Oh say can UCITA? Industry observer Robert Rubin floodlights pending state legislation that may severely impact your rights when buying software.
The battle over UCITA, the Uniform Computer Information Transaction Act, is at a critical juncture where information-technology professionals can help defeat this one-sided abomination. If you have any input into the buying of software for your company, you have a stake in making sure that the act in its present form is rejected by your state legislature.
UCITA, if adopted even by a handful of states, will likely govern your purchases of corporate computer programs unless you are able to negotiate specific exclusions to its terms and conditions. If you are not familiar with its provisions, you may be in for a sickening shock when you try to get a vendor to resolve a software problem.
UCITA has been kicking around for years. It was first proposed as a revision to the Federal Uniform Commerce Code. Back then it was known as UCC-2b. Congress wisely put it aside as being too one-sided. Its backers, though, decided to take another path and started a state-by-state campaign to get it adopted. Because a vendor contract specifies in which state a dispute will be adjudicated, the strategy was a clever one. So far both Virginia and Maryland have passed the act in essentially the form presented.
The proposed law started out based on the premise that contractual law for buying and selling traditional wares is not explicit enough when it comes to dealing with computer software. As many of us can attest, there is a lot of truth in that supposition. It was also apparent that having a common set of laws for these transactions would save a lot of time (and hence money) by reducing the need to negotiate terms and conditions with every vendor with whom we dealt.
It's easy to see why so many of us in charge of IT for large companies supported the rationale for the birth of UCC-2b (which later morphed into UCITA). However, somewhere along the way the process was hijacked and became instead a tool for vendor relief from all of those pesky things that users would like--such as having recourse against code that doesn't work as advertised.
Big software companies such as Microsoft jumped on the bandwagon for a revision of the Federal Uniform Commerce Code that was very much to its own benefit. To be fair, not all suppliers went along with this attempt. For example, Sun Microsystems never signed on to the adoption of UCC-2b as drafted. Perhaps Sun was more concerned about its customers than Microsoft, or perhaps Scott McNealy simply opposes, on principle, anything that Bill Gates favors.
There are two provisions in UCITA carried over from UCC-2b that are enough to earn your unalterable opposition to the law when it comes up for review in your state. These are:
1. A self-help clause that allows vendors to disable user software remotely in case of disputes with the purchaser.
2. Protection for software vendors from having to disclose known bugs to prospective buyers.
Imagine running an IT shop and buying software under these conditions. You wind up in a dispute with the vendor, maybe over how the system is working or perhaps over a payment. The vendor has the right to disable remotely your production system. Interesting how the use of language changes. It wasn't too long ago that we used to call that type of capability a hidden bomb; now it is self-help. And what does it say about the security of an application if a vendor has built in a trapdoor that can cripple your code? Anyone want to bet that a hacker will never learn how to do the same thing?
The attorneys general of 32 states have recommended trashing UCITA. With concerted action, we can kill it. It is fatally flawed.
Here is what you can do:
1. Write your state legislative representative. Explain that you're an IT professional and UCITA would be bad for you and for business.
2. Contact the Society for Information Management at www.simnet.org and tell them you're opposed to UCITA. SIM is a 2,500-member organization of IT executives and has been fighting for more balanced legislation for years (in the interest of complete disclosure, I am a past president of SIM).
3. Talk to your public-affairs department and ask it to get involved. Point out how the company is liable to see increased costs and decreased flexibility if UCITA becomes law.
There has always been a dynamic balance among different interest groups in this country and that balance has allowed us to make great strides as a nation. UCITA simply tips the balance too far when it comes to software purchases and needs to be rejected.
Robert M. Rubin is CEO of Valley Management Consultants, a firm specializing in E-business and information-technology strategy, organizational design, and evaluation. Prior to joining VMC, he was senior vice president and CIO for Elf Atochem North America, a $2 billion diversified chemical company. The recipient of multiple industry awards, he is a contributing editor to InformationWeekand a member of its advisory board. He can be reached at email@example.com. We welcome your comments about this issue at the Listening Post.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.