Protecting your commercial software -

Licensing; Activation keys; Extended warranty or support registration; 'Time and Logic bombs'.

- a legal FAQ from Roger Sinclair

If you produce software commercially, then one of your major concerns will almost certainly be to ensure that anyone using your software has paid you the proper price for the privilege, does not use your product outside the scope of the use you have permitted, and does not pass on unlawful copies to third parties.

You would also be wise to ensure that such issues as your own liability for the product, for any losses that a user might suffer if anything went wrong, and responsibility for support etc are adequately covered.

Whilst a properly drafted Licence Agreement (designed with the particular product, client, marketplace, marketing strategy and typical user in mind) is essential, that nevertheless will rarely be a complete solution.

Practical steps should also be taken to ensure so far as practicable that your chosen legal framework does actually apply to each particular sale, to reinforce the legal position, and to help to provide evidence of the source of a product which has been pirated. It's all very well to define in a licence what the user is and is not permitted to do - but this may not provide much of a disincentive to piracy unless the user is also made aware that pirated copies can easily be traced back to him.

The entire situation needs to be considered, including such points as:

• Your own legal status - individual, partnership, limited company?
• Your own ownership of Intellectual Property rights in the product?
• What the product actually is and does?
• Has the product been adequately tested on the variety of platforms on which it is to run?
• What - in physical terms - is to be handed over on a 'sale' - a file downloadable from the Internet, a file on disk, a package including printed manuals etc, or what?
• What is the marketplace - UK, English-speaking world, worldwide?
• How the product is to be advertised - word of mouth, Web page advert, press advert, direct mail, via resellers, shareware, etc?
• How the sales process is to be handled - direct sales, via resellers, etc?
• Whether any form of user support is to be offered?
• Who is the typical user likely to be?
• What volume of sales is envisaged and over what period?
• Do you have the necessary infrastructure to handle the anticipated level of sales - and the flexibility to cope with any rapid changes in the rate of sales?

The following angles may then be considered alongside each other; apart from the licence agreement, not all (and indeed sometimes none) of them will be applicable or useful in any particular case, but they may be worth considering:

• The Licence Agreement - defining the limits of what the user may and may not do, and dealing with other contractual matters.
• Extended warranty or support registration - where the act of registration by the user affirms his commitment to the terms of the Licence Agreement, and the user in return obtains some additional benefit from registration.
• Activation & Registration Keys - personalizing the software to the user.
• 'Time and Logic bombs' - where the software itself prevents actual use outside the permitted parameters.

Conclusion:

• A proper Licence Agreement, designed with the particular product, client, marketplace, marketing strategy and typical user in mind, setting out the boundaries of the permitted use, and defining all the other terms you require is essential.
• For legal reasons, where it is possible to secure a signature to the Licence Agreement by the end-user in every case at the time the contract is made, this approach should be taken - thus ensuring a direct contractual relationship between you and the user, on your chosen terms.
• Where it is not practicable for the user to be made aware of your licence terms before there is a contract (eg telesales; or sale of a physical package with a Licence Agreement inside), or where there would not normally be a direct contractual relationship between you and the user (eg where third party resellers are involved in the sales process), then a 'Shrinkwrap' type Licence Agreement should be adopted to incorporate your chosen terms, with additional precautions also being taken to ensure that the user is made aware of the terms of the Licence Agreement at an appropriate time, and that if necessary you can prove this at a later date.
• Wherever practicable, the terms of the Licence Agreement should be incorporated in the software. For Windows TM software, it is often shown as an option on the 'Help' menu. In certain types of marketing scenario, it may be worthwhile to have the terms displayed on-screen during installation, with the user required to press a 'Yes, I agree' button before proceeding. Whilst this on its own may not be sufficient to overcome the basic requirements of contract law on every occasion, nevertheless on some occasions (eg in evaluation copies) it can certainly help considerably to reinforce your position.
• Direct registration by users, in order that they may receive some form of additional warranty or support, may be used to create or affirm a direct contractual relationship between you and the user, and to ensure that you know who your user actually is.
• Activation or Registration keys can often be used, both to 'personalize' the user's copy of the software, and again to ensure that you know who your user actually is.
• For shareware, or other software where the use permitted by the licence may be limited either in time or in extent, 'Time and Logic bombs' may be considered, but strictly provided the user is fully informed in advance, and is not taken by surprise.

If you would like to discuss further any issues raised by this FAQ and how they relate to you own position, or if you would like me to quote you a fixed price for preparing a Licence Agreement to suit your own needs, and to advise on suitable additional precautions, please mail me.

[Return to Roger Sinclair's 'Welcome' page]

The Licence Agreement

The objects of the Licence are:

• to define the terms on which you, as the owner of the Intellectual Property Rights in the software, permit its use;
• to safeguard you (so far as practicable) against any liabilities which you might otherwise incur to the user;
• to incorporate any other relevant terms within the legal structure of the transaction.

Ideally, this is dealt with within the context of a Licence Agreement - a contract between you and the user.

One of the fundamental principles of the law of contract is that all the terms of the transaction must be brought to the attention of both parties at or before the time the contract is made. Lawyers often refer to this as the rule in Thornton v Shoe Lane Parking.

Where all sales of software licences are direct by you to the user, it may be possible to consider using a Licence Agreement which is sent out by you and which the user signs and returns to you before supply of the software. The contract is made when you accept the order and despatch the software. Thus there is a direct contractual relationship between you and the user, on terms clearly established at the time the contract is made.

Often however that is not practicable, either because you are distributing your software through re-sellers (where the contract for sale is between the re-seller and the user, and you are not a party to that contract), or by sales by telephone (where the contract is formed when the user calls and gives his credit card number and you accept the order by despatching the software) - in either case, the user does not get to see the Licence Agreement until he receives the package, which is after the contract has been formed, and so the terms of the Licence Agreement may not be binding under the rule in Thornton v Shoe Lane Parking.

To attempt to fill this gap, the industry has developed the 'Shrinkwrap' licence, where the user, on opening the package he has bought, finds a sealed envelope containing the disks, and printing on the envelope saying eg 'Do not open this envelope unless you agree to be bound by the terms of this Licence Agreement'.

On the face of it, this is not sufficient to overcome the rule in Thornton v Shoe Lane Parking, because by the time the user opens the packaging and finds the licence with a notice on the sealed disk envelope stating that he should not open the envelope unless he is willing to agree the terms of the licence, the contract has already been formed, and the terms of the licence were not made known to him at the time the contract was made.

There is little case law on the subject of shrinkwrap licences, but such cases as are known are nearly all US or Canadian cases, and the licence terms have generally been found to fail, often on this point (eg Step-Saver Data Systems, Inc v Wyse Technology and The Software Link, Inc, Vault Corp v Quaid Software Ltd, Arizona Retail Systems v The Software Link, North American Systemshops Ltd v King).

In order to be confident that a 'Shrinkwrap' licence will be effective therefore, the following steps should be taken:

1. The particular terms of the licence need to be drafted to take into account such factors as the particular product, client, marketplace, marketing strategy and typical user - in other words, to suit your particular needs.
2. The user must be made aware - at or before the time of the contract - of the fact that what is offered for sale is the right to use the product on the specific terms of your Licence Agreement.
3. If the user does not have a genuine opportunity to see the terms of your Licence Agreement at or before the time of the contract, he needs instead to be told that what he is buying is the right to use the software on your terms, and that if when he is able to read the Licence Agreement he does not accept its terms, he may return the product for a full refund.
   
   Thus the initial sale contract becomes a contract where what he buys is the opportunity to have the product on the terms of your Licence Agreement, or a refund if he does not accept the terms.
   
   Various precautions need to be taken and followed scrupulously in marketing materials, in packaging, and in direct sales procedures, in order not only to achieve this, but also so that you can prove that this has been achieved.
4. The software disks must be effectively sealed inside eg an envelope clearly marked so with a notice that the user cannot help but see and read before he breaks the seal. The notice must draw attention to the terms of the Licence Agreement, and state that by the act of opening the envelope, the user accepts the terms of the Licence Agreement.
   
   The Licence Agreement itself should be either printed on the envelope, or on a separate sheet inside the packaging but outside the envelope. Again, adequate control measures need to be taken so that you can prove that this in every case.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]

Extended warranty or support registration

A fairly simple way to get many users (though doubtless not all) to affirm their agreement to your Licence Terms direct to you, in exchange for some further warranty or support beyond that to which they would otherwise be entitled.

Quite simply, give your user the opportunity to register for some form of additional warranty or support, by enclosing a postcard in the product pack, for the user to return to you after completing his name and address, and on which the user affirms the Licence Agreement.

This then creates a separate contract directly between you and the user, in which the user affirms the terms of the Licence Agreement, and you provide some additional service.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]

Activation keys

It is wise to look to practical steps for protection as well as legal ones.

It should not be beyond the scope of the ingenious programmer to develop a system of key codes, maybe along the following lines:

• each set of software disks carries a unique serial number
• in your offices you have software which will use
  1. the serial number, and
  2. the user's name
     
     to generate a key code
• the initial installation of the software will function for a limited time only until activated by the correct Activation code
• the user is required to contact your offices to register, to tell you the serial number and his name, following which you generate an Activation code and advise the user
• the user's copy of the software asks the user to input the user's name, the serial number, and the Activation code; the software checks that the code is correct, and if so, personalizes itself to display the user's name eg on startup, or on the title bar
• ideally, have the routine for entering the Activation key force the user to see the licence terms, and the user required to press a 'Yes, I agree' button before the installation will proceed.

Thus:

• the user's copy of the software is personalized, and any further copies he makes can be traced back to him - and he knows it!
• you know who your user is
• if you retain a record of serial numbers you can be assured that each copy is registered to one user only, and that unlawful copies are not being made and sold.

A variation of this procedure would be suitable for software intended to be downloaded from the Internet and then activated before use, or for shareware.

Note that if the initial installation is time-limited, or crippled in any way, then this amounts to a 'Time and Logic Bomb', of which the user must be expressly informed beforehand, for your own protection.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]

'Time and Logic Bombs'

It can be tempting to include disabling device in the software which will allow it to operate for a period of time and then either operate in a restricted way only, or cease to operate at all, unless the user effects some form of registration, or unless some code is entered which you will only issue eg on confirmation that the software has been paid for.

If you choose to take this route, you should be aware that there is a danger: do not take the user by surprise about this - make sure that he is aware right at the beginning that this will happen.

The Computer Misuse Act 1990 creates various offences, one of which is Section 3:

A person is guilty of an offence if:
(a) he does any act which causes an unauthorized modification of the contents of the computer
(b) at the time when he does the act, he has the requisite intent and the requisite knowledge

'the requisite knowledge' means that he must know he is not authorized to carry out the change

'the requisite intent' is an intent to cause a modification of the contents of the computer and by so doing:
(a) to impair the operation of the computer;
(b) to pervert or hinder access to any program; or
(c) to impair the operation of any program or the reliability of any such data

What this means in terms of 'time and logic bombs' is that if they take the user by surprise, then there may be an offence.

A term in the licence agreements for the software expressly stating

• the presence of the 'bomb' and
• in what circumstances it would activate
• the express consent of the user

should be sufficient to amount to 'authorisation', hence a defence.

It seems that simple use outside the terms of the licence by the user without the 'bomb' being notified in advance may result in an offence by the person inserting the bomb.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]

I'd really appreciate your feedback on this FAQ - so mail me and tell me what you think of it, if it's been useful to you, or let me know of any specific problem you have where I may be able to help.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]

This page was last updated 18 July, 1996.

No liability is accepted for any inaccuracy in the information in these pages - see full disclaimer

© Roger Sinclair roger@egos.co.uk 1996 - All rights reserved - see full copyright details

Disclaimer of liability:

The information on these pages is provided free and for information only, and is provided 'as is'. Whilst believed to be correct, it is in no way comprehensive. It is provided for your interest only and is not intended to be relied on as formal legal advice. The posting of information on these pages is not intended to create a lawyer-client relationship, and you should not act or rely on this information without seeking professional advice. No liability is accepted therefore for any errors, or for any losses that may be incurred if it is relied on.

[Return to Top]

Copyright details:

You may read these pages on-line, and download them to read later, for your own personal use.
This copyright notice must appear on every page that you print from here.
You must not redistribute these pages or any part of them in any form or medium without first obtaining my consent.
You are welcome to set up links to this website from others.

[Return to Top]

[Return to Roger Sinclair's 'Welcome' page]