[Free-sklyarov-uk] MS right-to-crack EULA

Edward Welbourne Edward Welbourne <eddy at chaos.org.uk>
Wed, 03 Jul 2002 22:21:42 +0000

Previous message: [Free-sklyarov-uk] MS right-to-crack EULA
Next message: [Free-sklyarov-uk] MS right-to-crack EULA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Microsoft's case would have to rely on the EULA, which - if the
complaint were brought by a corporation, local council or government
department (say) - they can only show to have been read (at that only
probably) by the sysadmin who installed the emergency patch, but who
likely did not have the authority to grant any outside party permission
to mess with the computer systems; the sysadmin's click on Accept thus
fails to grant permission (and the sysadmin probably has some defence
based on being under duress).  The MicroSmurf who employs the back-door
later is then not in a position to determine whether he has consent.

> later on in section 17:
> (8) Such a modification is unauthorised if
>  (a) the person whose act causes it is not himself entitled to determine
>      whether the modification should be made; and
>  (b) he does not have consent to the modification from any person who is
>      so entitled.

However, 17.8 seems perverse.  8a and 8b are joined with `and'.  The
cracker *is* entitled to phone up (say) Barclays' sysadmins and ask
whether he should (say) reformat their hard disks.  Making that call
would `determine whether the modification should be made'.  8a doesn't
actually require that he *does* make that call, but its condition is
failed simply by virtue of his entitlement to do so.  It then matters
not one whit whether 8b's condition is met - the kid formatted the
hard-disk, but it wasn't `unauthorised' in the sense of 17.8.

Allow, then, that any court will reject this reasoning, e.g. because
17.8 said `is unauthorised if' without any use of `only' - i.e. the
prosecution will argue that 17.8 merely sets out one case that is
unauthorised, without prejudice to all the other cases that would
naturally be understood to be unauthorised.  Equally, one might argue
that 17.8 is to be read as `... is unauthorised if (a) ... and is
unauthorised if (b)', effectively turning the `and', via `and if', into
an `or'.  Lawyers don't use words the same way programming language
designers do.

In such a case, it suffices that the person who did the installation can
be shown to have not been entitled to authorise others to tamper with
the computer; at which point the MicroSmurf is guilty of an offence;
which was committed on instructions from his employers, so Microsoft is
guilty of commissioning an offence.  Further, it published (in the EULA)
its intent to commit the offence, so cannot claim `woops, it was a
mistake' or `this was the smurf acting without proper authority' to get
itself off the hook.

In particular, with the `and if' reading of 17.8, even the sysadmin who
clicked on Accept was not *able* to determine whether the (future)
modification should be made, since he had no knowledge of it: hence
making `entitled' moot and utterly scuppering any chance the smurf might
have to appeal to (b).

Equally, confronted with such a EULA, the sysadmin might plausibly
  * observe that his contract forbids him to consipire with others to
    mess with the computer system in ways not authorised by the board
  * observe that allowing Microsoft arbitrary freedom to mess with the
    computers would conflict with the intersts of share-holders
  * advise the board of these facts, in writing
  * require written authorisation from the board before proceeding
  * provide an account of these events to the shareholders ...

Such behaviour might very well scare boards and IT managers into reading
the bullshit they're nominally agreeing to.

	Eddy.

Previous message: [Free-sklyarov-uk] MS right-to-crack EULA
Next message: [Free-sklyarov-uk] MS right-to-crack EULA
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]