Number 294 - November 2007
Would You Sign This Contract?
by Rob Rice (articles@isp.com),
Computer Club of Oklahoma City (www.ccokc.org)
   Ok, here's the deal; I offer you a big, 56-inch, shiny new Filch Plasma Screen TV and I will sell it to you if you will agree to have a camera installed in your home so I may watch you watching the new television. Sound fair? You also agree that should you disable or inhibit the free operation of the camera in any way, you forfeit the television and your money. Neither am I responsible for any damages to your home from the equipment or its use nor do I guaranty privacy or even that the television will work.

   Would you sign such a contract? Many of us, in a sense, have already agreed to something like the above scenario when we clicked on the End User License Agreement (EULA), the contract that accompanies most software these days.

   It pretty much goes without saying that most of us do not read EULAs. They are often long, dry, and hard to understand documents written in a very small type face and crammed in a tiny window. Even if there is something bad in it, what are the chances it will have any real affect? After all "I'm one among millions".

   We may often think of ourselves as just one among many cattle feeding in the pasture, so "The chances of lightning striking me are remote". But lightning did hit hundreds of folks in the form of a Recording Industry Association of America (RIAA) lawsuit. Hundreds of persons have been sued for allegedly downloading music illegally: For example, RlAA filed a lawsuit agamst 12-year-old Brianna LaHara, whose mom had paid a $29.99 service charge to KaZaA for the company's music service, said Brianna, "I got really scared. My stomach is all turning," "I thought it was OK to download music because my mom paid a service fee for it. Out of all people, why did they pick me. (1)

   But what we have learned since Brianna's case came to light is that many intellectual property owners are using eavesdropping techniques to monitor end user compliance. Whether it's intercepting data traffic over an Internet connection or placing spyware on your computer the name of the game seems to be intimidation through litigation. Of course heavy-handed tactics do tend to produce mistakes and bad public feeling, such as RIAA's disastrous lawsuit where they sued a deceased great-grandmother who reportedly had never owned a computer. (2)

   But what is interesting is that software that tends to operate in a dubious manner will typically tell you up front, or give you some hints in its EULA. Take for example this classic EULA that was analyzed by Benjamin Edelman back in 2004, he is an assistant professor at the Harvard Business School and a member of the Massachusetts Bar. It is Gator, an advertising pop-up software that often came embedded in weather monitors, organizers and clock synchronizers, (The company changed its name to Claria Corporation. GAIN stands for Gator Advertising Information Network) The EULA, with over 5,900 words of text, informed the user that:

   "You agree that you will not use, or encourage others to use, any unauthorized means for the removal of the GAIN AdServer or any GAIN-Supported Software from a computer."

   That includes removing it with Adaware or SpyBot, which listed it as spyware.

   " Any use of a packet sniffer or other device to intercept or access communications between GP and the GAIN AdServer is strictly prohibited." Meaning you cannot monitor what it is doing while it is on your computer!

   Mr. Edelman's website is a very good resource for the wary and worth a look, (www.benedelman.org/news/112904-1.html). Sony has faced some embarrassing headlines as of late with their music CD's EULA and rightly so. Take for example these observations by the Electronic Frontier Foundation regarding the contents of the Sony EULA:

   If you file for bankruptcy, you have to delete all the music on your computer.

   The EULA says Sony-BMG will never be liable to you for more than $5.00.

   If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

   You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

   If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside. (3)

   Most EULAs that I have read place all of the burden and financial responsibility upon you. You pay the money, you take the risk, and you take the liability. The software company decides everything in its favor and takes no responsibility what-so-ever even for the software doing what it claims to do! It would seem that you in effect given up your legal rights in exchange to use a piece of software.

   Ok, so you read the license agreement but the mind numbing experience had you re-reading the same sentence over and over and by the time you were done you felt like the first documented case of someone having actually died from boredom. What is worse, you still don't know what it
said! But cheer up, there is help available. For example, The Electronic Frontier Foundation has a helpful article titled, "Dangerous Terms a User's Guide to EULAs" by Annalee Newitz. (4) It describes some of the more dubious terms found in some EULAs and what to look out for. Such as:
   1. "Do not criticize this product publicly."
   2. "Using this product means you will be monitored."
   3. "Do not reverse-engineer this product."
   4. "Do not use this product with other vendor's products."
   5. "By signing this contract, you also agree to every change in future versions of it. Oh yes, and EULAs are subject to change without notice."
   6. "We are not responsible if this product messes up your computer."

   You can also use some of the EULA analyzers that are available. While they are not a substitute for carefully reading a user agreement they can be very helpful by flagging suspect sentences, especially when you have an insanely long contract such as the over 32,000 words found at the Central Pacific Railroad Photographic History Museum's web site. Figuring this would bring any EULA analyzer to its knees, I put it through the Spyware Guide's on-line EULA Analyzer. It performed beautifully and flagged areas that the Analyzer thought suspicious, including:

   You agree to pay us three thousand dollars per unsolicited e-mail sent, or prohibited comment posted to the CPRR Discussion Group, or telephone call and fifteen thousand dollars per e-mail address added to your commercial mailing list in violation of the foregoing, plus damages. The CPRR Museum participates in Project Honey Pot which allows us to track and help catch spammers who harvest e-mail addresses from our web pages.

   One analyzer that I have been using for several months now is the EULAlyzer by Javacool Software LLC, who also publish SpywareBlaster. This is an application that is very simple to use, just click analyze and then drag the application's pointer over the EULA and automatically copies it into the program. Click the "Analyze" button and it gives you its assessment almost instantaneously.

   The EULAlyzer personal is free for educational and personal use and a Pro version with added features is also available. If you are still not convinced of the importance of reading the EULA, you might consider this; the folks over at PC Pitstop (A Href="http://pcpitstop.com">http://pcpitstop.com) decided to see just how many people read the agreement. In their EULA they actually offered monetary compensation for reading the document! It stated:

   Special Consideration: A special consideration which may include financial compensation will be awarded to a limited number of authorized licensees to read this section of the license agreement and contact PC Pitstop at consideration@pcpitstop.com. This offer may be withdrawn at any time.

   Unfortunately it took four months before anyone collected. Doug Heckman was the first person to email them in 3000 downloads! For his efforts PC Pitstop gave him $1000. So there you have it, incentive to read the license agreement!

   Reading EULAs can actually be quite an interesting experience. Read enough of them and you quickly learn how bold some companies have become in trying to thwart trade laws. But don't take my word for it, take a look at some of the attempts to apply the same yoke on its customers EULAs and see what they have to say, you may be amazed!

   (1) Fox N ews, 12-Year-Old Sued for Music Downloading

   (2) BetaNews, RIAA Sues Deceased Grandmother

   (3) Electronic Frontier Foundation, Now the Legalese Rootkit: Sony-BMG's EULA

   (4) Electronic Frontier Foundation, "Dangerous Terms A User's Guide to EULAs"http://www.eff.org/wp/eula.php

   (5) Spyware Guide's on-line EULA Analyzer,
http://www.spywareguide.com/analyze/analyzer.php

   (6) EULAlyzer, http://www.javacoolsoftware.com/index.html

   This article's reference to the Electronic Frontier Foundation should not be construed as an endorsement of the organization by the author. Rob Rice is a computer specialist living in Anchorage Alaska and a member of the Computer Club of Oklahoma City. Rob can be contacted at articles@isp.com.
   http://www.spywareguide.com/analyze/analyzer.php
   http://www.javacoolsoftware.com/index.html
   http://www.benedelman.org/news/112904-1.html
   http://www.eff.org/wp/eula.php

   This article has been provided to APCUG by the author solely for publication by APCUG member groups. All other uses require the permission of the author (see e-mail address above).
  Number 294 - November 2007