At what point is it clear that a nasty license provision goes so far across the line that it must be deemed invalid? That seems to be an increasingly hot topic, due in large part to recent discussions here and elsewhere about various terms in Microsoft's Windows Vista EULA. I have long argued that EULA-based censorship clauses -- even without the Vista EULA's requirement to view changeable "conditions" on a Micr At what point is it clear that a nasty license provision goes so far across the line that it must be deemed invalid? That seems to be an increasingly hot topic, due in large part to recent discussions here and elsewhere about various terms in Microsoft’s Windows Vista EULA.I have long argued that EULA-based censorship clauses — even without the Vista EULA’s requirement to view changeable “conditions” on a Microsoft webpage — must be unenforceable and maybe even unconstitutional. Many readers agreed that the Vista censorship clause is beyond the pale. “Three issues will affect the validity of this clause in many jurisdictions, all related to the conditions webpage,” one reader wrote me. “First is that users are forced to agree to content in another document not included at time of purchase. Second, the user is also forced to agree to conditions that are not known at time of purchase. Third, a user may not have purchased the product under a new set of conditions revealed at some point after the product is purchased. Any of these three alone would invalidate the clause. Together they reduce its validity even further. In the U.S. there is a great deal of precedent law concerning ‘warn and instruct’ that puts the onus on the manufacturer to correctly and completely instruct customers on the proper use of a product. The Microsoft EULA, with this and it other parts of the document, prevents this from happening by saying that conditions of use may change without notice.”Of course, it’s not just Microsoft that pushes EULA terms to the limit. “My wife bought me some games for my birthday,” wrote another reader. “All but one were fine. One had a EULA that required that I install a rootkit/spyware.” (In this the reader was referring to a game that uses the “StarForce” copy protection scheme, which has gotten criticism rivaling that received by Sony’s 2005 rootkit DRM and accompanying EULA.) “I refused and called CompUSA. The local manager said it was not returnable, but I went up a level and the regional manager agreed to the return. This does bring up a whole other debate but the key is to read the EULA and then decide. If enough people have a beef with bad EULAs then the store may put pressure back on the software companies.” Another reader brought up an interesting issue about software that gets installed by one person but gets used by another who never had a chance to see or agree to the terms of the license agreement. “I started thinking about this when I was reviewing the local school district’s acceptable use of technology policy,” the reader wrote. “I realized that students never see the EULAs for any of the software they use. What if a EULA conflicts with the school district’s acceptable use policy? It’s one thing to ensure an acceptable use policy meets the basics, such as no copying stuff that isn’t yours, but when you get down to the nitty-gritty, such as not publishing benchmarks of .NET 3.0 components, how can we reasonably expect students to read, understand, and follow such a clause in a EULA? Adobe has a clause in their Shockwave Player license that says the user can’t use Shockwave Player to test a similar product, and all products have no-reverse-engineering clauses. I can easily see how students in advanced computing course could violate those terms in the course of their study. And if a student violates a EULA clause while strictly following the local acceptable use policy, who is liable?”And the Vista EULA has focused attention on the fact that virtualization is going to inspire a whole new class of license restrictions. “Virtualization is the next thing and nothing can stop it; it’s an answer to too many security problems not to win out fairly soon,” an anonymous reader posted. “The current copyright-enforcement regime is dead and starting to realize it. That’s why this licensing stuff is reaching such a shrill pitch, smacking of desperation. The Internet started chipping away at it. P2P struck a body blow. The coming booms in virtualization, on the one hand, and the distributed hashtable web, on the other, will sound the death knell. Read the Freedom to Tinker article on botnets. End user machine insecurity is starting to cost the economy millions and fuels spam and identity theft. Web site operators are deluged with bogus traffic they have to pay for. Virtualization to support legacy apps without keeping legacy security holes on the one hand, and DHT-Web for distributing the Web on a p2p model on the other, can greatly improve the situation. Of course, the BSA, RIAA, and MPAA will fight tooth and claw to stop it. Of course, they will all be bankrupted after the revolution.”Perhaps, just perhaps, the anti-EULA revolution really is coming. I’ll have some more thoughts on that next time, but let’s hear your thoughts too. Where can the boundary line be drawn between legitimate licensing and outrageously one-sided EULA terms? Post your comments on my website, write me at Foster@gripe2ed.com or phone my Gripe Line voice mail at 1 888 875-7916. Read and post comments about this story here. Technology Industry