Deelip.com

Monday, August 20, 2007

EULA Paranoia

R. Paul Waddington, the person who frequently comments on many CAD blogs, including this one, finally has a blog of his own. It is called "Caveat emptor" and, not suprisingly, his first post is an open letter to Autodesk, asking them to allay his fears on the audit clause in their End User License Agreement. He believes that the audit clause gives Autodesk complete access to his computer and premises and will compromise his IP and that of others. He suggests that the printed output from Autodesk Product Manager is more than required to determine a licensee's compliance to the terms of the license agreement.

This reminds me of a clause in my car loan agreement, which states that I am bound to bring my car for "inspection" to the office of the finance company whenever the company so demands, whenever that may be and wherever my car may be, failing which there would be a litany of legal consequences. I guess a paranoid person would be justified in calling this clause an excuse to walk over his privacy, disrupt his life, cause mental torture and a dozen other things. Probably a person who is paranoid to a higher degree may be justified in screaming that his insurance company may not pay for any accident while his car is in the custody of the finance company. Unfortunately there is no limit to paranoia, and I am beginning to wonder if there even is a cure.

The "inspection" clause I mentioned above is there for a reason - to make the recovery of the car easy in the event that I default on my payments. The law in India forbids the use of force to recover a car (although force is often used, but that's a different story). Thanks to this "inspection" clause I am legally bound to get my car for "inspection" at which point the finance company will promptly seize the car if I have defaulted. While a paranoid person will read all sorts of nightmare scenerios in such clauses, the normal people will use a little trust and some common sense while reading and accepting such clauses.

Similarly the audit clause in Autodesk's EULA, and that of SYCODE's as well, is there for a reason - to make it easier, or even possible, to catch the bad guys. How are you going to prove in a court of law that someone is reverse engineering, decompiling or disassembling your software? How are you going to prove that someone is using a crack of your software? Can you accomplish this using a pretty tool like the Autodesk Product Manager? I don't think so. You need hard evidence and you need to get it the hard way.

I mentioned in an article earlier ("Intrusive License Agreements"), that the FBI could not nail the guy who tried to sell SolidWorks source code, even after a successfull sting operation. Such is the state of the legal system and pretty license agreements will not help the situation.

The audit clause should bother only those who intend to do something wrong, and of course, the paranoid as well.

9 Comments:

  • How are you going to prove it in court? Well, you go before a judge, provide sufficient evidence to persuade the judge and then the judge issues a search warrant which allows you the right search the house or office and computer inside it.

    The lease comparison fails to equal the level of intrusiveness of the Autodesk EULA for some extremely obvious reasons.

    1. You do not keep your intellectual property in your car.

    2. You are given advanced notice and have the ability to remove any objects that you wish to keep private from the car before you present it for inspection

    3. The lease agreement only gives the leasing company access to the car, which they own, and not access to your home, office and computer.


    You assume the best case scenario that the EULA clause will never be used, which it probably will not. But this does not eliminate the fact that the clause exists and that Autodesk claims the right to search your house and computer.

    By Anonymous Anonymous, At 11:01 PM, August 23, 2007  

  • And exactly what would autodesk or the BSA be looking for while on the your systems, your data or thier software? It would be the latter.

    Perhaps this article will be of interest. http://www.smartofficenews.com.au/Business/Technology/K6K6A7P3

    Here is a case where a company is most likely in violation, they are given plenty of time to resolve the issue amically and apparently do not. Now it gets ugly and expensive.

    As a long time U.S. based dealer this has been my experience as well. It is not in the dealers or Autodesks best interest to rush to legal action, instead they will work with the offender to resolve the matter.

    I have seen the results of BSA raids and it tends to make the customer go away permanently, i.e. bankrupt. Not good for anyone.

    By Anonymous Anonymous, At 2:40 AM, August 24, 2007  

  • Deelip argues, "will use a little trust and some common sense while reading and accepting such clauses.", and with this statement I fully agree and have done so.

    Anonymous #1 says, "You assume the best case scenario that the EULA clause will never be used, which it probably will not. But this does not eliminate the fact that the clause exists and that Autodesk claims the right to search your house and computer."

    "Autodesk shall have the right to conduct an audit on your premises or by electronic means..." is what it actually says, the key point here being "by electronic means".

    When I first raised this I was specifically told, and did not believe, that it was too difficult for Autodesk to do an electronic Audit on all its customers. Well guys you all know about "CUSTOMERINVOLVEMENTPROGRAM"; the hand full of bytes needed for an Audit is a 'drop in a bucket' compared to the amount of data this variable will disgorge Autodesk's way.

    Furthermore if you read the documentation closely you will see a warning that any illegal data collected by CIP will be actioned; since when could using the line, circle, and text commands be interpreted as illegal?

    So we know Autodesk is expecting or at the very least Warning users that the data collected can be interpreted as illegal, so it is not just 'Usage data'.

    Turn off 'CUSTOMERINVOLVEMENTPROGRAM' until you know exactly what is being collected and Autodesk allows you to independently validate that which is collected and prevent it from being transmitted from your systems.

    In support of this statement; I have a copy of a file created, by an application program (in this case not an Autodesk product), on one of my systems, under the guise of 'Usage data'. That file when found and reviewed, by us, revealed information about me, my systems and my customer information that could never be considered 'Usage data'. That was enough of a warning to me as it should be to others. That legal software is no longer used, my customers have been told of the event and other potential customers, of the software, have decided not to use it either. What was the developers mistake?

    So, Anonymous #2 says,"exactly what would autodesk or the BSA be looking for while on the your systems, your data or thier software? It would be the latter." My previous statement demonstrates this is not always true;

    The truth is that you don't know, it is an assumption and I would have normally have made the same assumption. Except in my case I also asked the question and the answers I got made it immediately clear that the assumption may not have been correct and as indicated above Autodesk's documentation now bears this out.

    If the BSA or BSAA did and Audit (and I don't know if they would), they represent a number of software developers and that could be a whole lot more problematic.

    Be legal is the key, and has always been my stance, but equally don't let developers erode our rights or accept contracts that create an environment over which we users will have little ability to supervise or validate.

    R. Paul Waddington.

    By Blogger R. Paul Waddington, At 5:14 AM, August 24, 2007  

  • Without commenting on their specific techniques (i.e. the wording of the EULA) one can understand Autodesk's paranoia. On a recent trip to China I purchased a DVD that purported to contain AutoCAD 2008, for which I paid the princely sum of 8 yuan, about $US1.18. No, I did not slip a decimal or three; that's a dollar eighteen.

    When I got it home I discovered it actually contained ALL releases of AutoCAD from 2000 onward, complete with "crack" files to beat the activation requirments.

    Unfortunately it wouldn't install. It is set up for a Chinese version of Windows and so could not find the correct install paths on my English-language Windows.

    I wonder if the EULA complainers would be singing a different tune if they discovered that someone was stealing their working drawings and then selling them to potential clients at a discount price. Ah, but that's different...

    No wonder Chinese products are so low-priced; they don't pay the same price for their design software as do western competitors.

    By Anonymous Anonymous, At 3:28 AM, August 27, 2007  

  • We heard of Bill Fane's China purchasing trip around June 2007 and in response to my question, "what was an industry commentator going to do with pirate software?", RalphG said "For research purposes". For whom? Autodesk obviously, else;

    so Bill what was the response of the police, customs and or Autodesk's representative in China when you reported the purchase you had just made? and; given that you obviously carried pirate software home, finding out it did not work, I take it home is China?

    If China is not home, where is, and what was the response by the customs in your country of residence on learning you were returning with pirate software, they obviously thought it was ok?. Having re-entered what has been Autodesk Inc's or your local Autodesk representative response, reaction and action when you reported and they learned of your 'purchase'.

    Is purchasing pirate software illegal or is using pirate software illegal? I venture to say an industry commentator should not have purchased the software, and then told the world. If it was purchased for evidence, therefore on behalf of Autodesk, I would have thought Autodesk would have told us all and the authorities of your exploits; have they done so or are they going too?

    Bill states; "I wonder if the EULA complainers would be singing a different tune if they discovered that someone was stealing their working drawings and then selling them to potential clients at a discount price. Ah, but that's different..."

    What sort of question is this?. I would sing no different a tune than I do now. It is an offense and our legal systems allows us to deal with it AND THAT IS HOW IT SHOULD BE!

    Allowing developers to access computers without oversight or validation is giving individuals and developers power that no legitimate user can control. As indicated in my earlier post we have evidence of data collected (by a 'reputable' developer) under the guise of "usage data" that was not, and it was only a fluke that it was found after transmittal; how much more proof do you want that access, if granted, to software developers should be supervised.

    It is the legal system that should be used to gain access not the Licensor using the EULA and their abiltiy to 'hack'. In this country, Austalia, the likes of Autodesk have great support from the legal system, they do not need to be able to 'search and seize' without court oversight and to believe otherwise is absurd.

    As I have indicated if Autodesk's intentions are as they claim they could have given ME what I have asked for, a long time ago and nothing more would have been said. But they have chosen instead to adopt an entirely different stance, they know why and they don't want their customers to know why, why?

    Legit software users, vendors, dealers and commentators are all on the same side but two of these and some of one others seem to believe legit users are the enemy as well as pirates. Can that be the only explanation for them not wanting to talk openly and discuss licence contracts with their customers, readers and me.

    On the completely different note! The price of software is immaterial when the salaries and working conditions are what they are and; when Westerners visit the country and buy the products; which in this case included PIRATE software! How did this action of yours help Autodesk Bill, and those of us who pay full price?

    R. Paul Waddington.

    By Anonymous Anonymous, At 9:28 AM, August 27, 2007  

  • Paul said, "We have evidence of data collected (by a 'reputable' developer) under the guise of "usage data" that was not."

    Paul, why don't you disclose this "evidence" to the world and expose this reputable developer you are accusing. And since you seem to have so much faith in the law, I guess you can rely on it to protect you if the developer decides to sue you.

    By Blogger Deelip Menezes, At 1:35 PM, August 27, 2007  

  • I have done just as you have requested Deelip, responsibly.

    Deelip, the company involved has been notified. The ball is in their court now as to whether or not they do something about changing it.

    They know my views and that I have warned and shown others in a professional manner. That means respecting their position and accepting, in good faith, their statement that they will reconsider what they are doing.

    They at least have proven, thus far, to be far more sensible about this than others and we achieved that level of understanding in just several email exchanges.

    A considerably different level of, and speed of response than the over two and half years of communicating with Autodesk for essentially the same problem.

    Their data file initially unknowingly provided a warning and support for my position as you continue to do by trying to bait me Deelip with demands of this nature; again thank you

    Alternatively you could, of course take a leaf out of their book and look for an alternative that is more palatable to users and achieves the the intended goals. That is of course what I have always tried to do; I offered one of a number of solutions, there are others, what is yours Deelip? There is never only one way Deelip, put something on the table and lets argue about a solution instead of this crap!

    R. Paul Waddington

    By Anonymous Anonymous, At 4:03 PM, August 27, 2007  

  • Coming back to my original point about paranoia, according to Wikipedia, "Paranoia is a disturbed thought process characterized by excessive anxiety or fear, often to the point of irrationality and delusion. Paranoid thinking typically includes persecutory beliefs concerning a perceived threat."

    How many instances are you aware of wherein Autodesk has used their audit clause to violate a customer's computer or premises?

    I want to determine whether you are paranoid or not, at least according to Wikipedia.

    By Blogger Deelip Menezes, At 4:20 PM, August 27, 2007  

  • I would like to answer some of the remarks made recently by Paul Waddington re my purchase of pirated AutoCAD.

    "We heard of Bill Fane's China purchasing trip around June 2007 and in response to my question, "what was an industry commentator going to do with pirate software?", RalphG said "For research purposes". For whom? Autodesk obviously, else;

    - Why "Autodesk obviously"? I am not an Autodesk employee and never have been. Full disclosure: I am a regular presenter at Autodesk University for which I receive the same honorarium as all other independent presenters, and I was contracted as an independent consultant to provide technical support for the Skills USA national championships a week after I returned from China.

    My full-time day job is an instructor of mechamnical enngineering at the British Columbia Institute of Technology in Vancouver, Canada. In fact, that is why I was in China; I was giving a series of guest lectures at two affiliated institutes in China and accidentally blundered into the copy of AutoCAD in a small shop.

    "so Bill what was the response of the police, customs and or Autodesk's representative ...your local Autodesk representative response, reaction and action when you reported and they learned of your 'purchase'."

    - As indicated earlier, home is Vancouver, Canada. I did not report it to any authorities in China or Canada because at that point I had no proof that it was pirated software. I did not attempt to install it in China, and it wouldn't install on my machine at home in Canada. For all I know, I've been ripped off for $1.18.

    "Is purchasing pirate software illegal or is using pirate software illegal? I venture to say an industry commentator should not have purchased the software, and then told the world. If it was purchased for evidence, therefore on behalf of Autodesk, I would have thought Autodesk would have told us all and the authorities of your exploits; have they done so or are they going too?"

    - I purchased it on a whim, for personal amusement and entertainment and as a low-cost souvenir. Even if it had installed properly I would have no need to use it because I already have fully legal copies on both my computers. And why shouldn't an industry commentor purchase it and then comment on it? Is that not a comment on the state of the indusry?


    "Allowing developers to access computers without oversight or validation is giving individuals and developers power that no legitimate user can control. As indicated in my earlier post ..."

    - As I indicated in the opening line of my original posting, I have no intention of commenting on Autodesk's specific procedures and techniques, nor of wording within the EULA. My only intention was and is to help others see the magnitude of the problem.

    "How did this action of yours help Autodesk Bill, and those of us who pay full price?"

    - I don't know, particularly since that was not my original intent. Perhaps it might encourage some of us to pressure our respective governments to help do something about it. Our governments should tell countries like China that their trade relationships with us would be in jeapordy unless they start cracking down on the pirates in their countries. I believe this was done in the case of Singapore.

    By Anonymous Anonymous, At 12:18 PM, August 29, 2007  

Post a Comment

Subscribe to Post Comments [Atom]



<< Home