EULA Drama

So the past few days have seen some compartmentalized drama regarding Google’s Chrome EULA and the damned GoogleUpdate.exe.  Which got me to think about other software’s EULAs and what they say.

Skype’s EULA, for example, is relatively innocous, until you get to the part about its privacy policy, where it states “Your information may be stored and processed in any country in which Skype and the Skype group maintain facilities, including outside of the EU. In this regard, or for purposes of sharing or disclosing data in accordance with this article 4, Skype reserves the right to transfer information outside of your country. By using Skype software, Skype’s websites or Skype products you consent to any such transfer of information outside of your country. … .”  If you don’t like that, well, Skype has an answer for you:  “If you would like to exercise your right to view, correct, complete or remove your personal data, please contact Skype at delete@skype.com. Within a reasonable period of time and upon verification of your identity and to the extent your request is legitimate, Skype will fulfil your request, provided Skype will not act contrary to applicable legislation by fulfilling your request.”  It’s an interesting clause, as elsewhere, in the EULA, it says “If You object to Your information being used in the way set out in the Privacy Policy then please do not use the Skype Services.”

In any event, pretty typical.  So it raises the question, how enforceable are these EULAs?  Well, in Davidson & Associates v. Jung, 422 F.3d 630 (8th Cir. 2005), the Eighth Circuit affirmed the District Court’s enforcement of a EULA involving reverse engineering of Blizzard’s games and Battle.net.  In XPEL Technologies v. Maryland Performance Works, No. SA-05-CA-0593-X, 2006 U.S. Dist. LEXIS 47158 (W.D. Tex. 2006), the Western DIstrict of Texas enforced a forum-selection clause found in the EULA. However, there is another line of cases, involving “shrink-wrap” licenses, where the EULA is not something to which you show some sort of assent by clicking, but rather you show assent when you rip open the shrink-wrap around your media.  For example, in Vault v. Quaid Software, 847 F.2d 255 (5th Cir. 2005) (“the restriction in Vault’s license agreement against decompilation or disassembly is unenforceable.”).  Careful, though: Davidson & Associates, which I cited above, is very quick to point out that the DMCA has scuttled a lot of one’s ability to go in and do a bit of tinkering.  And the Eastern District of California has recently found certain EULAs to be enforceable.  See, for example, Meridian Project Systems v. Hardin Construction, 426 F. Supp. 2d 1101 (E.D. Cal. 2006).

It’s Happened to Me … GoogleUpdate.exe DOES Come Back to Life

Last night, I posted that I was able to kill GoogleUpdate.exe in the Task Manager, and that I turned it off in msconfig.exe to keep it from loading at startup.  And I mentioned that I hadn’t had any problems with it starting up on its own. Well, it’s a day later, and I haven’t used Chrome at all since that post, and well, there it is, in my Task Manager, running all by itself.  That’s pretty skeevy, if you ask me.  If I kill an app, I want it stay killed until I ask it to be Lazarus. So I uninstalled Chrome from my machine, and then I’ll have to get GoogleUpdate.exe out of my registry, following instructions I found (here).  While I was doing it, I went ahead and deleted the Apple Updater that I found; that felt good!  I also deleted the “Chrome” sub-subfolder in my Application Data folder, which one would have thought would have been deleted when I uninstalled Chrome. It’s amazing how much detritus is left over from uninstall processes; no wonder Windows machines get bogged down, because all these companies let their programs leave traces of themselves behind. I deleted a few other folders while I was at it, and who knows, maybe I’ll have bricked my computer.  That’d be fun.

GoogleUpdate.exe, Chrome, and the Cloud

After noticing that I had been getting a lot of traffic from people looking for GoogleUpdate.exe, I decided to go hunting for what all the fuss was about.  From what I can gather, people aren’t thrilled that Google bundled a bit of software which ostensibly helps with the update process.  Or something like that. It probably isn’t any different than any of the other stand-alone updaters that get installed on your machine, like the Java updater, the or the Logitech updater, or the Windows updater.  Googleudate.exe, however, can be killed in the task manager without affecting anything, that I can tell, anyway, and using msconfig.exe to fiddle with startup processes can keep the program from running, period.  Maybe.  I’ve seen some people saying that it will come to life on its own.  Don’t know about that; it hasn’t happened to me yet.

What’s got kdawson at Slashdot more worked up than googleupdate.exe, though, is the EULA.  ”By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services.”  Putting aside the question of whether Chrome is a good or a service, the EULA seems to have language that is one of two things.  It could be boiler-plate from an already-existing EULA for Google services that is similar to EULAs from other websites, including Slashdot, as commentor RiotingPacifist pointed out:

are we talking about slashdot

With respect to text or data entered into and stored by publicly-accessible site features such as forums, comments and bug trackers (“SourceForge Public Content”), the submitting user retains ownership of such SourceForge Public Content; with respect to publicly-available statistical content which is generated by the site to monitor and display content activity, such content is owned by SourceForge. In each such case, the submitting user grants SourceForge the royalty-free, perpetual, irrevocable, non-exclusive, transferable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display such Content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed, all subject to the terms of any applicable license.

or google:

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services. This license is for the sole purpose of enabling Google to display, distribute and promote the services and may be revoked for certain services as defined in the additional terms of those services.

I think it’s a fair question.

If it isn’t just the same-old same-old mumbo-jumbo EULA crap that either will or won’t be enforced, though, it’s a pretty serious overreach of control over user information, and it makes me recall something I was thinking about the other night as I was driving back from the grocery store.  I had been thinking about the future of the Cloud, the fluffy land we’re all supposedly driving toward, Dvorak notwithstanding.

The Cloud poses all sorts of legal issues, and I’m just thinking for the moment about the legal practitioner.  Assume arguendo that we all start having to use GoogleDocs in the future (or some other net app) and stand-alone word processors are killed off, along with local storage capabilities.  That means that a lawyer, for example, might be forced to use a word processor to draft memoranda and store the documents in the Cloud.  Now, if it’s just a motion that’s going to be filed and become part of the public record, maybe that’s not such a huge security concern in the event the Cloud gets breached, as it probably will at some point.  But what if the lawyer represents someone who has decided to cooperate with the government, and now comes time for sentencing.  The lawyer, no doubt, would want the court to know about the cooperation, so as to get the best sentence for his client, but he also doesn’t want everyone else knowing about it.  Thus he would want to file the motion under seal, which presumably could still be done.  The unsealed document, which would have previously resided in a local drive, however, would still be subject to only the strength of the Cloud’s security.  And of course, too, the document would be scoured for ads, which is an invasion, perhaps, of the client’s privacy interests.

What if, however, the EULA on Chrome isn’t just cribbed language from the services side, but what if it’s really saying that the mere fact that you use Chrome, whether you are using a Google service or not, allows Google to do whatever it wants to do with what you put through the browser.  That means that by agreeing to the EULA, you are theoretically allowing Google to monitor what you type into a non-gmail email, say through your company’s webmail application, and do with it as it will.  Or if you enter a credit card number (surely that could be construed as content, n’est-ce pas?) at smithswidgets.com, Google is claiming the right to use that content as it wants.  Again, this is taking things to the extreme, but it does bring up the question of how much information and rights people seem content to just give away in the name of free.