would, any software company resort to such sneakware? They already have. [17] CuteFTP is sold in retail stores and there is no indication on the box that the license inside the box is only valid for 30 days. However, that is one of the terms you will see on the licensing agreement when you start to install the software. This information would influence the consumer's decision to buy. However, it is buried inside the box where it can be viewed until after the consumer has made the purchase decision.

Canon [18] sells a printer whose specification sheet says will work with NT software. A customer called Canon when he couldn't get it to work with his computer. Canon's response was that the NT driver was provided only as a curtesy. NT was not supported.

The above is not an exhaustive list of all my objections to Senate Bill 142. However, it should be a sufficient to show that the implications of adopting Senate Bill 142 as law would have vast, far-reaching consequences and should not be rushed through the procedure.

Sincerely

Garnet Harris

1. Full list of list of the parties and their position papers can be found at badsoftware.com.  [return]
2. FTC.gov contains the text of the FTC letter to the NCCUSL.  [return]
3. Virgin's House and Senate passed the bill and it is currently waiting for the governor's signature. [return]
4. Text taken from the Microsoft Word EULA. [return]
5. Software vendors already use this clause to control unfavorable reviews.

   In the March 6 issue of PC Week, Timothy Dyck stated "Even with its current dubious legality (especially considering existing copyright fair use exemptions that protect use for purposes of criticism and research as well as constitutional free speech rights), this clause is already a club that vendors hold over journalists and reviewers. If UCITA becomes law, we will be even more restricted in our job of providing the information you need to choose among alternatives" (emphasis added)

   Also, John C. Dvorak stated in his column in the Forbes February 7, 2000 issue, "Word has gotten around and other daily news reporters, who were designated by the company to review the product under non-disclosure agreements, were contacted by the PR minions of Microsoft." (emphasis added)  [return]

6. Sm@rt Reseller, February 11, 2000 " Bugfest Win2000 has 63,000 'defects'."  [return]
7. The following is based on my personal experience in trying to return opened software and those participating in "Refund Day" on February 15, 1999. Full details of those who tried to obtain refunds under this clause can be found at: Linux Mall For any who doubt that this is the norm rather than the exception can easily test this by buying retail software, 'disagree' with the license terms, and then try to obtain a refund.  [return]
8. Text from Microsoft Home Essentials for Windows 95  [return]
9. Ibid  [return]
10. Text taken from Best Buy's sale receipt. During my half-hour argument to obtain a refund for open software, I was informed that the reason for this policy is that many software companies will not give the store a refund for opened software. This was confirmed in my conversation with Bob Malloy, a member of Staple's corperate legal department. However, a spokesman for Best Buy's public relations department said that it was due to a FCC (I verified with her that she said the FCC instead of the FTC) regulation that prohibited retailers from returning opened software.

    Toshiba also made a similar admission when exchanging e-mails with Geoffrey D. Bennett when he attempted to obtain a refund for Windows software. The full e-mail exchange can be viewed at: Bennett's web site.  [return]

11. This assumes that the representative would even get as far as a hearing. The lawyers would probably get it thrown out with a Motion to Dismiss or a Motion for Summary Judgement before a consumer could present his side of the story. [return]
12. Bob Malloy, a legal representative stated "No way we will be on the hook" in a phone conversation with me on this topic. They will either get refunds from the software vendor, find a way around the Right to a Refund clause, or stop sell the software. The representative from Best Buy's PR department said that it would not effect their return policy since it is protected under federal law. She did not state the specific statute that she was relying on. [return]
13. Last time I checked, Microsoft would charge a $75 fee for any support calls. [return]
14. I have spent over an hour on Microsoft's web site searching for the licensing agreement that comes with Microsoft Office. I can find pages and pages of marketing material, favorable reviews, white papers, etc. However, I can not find a copy of the license. It would take less than a day for a web designer to provide a link to the license; but, Microsoft has not made the effort. Apparently, it is a deliberate policy to withhold any licensing information until after the customer has paid. I guess they feel that the customer is less likely to actually read it and have it effect the buying decision if they don't read it until after they paid [return]
15. Microsoft Home Essentials for Windows 95. [return]
16. Text taken from the Microsoft word license. [return]
17. November 1, 1999 issue of InfoWorld "Watch out for the Change Broadband Suppliers are Making Behind the Scenes. [return]
18. Ibid [return]