– By Grant Gross –

Red Hat and the Open Source Initiative will likely celebrate a UCITA victory this month, but the celebration will be shared with backers of the Maryland software license law, not in spite of them.

Maryland Gov. Parris N. Glendening is expected to sign a bill that exempts Open Source software from “mandatory warranties” found in the state’s Uniform Computer Information Transactions Act, on the urging of Red Hat and the Open Source Initiative.

The bill passed both houses of the Maryland legislature unanimously, and the change is part of Red Hat’s larger effort to work with UCITA advocates to rework parts of the legislation that are distasteful to the Open Source community. Mark Webbink, senior vice president and general counsel for Red Hat, says he sees UCITA as a “somewhat benign” law on the whole, and believes some of the objections to UCITA in the Open Source community have come from misunderstandings of what the law does.

However, Red Hat and the Open Source Initiative did approach the Maryland legislature
about what types of software were exempted from warranties required in the state’s version of UCITA. “In Maryland, the legislature determined that they wanted to add a number of consumer protection provisions to UCITA,” Webbink says, “and in the process, although they thought they were taking into account Open Source software … they in fact didn’t quite get there.”

Changes to the law

The original Maryland UCITA bill passed in 2000 exempted “free software” from having to provide a warranty, says Democratic Delegate Kumar Barve, sponsor of the original legislation and chairman of the Maryland House of Delegates Subcommittee on Science and Technology. But there was confusion over whether that could be interpreted to mean proprietary software that for whatever reason isn’t purchased, Barve says, so the new bill gives the exemption only to software that has its source code freely available and that allows unlimited copies to be made.

Maryland legislators recognized quickly why exempting Open Source software from the mandated warranties made sense, Webbink says. “How do you impose a warranty on some hacker who’s in Romania, written a piece of the code, and given it away for free?”

What’s UCITA?

The National Conference of Commissioners on Uniform State Laws is pitching UCITA to states as “model legislation” to apply the Uniform Commercial Code to software sales. In 2000, Maryland and Virginia passed versions of UCITA, although Virginia’s law doesn’t go into effect until this July. Seven other states and the District of Columbia have considered UCITA bills.

Many members of the Open Source community have objected to several parts of UCITA, including the warranty section. They’ve also objected to its limits on reverse engineering and to the “self-help” section, which seems to allow software companies to shut down software if the user doesn’t pay the license fee by a deadline. (For Open Source community objections to UCITA, here’s an explanation at everything2, and Slashdot has a number of articles about the effects of UCITA.)

Working with UCITA

Webbink says some of those fears may be “misapplied,” and Red Hat is working with the uniform law commission to change other parts of UCITA.

Barve notes, for example, that the self-help section of Maryland’s UCITA was amended to not apply to individual customers, only bulk customers such as corporations, and Webbink says such self-help laws were already on the books before UCITA.

“What UCITA did was say, ‘Yes, it’s permitted, but by golly, if you’re going to exercise self help, you’re going to do it according to these rules,’ ” Webbink says. “Does [UCITA] perpetuate self-help? Yes, it does. However, does it put it in a box? Yes, it does, and that box is relatively consumer-friendly.”

Barve says he’s still surprised at the amount of heated criticism he’s taken from shepherding UCITA in Maryland a year ago. He acknowledges that UCITA protects the intellectual property of proprietary software companies, but he sees intellectual property rights as a driving force in the U.S. economic system.

“UCITA was never as bad as its opponents said it was and never as good as its proponents said it was,” Barve says. “I don’t think we made a mistake here. I think we made a fundamentally correct policy decision.”

Where UCITA may stop being “somewhat benign” is when more states begin to adopt it, and each add their own changes to the law, as Maryland’s legislature did, Webbink says.
Dozens of variations of UCITA could give Open Source advocates nightmares as they try to chase down problem areas in bills from New Hampshire to Arizona.

To prevent that scenario, Red Hat has been taking the Open Source cause to the uniform law commission itself. Red Hat wants to “talk about issues that are important to Open Source and how they may be able to modify this model language to better address our concerns and make the legislation more palatable to members of the community,” says Red Hat’s lawyer.

Proposed changes

Webbink has approached the commission about making a couple of changes in the model UCITA. One proposed change would recognize Free Software and Open Source licenses in the law, to “acknowledge they exist in the firmament of computer software licenses,” he says.

Another change, in the preliminary stage of talks, would guarantee a right to reverse engineer software. “Naturally, if the statute is going to permit reverse engineering, you have to address off-setting interests between the Open Source community and proprietary vendors,” Webbink says.

However, Webbink believes a compromise can be crafted, with proprietary vendors on board, that allows a person purchasing a software license to reverse-engineer the software to write interfaces for the software. His example: A Linux programmer purchasing a popular word-processing program and using its source code to port it to Linux. With Red Hat’s proposal, UCITA would allow such reverse engineering and override any prohibitions in the word-processor’s license agreement.

Currently, there’s no Open Source industry group that deals with legislative issues, although Webbink says Red Hat’s efforts have been received well both on Capitol Hill and in Maryland’s statehouse. Red Hat worked with the Open Source Initiative to craft the change in Maryland’s UCITA.

Community obligation

Webbink says Red Hat and other Open Source companies are talking about an industry-wide legislative lobbying effort, but nothing’s happened yet. “I understand [other companies’] concern that they don’t want us to come across as the sole leaders of the thing,” he says.

In the meantime, Red Hat plans to continue pushing for the Open Source community with lawmakers, he says. “Both our board and our management feel that we are now left in a position where we need to take a leadership role in protecting the interests of the community at large,” he adds. “That’s not to say that there aren’t other companies that aren’t doing the same thing, but … somebody’s got to take the initiative on these kinds of things, and we feel like we’ve got an obligation to do that.”

Webbink promises to keep his ear to the ground as Red Hat advocates for the community. “As we push for what we believe the agenda should be, we will be constantly seeking affirmation from other members of the community to make sure we’re not going off in a tangent that they aren’t in agreement with.”

The Standard claims that the Extensible Markup Language (XML) is now the standard language of the Internet.

ZDNet reports that the biggest security problem on company networks today is not anything to do with the quality of the system, but the caution of the users. Employees are leaving their passwords on their desks, still, and it’s a major threat to network security.

ZDNet reports on delays and problems with a Code of Practice intended to clarify how employers monitor company email and Internet use, noting privacy problems with filtering email for virii.

IMA writes “International Messaging Associates (IMA) will be providing a free, official copy of its latest messaging product the Internet Exchange Messaging Server (IEMS) 5 to beta users who will send in their proposed enhancements and potential problems early at v5beta@ima.com

Free copies will be made available to all evaluators who provide feedback to IMA on any undocumented bugs, or who suggest new features or enhancements of which IMA agrees to use in current or future releases. Fixes for verified problems will be included in the official release of IEMS 5.

The free, official copy of the IEMS 5 also includes 90-day support. For more details on this program, please visit http://www.ima.com/v5promo.html.

—————————————–
CONTACT:
ERIC ARANDEZ jearandez@ima.com
IVY SIA ivy@ima.com
International Messaging Associates
Tel: 1-800-549-27-62
Fax: 1-888-562-35-61
Web site: http://www.ima.com.

tjhanson writes, “This must be a fairly robust offensive. This time the NY Times is covering the speech:

http://www.nytimes.com/2001/05/03/technology/03SOFT.html” This page requires a login. From the story: “Microsoft is preparing a broad campaign countering the
movement to give away and share software code, arguing that it potentially undermines the intellectual property of
countries and companies. At the same time, the company is acknowledging that it is feeling pressure from the freely
shared alternatives to its commercial software … (A speech to be given Thursday) is part of an effort by Microsoft to
raise questions about the limits of innovation inherent in the open-source approach and to suggest that companies
adopting the approach are putting their intellectual property at risk.”

Kelly McNeill writes, “In the new and enlightened age of Unix (namely Linux), the fragmentation monster threatens to raise its ugly head and leer at the varying distributions.

Brace yourself: Linux has a tiny chance of becoming fragmented. Before the Linux community (of which I am a part) fires up their flame throwers, let me explain why I think this and most importantly, what I think might help solve it.”

June 25-30, 2001
Marriott Copley Place Hotel
Boston, Massachusetts, USA
http://www.usenix.org/events/usenix01/==============================================
REGISTER BY May 25, 2001 and Save up to $200!
==============================================

Join peers, research and industry leaders in Boston at the USENIX Annual Technical Conference. USENIX Annual Tech is THE gathering place for like minds in the computer industry.

FEATURING THIRTY professional-level tutorials,
SEVENTEEN brand-new!
Here’s a sampling:
-Network Programming with Perl
-Solaris Administration
-Building Linux Applications
-Large Heterogeneous Networks
-Practice Wireless IP Security
-Running Secure Web Servers
-Network Security
-Advanced Solaris Administration
-Unix Network Programming
-LDAP

* KEYNOTE ADDRESS by Daniel D. Frye, Director of IBM Linux Technology Center.

* INVITED TALKS on WAP, IP Wireless Networking, Security Aspects of Napster and Gnutella, Security For E-voting in Public Elections, Virtual Machines, Online Privacy, Active Content and Secure DNS

*NEWLY ADDED CLOSING SESSION with Cynthia Breazeal and her robot, Kismet. Cynthia is a researcher from the MIT media lab, currently developing robots that can duplicate human facial emotions.

*VENDOR EXHIBITION featuring innovative companies, products and services. For more information on exhibiting, please contact Dana Geffner at dana@bgiassociates.com.

For more information and to register, visit:
http://www.usenix.org/events/usenix01/

The 2001 USENIX Annual Technical Conference is sponsored by USENIX, the Advanced Computing Systems Association.

www.usenix.org

From Wired News: “To the U.S. government, a DVD descrambling utility is akin to terrorware that could crash airplanes, disrupt hospital
equipment and imperil human lives.

On Tuesday, an assistant U.S. attorney told a federal appeals court hearing arguments in the Universal Studios v. Reimerdes et al
case that the DeCSS utility, which the Motion Picture Association of America has sued to take off a website, should be banned.”

“‘m more of a casual gamer than a serious one. I do like fast action, and have been known to spend too much time
shooting the bad guys; but all in all I prefer a strategy game to an action game. Even so, I can appreciate the uses of a
high-end video card. When it comes to Linux, however, the issue of drivers always comes up-“If I buy the latest XYZ
video card, will it work with Linux?” In general, the answer to this question is affirmative. But the devil’s in the details…” More at SourceMagazine.