UCITA: What Will It Mean For Your License?
Pluses, Pitfalls and Practice Pointers^[1]

By Micalyn S. Harris

April 18, 2000

The Uniform Computer Information Transactions Act (UCITA) is the culmination of a ten-year effort by the National Council of Commissioners on Uniform State Laws (NCCUSL) to provide a viable legal framework for the computer information industry. The very term “computer information” seems new and unfamiliar, yet the term describes transactions that are fundamental to a multi-billion dollar industry, and includes transactions on which businesses large and small are increasingly dependent. Initially conceived as part of the Uniform Commercial Code (UCC), UCITA reflects the structure of Article 2 of that code. Also like the UCC’s Article 2, UCITA is primarily a contracting statute. Broadly stated, its purposes are to codify existing law and practice, to provide default rules in situations in which parties clearly intended to enter into a contract but left certain terms open, to resolve conflicts in existing laws, and to promote uniformity in state laws. While uniformity in state laws is generally desirable, it is a particularly important element in the computer information industry, as transactions in computer information are highly likely to involve activities across state lines.

By making the outcome of contracts involving computer information more predictable and therefore more reliable, and at the same time preserving freedom of contract within traditional contractual parameters of good faith and fair dealing, NCCUSL anticipates that UCITA will facilitate commerce and reduce litigation in the industry. These results will, in turn, reduce the costs of doing business in the industry, thereby permitting resources to be devoted to improving productivity and promoting competition by reducing barriers to entry.

Industry Background

It is worth noting that the computer information industry is less than 50 years old. We have less than twenty years of experience with personal computers, and the accompanying desktop computing accessible to the general public. The growth of the industry in less than two decades has been explosive; in 1998, packaged software alone represented an industry with revenues in excess of a hundred billion dollars a year.^[2]

Computer software is, by statute, a literary work.^[3] As such, to the extent that it represents an original expression of an idea reduced to a tangible medium (e.g. a diskette, CD-ROM, etc.), copyrights inhere from the moment of inception, although registration of one’s copyrights may be required to obtain certain benefits under the copyright laws.^[4] Copyright ownership gives the copyright owner the exclusive right, subject to limited “fair use” exceptions, to make and to authorize others to make copies of the copyrighted materials. Copyright protection alone, however, is ill-suited to providing adequate protection for meaningful commercialization of computer information. Part of the reason for this inadequacy arises from the fact that we have very little experience with computer information. We have nearly 500 years of experience with printed books, and a statutory definition of fair use ^[5]was drafted with that experience as background and guide. By contrast, we have less than twenty years of experience with software in general public use.

A second reason that copyright protection for computer information is inadequate lies in the fact that printed materials, particularly printed materials of some length, have significant built-in barriers to unauthorized copying and unauthorized redistribution. Copying a book is time-consuming and expensive. In contrast, copying computer information is the work of seconds and the cost is miniscule. Moreover, copying some kinds of computer information is essential to making use of it. A person can read a book without making a copy of it. A person cannot use computer information by reading it. Computer information must be read by a computer to be used, and in order to “read” computer information, the computer “reading” it must copy it.

These facts are recognized in the Copyright Act, which (as amended) expressly permits the owner of a computer program to make a copy for the purpose of using the program and for archival purposes.^[6] This limited statutory permission to make a copy of a computer program, however, is often not adequate to protect either the copyright owner or the potential customer who wishes to make of a computer program. For example, such a limited right to copy does not permit information to be used by multiple simultaneous users at a single location or permit a single organization to make multiple copies for use at multiple locations without some additional arrangement. Even for individual use, some information can only be commercialized by permitting potential users to acquire the right to copy the information repeatedly, provided certain limited conditions are met. For example, there are “libraries” of computer software routines which grant users the right to incorporate those routines into other software applications, but only with the understanding that users will not resell the entire library or any routine or group of routines from it in competition with the original provider (copyright owner or copyright owner’s successor in interest).

A copyright owner who wishes to permit customers for computer information to be able to make more than a single copy, plus an archival copy, cannot rely on the copyright laws alone, as permitting such multiple copies without limitation might result in the computer information becoming public domain, and thus without commercial value to the copyright owner. Moreover, the inherent difficulties of copying computer information are essentially non-existent, and some copying is essential to use and therefore commercialization. For these reasons, copyright protection alone has been seen as inadequate to protect computer information and permit effective commercialization.

What to Do?

From the inception of the industry, creators of computer information have recognized these problems and solved them by supplementing copyright protection with license agreements, thus utilizing the opportunities offered by traditional principles of contract law to commercialize the value of their creative labors. In dealing with copyrighted materials which had to be copied, and regarding which there was little case law and rapidly changing technology, licensors wanted assurance that they would be able to commercialize their creations, and licensees wanted assurance that their uses of copyrighted materials would not be challenged as violations of the copyright owner’s rights. Particularly in a context in which technology was changing rapidly and the legal system moves slowly, the licensing model has, in fact, been able to meet the demands of the industry by providing a highly flexible framework which can respond in a timely manner to the rapid growth and pace of change which characterizes the industry. Organizations wanting to make multiple copies of a computer program at a single location acquire site licenses. Organizations wanting to make multiple copies for use throughout their organizations acquire organization licenses. Developers who provide code libraries grant licenses that permit customers to use the library as intended without granting rights to relabel the code library and commercialize it as if the customer owned the copyrights. In short, from the outset, the licensing model offered, and continues to offer, an ideal answer to the question, “what to do?”

Purposes and Principles

UCITA’s fundamental position is that:
• The licensing framework used by the industry deserves statutory recognition;
• Contracts which omit terms should not fail of their essential purpose if reasonable default rules can be articulated, and
• Providing a uniform law that recognizes the licensing framework and establishes some default rules will promote commerce and reduce litigation.

Overarching these specific purposes is the establishment of standards of good faith and commercial reasonableness in computer information transactions. In general, if parties act in a commercially reasonable and ethical manner, they are likely to find that UCITA articulates standards and courses of dealing which they themselves would have articulated had they turned their attention to the points at issue.

UCITA Articulates Ethical Principles

There are a number of provisions in UCITA which provide exactly what one would expect. For example, under Section 307, ^[7] the grant of rights in a license includes not only the rights described, but by implication, and under UCITA by statute, rights required in order to exercise the described rights.

Similarly, under the provisions of Section 401(c), when a licensee furnishes detailed specifications to a developer/licensor, the licensor must tell the licensee of resulting infringement if the licensor “knows or has reason to know" that implementing those detailed specifications will infringe on a third party’s rights. In the normal course of courteous commercial conversation, if a developer/licensor were provided with detailed specifications and knew that implementing the specifications would require the developer to infringe upon a third party’s existing rights, the developer would respond to a review of the specifications by the telling the licensee furnishing such detailed specifications about the anticipated problem. Disclosure of the anticipated problem would be the professional, responsible, ethical response.

UCITA, however, requires more than the courteous, ethical response. It imposes an additional burden on the licensor because it requires not only that the licensor disclose if and when it has actual knowledge, that is, if it "knows," but also requires disclosure if the licensor "has reason to know." This last phrase appears to impose on licensors a responsibility to keep up on developments in their are field of expertise. As an allocation of risk, this may be reasonable. The requirement may, however, impose an additional burden on licensors which, under present law, it is not at all clear that they have. Given the fact that the pace of change in the industry is rapid, and that “reason to know” will be evaluated in the light of hindsight by a court whose expertise is not likely to be in the field, licensors may wish to consider the additional burden and risk of failure to meet it in calculating their costs of doing business.^[8]

Consumers and Mass Market Licenses

Special protections are provided for consumers in connection with acquiring rights under mass-market licenses. Section 209 provides that if an end user cannot review the terms of a mass-market license prior to making payment for the computer information, the end user has a right to return the licensed computer information and receive a refund of the payment made. In addition, if it is necessary for the user to install the computer information in order to read the license agreement, and installation of the computer information causes damage to that user’s system, the user is entitled to damages equal to the cost of restoring the system to the condition it was in prior to installation of the returned computer information.

Practice Pointer: if a developer wishes to distribute packaged computer information pursuant to a shrinkwrap license, either a paper copy of the license agreement should be included in the package in a manner which permits reading the license agreement prior to opening that portion of the package containing the diskette, CD ROM or other medium containing the computer information, or installation of the license and assent to its terms should be prior to and separate from installation of the computer information. Such separation of access to the terms of the license agreement and access to the computer information will assure that limitations on the warranties and liabilities included in the license agreement are effective in connection with the transaction.

Licensees also have responsibilities for maintaining commercially ethical communications. For example, Section 702 provides that if a licensee accepts performance knowing that the proffered performance is a breach of the contractual arrangement between licensee and licensor, and the licensee does not so advise the licensor, a licensee may under certain circumstances have waived its objection to the breach in performance to the extent such objection, if disclosed, might have enabled the licensor to cure the breach.

Practice Pointer: There are number of restrictions imposed on the parties in connection with breach and waiver of breach. Check the specific provisions of Section 702 and related sections to assure that the parties are performing in accordance with their respective obligations.

More generally, a party may refuse non-conforming performance, but such refusal must be in good faith and in any event, a refusing party cannot utilize non-conforming computer information without paying for it.

Contracts by Electronic Agent

Electronic contracting is specifically contemplated by UCITA. Section 107 validates contracts entered into via electronic agents, and Section 212 validates an attribution procedure according to standards of commercial reasonableness. Section 213 details how the parties (and a court) are to determine who "pushed the button." Section 214 provides a method by which consumers can correct electronic error (the " twitchy finger" provision) and Section 215 articulates when an electronic message becomes effective, that is, when an enforceable contract has been created.

Avoiding Traps for the Unwary

While in general, UCITA's provisions are what one might intuitively anticipate, there are a number of traps to be avoided. For example, Section 309 provides that performance "to the satisfaction" of the other party is an objective standard meaning "to the satisfaction of a reasonable person." Such language is in contrast to approval "at the sole discretion" of the other party, which language does not require reasonable behavior on the part of the approving party.

In a related provision, Section 603 provides that if information is to be "to the satisfaction" of the other party, silence beyond a reasonable time gives rise to a right to demand a decision on the submission. If, however, the recipient of the demand fails to respond within a reasonable time after the demand is made, the submission is deemed refused. Commercial practice is often to the contrary, i.e., if there is a problem, the dissatisfied party complains. In the absence of complaints about performance, the performing party may assume that performance is satisfactory and has been accepted.

Practice Pointer: Silence is not acceptance, possibly even if a course of dealing might indicate otherwise. This may not be the outcome client anticipates. As attorney for the performing party, make sure the client reviews and understands the requirements of Section 603, and emphasize to your client that it must communicate with the other party to make sure that there is a record of communications establishing approval of each submission.

Practice Pointer: in pricing a development or other computer information transaction requiring performance or successive performances which must be approved, include in the contract provisions establishing procedures to assure that each submission is in fact accepted or approved, make sure the client understands the importance of implementing those procedures, and remind the client to factor the cost and time required by those procedures into the price and schedule for providing the performance required by the contract.

Section 605 permits use of automatic restraints to prevent misuse of computer information, but their presence and possible use must be disclosed in the initial license agreement, and the restraints may not be inconsistent with the license agreement. For example, passive restraints to prevent breach of the license agreement may not prevent access to the licensee’s own information if such access may be obtained without the use of licensor’s information rights, nor may they delete an authorized copy of computer information. Thus, a passive restraint may not be imposed surreptitiously, and may not destroy a licensee’s own data, including its own computer information.

Practice Pointer: when designing passive restraints, review the provisions of Section 605 carefully to assure that the restraints included in the computer information are designed to meet the requirements and parameters set out in that section.

UCITA specifically permits self-help, but under extremely limited and stringent conditions, as set forth in Sections 815 and 816. Like automatic restraints, self-help mechanisms used by a licensor or distributor must be disclosed to the licensee/user in the initial license agreement. For self-help mechanisms, however, in addition to the requirement that the licensor disclose inclusion of self-help mechanisms in the original license agreement, there is a requirement that the licensee specifically agree to authorize their use. As a practical matter, agreement to any specific term in a license agreement is difficult to achieve where computer information is packaged and a hard (paper) copy of the mass-market license agreement is included in the package (the typical “shrinkwrap” arrangement). It is possible to obtain agreement to a specific term of a mass-market license when the computer information is made available after the licensee indicates agreement to the terms of a "clickwrap" license.

In addition to making disclosure in the initial agreement and establishing and maintaining evidence of specific consent to the self-help term, a licensor intending to exercise self-help must give the licensee 15 days notice prior to actually exercising self-help, and the notice must indicate specifically the reason for the threatened exercise.

Practice Pointer: If computer information which includes self-help is being distributed to a mass market, use a “clickwrap” license and design the process to require specific acknowledgement of agreement to the self-help term by the party against whom enforcement will be sought. Set up the clickwrap license to make it impossible for the prospective licensee to continue through the license agreement and access the licensed computer information unless the licensee indicates “I agree” after the provision specifically authorizing self help, and maintain records of the agreement and the mechanism for specific approval in order to provide proof of agreement.

Under UCITA, self-help is a drastic remedy, and wrongful exercise of self-help can result in draconian damages for the exercising party.

Practice Pointer: make sure your client understands the fact that exercising self-help is a desperation remedy, and that wrongful exercise may result in damages sufficiently serious to put the wrongfully exercising party out of business.

Learning the Lingo

Providing a uniform vocabulary is an unheralded but significant contribution of UCITA. Ordinary words are given definitions that are frequently broader than the meanings of those words in everyday use. For example, the definition of "electronic" includes optic, fiber-optic, magnetic and similar forms of communication. Potentially, this definition includes forms of communication which are not in use today, thereby decoupling the statutory use of “electronic” from its more limited everyday meaning and, perhaps more importantly, decoupling UCITA from currently existing technology.

Making the statute as technology independent as possible is essential if it is to have lasting impact. Using common words as terms of art, however, has potential pitfalls. Accordingly, care must be used to assure that the words chosen in discussions and in license agreements carry their intended meanings.

Some definitions articulate basic concepts that are new and unique to this statute. For example, recognition of the need to be able to enforce contractual arrangements evidenced only by electronic exchanges gives rise to the need to break new statutory ground. UCITA meets this need by providing language for new concepts like "authentication" at Section 102(6) and "manifest assent" at Section 112, which permit parties to rely on contracts created by electronic exchanges and evidenced by electronic records.^[9]

Despite the long and exhaustive list of definitions, using UCITA's definitions will not avoid all misunderstandings. For example, the term "fair use" for an intellectual property lawyer usually means fair use as defined in the Copyright Act. To a commercial lawyer, however, "fair use" may simply mean the right to use computer information fairly, that is, to use it as the licensor intended that it be used.

Practice Pointer: In discussions as well as written agreements, when a term is being used as a term of art, state that fact expressly.

Conclusion

While the foregoing discussion focuses on particular provisions of UCITA, reading a single provision, even if it appears to cover an issue arising in the course of practice, is unlikely to be sufficient to determine the likely resolution offered by UCITA. The reason for this result is that UCITA is an integrated statute. Definitions are key, and no single section is intended to be read and to operate in a vacuum and without regard to other sections. The Reporter's notes are extremely helpful in directing readers' attention to related sections, but interrelationships among the sections can be complex and even reading to all of the sections indicated in the Reporter's notes may not, in some circumstances provide a complete list of all potentially relevant sections.

UCITA is an ambitious piece of legislation. It undertakes codification of a legal framework for a rapidly changing industry. It recognizes that because of the rapid pace of change, it is best to establish basic principles and avoid technology-specific provisions and regulatory solutions (although it includes some regulatory provisions). Given the size of the computer information industry, and the rapidity of change in it, providing a uniform legal framework, a common vocabulary, and predictable default rules for situations in which parties clearly have intended to create a contractual relationship but have failed to articulate certain terms, is a significant contribution.

UCITA is not perfect. Various interested parties have argued, and will continue to argue, that particular provisions would be better if they were drafted differently. But such objections can be made regarding any statute, no matter how well drafted. Given the number and variety of interests involved, UCITA is as close to a balanced statute as we are likely to obtain. The real question is, are we better off with UCITA or without it? On balance, it is the author’s view that everyone in the industry, everyone who provides or uses computer information (which includes most of us) and society as a whole is probably better off with UCITA in place then without it.

As this article is being written, UCITA is being proposed for adoption in several states but it is not yet law in any of them.^[10] Even before passage, however, UCITA is likely to provide assistance to courts in guiding determinations as to parties' reasonable expectations and the appropriateness of procedures articulated in UCITA as commercially reasonable. Accordingly, it is appropriate to review existing license agreements in light of UCITA, and to consider, in advance of its adoption, making whatever changes such a review indicates would be required or advisable if UCITA is enacted.

FOOTNOTES

1Copyright 2000, Micalyn S. Harris. Prepared in connection with The UCITA Revolution: The New E-Commerce Model for Software and Database Licensing, presented by the Practicing Law Institute, April 17-18, 2000, New York, NY. Printed by permission.

2 According to the United States Department of Commerce, the world packaged software market was $109.3 billion in 1996, of which $50.4 billion was in the U.S. U.S. Industrial Trade Outlook ’98, United States Department of Commerce, 1998. Note that these figures reflect only packaged software. The scope of UCITA is not limited to packaged software, and therefore, UCITA would impact an even larger market.

3 17 U. S. C. Sec. 101

4 17 U. S. C. Sec. 411

5 17 U. S. C. Sec. 107

6 17 U. S. C. Sec. 117

7 References to Section numbers throughout this discussion refer to NCCUSL draft dated October 10, 1999. The draft is, as this is being written, being reviewed by NCCUSL’s style committee, and its revisions may result in alterations in section numbers.

8 UCITA does not expressly impose a similar burden on the licensee. Nevertheless, it seems likely that a court would see a licensee who provided detailed specifications knowing that they were derived from an existing computer program and failed to advise the licensor of that fact, and subsequently claimed that the licensor “should have known” about the program and likely infringement, would be found not to have dealt in good faith. In such a case, the overarching UCITA requirement of good faith and fair dealing would not have been met, and licensee should not expect to rely on the implied warranty of non-infringement included in Section 401(c)

9 See Section 201, permitting an authenticated record to meet “statute of frauds” requirements under certain circumstances, and also, NCCUSL’s Uniform Electronic Transaction Act (“UETA). UETA, which has a far more limited scope than UCITA, has been adopted in California and Pennsylvania, and is under consideration for adoption in several other states.

10 Since this article was written, UCTIA has been adopted in Virginia, and is awaiting the signature of the governor of Maryland after being passed by both houses of the Maryland legislature.