User Rights Agreements, or 'Grant Us Your Immortal Soul'

The security of your company and its employees could be compromised if you don’t read and understand an End User License Agreements or (EULA) for new software.

A study performed last year revealed that “no more than 8 percent of users read the License Agreement in full.” They just click right on through and load the software regardless of the security implications.

Last week Apple’s iBook Author application came under heavy scrutiny for its EULA, which essentially restricted users wanting to get paid for their work from ever publishing or distributing the uploaded manuscript through any other form or media.

Here is the legalese in Apple’s EULA:

IMPORTANT NOTE:
If you charge a fee for any book or other work you generate using this software (a “Work”), you may only sell or distribute such Work through Apple (e.g., through the iBookstore) and such distribution will be subject to a separate agreement with Apple.

The United States Computer Emergency Readiness Team (US-CERT) warns that “Agreeing to the EULA may give the vendor permission to monitor your computer activity and communicate the information back to the vendor or to another third party. Depending on what information is being collected, this type of monitoring could have both security and privacy implications.”

US-CERT goes on to warn that “Some agreements allow the vendor to install additional software on your computer. This may include updated versions of the software program you installed (the determination of which version you are running may be a result of the monitoring described above). Vendors may also incorporate statements that allow them or other third parties to install additional software programs on your computer. This software may be unnecessary, may affect the functionality of other programs on your computer, and may introduce security risks.”

According to the aforementioned study, the median time users spent on a EULA license page was only six seconds.

Disclosure and compliance regulations have made these EULA agreements impossible to read and comprehend in that amount of time, unless you’ve passed the Sylvan Speed Reading course and are a lawyer.

Antivirus and cloud-based security software come along with EULAs that users must pay close attention to as well.

For example, Symantec tells users outright in its EULA they can’t use its software license on third-party machines, so out the window goes the users' virtualization budget if they want you run the software across their mixed-vendor virtualized stack, unless they want to break the law. And Symantec doesn’t even take responsibility for working, as its says in its EULA -- “In no event will Symantec or its licensors, resellers, suppliers or agents be liable to you for (i) any costs of procurement of substitute or replacement goods and services, loss of profits, loss of use, loss of or corruption to data, business interruption, loss of production, loss of revenues, loss of contracts, loss of goodwill, or anticipated savings or wasted management and staff time.”

Gamestation, an online retailor, on April Fools’ Day 2010, replaced its usual EULA text with an “immortal soul clause,” which read: “By placing an order via this Web site on the first day of the fourth month of the year 2010 anno Domini, you agree to grant us a non-transferable option to claim, for now and forever more, your immortal soul.” Customers were so urgent to make their online purchase that 88 percent of buyers clicked the box to sell their souls.