Courtrooms are filled on a daily basis with business owners and customers suing for breach of contract. Apparently, there was not a meeting of the minds—as previously thought—between the parties. As a result, default occurs and restitution for one or both parties is sought via the court system.
The scenario above represents the typical contractual process, with cut and dry areas to determine breach. However, we enter into a subtler arrangement in our every-day interactions on computers more often than we realize. What exactly are we getting ourselves into?
Almost every digital transaction, whether it involves the purchase and installation of software; setting up an account with an online vendor; or making a purchase online, requires the acceptance of an End User License Agreement (EULA). This contract, between the vendor and user, is a legally binding document (despite the fact that it is in digital form) and should be treated as such. As with any other contract, one needs to review and understand all the terms before acceptance or refusal. Unfortunately, though, many of us fail to read EULAs and find out later what the terms really specified.
According to US-CERT’s Alerts and Tips Blog, the EULA may “include almost any conditions. These conditions are often designed to protect the developer or vendor against liability, but they may also include additional terms that give the vendor some control over your computer. The following topics are often covered in EULAs:
- Distribution – There are often limitations placed on the number of times you are allowed to install the software and restrictions about reproducing the software for distribution.
- Warranty – Developers or vendors often include disclaimers that they are not liable for any problem that results from the software being used incorrectly. They may also protect themselves from liability for software flaws, software failure, or incompatibility with other programs on your computer.
- Monitoring – Agreeing to the EULA may give the vendor permission to monitor your computer activity and communicate the information back to the vendor or to another third party. Depending on what information is being collected, this type of monitoring could have both security and privacy implications.
- Software installation – Some agreements allow the vendor to install additional software on your computer. This may include updated versions of the software program you installed (the determination of which version you are running may be a result of the monitoring described above). Vendors may also incorporate statements that allow them or other third parties to install additional software programs on your computer. This software may be unnecessary, may affect the functionality of other programs on your computer, and may introduce security risks.”
For more information on EULAs, see US-CERT’s Security Tip ST05-005
FEDERAL AGENCY IT SECURITY COMPLIANCE: Need To Understand FISMA But Don’t Have Time? Call us for IT Security Support – Configuration, Compliance (FISMA, NIST) and Management: 703-502-3416