Return to Bad Software: What To Do When Software Fails.


Cem Kaner, Attorney at Law

(This article was originally written as a set of working notes to use at the Article 2B Drafting Committee at its meeting on September 27-29, 1996. I circulated it to the UCCLAW-l mailing list just after that meeting. I have updated it to reflect the December 12, 1996 draft. To see the latest draft of Article 2B, check the Article 2B home page at

Part 1 of this series was published in the January, 1997, issue of UCC Bulletin. This article appeared in the February issue.)



This memo lists several issues that I have with the UCC 2B draft. These are just sketches of the issues. I've been working on longer memos that focus on individual issues--some of those are available at my web site, Others will circulate in the future. My point here is to collect objections in one place.

My analysis of this statute focuses on a customer buying a shrink-wrapped computer program. Article 2B covers a much broader range of situations than this, but I don't think that Article 2B's breadth is any excuse for adopting rules that are unfair to retail software buyers. Many of these problems also apply to non-retail customers.

Article 2B uses the language of licensor and licensee. In the language of sales, the licensor is the seller and the licensee is the customer.













1.1. MASS-MARKET LICENSEE (2B-102(A)(25))

Prepackaged software usually comes with a document that claims to be a non-negotiable, standard form license. (See the discussion of standard forms below, and the discussion of the mass-market license in Part 1 of this series of articles.) Normally, the customer doesn't learn the terms of this license until after paying for the product, accepting delivery, and starting to use it.

The legal status of this shrink-wrapped license (and of specific terms within it) has been subject to a great deal of controversy. Article 2B blesses the concept, calling it a "mass-market license". Article 2B provides a few protections against unreasonable or surprising terms, but affords most of them only to "mass-market licensees." There is ongoing controversy over the definition of the mass-market licensee.

To a large degree, the mass-market protections parallel those afforded in Article 2 to non-merchants. Deals between merchants are free-wheeling, but a non-merchant, someone who does not deal in goods of the kind, has some protections. A non-merchant can be an individual or a business. The focus is on the competence of the buyer in the particular type of goods at hand. Similarly, European directives define a "consumer" as someone entering into a contract outside of her or his business or profession.

The final definition should apply to all purchasers under the license, or to non-merchant purchasers.


The rights of customers as against retailers and the rights of retailers as against software publishers have not been extensively analyzed in the Article 2B meetings. Different proposals have been suggested over the year that I’ve been attending these meetings.

In its current version, 2B-615(a)(3) states that "The retailer is not bound by the terms of, and does not receive the benefits of an agreement between the publisher and the end user unless the retailer and end user adopt those terms as part of their agreement."

Retailers rarely create their own license agreements, for customers to sign before accepting delivery of a small-ticket product. Instead, the retailer simply puts a software publisher’s boxes on the store shelf and sells them to willing buyers.

Inside the box, the publisher probably disclaims warranty liability and limits remedies. These disclaimers and limits don’t become part of the contract between the customer and the retailer. Thus, the aggrieved customer can collect full consequential damages in a breach of implied warranty suit against the retailer, but not from the publisher whose software defects form the basis of the suit.

Over the last year, I have not seen commentary or participation from a single representative of the reseller community. I suspect that this material will not stabilize until it is tested by objections from retailers and distributors.


I think that the publisher of a mass-market software product should be accountable to customers who buy new (unused) copies of the product, even if the customers bought the product through a retailer.

Under Article 2B, there is privity between customer and publisher via the license agreement between the publisher and the customer. However, I think that the draft revised UCC Article 2 makes this point more clearly.


Discussions in the Article 2 drafting committee's meetings suggest that a publisher can avoid contract-based liability for its false advertisements. This is not discussed in Article 2B. I think that statements of fact made to the public by the publisher of a mass-market software about its own software should be treated as warranties that are enforceable by its customers, even if the customers bought from a retailer and not directly from the publisher.


2.1. STANDARD FORMS (2B-308).

In the last 50 years of commercial sales law, standard forms have been treated with mistrust. (In mass-market software, the standard form is the preprinted, non-negotiable form inside the box.) Both sides use them, but neither side reads them. As a result, the UCC seeks to enforce the negotiated terms of a sale and to limit the opportunity for one side to deal unfairly with the other by oppressive clauses in its fine print form. This approach is reversed in Article 2B.

Under Article 2B, the mass-market license is fully enforceable even if contains harsh terms that the customer cannot discover until after starting to use it. These provisions were expressly written to override the Software Link decisions (Step-Saver Data Systems, Inc. v. Wyse Technology and The Software Link, Inc., 939 F.2d 91, 3d Circuit, 1991; Arizona Retail Systems, Inc. v. The Software Link, 831 F. Supp. 759, D. Ariz., 1993), which held that a post-sale disclaimer of all warranties was a material change to the contract that would not automatically become part of the contract.

In Article 2B, in the mass-market software case, licensors are given a mechanism for displaying their standard form on the software screen and requiring the customer to press "OK" to accept the licensor's terms. The licensee can accept most terms with a single "OK" (or "I AGREE") but has to click "OK" separately for terms that must be conspicuous. If the customer doesn't reject the entire transaction, then each and every one of the seller's terms is now enforceable no matter how unreasonable.

So long as the seller displays the relevant term during installation of the software, and the customer clicks "OK" to continue installing the product, the seller’s mass-market license will even override specifically negotiated parts of the agreement (see 2B-308(b)(2) and then 2B-308(c)), and any conflicting terms in the licensee's form (see 2B-309(a)(2)).

I think this is unreasonable, especially because the licensors' terms often disclaim all warranties, limit remedies for seller's breach of contract to replacement of the disk no matter what harm the breach has caused, disclaim responsibility for viruses, disallow reverse engineering or development of products that are inter-operable with this one, choose what state's or country's law will be followed in any lawsuit against the publisher, and stop the customer from bringing suit against the licensor anywhere but the licensor's choice of a particular city, state or country. If the license says that the customer can only bring suit in an Iraqi court, and that the laws to be enforced in that court will be those of Taiwan, a business (even a one-person business) will be bound by that restriction. Rather than providing a mechanism for blessing every term in the seller's contract, and for automatically rejecting every contrary term requested or negotiated by the licensee, I think that the Committee should be seeking a way to either put some balance into the process or to regulate the seller's terms.

2.2. CONSPICUOUSNESS (2B102(a)(5)).

The UCC requires that some terms of a sales contract must be conspicuous. Article 2B redefines "conspicuousness" in a way that allows the licensor to show the terms to the licensee only after the sale has closed, the licensee has paid for the software, taken delivery, and started to install it on her computer. I think that terms which must be conspicuous must be revealed to the customer before the customer makes the contract, not after. Or, at least, that these terms be displayed in a way that is reasonably calculated to draw the attention of a reasonably attentive customer before the customer makes the contract.

This is not just empty formalism.

Several members of the Article 2B drafting committee seem to treat the notion of conspicuousness as an empty formalism, and as a nuisance that has historically supported unreasonable litigation against sellers. Almost none of the attendees at the drafting committee meetings have agreed with me that it is central to the notion of "conspicuousness" that customers have a decent chance of learning of a "conspicuous" term before they pay their money and take the product away.

The requirement of conspicuousness reflects an accommodation between two conflicting policies:

The UCC allows the seller to include harsh terms (such as refusal to promise that a product is fit for its ordinary purposes), but requires the seller to conspicuously notify the customer of this. If the customer is still willing to buy the product, as is, so be it.

Article 2B allows the seller to hide oppressive terms until the customer buys the product, takes it away, and starts to use it. The customer is allowed to refuse to accept these terms, once she learns of them. To do this, the customer halts the installation, or uninstalls the program from her computer, then goes back to the merchant from whom she bought the product, and demands a refund. She can then buy a competitive product, take it away, install it, and so learn whether this new product comes with any better terms. I think that it is unrealistic to expect customers to return products under these circumstances, even if the terms are entirely unreasonable.

Conspicuousness creates an opportunity for competition, before the sale, when customers are likely to pay attention to the terms of the deal. If one car on a used car lot has a sign that says "AS IS - NO WARRANTY," and the one beside it comes with a warranty, most customers will seriously consider buying the car with the warranty. Even if the customer decides to buy the As-Is car, the lack of warranty will play a role in the bargaining over price and other terms of the contract. In contrast, when these terms aren’t revealed until after the sale, the customer has no opportunity to make comparisons and no opportunity to bargain on the basis of them.

The Better Business Bureau received more complaints about computers in 1995 than used cars. Why should we say to used car dealers that they have to reveal the terms of their deal with a customer before the customer drives the car off the lot, but software sellers do not?


Manifestation of assent occurs when the customer sees a license or a particular term of a license, and clicks "OK". In Article 2B, this is considered equivalent to a signature in a negotiated contract. The idea that the customer is actually assenting by pressing OK, post sale, is a fiction. Combined with the Mass-Market Licenses provisions (2B-308), this is an opportunity for the licensor to routinely engage in sharp practices.


Article 2B says that a customer has an "Opportunity to review" the terms of a license if, after the customer has paid for the software, taking delivery of the software and either started to install it or installed it and started to use it, the terms are displayed and the customer is given an opportunity to reject the terms and return the software. The first problem with this is that American customers might shop carefully, but they rarely retract a deal after the sale has been closed. This thus gives the seller an unfair advantage within our cultural context because the customer doesn't get the bad news about the license until after comparison shopping is complete and the purchase is made. The second problem is that the customer has to spend money to return the product (shipping cost, long distance calls, etc.). I think that if the customer rejects the product because the licensor's contract terms are (in the customer's opinion) unreasonable, the licensor should have to reimburse the customer for all incidental expenses. This might sound harsh, but remember that the licensor can avoid all risk of incurring this liability just by telling the customer the terms of the deal before making the sale.


A preprinted, standard form's terms should never override terms that were actually negotiated and agreed to as part of the sale.


This rule allows the seller to insert a clause in a contract that provides that a seller's verbal promises made during sales negotiations don't become part of the contract. Only the license agreement (which the mass-market customer doesn't see until after paying for and taking delivery of the software) states the terms of the contract.

Historically, this been abused as a means of shielding companies from the sharp practices of their salespeople. The Article 2 drafting committee has severely limited this rule in Article 2. Courts have often limited its application. Article 2B has currently backed away from some extensions but still includes the basic rule.


The Copyright Act allows an owner of a copy of software to make a backup of the software. The Act does not explicitly give this right to a licensee. Similarly, an owner can resell their copy -- you can sell a book to someone else after you read it. A license agreement can restrict you from selling or lending your software (or your books, newspapers, or videotapes).

In its current form, Section 501(c)(2) creates a presumption that a customer who buys a program at a store, or over the Internet, will receive ownership (title) of a copy. However, the contract (mass-market license) can provide otherwise. ("Title to a copy is determined by the contract.") A term that tells the customer that he has merely purchased a right to use the program and has not bought title to a copy of the program need not be conspicuous, and need not be revealed to the customer before he accepts the software.

Article 2B correctly distinguishes one situation (2B-501(a)(2)(A)). Customers sometimes obtain transitory use of a copy. For example, customers who use "network computers" will buy very little software. Instead, they will gain access to programs stored on a remote machine. No one in those transactions should expect that the customer is obtaining title to a program that might, for a brief time, be run on the customer’s machine.

I think that a mass-market customer who purchases long-term possession of a copy of software should get the rights of an owner of a copy under federal copyright law, even though she is, technically, a licensee. There is no difference between the transaction (go to the store, buy a copy) involved in buying a book or buying a (license to use a) computer program.


Another abused contract clause says that no modifications to a contract can be made verbally. The seller's staff can make all sorts of promises, before or after the sale, but because they aren't in writing and signed by an executive of the seller's company, they aren't part of the contract. In current law (UCC Article 2), this type of clause must be conspicuous (and in some states might have to be specifically agreed to) unless both parties to the contract are "merchants." A merchant deals in "goods of the kind" covered by the contract. For example, a doctor is not a merchant when buying a computer program. In Article 2B, this protection is narrowed so that it only applies to consumers (people who buy/license the software for personal or household, non-business, non-professional use) and doesn't protect unsophisticated businesses as it did in Article 2.



2B-402(a)(1) says that seller’s statements of fact are express warranties if they become "part of the basis of the bargain." There is no guidance about what is or is not part of the basis of the bargain, and state law varies greatly in this. Some states require buyer reliance on the statement, at time of purchase. Other states hold that it is sufficient if the seller made the statement to the buyer, even if the buyer didn’t learn of the statement until after accepting delivery.

My understanding of the intent of the original Article 2 was that the seller's statements of fact should usually bind the seller. In particular, the statements of fact and factual descriptions of the program that appear in the documentation (on-line and in print) shipped with the software should be express warranties whether the customer reads the manual before the sale or not. Draft Article 2 makes this explicit.

Treating statements of fact in the documentation as express warranties seems even more appropriate for Article 2B because in 2B we hold the terms of the seller's license against the customer, whether or not they were available to the customer before the sale. Why should Article 2B only enforce post-sale statements that benefit the seller? We should also hold the seller's factual claims against the seller whether or not the customer saw them before the sale.

Article 2B-403 (implied warranty of quality) requires only "substantial" (read, "approximate") compliance with the documentation and then only if the seller doesn't disclaim the implied warranty of merchantability. I think that Article 2B should make it clear that the seller is bound by its factual representations.

3.2. LICENSEE'S TESTING (2B-406(b)(6)).

In previous drafts, Article 2B said that if the licensee tests the software then the software is sold with no additional warranty. That is, any defects that the licensee could have found by testing are deemed as having been found and accepted by the licensee.

This clause was recently voted out of the draft, by a 6-4 vote, but with the understanding that a revised clause might be added in the future.

The Article 2B draft provided some safeguarding language in terms of reasonability under the circumstances, but I think the next draft needs some explicit strengthening:


A licensor of an integrated system (hardware and several pieces of software) is required to supply a system that works together as a system. Retailers often bundle software and hardware and promise/promote that they are selling an integrated system. These licensee protections should apply to retail purchasers, not just to large-system, specially negotiated contracts. (Perhaps they do--I’m not sure.)



A license can restrict the customer from having its agent or employee use the software. The reporter’s notes cite MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511 (9th Cir. 1993) as current law that supports this limitation.

In this case, a customer was barred from using a third-party support provider to service its computer (because it was a breach of the contract for anyone other than the customer to load the computer’s operating system and diagnostics into the computer’s memory.) This was a remarkable situation because the customer had a paid-up license to use the software, and the license allowed use of this software on this customer’s computer. Furthermore, the software was being used to solve this customer’s problems, not for some independent or unanticipated purpose of a third party.The problem was that the customer was using a third party (an independent consultant) to actually run the software on the customer’s computer. The license said, no use by third parties.

The customer should be able to contract with a third party (and an individual customer should be able to hire an employee) to use the software in order to achieve the purposes of the customer.


Look at the same problem (restriction on users) from a mass-market viewpoint. 2B-313(a) allows the mass-market licensor to expressly designate one person (such as the first purchaser) as the only person permitted to use the information. Use of the software by a person other than the designated person is a breach of contract.

A license can restrict a customer from allowing his neighbour's children to play his computer game even if he's willing to let them play it on his computer.


5.1. MATERIAL BREACH (2B-109).

If the software has bugs, the customer can't give the program back and demand a refund unless the bugs are so bad that the licensor has committed a "material breach" of contract. In Article 2B, the definition of "material breach" is focused on breaches by the customer. In the July draft, the definition didn't list ANY bad acts by the licensor within the list of breaches that are "material." In the September draft, this work has started, for negotiated contracts. In the November and December drafts, there is still no language for licensor breach of a mass-market contract.

I’ve submitted a proposal for consideration in the January, 1997, meeting of the drafting committee. See my paper, What is a Serious Bug? Defining a "Material Breach" of a Software License Agreement, at my web site,


The customer isn't entitled to a refund if the licensor has provided "substantial performance." This must be defined in a way that allows for minor flaws but is not satisfied by a program that has serious bugs.

Article 2B has adopted a perfect tender rule (2B-608) for mass-market contracts, but the effect of this rule is limited. The mass-market licensee can refuse the product "within a reasonable time after the tender and before acceptance." It’s not clear to me when this "acceptance" occurs. If the customer goes to the store, buys the program, pays for the program, takes it home, installs the program, clicks "OK" to the license agreement, and starts using it, has acceptance not yet taken place? The shrink-wrapped license and the managers of most retail stores will certainly say that acceptance has happened by this point.

We need some guidelines to help the customer and the merchant decide how long the customer has to declare that acceptance has not yet taken place (and so she is entitled to a refund for bugs discovered during use.) A previous draft provided this guidance by saying that the seller could unilaterally set out the amount of time available in the license agreement. This was eventually eliminated from the draft (This seems like allowing the fox to decide how much time to give the chickens to escape from the henhouse.) but no other principle for guidance has been provided in its place.


This type of contract promises the customer corrections and updates to the software as they become available. Under 2B-613(c) "Breach of a contract to correct or update information does not entitle the licensee to cancel an underlying contract concerning the information unless the breach is a material breach of the underlying contract."

This means that the customer can be stuck with an aging version of the software, with no updates. Customers make significant investments in software, on the assumption (supported by a contractual promise) that they will get ongoing support in the form of bug fixes and other updates. (Think of your law firm’s investment in your word processing software.) The customer can lose the value of its investment in the software (and incur many other expenses) even if the original version purchased lived up to (not counting the promise of continuing updates, which to the customer was a major part of the original bargain) the original claims.

A publisher’s material breach of a correction/update contract should be, in and of itself, a material breach of the underlying contract for its software.

5.4. SUPPORT CONTRACT (2B-615) .

This type of contract promises the customer technical support. Normally, "support" includes several functions such as an answer desk (providing information to customers on how to use the program), supplying customers with bug fixes (if they are available) or workarounds to bugs and with other advice on making this software compatible with their hardware or other software.

2B-615(c) states that "A licensor’s breach of a support agreement does not entitle the licensee to cancel the underlying contract concerning the information unless the breach is also a material breach of the underlying contract."

Many customers don’t buy support contracts for software. The customer who is willing to pay for support is expressing a determination that the support is necessary for use of the software. So why place the burden on the customer to prove that the software contract has been materially breached when the support contract has been materially breached? It doesn’t matter if the software works flawlessly if the customer can’t figure out how to use the software and, in breach of the support contract, the seller refuses to help the customer get the software working.



Under 2B-106 (a), a choice of law clause is enforceable even if the law is that of a foreign country.

The December draft provides an Alternative B that says that in a consumer case (not even a small business dealing with a mass-market license), the choice of law is enforceable "only to the extent that giving effect to the term would not deny the licensee the benefit of fundamental protections available to it under the otherwise applicable law."

So, under both alternatives, a non-consumer mass-market licensee (such as an individual who is using a program to manage her investments, or an owner of a 7-11 variety store) can be required to sue Microsoft under Iraqi law or Russian law or any other country’s law, even if that law denies the licensee fundamental protections that would be available to it under the otherwise applicable law. (To avoid class action suits, choose the law of a country that bans class actions.)

Under the second alternative, the consumer can probably avoid a choice of law clause that chooses the law of Iraq, but maybe not one that chooses the law of England or Germany. Even though these probably don’t deny the consumer the benefit of fundamental protections of American law, such a lawsuit would probably be prohibitively expensive.

What public interest does it serve to allow sellers to make it essentially impossible for customers to sue them?

6.2. CHOICE OF FORUM (2B-107).

Under 2B-107,a choice of forum clause is enforceable even if it is in a foreign country. Only in a consumer case (not even a small business dealing with a mass-market license) is there any restriction on this clause, and only if the outside jurisdiction's laws place the consumer at an "unfair disadvantage". So, a 7-11 owner in Nebraska can be required to sue Microsoft in Iraq, applying (under 2B-106) Hong Kong law.

6.3 ARBITRATION (2B-107).

The seller can also specify that dispute resolution be by arbitration rather than by judicial determination. This is proposed to be enforceable against consumers as well as against all other customers.

There is a widespread belief in the plaintiff’s community that arbitration clauses favor large defendants who are frequent users of the arbitration system. Large, frequent defendants accumulate historical information about the local pool of arbitrators that is not available to plaintiffs, enabling more efficient selection of a biased panel of arbitrators. Additionally, the results of arbitration are not made public, so the ability of the marketplace to accumulate knowledge about dishonest sellers is even further limited.


2B-110(b) states that the commercial reasonableness of an attribution procedure is a question of law to be determined by the court. The technology, available practices, security-related discoveries, etc. are all empirical issues, requiring investigation into facts. This seems to be a matter of fact, notlaw. A judge can't look at a statute to determine whether DES is a reasonable encryption approach or not.


2B-708(a) sets the statute of limitations for breach of contract to 4 years, but allows parties to reduce the period of limitations to "not less than one year after the right of action accrues". Most mass-market contracts will therefore come with a one-year statute of limitations.

Under 2B-708(b), a "right of action accrues when the act or omission constituting the breach occurs or should have occurred, even if the aggrieved party did not know of the breach. Breach of warranty occurs when the transfer of rights occurs." Liability for a serious software error begins to accrue when the customer receives the software, not when the customer discovers the bug.

2B-708 does not provide for tolling during the seller's attempt to cure its breach of contract. Therefore a customer who cooperates with a publisher's tech support staff can be delayed long enough to lose her right to sue. Under revised Article 2, the Statute of Limitations is tolled during seller's attempts to cure.



Under 2B-315(b), the licensor can impose a duty of confidentiality on the licensee. As far as I can tell, the licensor can make the feature set of a product "confidential" and all of the experiences that a customer has in using the product (i.e. all the bugs the user finds) "confidential" and therefore it can avoid negative product reviews.

I have been told in committee meetings that a duty of confidentiality can’t be created in a mass-market license situation because the mass-market software is offered to the general public. However, the mass-market customer differs from the rest of the public in that the customer is bound by a license agreement that includes a confidentiality clause.


2B-315 should be drafted to clearly and unambiguously ban confidentiality clauses in mass-market licenses.


Under 2B-318, the licensor can disclaim all liability for viruses. In this case, the presence of a virus on the licensor's disk is not a material breach, justifying recission (let alone damages) if the licensor exercised "reasonable care" to detect the virus.

Previous drafts of 2B-318 allowed the mass-market seller to avoid all liability for viruses by including a conspicuous disclaimer. This was dropped in the November, 1996 meeting but publishers’ representatives were invited to submit a replacement and they probably will.

Some members of the drafting committee (and other attendees) are arguing that we need a safe harbour for viruses because otherwise we will expose university students to unlimited liability if they post a piece of software or an article on the net that accidentally includes a virus. The argument seems to be that we have to protect commercial sellers of software from liability for viruses in order to protect amateur, non-commercial providers. On the other hand, if this is the real issue, perhaps we could have a safe harbor that is specifically written to protect only amateur, non-commercial providers.


8.1. EXCLUSION (2B-706(b))

The mass market seller can declare (nonconspicuously, in the license) that certain remedies are exclusive (such as repair/replacement of the software). Even if the licensor breaches its duty to provide the agreed remedy, the licensor's exclusion of all other damages will be enforced.


Under 2B-701, consequential damages were excluded unless they were specifically included in the contract. That provision was repealed in Committee in September, 1996, and the Committee is now reconsidering the circumstances under which consequentials will be available. I recommend that consequentials be available and not excludable if the licensor breached the contract knowingly or if its failure to know that the information it delivered was in breach was due to intentional blindness or gross negligence. This is not a radical proposal. Some states already provide for full contract damages in the event of knowing breach or gross negligence.


Under 2B-706, the licensor can exclude reimbursement for incidental expenses. These are limited in amount, and they rarely escalate unless the licensor/seller forces the customer to jump through hoops to prove that a product is defect or to return it. The licensor should not be able to exclude reimbursement for incidental expenses.


Under 2B-101(a)(17), it might be valuable to clarify that incidental expenses includes the costs (long distance costs and fees paid to support organizations) of reporting defects to the licensor and of working with the licensor to try to deal with the bug. Some software companies charge the customer $3 per minute (or more) or $95 per "incident" (or more) when the customer calls to report a bug. The customer can spend more than the value of the refund on a call that finally results in a return authorization.(This fits within the current definition of incidental damages, but a clarification would save arguments.) (This is an example of the type of problem that inflates incidental expenses. The licensor should pay these, not the customer.)


The Article 2 draft provides for a minimum reasonable remedy for any breach of contract. There is no hint of this in Article 2B.


This clause should clarify that termination of access contract must allow the licensee reasonable time to pull his data off the licensor's machine before access is terminated.



I am concerned that we may not have the right safeguards and loss-prevention incentives in our allocation or control of the risk of fraud in electronic transactions. (2B-101, 110, 111). To a large degree, customers are at risk if a third party obtains their electronic identification and fraudulently uses it to order merchandise.

This is too complex an issue to discuss in this memo, though I note one problem in the next section.


Drafts before the December 1996 draft contained two sections (numbered 2B-319, 2B-320, 2B-321) allowing the licensor to access the customer's private storage (such as her computer and hard disk) without permission and supervision and to send electronic mail from the licensee's computer without the knowledge of the licensee and without displaying to the licensee the exact contents and format of the message.

December draft 2B-319, Electronic Regulation of Performance, contains the residue of these sections. The privacy issues (when information can be collected from a customer’s computer, when it can be re-sold to a third party, what notice the customer is entitled to, what right the customer has to see information being kept/sold about the customer, etc.) may not reappear in Article 2B but they are being raised in other drafting committees. These raise important issues, and not just civil liberty protections.

One key commercial issue that we should bear in mind relates to digital signatures. There are several proposals (including Article 2b) that put the customer at risk if a third party obtains and fraudulently uses an individual’s digital signature. To the extent that we grant third parties the right to snoop on a customer’s computer and to secretly report information about the customer, we are creating a huge opening for criminals to take identifying information (such as the customer’s encryption keys).

Given Article 2B’s allocation of risk onto customers, and the publishing community’s interest in collecting detailed information about customers, I think that digital signatures are high risk tools that should only rarely be used. If we want to facilitate electronic commerce, we have to take care to avoid making it impossible for customers to keep their authenticating information secure.

Return to Bad Software: What To Do When Software Fails.

The articles at this web site are not legal advice. They do not establish a lawyer/client relationship between me and you. I took care to ensure that they were well researched at the time that I wrote them, but the law changes quickly. By the time you read this material, it may be out of date. Also, the laws of the different States are not the same. These discussions might not apply to your circumstances. Please do not take legal action on the basis of what you read here, without consulting your own attorney.
Questions or problems regarding this web site should be directed to Cem Kaner,
Last modified: Sunday October 26, 1997. Copyright © 1997, Cem Kaner. All rights reserved.