Software Licensing: A Case For Reform

I want to consider software licensing practices in general, but with the specific facts and history in the Vernor vs. Autodesk lawsuit as a backdrop.

In the Vernor case, Tim Vernor purchased several boxes of AutoCAD software, and never even read, let alone agreed to, the terms of the license agreement inside the box. When Vernor listed the AutoCAD software for sale on Ebay, Autodesk sent Ebay a notice that claimed Vernor’s auction violated Autodesk’s copyright. In order to benefit from the safe harbor provisions of the Digital Millennium Copyright Act (DMCA), Ebay was obligated to remove the auctions. Vernor responded by filing a lawsuit accusing Autodesk of making false copyright violation claims.

Additional facts have since come to light. For one, we’ve learned that the AutoCAD software that Vernor purchased had been previously upgraded to a newer version. Vernor did not know this when he purchased the software; and in any case, it’s not clear that this fact has any bearing on the outcome of the suit.

Given this set of facts, let’s analyze the Vernor case not from a purely legal perspective, but from a more abstract “moral” perspective. After all, society is the ultimate arbitrator of what is wrong and what is right with respect to our laws. We ultimately determine whether laws are fair by whether we follow them willingly (and whether we put pressure on our legislatures to change them).

Steve Johnson opines that Autodesk is morally right in the Vernor case, because the software Vernor purchased was “tainted” due to having been upgraded by the original owner. In Steve’s view… [see Steve’s comment below where he chides me for ascribing this view to him – O.W.] Presumably, one who holds this view sees Vernor’s original purchase as akin to someone purchasing stolen goods. With stolen goods, the law (and hopefully our moral compass) recognizes that the purchaser of the stolen goods has no legal right to them.

Autodesk offered the original owner a discounted price for a newer version of AutoCAD in exchange for a promise to destroy the older version. The original owner reneged on its promise to destroy the old version, and sold it to an unwitting buyer instead.

It follows that both Autodesk and Tim Vernor were treated unfairly by the company that sold the AutoCAD software to Vernor. Despite the company’s history of using pirated software, Autodesk gave them the benefit of the doubt when selling them a discounted upgrade. Vernor, by all accounts, had no idea and no way of knowing that the software he purchased had been previously upgraded. This is a recipe for disaster.

Unfortunately, this sort of disaster is all too common. In many cases, software users simply don’t read license agreements. If they do read license agreements, they don’t understand them. After all, most of us are not lawyers, and we can’t reasonably be expected to hire a lawyer to evaluate the license agreements of every software product we use. How then can we be expected to follow them exactly and without fail?

Consider that it’s entirely possible that the company from which Vernor bought his AutoCAD software had no idea that they had agreed to destroy the upgraded AutoCAD software. At least from a moral perspective, we can have some sympathy for the company if they honestly had no idea they were violating any agreements when they sold the software to Vernor.

Could Autodesk have required the upgraded AutoCAD software to be returned, or required certification by an independent “software recycler” that it had been destroyed? Sure they could have. In fact, such requirements did exist in the early days of software license agreements. Had Autodesk done so, the Vernor court would probably have concluded that AutoCAD was licensed, not sold.

Why even require the old version to be destroyed when upgrading? If we stop using the old version, why shouldn’t we be allowed to sell it at market value? Doesn’t recycling old software make just as much sense as recycling old tires? We have been conditioned to believe that discounted upgrades are good for us, but are they really?

Would we accept a legal regime under which tire manufacturers could force us to destroy our old tires as part of the new tire purchase agreement? Oh, you say, that comparison isn’t valid because tires eventually wear out of their own accord, whereas old software continues working forever! First of all, old software doesn’t continue working forever. How many people still use VisiCalc? Furthermore, what would this line of reasoning conclude about potential tires of the future that last forever? We’d have to start licensing tires instead of purchasing them!

What would happen if software vendors could not legally prevent “used” software from being resold on the open market, no matter how it was purchased or upgraded? For one, it would increase competition, because new versions of software would be competing not only against software from other vendors, but also against older versions of itself. In a world where software is priced based on what the market will bear, the net effect would be lower prices and higher quality (not to mention less frequent “upgrades”) for all software.

I think the Vernor case is just one example illustrating how the current software licensing system has sprung a leak, and is in need of repair. Can it be patched, or does it need to be replaced? Can the bleeding be stopped at the ankle, or should it be stopped it at the neck? This is a classical case of the Petcock Problem.

Software industry advocates like the Business Software Alliance (BSA) proclaim that the solution is educating consumers. Education may be important, but I think that “educating consumers” should not be left to an industry alliance.

I have some ideas about how the system can be reformed, but I think we have to start by recognizing that there’s a problem.

Software Licensing: Who’s On First?

I’m a firm supporter of intellectual property rights. I fully support the rights of software publishers to own and profit from their creative work. I make my living as both a consumer of software and a publisher of software, so my views on software licensing reflect what I consider to be a healthy symbiosis between producers and consumers.

Intellectual property laws are (or should be) designed to protect this symbiotic relationship for the public good. The patent system is designed not to protect patent owners from pirates, but to promote inventions and improvements on previous inventions that benefit the public. The fact that patent laws do help to protect patent owners from pirates is merely a side effect of the underlying goal of promoting the public interest. We, the public, grant exclusive rights to patent owners for a specific time in exchange for them making public the details of their invention. Innovative inventors can thus build on a body of previously published inventions rather than starting from scratch. This system of “open source” innovation speeds the evolution of technology, and everybody benefits from it.

Copyright laws must be viewed in the same light. Copyright laws are designed to promote and enhance the public good by encouraging the production and publication of creative works. In exchange for giving copyright owners certain rights for a certain period of time, the public gets to enjoy and build upon a body of creative work. Some argue that the benefit of copyright protection provides a financial incentive to create the works in the first place, and that without such an incentive the works would never be produced at all. While this is undoubtedly true, consider that there are other ways to provide financial incentives (by providing government grants, for example), so I think it’s important to view this aspect of copyright protection as a consequence of the goal to promote the public interest, not as a goal in and of itself.

Copyright laws have long recognized a need to prevent copyrights from being abused by providing exceptions to the protection they afford to publishers. The Fair Use doctrine is the most common such exception in US copyright law. The First Sale doctrine (or “exhaustion rule” in some jurisdictions) is another example of a limitation on copyrights. These exceptions and limitations evolved in response to attempts by copyright owners to abuse copyrights in a way that contravened their purpose of promoting the public interest.

Software licenses are a relatively new phenomenon, but they rely on very old law: contract law. It is important to understand that a software license agreement is a contract. The commercial software publisher agrees to give us limited and conditional copy rights and authorizes us to use the software in exchange for a fee. If the license agreement that we agreed to authorizes us to install and use the software on one computer, but we install it on ten computers, then we are violating both contract and copyright law (because we copied the software without permission). If the license agreement that we agreed to forbids us to resell the software to someone else, but we decide not to use the software ourselves and sell it anyway, we are violating only contract law (because we made no unauthorized copies).

There are several contract law issues typically encountered with software license agreements.

First, typical commercial software license agreements suffer from their unilateral nature. The contract is drawn up by the publisher with no negotiation or input from the consumer. Some question whether these are valid contracts in the first place, because they lack the “meeting of the minds” element that some judicial interpretations of contract law require.

Second, software license agreements are not usually consummated until after the sale, when the software is finally installed. We purchase the software, essentially committing to our side of the bargain before we even know the terms of the contract to which we must eventually agree in order to use the software. This is inherently unfair, and there are still many unsettled questions about whether or not such a contract can ever be equitable and enforceable.

If you’ve been following the Vernor vs. Autodesk lawsuit, you’ll know that the US federal district court in that case ruled that AutoCAD software was sold, not licensed, and therefore subject to the First Sale Doctrine. The First Sale Doctrine says, in essence, that a publisher cannot contractually restrict the downstream resale or distribution of a copyrighted work beyond the “first sale”. The court, at least in its initial ruling, rejected Autodesk’s argument that AutoCAD was licensed, and therefore exempt from the First Sale doctrine. It should be noted that the Vernor lawsuit is far from over, and this first sale decision could well change before the dust settles.

The courts will eventually reach a final decision in the specific case of Vernor vs. Autodesk, but why was this lawsuit even necessary in the first place? It’s difficult to envision any outcome in which every injury is rectified. It could even be argued that everybody loses, no matter the outcome. And this is just one case in one jurisdiction.

In the end, the final result of the Vernor case may not have much impact on how software is sold. It ultimately comes down to us, the union of consumers, to decide what kind of system we want. Unfortunately, right now we’re doing the software limbo while we wait faithfully for the next service pack. I think that we need more than a service pack. A system restore might be in order.

The Software Limbo

Bruce Schneier argues that data is the pollution of the information age, and “just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we’re ignoring data in our rush to build the Information Age.”

Software is still surfing the wave of technology revolution. In the tug-of-war between producers and consumers, the producers are still pulling the rope and consumers are just hanging on.

Just as the coal mines, steel mills, and sweat shops of the burgeoning industrial age led to organized labor and labor laws, the consumers of the information age will eventually need to come to grips with the predatory practices of greedy software barons through collective bargaining and regulation.

You’ve all heard the old software vs. car argument, right? Is buying software like buying a car? Or is it like leasing a car? Or are cars just a bad analogy, because software isn’t like cars at all?

Is software really different, or have we just been conditioned to believe that it’s different?

The problem is that we’re still coming to terms with software, both legally and morally. Software companies have had a clear advantage in this information age frontier, and they have used their advantage to mold the software model to their liking. The software industry has successfully convinced us that software is licensed, not sold, and that because it is licensed, the old rules don’t apply.

Indeed, it seems like software license agreements have been around forever. We’ve accepted them, adapted to them, and basically ignored them. In the meantime, software companies have added more restrictions to their license agreements, lobbied legislators to create new laws that protect the restrictions, and quietly begun building case law in support of the software license regime.

This is the software limbo. How low can we go? When will the laborers of the information age unite and say “enough is enough”?

The Petcock Problem

Many years ago, I worked for the small town where I grew up. My title was Street Commissioner. This is a very small town, and I was a part time employee with one helper. Basically, I was the guy what fixed things. We had a very old network of water pipes that supplied water from several wells. The water system leaked in many places. Occasionally, a small leak turned into a big leak, and something had to be done about it.

You might think that the first response to a big water leak would be to close the water valves in order to isolate the leak and prevent the loss of valuable water. Not so fast!

First of all, in an interconnected network that had been upgraded and patched by piecework for many decades, it wasn’t always possible for small localized segments to be isolated, and turning off the water for a large area would inevitably lead to discord.

Second, closing even a single valve caused pressures throughout the system to change. Any pressure change anywhere in the system had the potential to cause new failures at weak points, which would just compound the problem.

Furthermore, at some point repairs could be counterproductive and completely replacing parts of the network would be the best option. This would require time for the town council to approve the funds, and for contractors to be hired, and for the work to be scheduled and completed — all while the leaking water is causing collateral damage to the roadway and inconveniencing the affected residents with low water pressure.

Eventually the big leak had to be repaired, and the water had to be turned off somewhere before the repair could be completed. The decision about where and how to accomplish this was not a simple decision, due to the competing factors involved, and the practical realities a small town is faced with.

I call this problem the Petcock Problem. Imagine petcock valves scattered throughout a network of pipes. I call this the Petcock Problem because petcock valves typically have three positions, analogous to the notion of closing, opening, or redirecting connections on the network in order to isolate a fault.

The Petcock Problem would apply in many situations involving complex networks, such as when a tree knocks down a power line or when an internet router dies. Sometimes the best solution is to isolate the fault to the most localized part of the network possible, thereby inconveniencing the least number of people at the expense of putting the larger network at greater risk of a much larger catastrophe. Sometimes the best solution is to shut down the entire network temporarily, thereby inconveniencing everybody that relies on the network, but removing any risk of further degradation while repairs are completed. Most of the time the best solution is somewhere in between these extremes. As the network ages and faults become more commonplace, at some point the best solution is to scrap the entire network and build a new one.

This is the Petcock Problem, or “How do you stop the bleeding?”. The solution involves balancing several variables, some of which are known quantities, some of which are wild guesses, and some of which are potentially very chaotic (in that a small change in value could have an unpredictable impact on the outcome).

[Disclaimer: I’m sure that the study of network topologies has its own terms of art and well researched algorithms for describing and solving these types of problems. I’m not claiming to have some new revelation about networks here. This is just my own little custom worldview.]

In a future post I will explain how the Petcock Problem applies to something as diverse as the Vernor lawsuit.

Design File Locking and Snake Oil Security

The increased sharing of electronic CAD data (ala BIM) holds a lot of promise, but it also exposes companies and individuals to additional liability and risk. This additional risk is coming into focus more and more as actual cases of costly legal battles confront engineers and architects.

The June 2008 AUGI wishlist results contain “Design File Locking” as the top wish by a substantial margin, and Shaan Hurley lists it as number 3 in the AU 2008 AutoCAD wish list. Clearly, interest in file and IP security has been growing steadily.

As demand for IP security grows, there are sure to be snake oil security vendors trying to cash in on it. I received a spam email a few days ago from SafeNet, Inc. promising “a cost-effective and easy to integrate solution that provides reliable and effective security through the use of digital signatures.” Whenever I see such statements with a long string of buzzwords, my snake oil alarm goes on alert. Digital signatures are for authentication and establishing trust — they cannot and do not provide “reliable and effective security”, although I suppose they could be used by a system that does.

In the last year or two, a number of companies have claimed to market software that “secures” AutoCAD DWG files. When I see such a claim, it invariably refers to software that creates an anonymous unequally scaled MINSERT entity. These can be created or “exploded” with a few lines of AutoLISP code. Frequently these companies claim to “encrypt” the drawing, which may sound sexy, but is an outright lie. If this is a level of “security” that meets your needs, at least use one of the many free versions posted throughout the internet (DETER.VLX from DotSoft is one I know of).

There are solutions, but they always require changes in the workflow process that involve difficult tradeoffs and careful evaluation of what is technically feasible and practical versus the costs of implementing the changes. There is no such thing as installing a single piece of software to instantly solve the problem. If you are looking for ways to protect intellectual property in your drawing files, don’t be fooled by snake oil security vendors.

Disclaimer: One of my hats is the president of CADLock, Inc., makers of CADVault for AutoCAD.