We all know that if we default on a car loan, the creditor from whom we borrowed the money to buy it has the legal right to take it away from us.  The law gives creditors who have secured their loans to customers by getting the customers to agree that certain designated property is “collateral” for the loan (e.g., the bank’s interest in the car you just bought) the right to seize this collateral when debtors default on a loan as long as this can be done without breaching the peace.  This is known as “self-help repossession” because this legal remedy can be obtained without recourse to courts or lawyers.  Some software developers want to use “technical self-help” to achieve similar results.  This doesn’t mean they want to repossess the bits constituting the program from their customers, but they may want to stop further use of licensed software after the licensee has failed, for example, to make license payments.  Technical self-help might involve, for example, programming the software to self-destruct if the licensee engages in a particular kind of abuse or embedding a block of code in the program capable of disabling its operation if a customer has not made a quarterly license payment.

This kind of technical self-help is not widely used in the software industry today, in part because its legal status is somewhat unclear and in part because it is unpopular with customers.  When a software developer some years ago engaged in technical self-help against Revlon, Inc., Revlon charged the developer with extortion, a charge which seems to have resonated with the mainstream press.  A headline about the dispute in the Washington Post, for example, posed the issue in this way:  “Revlon Suit Revives the Issue of ‘Sabotage’ by Software Firms; Manipulation of Computer Programs Damages Credibility.”  One commentator has referred to technical self-help as “legalized mayhem” because of its potential to devastate a business that has become dependent on the software.  One man’s technical self-help, after all, may be another man’s virus or worm.

The legal status of technical self-help may soon change.  A committee of lawyers has recently proposed a new set of commercial law rules, known as Article 2B of the Uniform Commercial Code (“UCC”), to govern software licensing and other transactions in information. In its current iteration, Article 2B includes a controversial provision that would permit use of technical self-help as long as certain standards have been met.

This part of Article 2B is still “in play” (that is, it is controversial enough that it may be revised or dropped from the final draft), but unless more opposition to it surfaces than has occurred to date, section 2B-716 which enables licensors to employ technical self-help will likely be included in the committee’s final draft of this model law.  The draft must then be approved by the National Conference of Commission on Uniform State Laws (NCCUSL) and the American Law Institute (ALI).  The drafting committee hopes to achieve this goal by the end of the summer of 1998.  After that, Article 2B will become the law if and when state legislatures enact it.  Although a number of states have declined to enact controversial parts of other model laws endorsed by NCCUSL or ALI, the imprimatur of these two organizations is generally influential with state legislatures.  There is no better time than the present to decide whether the legitimization of technical self-help should be part of UCC2B.

 Readers of CACM may be among those who could offer useful advice to the drafters of Article 2B about the advisability of including a technical self-help provision in this model law and how (if at all) such a provision might be improved.  This column will explain the committee’s rationale for endorsing and setting certain standards for use of technical self-help in licensing transactions.  It will also discuss some concerns that have been raised about technical self-help.  The major policy question is whether the risks of technical self-help outweigh the benefits achievable from use of this technique.  On this issue, there is a marked difference of opinion.

WHY ALLOW “SELF-HELP”?

The principal argument in support of proposed section 2B-716 is that technical self-help will enable small and medium-sized licensors of software to enforce their contractual rights quickly and efficiently without resort to judicial process.  If a licensee has stopped paying license fees or has otherwise breached a license in a material way, the licensor is legally entitled to stop further use of the information because such use violates the license.  As long as licensees have assented to contract terms that permit licensors to invoke electronic self-help upon a material breach of the licensing contract, freedom of contract principles favor their enforcement.

Proponents of section 2B-716 analogize its self-help provision to self-help provisions in two other parts of the UCC.  Article 2A allows lessors of goods to reclaim the goods if the lessee has breached the lease, and Article 9 allows a creditor who has retained a security interest in goods (e.g., a car) purchased under an installment contract to repossess it if the borrower stops paying installments so long as this can be accomplished without breaching the peace.  Some software developers think an equivalent result ought to apply when a licensee stops paying license fees as they come due.

SAFEGUARDS IN UCC2B

Out of concern about potential misuses of technical self-help, the drafters of UCC2B have included several safeguards not found in other UCC self-help provisions.  For one thing, a licensor of software or other information cannot employ technical self-help unless the licensee has manifested assent to a license term that allows the licensor to take such action.  In contrast, a secured creditor can repossess the debtor’s automobile (or other collateral) when the debtor has stopped paying installments, even when there is no clause granting the creditor any right to repossess it.

(Manifestation of assent under UCC2B requires that a person have an opportunity to review contract terms before being bound by them as well as the opportunity to decline such contract if he or she objects to these terms.  Use of software after one has had an opportunity to read a shrinkwrap or click-through license would, however, constitute assent under UCC2B, even if the user didn’t actually read the terms.  The drafting committee is considering alternative language that would require that licensors to make a technical self-help provision conspicuous before it would be enforceable (e.g., by putting it in bold print).  If this change is adopted, a licensor would risk losing the legal right to exercise technical self-help if it buried a clause authorizing such action in the middle of a paragraph in the second half of a long and complicated standard form.)

Second, to invoke electronic self-help under UCC2B, a licensee’s breach would need to be “material to the entire contract.”  The notes accompanying section 2B-716 say this means that the licensee’s breach must “substantially threaten or reduce the value of the contract to the licensor.”  Under Article 9’s self-help provision, in contrast, any breach of contract by the debtor can trigger self-help repossession.  Even though UCC2B generally permits parties to define by contract what breaches they will consider to be “material,” section 2B-716 requires that a breach be “material without regard to contractual terms defining material breach” before technical self-help can be exercised.  This is one of the few instances in Article 2B that limits freedom of contract.

Third, even where a breach is material, technical self-help cannot be invoked without judicial process if this would result in a “breach of the peace, foreseeable risk of injury to person, or significant damage to or destruction of information or property of the licensee.”  Other self-help provisions of the UCC are concerned only with breaches of the peace, not with risks of damage to person or property.  (So what if someone will die if the bank repossesses her dialysis machine?  She should have thought of that before she stopped paying her bills.)  This and other licensee protections in UCC2B cannot be waived by contract.

Moreover, if a licensor wrongly invokes technical self-help, the injured licensee will be able to recover money damages for the harm resulting from this action.  This may include compensation for losses to the licensee’s business attributable to this wrongful act unless the licensor disclaims consequential damages (which they often do).  The current draft of UCC2B would enforce such disclaimers.  Some commentators on section 2B-716 propose banning disclaimers of consequential damages as a further check on potential licensor abuse of technical self-help.

The drafters of UCC2B section 2-716 regard the standards for invoking technical self-help to be so demanding, and the risks of liability for wrongly exercising self-help to be so great, that companies will be extremely cautious about using this remedy except in truly egregious cases.

SO WHAT’S TO WORRY?

Back in the feudal era of English history, the common law provided landlords with a remedy when tenants were unable to satisfy their rent obligations.  The remedy went by the name of “distraint” and permitted landlords to enter a tenant’s land and seize whatever assets they chose—horses, farming equipment, cherished household items—to satisfy the tenant’s rent obligation.  (The word “distress” derives from this remedy and bespeaks the experience of defaulting tenants and their families when the remedy was exercised.)  Some landlords surely restrained themselves from using this remedy except in truly egregious cases.  But the remedy was rife with potential for abuse, and it was abused with enough regularity that over time, distraint came to be regarded as a kind of legalized mayhem and was outlawed.  Self-help seizures were thereafter available only if a creditor could accomplish them without breaching the peace.  Not only would unauthorized entry to a debtor’s premises to seize the property constitute a breach of the peace, but over time, even seizures of collateral from a public place over the debtor’s objection came to be regarded as improper.

The beauty of technical self-help under UCC2B is that a licensor needn’t hack into its licensee’s computer to exercise it.  The licensor must merely embed the self-help feature in the code so that it is triggered automatically or so that it can be remotely activated.  A defaulting licensee won’t know it is about to happen so he or she can’t object.  This means that licensors, unlike secured creditors, needn’t worry about breaches of the peace.

Even major companies are disturbed about the technical self-help provision of UCC2B.  Barney Kantar, a Software Purchasing Manager for DuPont Co., had this to say about proposed section 2B-716:  “[T]he balance of harm to be done via exercise of a self-help remedy is so overwhelmingly against the licensee, that the mere threat of its use puts the licensee in an unfair position.  The proposed self-help remedy provides the licensor undue leverage in a dispute even if the remedy is not exercised.  Faced with a crippling and possibly even fatal disruption of its business, a licensee could be intimidated into relinquishing license rights and setting up precedents for its further disadvantage.  This is because the risk to the licensor that it will be held to have acted improperly is distant, indefinite, and discountable.  Therefore, the proposed protections against wrongful exercise are only partially effective in deterring abuse.”  (One might have expected that DuPont was a large enough firm that it would have the bargaining clout to negotiate away contract clauses of which it disapproves, but this manager and some other commentators worry that section 2B-716 will legitimize technical self-help and cause self-help clauses to proliferate in software licensing contracts.)

A lawyer who has represented hundreds of clients with software licensing negotiations offered the following clause on what she calls “malicious code” as an alternative to section 2B-716:  “Any Software provided will be free of any and all ‘disabling devices,’ ‘drop dead devices,’ ‘time bombs,’ ‘trap doors,’ ‘trojan horses,’ ‘worms,’ computer viruses detectable by current industry standard means and copy protection mechanisms which may disable the Software.  Vendor will be responsible for any data loss which results from such items if present in the Software when delivered to the Customer.  Vendor also warrants that any Software provided will not contain any authorization codes or disabling mechanisms which may prohibit access to a database or other software.”

Consider also that the only thing that secured creditors are authorized to seize is the collateral designated in the security agreement. UCC2B, however, plainly contemplates that licensors who exercise technical self-help will sometimes, whether advertently or inadvertently, damage or destroy data or other programs in the licensee’s computer system or network and may even bring about injury to persons or other property.   Of course, section 2B-716 says that technical self-help should not be exercised when there is “a foreseeable risk of injury to person or significant damage to or destruction of information or property of the licensee,” but this begs the question of what damage a licensor might reasonably “foresee” and what “substantial” means in connection with destruction or damage to the licensee’s information.  (If the one item of data destroyed during disablement of the licensed information turns out to be the most important asset of the licensee, can the licensor simply shrug and say “gee, how was I to know?”)

This standard does not bother the American Bar Association’s Subcommittee on Software Contracting:  “We would submit that the licensee must assume the risks if it decides, for example, to use spreadsheet software as a critical component of a life support system.”  But how many licensees want to tell their licensors exactly how they will integrate the licensed software with other software or data?  The vagueness of the foreseeability and substantiality standards, not to mention the material breach standard of section 2B-716, would seem likely to lead to a lot of litigation, even though its chief virtue was supposed to be the efficiency of its process.

Consider also that while disputes over warranties and maintenance may sometimes be the root cause of secured debtor’s nonpayment of installments—and may provide the debtor with a sound reason for objecting to self-help repossession which the secured creditor ignores at its peril—self-help repossession under Article 9 is generally occasioned by simple failure to make timely installment payments.

Is the same thing true for software?  Barney Kantar, DuPont’s manager of software purchasing, believes that “it is an oversimplification to state that the most common [software] licensee default is payment default.  This assumption is correct only to the extent that many disputes often come down to whether or not a payment is due.  To categorize most license issues as payment issues prejudges the underlying issues in favor of the licensor, with the assumption that a payment is warranted.  A licensee may strongly believe that it is acting within its rights under the license and it owes nothing.”  Moreover, computer software is far more likely to be the subject of an ongoing development, upgrade, or maintenance contract with the original developer than are goods typically bought on secured credit terms.  If a licensor of software is unresponsive when a customer complains about a serious bug, the threat of nonpayment of license fees may be about the only leverage the licensee has to get the licensor’s attention. This leverage will arguably be eliminated if technical self-help can be invoked as a counter-threat whenever a dispute arises between the two parties.

Among the other differences between technical self-help proposed for UCC2B and the self-help repossession embodied in Article 9 is that self-help repossession was a well-established, well-accepted business practice for centuries before it became part of UCC’s Article 9, whereas technical self-help is a relatively new and infrequently used practice in licensing of digital information.  In addition, a key justification for self-help repossession simply doesn’t apply to technical self-help.  Secured creditors may need to be able to seize the collateral securing a loan to preserve it and protect its resale value to enable the secured creditor to recoup the outstanding loan. Licensors of software or other information, by contrast, will generally invoke self-help to destroy the licensed property rather than to preserve its value for resale to another customer.

CONCLUSION

The technical self-help provision of UCC2B is one of a number of provisions that, if adopted, would substantially change the legal rights and responsibilities of producers and consumers of digital information products.  As “The Never Ending Struggle for Balance” (CACM, May 1997) explained, the UCC2B project got underway because some major software developers didn’t want to play by the same commercial law rules as bound manufacturers and sellers of other goods.  These firms regarded those standards as too stringent for their industry.  They also sought a legal declaration that shrinkwrap license contracts could be enforced to overcome the doubts expressed by so many courts and commentators.  Technical self-help was yet another software developer agenda for UCC2B, and unsurprisingly, the current draft of UCC2B favors the interests of major software developers in this and other respects.  Representatives of Microsoft, among others, have done a fine job persuading the drafting committee that these new rules will be good for commerce, not just for them.

As regards section 2B-716, there are four options.  The drafting committee may retain the current draft of this section.  Second, it might amend the provision to add new requirements.  This might include requiring self-help clauses to be conspicuous or requiring licensors to give notice that it considers a licensee in material breach before exercising technical self-help.  The latter might help to avoid mistaken exercises of technical self-help.  Sometimes the check really is in the mail.  Third, the drafting committee might reverse the current presumption and insert a prohibition on technical self-help clauses in licensing contracts.  Fourth, the drafting committee may simply omit such a provision from UCC2B.  Although some prefer this last option, it is important to realize that this would contribute to, rather than resolve, uncertainty about the enforceability of such provisions.  What commerce tends to abhor even more than bad rules are uncertain ones.

It is important to understand that Article 2B of the UCC will not just govern software licensing.  It will regulate virtually all transactions in information (except those specifically omitted, and even they are subject to an “opt-in” provision).  Its proponents, which include officials of the Clinton Administration, regard it as a key component of  a U.S.-sponsored framework for global electronic commerce.  (Take another look at the Magaziner report.  The veiled endorsement of UCC2B can be found in Section II.)  The goal of its proponents is to make UCC2B the standard not just for transactions in information in the U.S., but around the world.  That is why it is so important for computing professionals interested in the evolving infrastructure of electronic commerce to take the time and trouble to study this proposed law and make comments on its provisions.  In the words of the immortal Elvis, “it’s now or never.”

Or perhaps it is best to end with a quote from Paul Sleven’s poetic contribution to the UCC2B debate:
 

2b or not 2b, that is the question:
Whether ‘tis nobler in the mind to suffer the slings and arrows of outrageous common law decisions,
Or take arms against a sea of uncertainties and by legislating end them.

_______________________
ACKNOWLEDGEMENTS

Thanks to Dawan Stanford whose cyberlaw paper on technical self-help under Article 2B inspired and informed parts of this article.  Thanks also to Carol Kunze for maintaining a website of public comments on UCC2B.

ABOUT THE AUTHOR

Pamela Samuelson is a Professor of Information Management and of Law at the University of California at Berkeley.  She was recently named a Fellow of the John D. and Catherine T. MacArthur Foundation and wants to thank CACM and her readers for their interest in and support of her efforts to serve as a bridge between the legal and technical communities in search of appropriate ways to regulate information technologies.  She can be reached at pam@sims.berkeley.edu.
 

SOURCES

The latest draft of UCC2B can be found at http://www.law.upenn.edu/library/ulc/ucc2/ucc2b.

An archive of comments on Article 2B and a site where one can sign up to get updates on UCC2B developments is Carol Kunze’s Guide which can be found at htpp://www.webcom.com/software/issues/guide/.  (The rest of Paul Slevin’s poetic takeoff on Shakespeare can be found there.)

The Reporter for Article 2B is Professor Ray Nimmer of the University of Houston Law School.  He can be reached electronically at rnimmer@uh.edu.