Common EULA framework

I would appreciate any feedback on this idea. If you know of others working on something similar I would love to hear about it/them or if you could forward it along.


This weekend I started thinking about how www.stopbadware.org and www.antipywarecoalition.org define spyware and otherwise potentially unwanted technologies. Both propose when software obtains informed consent about terms of use and how it behaves that it should not be considered spyware or potentially unwanted. Software that is deceptive will still be considered spyware. I want to accept this consensus (if it changes, I'll support whatever they agree to).



I do agree that a EULA may be the most appropriate way to inform users and obtain consent. However, I believe that EULAs are currently too complex and inconsistent for a regular consumer to understand or ultimately provide meaningful consent when they merely click through. This is the problem I plan to address.




I want to propose the idea of a common EULA framework that would be applicable to the majority of EULAs. I'm not suggesting what clauses constitute fair, rather, I'm trying to identify common issues that a EULA could and/or should address. Third-party organizations could recommend a fair EULA following this common framework. Once a consistent and standard framework is devised for representing a EULA (or at least major components) I envision that it could facilitate the development of an XML schema to embed the EULA within the software in a system readable format similar in idea to the Platform for Privacy Preferences Project (P3P, www.w3.org/p3p). User agents could be developed to read these EULAs, compare with a consumer’s predefined preferences (possibly even loaded from templates from other organisations) and take specified actins based on the results (advise/warn, prompt, accept, halt). These policies could be read on-demand (including initiating a scan to detect EULAs), during installation or when launching software for use.




Based on reviewing other EULAs, I believe that statements (terms and clauses) that impact the user most fall into the following groups (I haven't formally defined the purpose or objective of each section yet). I’ve provided a few statements in each section that could help illustrate the idea a bit while I decide if it’s worth pursuing and formally documenting (likewise, the statements may appear cryptic and I do intend on formally defining each and acceptable values/attributes for each).



Grant of License
License.Type=(CPU | NAMED USER | FLOATING USER | DEVICE)
License.Volume=(0...N | UNLIMITED)
License.Hosted=(YES | NO)
Copyright
License Restrictions
Restrictions.Resale=(YES | NO)
Restrictions.Rental=(YES | NO)
Restrictions.Hosting=(YES | NO)
Restrictions.ReservationOfRights
Information Disclosure
Restrictions.BenchmarkTesting=(YES | NO)
Restrictions.Vulnerabilities=(YES | NO)
Restrictions.Downgrades=(YES | NO)
Restrictions.ReverseEngineering=(YES | NO)
Restrictions.Removal=(?)
Restrictions.OtherSoftware=(PACKET SNIFFER)
Transferability
Consent to Use of Data
Data.Financial
Data.Health
Data.Demographic
Data.PhysicalContact
Data.OnlineContact
Data.UniqueIdentifiers
Data.ComputerInfo
Data.Preferences
[etc, following P3P data definitions]
Product Features
Governing Law and Dispute Resolution
Termination and Expiration
Third-Party Acknowledgements
Disclaimer of Warranties
Limitation of Liability
Miscelanous
Misc.ChangeTerms=(YES | NO)

Some EULAs may include more sections, but for now I'll start with this and keep it flexible by allowing a traditional EULA to be referenced for more detail since it cannot be completely defined following the common framework. I want a framework that would allow me to focus/prioritize on statements that have greater impact and potential harm to consumers.

Any thoughts about the idea and outline of the framework to adequately cover important areas of a EULA? Any terms or clauses you'd like to suggest be included (if possible, give some sample attributes for the clause).

 

Apologies to Javacool for popping into his forum, but I just have to say that think your idea definitely has a lot of merit.

I'm not sure whether or not software vendors would use it - but if they did, it would be an excellent win for consumers.


Mike

 

Thank you for the support.

I think it's win-win. I sincerely believe that vendors do not want to be deceptive. Ultimately, a vendor wants a consumer to be informed of the EULA (otherwise, how can a consumer consent to and follow terms they don't understand or know about). Until some guidelines exist about what they should or could disclose they may not.

The vendor has a responsibility to inform and the consumer has a responsibility to accept (or not accept) a license agreement.

I believe a vendor can promote their adherence to a voluntary guideline to gain consumer trust. I am reviewing many EULAs in the wild and will determine a way to represent common terms. I will leave it up to another group to recommend what terms are fair or not far. I'm trying to be unbiased and agnostic about specific practices.

 

EULAlyzer Suggestions

I've been working on a project to help make sense of EULAs at www.clearware.org.

I'd appreciate your thoughts on the ideaand would also like to offer my symbols for various caracteristics to be used by EULAlyzer.

Brian Erdelyi

 

Hello Brian,

Since it appears your latest thread made today is an extension of the thread you started in Feb....I have taken the liberty to merge the 2 threads.

Bubba

 

Bubba,

The idea had evolved significantly since than... they aren't really the same thing any more.

I'd prefer a separate thread.