The Lord giveth, and the Lord taketh away. While one arm of the US justice system has Microsoft firmly by the unmentionables, the other is pushing through legislation that could give vendors the power to insert a 'time bomb' into users' systems, allowing them to shut down applications remotely if licensing terms are breached.
The US Uniform Computer Information Transaction Act (UCITA) has already been agreed at Federal level, and is undergoing adoption procedures by a number of state legislatures. It gives vendors the power to deactivate software without a court order. Users are to be given 15 days' notice of any turn-offs, but concern is growing that such warnings may go astray, the vendor may not hold the company's current address, or the employee who signed the agreement may have left the company.
Geoff Petherick, chief executive of the UKCMG user group, says that the legislation is "quite frankly obscene", and that it will affect UK firms.
"This is going to allow vendors to screw the living daylights out of you," he says. "If you install a product in Europe and accept the conditions, the US vendor can act on the terms whenever they like."
When finally agreed by US legislators, the Draconian power is likely to appear in UK software licences and filter into UK statute books. The Federation Against Software Theft (Fast) has issued a warning to UK organisations buying US software, advising them to study the Act in conjunction with their licensing agreements.
Richard Stagg, senior security architect at Information Risk Management, says the law raises several nightmare scenarios for IT managers. "It probably doesn't matter much if you lose control of your word processing packages for a few hours while the matter is sorted out. But can you imagine what would happen if Microsoft decided you had not paid for one server's worth of Windows NT, and decided to shut down your entire network?"
While it is not yet clear if Data Protection Registrar Elizabeth France will be involved in the row, a spokesman for the Data Protection Registrar's Office warned that UCITA may breach the seventh principle of the Data Protection Act, which says 'appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data'.
He adds: "This requires data controllers to implement appropriate safeguards for information. There may be a contradiction if there is a legal obligation to delete everything, or if the software is switched off and it causes any loss of data."
Cem Kaner, software developer, lawyer and author of Bad Software, says the law will force companies to spend large sums on checking the licensing agreements of shrink-wrapped products. "Most businesses don't devote significant resources to negotiation of shrink-wrapped licences. They will have to start doing so, however, because the default rules are shifting in favour of the licensor," he said.
Despite the financial implications, the threat to security should be a company's main concern, according to Stagg. "If disabling codes are put into software, there are no security defences in the world that could make sure they would not be exploited. There will be people who will make it their business to find these codes and work out a way to switch off a company's software, either for a laugh or for industrial cyber-attacks."
Reporting by Network News, additional reporting by Andy Donoghue
UCITA KEY POINTS
- Vendors may shut down your software without a court order.
- UK firms will be affected because US vendors may act on software acceptance conditions.
- Information protected by the Data Protection Act may be lost or deleted whenvendors shut down your software.
Resetting the telemetry circuits and associated boards brought the instrument back to operations mode
Fortnite news and updates: Flaw in Fortnite authentication could have helped attackers steal player login credentials
Attackers could have used Fortnite security flaw to buy in-game currency on players' stored credit cards
New photos show cotton seeds sprouting in sealed container - with other plants expected to sprout within days
Sudden increases in availability of sniper rifles on Vikendi