In the early 80s when I first bought a computer, I owned DOS, later Windows, and Office. Then the lawyers got involved and now I own a licence to use them – these programs are not mine, I just get the use of them under the terms of an EULA (End User Licence Agreement).
What about the operating system (OS) and security/patch over the air (OTA – really means via wired or wireless internet) updates “forced” on us by Apple, Google, and Microsoft? Are we able to switch them off, stick with earlier versions of macOS, iOS, Android or Windows?
In theory, you can, but in practice, that right led to fragmentation of the OS to such an extent that cyber criminals could drive a truck through vulnerabilities. You cannot opt out unless you live in a cave and don’t connect to the internet. Yet we still have the vocal minority pillorying these companies for wanting to keep us safe and patched.
How many of us read the EULA for anything?
{loadposition ray}
Certain Android smartphone brands used ADUPS to update the OS. That fiasco was evidence that OTA and EULA were gathering far more personally identifiable information (PII) that was reasonable expected. In the name of software updates, it collected full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords.
The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges and could remotely reprogram the devices. Per the New York Times, American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.
Same goes for the recent storm in a tea-cup controversy when Samsung announced that it would send OTA updates to the Note 7 to restrict battery charging. While the din was not as audible, some owners objected to the intrusion on a device they thought they owned. It could only take the Note 7 off Telco carrier networks once a complex, country by country, the legal process determined that under the EULA, and interestingly nothing to do with public interest, it could do so.
Then what about the news that certain athletes, as part of their contract, must wear fitness trackers 24x7. That means no privacy while they sleep, are on the toilet, having a few drinks, during training and having sex. Great idea in theory to improve performance but it is lead balloon material to the athletes. And it won’t be long before life insurance companies mandate fitness trackers and car insurance companies want telemetry from dash cams and GPS.
Want to use the cloud? Most public clouds have EULA’s that allow them to do pretty much anything with your data. It gets worse the lower costs you pay – free storage usually means open slather for whatever you store there.
Want a free app – by downloading you agree to an EULA that may be damned hard to find, let alone wade through the legalise. You would be horrified at what free mail, contacts, calendar and flashlight apps collect.
Visiting websites can also contain automatic acceptance of the EULA. One cyber criminal has a flash up message about cookies that has 3-point type that warns you that by clicking on the Cookie acceptance you will be infected, ID stolen etc.
Fancy a bit of live TV or streaming – there is an EULA for smart TVs that can tell who is watching, what they watch, and when they watch. It will get worse with remote controls that can recognise voices and it won’t be long before we must log in to view content. Siri, Alexa. OK Google and Cortana can spy on us under the guise of helping us. The information is advertising gold and it is sold.
Want to make a phone call – there is no specific EULA for a landline call but the moment you venture onto wired or wireless broadband there is – not to mention the layers of EULA that sit over Telco carrier conditions for apps like Apple iMessage, Viber, WhatsApp, Skype, Facebook Messenger, etc.
You know there are EULA’s now for cars. Tesla may have been the first with a 30-page agreement but increasingly any smart car device (think Apple CarPlay, Android Auto, BlackBerry QNX, Windows embedded, ), comes with one that allows the manufacturer, or their agent, considerable latitude to upgrade, downgrade, remove from service and more.
Many EULAs go too far with restrictions on use on different devices (can’t install more than once), ability to resell, limits of liability, and where a click-through to use signs away your rights. While the law has ways of determining what are unconscionable clauses the great bulk are never challenged because the plaintiff bears the considerable costs of litigation should they lose to a cleverly crafted EULA.
And then there is lying by omission. Many legal cases have lost by plaintiffs, not because the EULA specifically stated terms but because it banned any unforeseen use outside those terms.
One common criticism is that they are often far too lengthy for users to devote the time to thoroughly read them. In March 2012, the PayPal end-user license agreement (to use Pay-Pal) was 36,275 words long.
In May 2011, the iTunes agreement was 56-pages long – just to purchase a song or app! South Park parodied this in the episode "HumancentiPad", where Kyle had neglected to read the terms of service for his last iTunes update and therefore inadvertently agreed to have Apple employees experiment upon him.
We are stuck with EULAs and, by and large, most of us are not equipped to handle the legal issues, let alone the ethical issue of who owns the software, devices, and personal information, and what it does with it all.
Examples of ridiculous EULA clauses – some humorous
Apple’s iTunes EULA expressively forbids you from using iTunes to create missiles and biological, chemical, or nuclear weapons.
For six months after Safari For Windows was released, Apple had the following clause in Safari for Windows’ EULA: You Can’t Install It On Windows
Google Chrome owns you. “You give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services.
Facebook terms and conditions included a clause that states: "By posting User Content to any part of the Site, you automatically grant... to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise..."
Sony PlayStation and EA. Any Dispute Resolution Proceedings, whether in arbitration or court, will be conducted only on an individual basis and not in a class or representative action…
Amazon Kindle. Your rights under this Agreement will automatically terminate if you fail to comply with any term of this Agreement. In case of such termination, you must cease all use of the Software, and Amazon may immediately revoke your access to the Service or to Digital Content without refund of any fees.
What can be done about EULAs?
Not a lot – in general, they have been upheld by the highest courts, largely backed by mega-corporation money. The only valid suggestion is to get your dog or cat to sign it and plead pawsible deniability!
