Category Archives: Legal

Autodesk founder outraged by Amazon snatch of cloudy purchases

3 Replies

Autodesk co-founder John Walker (it’s not his fault, he relinquished control of the company many years ago) recently posted this on Twitter:

In a move reminiscent of the infamous removal of Orwell’s 1984 from Kindle devices (which Amazon promised a court it would never repeat), John’s Audible.com (owned by Amazon) audio books, purchased in 2009-2010, simply went away.

John’s reaction was to post a video of harmless inanimate objects being blown away by a powerful firearm, so I think it’s safe to say he was not overly pleased about this turn of events. Can’t say I blame him.

This is a variant of the old joke on those cheesy pre-show anti-piracy ads that have annoyed owners of legitimately purchased videos for many years:

“You wouldn’t steal a car.”
– I would if I could download it.

Amazon’s version goes:

“You wouldn’t steal a book.”
– I would if I could delete it from my server.

OK, Amazon is obviously doing evil here, but what can John do about it? Maybe nothing. As pointed out in a series of responses to John’s post, Amazon considers itself fully entitled to do this. Amazon also allows itself permission to change the rules as and when it sees fit.

Does this sound familiar? It should. “What’s yours isn’t really yours, even if you paid for it. It can go away when we feel like it. We can change the rules when we feel like it. No guarantees. Just keep paying and hope for the best.”

This is why we don’t CAD in the cloud. Or subscription CAD, for that matter. Owning stuff is still important.

Logitech demonstrates the power of the cloud and cops a bloody nose

6 Replies

I’ve been a pretty satisfied customer of Logitech products for some years. The mice, keyboards, webcams and 3D controllers (branded as 3DConnexion) I’ve used have generally been well designed, well built and long-term software support has usually been very good (with an exception or two). So it’s with some regret that I have to report them as an example of what not to do in customer service.

Logitech recently sent this email to customers of its Harmony Link universal remote control:

This is an important update regarding your Harmony Link. On March 16, 2018,
 
Logitech will discontinue service and support for Harmony Link. Your Harmony Link will no longer function after this date.
 
Although your Harmony Link is no longer under warranty, we are offering you a 35% discount on a new Harmony Hub. Harmony Hub offers app-based remote control features similar to Harmony Link, but with the added benefit of the ability to control many popular connected home devices. To receive your discounted Harmony Hub, go to logitech.com, add Harmony Hub to your cart, and use your personal one-time promotional code […] during checkout.
 
Thank you for being a Logitech customer and we hope you will take advantage of this offer to upgrade to a new Harmony Hub. If you have any questions or concerns about Harmony Link, please email the Harmony customer care team.
 
Regards,
 
Logitech Harmony Team

This isn’t just a matter of no longer supporting an old product (and it’s not that old, anyway – it was still sold directly 2 years ago and old retail stock has been sold until a few months ago). It’s a matter of actively disabling all instances of a product from afar, world-wide.

That’s right, Logitech has demonstrated the (destructive) power of the cloud by using it to remotely kill your perfectly functional device. If it’s out of warranty, send Logitech more money for a newer one. No guarantees on how long it will be before the replacement gets the remote kill-switch treatment.

As you might expect, customers weren’t overjoyed at being treated in this way. Threads popped up on the Logitech forums (where the words “class action lawsuit” were auto-censored), Reddit, Twitter, and as comments on various IT news sites that reported on Logitech’s move.

The supposed reason for Logitech’s decision seemed to make no sense:

We made the business decision to end the support and services of the Harmony Link when the encryption certificate expires in the spring of 2018 – we would be acting irresponsibly by continuing the service knowing its potential/future vulnerability. Our system shows this product, which was last sold by Logitech in fall of 2015, had a small active user base.

Such certificates are commonly purchased and renewed by hardware and software companies for relatively tiny amounts of money. It would have cost Logitech less to renew a certificate than it would to have someone write the explanation about why they weren’t doing it. Very odd. As a business decision, it sucks. It also exposes Logitech management as utterly out of touch with the reality in which their customers live.

In a reaction that should have come as a surprise to nobody (but apparently did to Logitech), pretty much everybody gave the company a major roasting. Many people pointed out that such a move would be considered illegal in their countries (including mine), or at best (for Logitech) it would entitle the customer to a full refund from the retailer. Many people promised to never buy anything from Logitech in particular, and any device capable of being remote-bricked in general.

Once it became apparent that this was a major PR disaster, Logitech did a belated partial U-turn and extended the offer of a free replacement to customers with units that were out of warranty.

“I made a mistake,” head of Logitech Harmony Rory Dooley explains to Wired. “Mea culpa. We’re going to do right by our customers, and do the right thing.”

This reminds me of those politicians who get caught out misusing expenses who then say sorry and offer to pay back the ill-gotten gains, as if that’s enough to get them off the hook. Nope. Too little, too late.

Logitech, you just destroyed a whole bunch of customer trust. How valuable is that to you? How much is it going to cost you in sales? How much will it cost you in marketing to try to regain it? It stands to be a fair bit more than the cost of updating a certificate, I would guess. And you’re still bricking a whole bunch of perfectly functional devices. How is that environmentally responsible?

The idea of any product that can be remote-disabled or even reduced in functionality by anybody should be anathema to all of us. Any product. Not just gadgets. (How’s your internet-reliant juicer going? Oops.) Oven, garage door, fridge, car (Tesla can do this), hardware, firmware, software. Yes, software.

This, ladies and gentlemen, is why we don’t do CAD in the cloud. I’ve explained years ago how cloudy CAD adds multiple points of failure. I’m still not wrong about that. One of those additional points of failure is when the vendor decides to stop offering the service. And, of course, the same applies to subscription software, even when it’s not cloudy. The vendor loses interest and you’re left high and dry.

Don’t think it won’t happen. It happens repeatedly and will continue to happen. Don’t be a victim when it does.

I didn’t expect to see any comment about the policy of denying bug fixes to some customers from any Autodesk high-ups, but I was mistaken.

Here’s a quote on just this subject from Autodesk Senior Vice President1, Buzz Kross:

It’s just bad business. Why would you not want to take care of your customers? I would never do that. Come on, we all make mistakes. All software has bugs and as a developer, I have an obligation to provide fixes to all my paying customers, whether they are on subscription or not. Customers on subscription have the advantage of getting access to new stuff. That’s fine. But denying them access to bug fixes is just not right.

Buzz Kross, Senior Vice President, Autodesk1
9 April 2010


Photo: Autodesk

It’s not often I so completely agree with an Autodesk executive1, but I can find no fault in his logic. Thank you, Buzz.

1. Although Buzz is still listed as a SVP in some Autodesk online materials, he’s no longer with the company.

Autodesk confirms its own unconscionable conduct

40 Replies

It took several attempts over a period of months and was like pulling teeth, but Autodesk has now confirmed that it is deliberately withholding bug fixes from some of its customers.

Autodesk has taken customers’ money and in return has provided defective software (OK, that happens). It has fixed some of those defects (that happens too, sometimes). But it’s limiting distribution of those fixes to those prepared to pay Autodesk further (that has never happened before).

Just let that sink in. Autodesk broke stuff you paid for, could easily fix it, but won’t do so unless you pay more. If you thought ransomware only came from Russia, think again.

Here’s how the scam works.

Let’s say customer Fred paid thousands of dollars for his perpetual license of AutoBLOB and paid thousands more for upgrades and maintenance over several decades. Due to Autodesk no longer making significant improvements to AutoBLOB, he finally gave up hope and decided to drop off maintenance. Understandable, particularly as Autodesk has announced maintenance prices are getting jacked up.

Never mind. Thanks to his perpetual license, Fred can keep right on using AutoBLOB! Aren’t perpetual licenses just the best thing?

Let’s say Fred made the decision after discovering AutoBLOB 2017 was slower than, and really not significantly better than, AutoBLOB 2016, 2015 or even 2010. Fred’s maintenance period carried him through to beyond the release of AutoBLOB 2018, which he intended using for a few years until he transitioned to an alternative product. (Or until Autodesk Becomes Great Again, but Fred doesn’t consider that likely).

Meantime, Fred discovers that there’s a new bug in AutoBLOB 2018 that makes it useless for his needs. It’s not a crash, drawing corruption or security issue, but it is something that makes it difficult of impossible for him to produce the required output. Because he installed AutoBLOB 2018 before his maintenance expired, Autodesk won’t allow him to use 2017 or any earlier version.

Meanwhile, Autodesk has, miracles of miracles, developed a fix for that nasty bug. All Fred has to do is download and install the hotfix or Service Pack, right? Wrong. Because Autodesk has wrapped up the bug fix with AutoBLOB 2018.1, a mid-term update that includes not only bug fixes but also a few new minor feature improvements. Unlike the competition, Autodesk restricts such updates to continuously paying customers. AutoBLOB 2018.1 is therefore only available to subscription and maintenance customers. Fred’s bug has been “deemed non-critical” by Autodesk and therefore the fix won’t be distributed to him.

Fred is screwed by a combination of Autodesk’s worst aspects: chronic failure to improve the product, price-gouging business practices, incompetence in development and testing, and unreasonably restrictive licensing terms. As if that wasn’t enough, he’s then screwed again by one final, nasty, vindictive, petty piece of bastardry by a company desperate to strong-arm its reluctant customers into subscription slavery.

This is not OK.

This is no way to treat customers. It’s unethical. It’s unconscionable. It’s immoral. It’s disgusting. It’s evil.

In the EU at least, it could well be illegal. I certainly hope so; Autodesk being fined a few hundred million Euros might discourage other companies from following suit.

Although it’s tempting to think of Autodesk as a single edifice, it’s important to remember that it’s made up of many individuals. Many of them are great people who would never dream of stooping this low and who are probably quietly embarrassed to be associated with a company that does so. Those people have my sympathy and should stop reading now.

But if you’re that person at Autodesk who thought up this idea? Or one of those who thought it would be OK to do this? Or just sat silently during the meetings where this was discussed and didn’t pipe up, “This is just WRONG”? I have a message for you.

You’re an asshole.

You can still buy Autodesk perpetual licenses in Europe

10 Replies

Yes, you really can still buy Autodesk perpetual licenses in the European Union. You just can’t buy them from Autodesk.

Where can you buy those licenses? From other customers who don’t need them any more. Unlike some jurisdictions, the EU respects the doctrine of first sale for computer software. This means sale of pre-owned software is allowed, and any EULA restrictions attempting to prevent that are invalid. This was established in 2012 by the EU’s highest court, The Court of Justice for the European Union (CJEU) in the case of UsedSoft v Oracle.

Autodesk and all other software vendors in EU countries have to respect that, so the perpetual license remains valid after transfer to the new owner. The previous owner must be able to document the validity of the license and must delete or disable their copy of the software upon transfer.

While I have no personal experience of the transfer process, according to what’s being said in this CGTalk thread*, it’s all very easy. Fill out a form and you’re done. However, I suggest you contact your local Autodesk office for the details. Don’t bother to ask AVA, she doesn’t know.

I’m no EU lawyer, but my reading of the judgement is that Autodesk is not obliged to transfer any maintenance contracts along with the perpetual license (clause 66). It is, however, obliged to consider the software to be upgraded to the original owner’s level under any maintenance arrangements (clause 67). This means the software license will be permanently stuck on the last activated release prior to the sale. Companies with a single license permitting use by 50 users and who want to shed 20 of them can’t split off and sell those 20 (clause 69). Again, check with your local Autodesk office for confirmation.

If you’ve been through this process, please comment on your experiences for the benefit of others.

Software licenses within the EU are valid in all EU countries, so it would appear there is nothing preventing, say, a German buying a used AutoCAD license from the UK, at least until Brexit is complete. It is unlikely that an EU license will be legally valid outside the EU, as outside Europe Autodesk only permits license transfers under certain circumstances described here.

It’s interesting that this market for perpetual licenses exists, but Autodesk has locked itself out of its own market! Indeed, by ending the sale of perpetual licenses, Autodesk has made them a rarer and more valuable commodity.

AutoCAD’s ARRAYCLASSIC command is my fault

Leave a reply

Ever wondered why most keep-the-old-version commands in AutoCAD are called CLASSICxxx but the old version of the ARRAY command is called ARRAYCLASSIC? Why can’t Autodesk be consistent for once? Sorry, that’s actually my fault. Here’s a little history.

  • AutoCAD Version 1.4 (1983) introduced the ARRAY command with Rectangular and Circular options.
  • AutoCAD Version 2.5 (1986) added the Polar option and hid the Circular option (but it’s still there).
  • AutoCAD 2005 introduced a dialog box version of the ARRAY command. The command-line version remained available via the -ARRAY command (with a leading hyphen).
  • AutoCAD 2012 introduced many new array features, including associative, path and 3D arrays. However, the dialog box interface was removed and the old command-line interface was back. There were also a bunch of bugs and limitations with the new regime.
  • I created and published the shareware utility ClassicArray™ to restore a familiar dialog box interface to AutoCAD’s array features. Rather than simply reproducing the old interface, I enhanced it to provide support for the new array features. I was also able to provide a workaround for some of AutoCAD’s array bugs and limitations.
  • By producing and selling a product called ClassicArray I established that as my trademark.
  • In AutoCAD 2012 SP1, Autodesk added the old dialog box interface back to AutoCAD and has left it in ever since. The restored interface did not support any of the new features. Calling the new/old command CLASSICARRAY would have infringed my trademark and I made sure Autodesk was aware of that fact in advance. That’s why ARRAYCLASSIC is called what it is.

Anyway, my ClassicArray exists and I still think it’s usefully better than what Autodesk provides. It has been updated to 1.1.0 to install and work smoothly with all AutoCAD releases from 2012 to 2017. Existing license holders can upgrade for free without my involvement and reuse their registration code with the new version. If you’re interested, hop over to classicarray.com.

Cloud concerns – Security – Autodesk puts its arguments on line

19 Replies

I’ve made the point before that while Cloud proponents like Autodesk have been happy to talk big on the potential benefits, they have been conspicuously (suspiciously?) silent on the legitimate concerns their customers have raised. The best responses you have been likely to see regarding such concerns can best be characterised as “glossing over”.

So it’s good to see that Autodesk has put together a white-paper-type-thing called Autodesk® 360: Work Wherever You Are – Safely. This 275 KB PDF, with 5 pages of actual content, puts Autodesk’s point of view about one of the aspects of Cloud that people commonly raise as a concern. This is a good start, but of course there are quite a few potential dealbreakers that need addressing yet.

How well does this document address this issue? As you’d expect from Autodesk, it’s gung-ho positive, but there is at least some acknowledgement of Cloud concerns, e.g. “Customer experiences, however, can be largely impacted by the speed and quality of their Internet connection”. In addition to such occasional connections with the real world, there are some categorical assurances that may make some potential users happier. Here are some examples:

Autodesk 360 is delivered from data centers in the United States.

Files and identities are safe during storage, transit, and usage.

As part of Autodesk‟s due diligence for customer security and protection, prospective Autodesk personnel with potential access to sensitive data are screened through background checks before being employed.

Once purged, your data may persist in backup copies for a reasonable period of time but will not be recovered or read by anyone.

Customers own the content they create.

While that’s all well and good, Autodesk needs to get its legal team reading off the same page and fix up its terms and conditions to make them less anti-customer. Otherwise, this virtual document is worth more less than the virtual paper it’s written on. Some parts of the document are only superficially reassuring:

Any access to customer data or personal information is strictly governed by the Autodesk 360 Terms of Service (http://www.autodesk.com/termsofservice) Autodesk‟s Privacy Policy (http://usa.autodesk.com/privacy/), and internal procedures.

While that sounds fine on the face of it, Autodesk has violated its own Privacy Policy in the recent past and to the best of my knowledge, nothing ever came of it. That assurance is therefore rendered completely worthless by Autodesk’s own history. Add to that the fact that both the Terms of Service and Privacy Policy are extremely rubbery and rather one-sided, and this statement becomes more of a concern than a reassurance.

Other parts of the document are contradictory. Take these statements, for example:

Working in the cloud is all about reducing the hassles and headaches that companies and employees would rather avoid, like …. Managing data security and backups

It’s good practice, however, to personally observe safety and security wherever and whenever you are using Autodesk 360 …. Download and back up work locally in a secure environment.

Cloud’s great because it saves you having to make backups. However, make sure you make backups of the stuff you put on the Cloud. Hmm, okay…

So what do you think of this document? Is it all spin or does it address your security concerns? If it addresses your concerns, does it do so to your satisfaction? Please have a read and add your comments.

Cloud concerns – security again

4 Replies

It’s probably worth pointing out that if you you have no problem emailing your designs around the place without some form of protection or encryption, there’s little point in getting all worked up about Cloud security. Email isn’t remotely secure. FTP isn’t exactly watertight, either. If you’re still interested in Cloud security issues, this post includes some relevant links you might like to peruse.

First, here’s what Autodesk’s Scott Sheppard had to say about Project Photofly (now 123D Catch Beta) security last month: Project Photofly FAQ: What about the security of my data? This covers some of the same kind of stuff I’ve already discussed, but from an Autodesk point of view (albeit a pretty transparent and honest one, as you might expect from Scott). Here are some selected quotes:

In essence, we don’t want to accept liability when we don’t take money…

We intend to have a reasonably secure service, better than email, but less secure than a bank account.

We store your files on Amazon’s S3 service, and they maintain their own physical and data security policy that is considered robust.

Next, here are the 123D Terms of service, which raise many of the same alarm bells I mentioned before. Selected quotes:

We reserve the right to change all or any part of these Terms, or to change the Site, including by eliminating or discontinuing the Site (or any feature thereof) or any product, service, Content or other materials, and to charge and/or change any fees, prices, costs or charges on or for using the Site (or any feature thereof).

By uploading, posting, publishing, transmitting, displaying, distributing or otherwise making available Shared Content to us and/or any Users of or through the Site you automatically grant to us and our sub-licensees…the worldwide, perpetual, royalty-free, fully paid-up, irrevocable, non-exclusive, sublicensable (through multiple tiers) right and license to have access to, store, display, reproduce, use, disclose, transmit, view, reproduce, modify, adapt, translate, publish, broadcast, perform and display (whether publicly or otherwise), distribute, re-distribute and exploit your Shared Content (in whole or in part) for any reason and/or purpose (whether commercial or non-commercial) by any and all means in any and all media, forms, formats, platforms and technologies now known or hereafter devised, invented, developed or improved.

Please note that with respect to Non-public Content, we will not authorize your Non-public Content to be made available to others on a public section of the Site, although we cannot guarantee complete security (e.g., of cloud servers).

Moving on to another Cloud security-related issue, something that Owen Wengerd raised on Twitter was the idea that:

…once data is on the cloud, it can never be deleted.

Deelip Menezes thought this whole idea somewhat loopy:

Actually I’m implying that it is ridiculous to even start thinking along those lines. 😉

However, I see Owen’s point. Once your data is on someone else’s server, you have no control over it. You have no idea where it lives, how often it is backed up, what happens to those backups, and so on. Let’s say you place some highly sensitive design data on the Cloud. It might be commercially sensitive, or about something that represents a possible terrorist target, or just something you don’t want certain parties to know about, ever. A week later, you delete the design data. Now, is it really gone? Any responsible Cloud infrastructure vendor must regularly take multiple backups and store them securely. So you now have multiple copies of your “deleted” data floating around, who knows where? What happens to old servers when they die? Where do backup hard drives, tapes, etc. go? If backups are stored off-site, how are your files going to be permanently removed from the media?

While there may be policies, procedures and ISO standards in place, we’re dealing with humans here. If one backup copy of your data ended up in a country where a rogue employee decided to better feed his family by selling off old hard drives, your nuclear power plant plans could end up not safely deleted at all, but instead delivered into the hands of some people you’d really prefer not to have it.

This may sound like paranoid nonsense, but risk from non-deleted data is real. There was a local case where a company was illegally siphoned of funds and went bust. The company’s old internal email servers were supposedly wiped and sold off. Somebody bought them, undeleted the data and was able to pass on incriminating emails to the police. While that ended up being a good thing in terms of natural justice and it’s not even a Cloud issue, it illustrates that making sure your stuff is properly deleted can be very important. This is related to something that Ralph Grabowski mentioned on Twitter; the “right to be forgotten”. Here is a Google search that includes various links that touch on some of the struggles related to this issue.

Finally, here’s something related to the possibility of the data being accessed illegally while it’s up. You put it up there, somebody copies it, you delete it, it’s not really gone and you are none the wiser. Is that something that only tin foil hat wearers need worry about? Have a read of this article before answering that one: Cloud Services Credentials Easily Stolen Via Google Code Search. Selected quotes:

The access codes and secret keys of thousands of public cloud services users can be easily found with a simple Google code search, a team of security researchers says.

Now the team is offering one word of advice to companies that are considering storing critical information on the public cloud: Don’t.

…an attacker who knows Google and some simple facts about cloud services authentication can easily find the access codes, passwords, and secret keys needed to unlock data stored in public cloud services environments such as Amazon’s EC3.

We found literally thousands of keys stored this way, any one of which could be used to take control of computers in the cloud, shut them down, or used to launch attacks on other computers on the same service.

Here’s a PDF of the presentation, if you’re interested.

Cloud concerns – terms and conditions

21 Replies

I just used Autodesk Cloud Documents for the first time, and was asked to confirm my acceptance of the Terms of Service. Fair enough. But just what is in those terms, and what do they mean to you if you are dubious about using the Cloud? Will you be reassured by what you find there? Maybe not. Here are a few clauses that might make you go hmmm…

The terms applicable to a particular service may vary.

Translation: Autodesk can move the goalposts.

Autodesk has the right (but not the obligation) to monitor Your usage of the Service to verify compliance with these Terms.

Translation: Autodesk can keep its eye on you.

You acknowledge and agree that: (a) You will evaluate and bear all risks associated with Your Content; (b) under no circumstances will Autodesk Parties be liable in any way for Your Content, including, but not limited to, any loss or damage, any errors or omissions, or any unauthorized access or use; and (c) You (and not Autodesk) are responsible for backing up and protecting the security and confidentiality of Your Content.

Translation: whatever happens, it’s your problem, not Autodesk’s.

Third Party Content and services may be made available to You, directly or indirectly, through the Service (including Content shared by other users of the Service, through Forums or by any other means). In some cases, such Content and services may appear to be a feature or function within, or extension of, the Services or the Autodesk Software. Accessing such Content or services may cause Your Computer, without additional notice, to communicate with a third-party website … for example, for purposes of providing You with additional information, features and functionality.

Translation: Autodesk and others can use the service to advertise to you.

Autodesk reserves the right to delete inactive accounts or purge related Content (and all backups thereof), without further notice and Autodesk Parties shall have no responsibility or liability for deletion or any failure to store Your Content.

Translation: don’t just leave your stuff up in the clouds and expect it to still be there a few years later.

You acknowledge that Autodesk may use third-party service providers in connection with the Services, including without limitation the use of cloud computing service providers which may transmit, maintain and store Your data using third-party computers and equipment in locations around the globe.

Translation: it’s not just Autodesk here, there is a chain of responsibilities and vulnerabilities.

THE SERVICE OFFERING IS PROVIDED “AS IS” AND “AS AVAILABLE.” AUTODESK PARTIES MAKE NO, AND HEREBY DISCLAIM ALL, REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF ANY KIND…

YOUR USE OF THE SERVICE OFFERING IS AT YOUR OWN DISCRETION AND RISK.

AUTODESK PARTIES DO NOT WARRANT THAT THE SERVICE OFFERING WILL PERFORM IN ANY PARTICULAR MANNER AND HEREBY DISCLAIM LIABILITY FOR NEGLIGENCE AND GROSS NEGLIGENCE.

Translation: Autodesk lawyers LOVE SHOUTING. Whatever happens, including gross negligence on Autodesk’s part, it’s still all your fault and you’re severely out of luck.

…for all Service Offerings accessed as part of Subscription, these Terms and Your access to the Services will terminate when Your Subscription (and the Subscription Program Terms applicable to Your Subscription) terminates or expires.

Translation: here’s a further disincentive to ever dropping out of Subscription once you’re on it.

It is Your responsibility to retain copies of Your Content. Upon termination Autodesk shall have the right to immediately delete, without notice, Your Content, if any, and all backups thereof, and Autodesk Parties shall not be liable for any loss or damage which may be incurred by You or any third parties as a result of such deletion.

Translation: don’t rely on the Cloud alone.

Autodesk reserves the right, from time to time in its sole discretion, to (a) modify or release subsequent versions of the Service, (b) impose license keys or other means of controlling access to the Service, (c) limit or suspend Your access to the Service, and (d) change, suspend or discontinue the Service at any time.

Translation: Autodesk can do pretty much whatever it likes, including killing the whole thing.

I don’t think any of this means Autodesk is evil. Looked at from the point of view of a corporation that needs to cover its backside and reduce risks to itself, it’s quite understandable. Much of it is just very sensible advice. You can expect similar conditions from other companies providing Cloud services. But what if you’re not happy with using a Cloud service that has such conditions attached? Well, you can use it anyway and keep your fingers crossed, or you stay away from it altogether.

How do you see this? Assuming you were happy with everything else about the Cloud, would clauses like those above be a dealbreaker?

Edit: this post is also being discussed on the Dezignstuff blog.

Note: the above clauses are Autodesk copyright, reproduced here under fair use (comment and criticism).

Owning software – what you think

3 Replies

In February 2009, I ran some polls here that are relevant to the discussion regarding the US court system’s most recent backflip in the Vernor v. Autodesk legal saga. Here is a reminder of the results.

Software ownership poll results

In April 2009, I ran another set of polls that are also relevant, as they provide an indication of your attitude to license agreements. Here are those results.

License agreement poll results

If you voted in these polls last year, have your opinions changed in the meantime?

Vernor v. Autodesk – right decision, wrong reason

13 Replies

As I have stated before, I believe Autodesk to be in the right (morally, not legally) in its battle to prevent Vernor’s resale of old, upgraded copies of Release 14. In the latest installment, Autodesk has won its appeal to the 9th Circuit Court of Appeals. There will be be further legal moves yet, but Vernor’s chances of winning this case are now more slender. So the right side has won (at this stage). I should be happy, right?

Wrong. Although I think the latest court to look at this has picked the right side, it has done so for entirely the wrong reasons. (Again, morally wrong, not legally. I have no qualifications on legal matters, but I can spot an injustice a mile off). In a diabolical, dangerous, far-reaching decision, it has concluded that the doctrine of First Sale does not exist at all for products where the copyright owner merely claims not to sell its products, but rather to license them.

So all those programs, games, maybe even CDs, DVDs, books etc. you have at home and thought you owned? How about that laptop with its pre-installed Windows? Or that iThing with its iOs? If you’re in the jurisdiction covered by this ruling, you quite possibly now don’t own them at all. Check out the fine print on each of those items; if it includes the magic word “license”, then you may not legally own it, or be allowed to sell it if you no longer need it. If you’re not outraged by this attack on your private property rights, you should be.

What’s more, the Court ruling explicitly rewards companies for making the “license” terms as ridiculously restrictive as they can:

We hold today that a software user is a licensee rather than an owner of a copy where the copyright owner (1) specifies that the user is granted a license; (2) significantly restricts the user’s ability to transfer the software; and (3) imposes notable use restrictions.

One of the Autodesk EULA’s more unconscionable and unenforceable restrictions, that of only being able to use the software within a certain geographical region, wasn’t used to point out the unreasonableness of Autodesk’s claimed power over its customers. Instead, it was actually used by the court to help justify its decision!

Amazingly, this ludicrous outcome wasn’t decided in ignorance. The court carefully considered the effects this decision would likely have, but apparently for reasons of legal nicety, decided to go ahead anyway. Common sense and justice be damned, a convoluted and narrow interpretation of partially-relevant previous decisions just had to rule the day.

We can only hope that this case is reviewed and overthrown (again). While such a revised outcome might be unfortunate in terms of failing to right a wrong (Vernor’s sale of already-upgraded software), that would be much preferable to the terrible damage that the 9th Circuit’s decision has inflicted on the people it is supposed to serve. I’m only glad I’m not one of those people.

Other commentary:

EFF: “Magic Words” Trump User Rights: Ninth Circuit Ruling in Vernor v. Autodesk

Wired: Guess What, You Don’t Own That Software You Bought

Techdirt: Appeals Court Destroys First Sale; You Don’t Own Your Software Anymore

ars technica: No, you don’t own it: Court upholds EULAs, threatens digital resale

Lawgarithms: In Autodesk case, 9th Circuit missed better reason to bar resales

Public Citizen: Ninth Circuit says consumers may not own their software

Right of reply

8 Replies

From time to time, I have been known to be critical of companies, products, policies, publications, and even people (although I do try to “play the ball, not the man”). If somebody objects to what I write here, what can they do about it? They have several possible options.

  1. Post a comment in direct response to the allegedly objectionable post.
  2. Contact me by email to point out any inaccuracies or any other perceived unfairness in my post. If I consider the objections valid, I will amend the post and/or apologise as appropriate. If I disagree, I will explain my position. Such correspondence will remain private if requested.
  3. Contact me by email, requesting equal-exposure right of reply. If I consider such a request reasonable under the circumstances, even if I disagree with the objection, then I will either append the reply to the post in question, or create a new post containing the requested reply, verbatim and in full.
  4. Those with their own blogs, sites, newsletters or other media can of course use those to reply. Those without such facilities can raise objections using media controlled by others, such as discussion groups and other online forums.

None of the above options apply to obvious trolls and other spammers; they have no rights at all here.

I guess it’s also possible to threaten legal action, without first trying any of the above. That hasn’t happened to me yet, but if it does, it promises to be quite entertaining. I take an extremely dim view of those who use legal threats to suppress free speech and other legitimate activity. The gloves will be off. Any such threats will be deemed “correspondence for publication”, to be reproduced in full, with commentary (probably laced with heavy sarcasm).

Does Autodesk discuss future plans?

6 Replies

According to Shaan, Autodesk does not discuss its future plans. Or does it? In a comment, Ralph reckoned it does. Putting aside technology previews and various NDA-bound circumstances (e.g. Beta testing), can you think of cases where Autodesk has revealed what it intends to do in future? Here are a few off the top of my head:

  • I’ve been to AU sessions dating back to 1995 that pretty much give away the contents of the next release of AutoCAD, using a vague cover-my-butt session title and a disclaimer at the start of the session. I understand that these days, attendees need to sign an NDA before entering such sessions.
  • Last year in San Francisco, an international blogger audience was given all sorts of information about Autodesk’s future directions (preceded by a similar disclaimer), with no NDA and nothing off the record. I assume something similar happened at this year’s North American bloggers’ event.
  • The Subscription (Advantage) Packs of the last couple of years have been a dead giveaway about some of the features that are going to make their way into the next release.
  • The new 50%-cost upgrade policy was announced a year in advance.
  • Surveys and other customer feedback mechanisms provide a very big clue about what Autodesk is looking at changing next. Some of these are covered by NDA, others are not.
  • In the specific case that triggered this discussion, Autodesk has been gradually building up expectation of a Mac AutoCAD for quite a while. Yes, it required a little reading Between the Lines, but for some time it has been pretty obvious where all the Mac love was leading to.

Feel free to add your own examples, but it seems to me that Autodesk is perfectly happy to reveal future plans as and when it sees fit. And that’s fine. In each of the above cases, the revelations have been A Good Thing. Good for Autodesk, good for customers.

Maybe the question should be, “Why doesn’t Autodesk discuss future plans much more often?” Stock market regulations, perhaps? But hang on, there are some very major publicly traded corporations that seem to get away with revealing all sorts of things about their future products. For example, Microsoft regularly conducts very widespread public Beta programs that let people know in great detail what’s very likely to appear in the next release, and seems to have survived the experience so far. There’s surely no reason why Autodesk couldn’t do the same if it wanted to.

Ultimately, it comes down to a desire for secrecy; a culture of concealment and control. Of course Autodesk may have legitimate reasons for keeping some of its plans from its competitors, but the culture can be so pervasive as to cause some bizarre side effects. You may find this difficult to comprehend, but there are those in Autodesk who got into a tizzy about me speculating in my launch announcement that Autodesk’s general design product (AutoCAD 2010) was going to be followed by something called AutoCAD 2011. There was something of a surreal drama behind the scenes. There were apparently people within Autodesk who genuinely thought I needed privileged information to work out that 10+1=11. No, I’m not making this up.

I’m not sure Autodesk’s secrecy is doing any good for anyone. It’s surely harder to maintain these days and it’s only going to get harder. I suspect several Autodesk blood vessels were burst when AutoCAD Mac Beta 1 was leaked. On the one hand, I can understand that; somebody broke an NDA, a legitimate agreement was freely entered into and then broken. Some people at Autodesk probably had their carefully planned marketing timelines disrupted.

On the other hand, this provided a whole heap of free and largely positive publicity. Potential AutoCAD for Mac users are now hovering in anticipation, filling the Mac forums, spreading the good news among themselves, putting off the purchase of competitive products, considering entering the official Beta program, and so on. At the same time, the news of performance issues in the early Beta is helping to put a dampener on expectations in that area. Lowered customer expectations may turn out to be very useful when the product is actually released. All considered, a good thing for Autodesk, then.

I’m convinced that Autodesk is opening up. That’s great, but there’s a way to go yet.

Not a topic to be debated publicly

3 Replies

Over on the oft-entertaining Deelip.com, there was an interesting comment made by Autodesk’s Scott Sheppard. After going back and forth a few times over Autodesk’s then-failure to allow Indian customers legal access to certain free Autodesk software downloads, Scott said this:

I defer to Autodesk Legal on these matters which is where I get my guidance. This is not a topic to be debated publicly. As one of our most active Labs participants, I was just sharing some information with you and your readers.

On the face of it, Scott’s “not a topic to be debated publicly” comment seems pretty silly. Ralph Grabowski certainly saw it that way. In these blog-happy days, a lot of things that Autodesk may not like to see discussed are going to be discussed publicly. Autodesk needs to get used to that fact. Attempting to suppress public discussion of Autodesk policies is not just ineffectual, it’s counterproductive and harmful to Autodesk’s image. The very fact that this problem was fixed as a direct result of being discussed publicly shows that such discussion was not only appropriate, it was positively useful to everyone concerned.

That’s on the face of it. Actually, I don’t think the comment is anywhere near as sinister as it seems. I think it was more of a throwaway comment along the lines of, “I can’t continue discussing this because it really isn’t my area”.

Recently, I have noticed Autodesk opening up somewhat and demonstrating increased responsiveness to publicly aired concerns. I know that Scott is quite open to constructively discussing points of disagreement in public comments on his own blog. So I think we should cut him a bit of slack and just put this down as one of those “it may be what I said but it’s not what I meant” moments that we all have from time to time.

CAD International interview on drcauto and other subjects

1 Reply

This morning I spoke with CAD International‘s Nigel Varley. Here is a paraphrased summary of the interview.

SJ: When did CAD International buy the drcauto intellectual property rights?
NV: About two weeks ago.

SJ: You are currently helping drcauto customers with authorisation codes, is that correct?
NV: Yes, masses of them. It’s taking up a lot of our peoples’ time.

SJ: Are you charging for this service?
NV: Not at present.

SJ: Do you intend to charge for this service in the future?
NV: Maybe. We may need to, both to pay for our time and to recoup our investment. I don’t particularly like the idea of annual renewals for software, so we may do something different in future.

SJ: If somebody wanted to buy drcauto products such as LT Toolkit now, could they do so?
NV: No, we’re still processing the materials we were given when we bought the rights. It wasn’t left in a well-organised state. I’m not sure if that was done deliberately or if it was just like that.

SJ: Do you have any plans to continue development of LT Toolkit or the other drcauto products?
NV: It’s too early to say at this time. I understand it doesn’t work right now with AutoCAD LT 2010 with Update 2 applied, or on 64-bit Windows, or on Windows 7. It’s not clear at this stage how much work is involved in making it work. It should be doable, but we can’t make any commitments at this stage.

SJ: So do you have a timeframe for doing any of this stuff?
NV: No, it’s too early. We’re still processing it.

SJ: What about former drcauto employees helping people out with authorisation codes?
NV: They have no rights to do that. They don’t own the intellectual property, we do. People need to be very careful.

SJ: Are you contemplating legal action?
NV: I think I’ll keep that under my hat for now.

SJ: Do you foresee any problems with Autodesk if you go ahead with LT Toolkit?
NV: I don’t think so. Autodesk would be pretty naive, with competing products around at a lower price than LT and with LISP built in, to think that they would gain any sales by blocking LT Toolkit. They would just be shooting themselves in the foot.

SJ: Autodesk has always been strongly opposed to products like LT Toolkit. Are you concerned about legal action from Autodesk?
NV: Well, people say that Autodesk has been against it, but I haven’t seen any evidence of that. When I spoke to the late Gary D’Arcy he told me that Autodesk had never once even contacted him to try to get him to stop developing it.

On Deelip’s blog there has been some discussion about resellers and what they should be allowed to do, so I asked some questions along those lines.

SJ: What is the relationship between CAD International in the USA and Australia?
NV: We’re an Austalian company, moving into the US marketplace for those people in the USA who want to buy our products. We don’t have offices in the USA, but we do have people on the ground.

SJ: Is CAD International an authorised AutoCAD reseller?
NV: No. We’ve been selling Autodesk products for 15 years without a direct relationship. We buy from Scholastic like everybody else in the same position. It’s not worth becoming a dealer; the obligations are too great and the margins are not worthwhile. We’ve been asked on several ocasions over the years and always said no.

[Note: I’ve since read (in something written well before this issue was raised here) that Autodesk Australia intends to tighten up the reseller situation in the very near future. These things go in cycles, and have for the last 25 years.]

SJ: Does Autodesk have a problem with you promoting competing products such as Bricscad?
NV: They have never spoken to us about it in the past, but as we don’t have a direct relationship with them it’s not surprising.

SJ: I see from your web site that you are selling DWG TrueView for $195. Isn’t that a free product?
NV: That fee is for supply services; research services if you prefer. People can download it from Autodesk if they like or get it from us. We just put it on the site as a trial to see if anybody wanted to buy it.  Nobody has, yet.

SJ: I can’t say I’m greatly surprised by that. Has Autodesk contacted you about this issue?
NV: No, we’ve heard nothing from Autodesk. They don’t really care about us, we’re a pretty small player in the market.

[Edit: the $195 price tag has since vanished from the site.]

Ralph Lauren – genuinely dumb or trying to be clever?

Leave a reply

One of the blogs I read regularly is Photoshop Disasters, which recently posted a picture of a Ralph Lauren ad. In common with many fashion photos, this showed a skinny model that appeared to have been further skinnified on somebody’s computer to the point that the poor waif was ridiculously deformed. Like this:

LOL - Laugh On Lauren

Nothing out of the ordinary there, then. Under normal circumstances it would have received a few dozen comments and scrolled off the front page in a week or so, because there is no shortage of bad image manipulation out there for the blog to snigger at. The image was reposted at Boing Boing, but it would still have been forgotten in a week.

Except this time, Ralph Lauren prodded its lawyers into action and demanded the image be removed from both sites, issuing a DMCA notice. The DMCA request was spurious, as this is a clear case of fair use of an image for the purposes of criticism. Photoshop Disasters is hosted by Blogspot, which automatically complies with such requests. Boing Boing is not, and instead went on the offensive. They refused to take down the picture, instead reposting it with biting sarcasm. Read it, it’s funny. Ralph Lauren, if you’re reading this, please send me a DMCA notice too. I’m feeling left out.

This led to a flurry of comments, reposts and reports all over the Internet, including here. The comments (running at over a hundred an hour right now) are almost universally mocking of Ralph Lauren, its legal team, its models and its image manipulation propensities. The criticism goes way beyond the few snipes at a mangled-body image that would have been the case if Ralph Lauren had done nothing. It has moved on to the fashion designer’s ethical standards and those of the fashion industry as a whole for promoting artificially skinny bodies to eating-disorder-vulnerable people.

Now, is Ralph Lauren really that clueless and out of touch, to think that this kind of suppression would work? Or is this actually a deliberate marketing move, using the Streisand Effect to gain free publicity? Maybe, but it’s a deplorable attack on freedom of speech either way, and a boycott is fully justified. I’m not going to buy any of their stuff, ever, and I encourage you to do likewise. To be fair, I was unlikely to be a rich source of income. Even if I were a female with lots of excess money to throw away on clothes that look really awful, there is no way they would ever fit me. Or any living human, from the look of that photo.

Vernor wins (for now), customers don’t

1 Reply

Don’t get too excited, because I’m sure Autodesk will appeal, but as reported at Owen Wengerd’s CAD/Court, Vernor has won the right to resell his used copies of AutoCAD. While this is seen by some as a victory for customers, it isn’t. This doesn’t open up a brave new world in which we are allowed to sell the software we buy once we’re finished with it. If it had, I would be rejoicing as loud as anybody, because Autodesk’s ban on software transfers is an unconscionable restriction and deserves to die. But that’s not what this decision means. There are specific and paradoxical circumstances here, which allowed Vernor to win this case despite being morally wrong in my view, but will not benefit legitimate software users.

Vernor won (for now, and in one jurisdiction) because the court found he was not a party to the EULA. He didn’t read it, he didn’t click on anything to indicate his agreement to it, nothing. He just bought a bunch of books and discs and wanted to sell them on eBay. The fact that the item being sold is a remnant from software that had already been upgraded was not considered relevant. Neither was the fact that Autodesk is not obliged to provide the buyer of the discs with the codes they will need to make the software work.  The upshot is that this decision will allow a small number of people to buy and sell useless discs. What about the buyers of those discs who may not know they are useless until too late? Caveat emptor, I guess. Some other court can sort out that mess.

I agree with Ralph Grabowski that “software should be no different than any other consumer good: buy it, use it, resell it, or toss it”. I’d love to see Autodesk and other vendors forced to support a legitimate used software resale market (as they once did in pre-eBay days), but this decision won’t make that happen. It won’t help customers at all. If your firm has shrunk a bit and you have some spare licenses, you still can’t sell them because you are a party to the EULA (probably, although this area is still a bit fuzzy). But take heart! If you go bust, your creditors may be able to slip any discs left over from your upgrade history into a garage sale and hope that Mr. Vernor drops by. Mr. Vernor will be allowed to sell them, and the new buyers will be allowed to put them on their shelves and look at them.

Is that really a win for customers? I don’t think so.

Should you read software license agreements?

5 Replies

Evan Yares has raised an interesting point about the insolvency clause in Autodesk’s End User License Agreement. Please read the whole thing, but the gist is that there’s a clause where if you get into financial difficulties, Autodesk will do its bit to help you out in times of trouble by taking away your software licenses.

This clause extends as far as making an arrangement with your creditors, which is a common enough phrase but can mean several things and isn’t defined within the agreement. So, if your cash flow is a bit tight and you have to ask your phone company for another month to pay your bill, you’ll be sure to stop using all your Autodesk software, won’t you? Never use it again, because otherwise you’ll be a thief.

OK, maybe that’s a bit extreme, but I’m sure it could be interpreted that way by an aggressive and/or inventive lawyer, and Autodesk doesn’t appear to be short of those. Who knows? Why would Autodesk put that kind of thing in its EULAs if there is no intention of ever using it?

That’s an interesting aside, but it’s not my main point. Autodesk EULAs have traditionally contained unreasonable, unconscionable and arguably unenforceable clauses, so there’s nothing particularly remarkable there. My main point relates to reading EULAs in general, not just Autodesk’s. As a general rule, should you do it?

Looking at the polls I’ve done on this subject, lots of you don’t read them. In fact, over two thirds of poll respondents either never read them, or rarely do so. It would be interesting to find the reasons behind that. Do you not have the time? Is it pointless because it’s all legal gobbledygook? Do you trust the software maker to be reasonable? Do you consider click-throughs to be unenforceable? Or are there other reasons? Please let me know. I may do another poll once I have a reasonable set of choices to offer up.

There’s an argument that can be made that you are actually better off not reading these “agreements”. According to this argument, if you don’t read it, how can you have agreed to it? There’s no meeting of the minds. Better still; get somebody outside your company to do the installation for you. That person has no authority to bind your company to anything, so no agreement exists.

Or does it? Is this a valid argument? Until there’s either well-established case law or unambiguous legislation, it’s anybody’s guess. Even when the answer is known, it’s highly likely that the answer will vary depending on your location. Even if the agreement states that it is based on California law, what if the local law establishes that no obligation exists that binds you to that agreement?

What’s the best thing to do? I honestly don’t know. You could do an R. Paul Waddington and make a public repudiation of any obligation to abide by Autodesk’s EULAs, and continue to use the software. You could do what I suspect a large number of people do, which is the same kind of repudiation, but a silent one. You could attempt to negotiate a modified EULA with the software vendor, but I don’t fancy your chances. You could stop using software with unreasonable EULAs, but what kind of choice is that? It may not be possible at all for your business. Finally, you could just put up and shut up, either agreeing unreservedly to accept whatever is in the EULA, or crossing your fingers in the hope that the software vendor will do the right thing.

What choice have you made, and why?

More on ODA, Autodesk and click-through agreements

Leave a reply

Evan Yares has provided more information on the incident I mentioned in my last post. Here it is:

It was years ago. My guess was that the person who did it was just trying to spider the website pages, for marketing research, and didn’t realize he got all the libraries too.

In any event, I said hey you did this, they said no we didn’t, I produced download logs, they said there was no agreement and even if there was we hereby cancel it, I said if you want to see our libraries I’ll send ’em to you no strings, they said no thanks, then I just let it drop. Of course, I’m paraphrasing.

I wasn’t going to get in a fight with Autodesk. Trying to trick them into joining the ODA would have been both futile and dumb. I’d been trying for years to get them to join (I was an optimist, once upon a time), and it caused no damage for Autodesk to be able to see the ODA libraries. There wasn’t anything in them that they didn’t know better than we did.

Don’t read too much into Autodesk’s belief in the enforceability of click-through agreements based on this incident. I knew the guy who downloaded the files, and knew that he didn’t have the authority to bind Autodesk to an ODA membership agreement (it would have taken at least a VP to do that.)

This is interesting for more than just the amusement factor; it raises a serious point about the enforceability of click-through agreements. In this case it was a web-based membership agreement, but I’m more interested in software license agreements.

In most cases, the person doing a software installation is unlikely to be a Vice President or higher. It’s quite possible that the installer doesn’t even work directly for the company that is supposedly agreeing to whatever terms may be hidden behind the “I Agree” button. In fact, that’s the situation I’m regularly faced with when I install software for a client. The client certainly doesn’t view the “agreement” and may not even know that it exists. The client hasn’t authorised me to negotiate a contract with anyone, only to get some software working. There’s no “meeting of the minds”. The software vendor may think that the client is bound up tight by the terms of the EULA; the client hasn’t agreed to anything and either doesn’t know the EULA exists or doesn’t consider it to have any validity.

Does it matter? Maybe not. It only really matters when one party or the other doesn’t do the right thing. Fortunately, I have honest clients and I’m confident that they will act in an ethical way on an ongoing basis. But will the software vendors do likewise? I don’t know.

Evan Yares, ODA, Autodesk and click-through agreements

Leave a reply

I’ve always found it entertaining when the lawyers of CAD companies do their best to make their clients look like total jerks. The opening shots as presented by Evan Yares in his proposed ODA class-action lawsuit indicate that there is another rich source of recreational reading on its way. I’m sure it’s no fun for the lawyer-paying people involved, though.

You would think that Autodesk would be rubbing its corporate hands together at the prospect of the ODA being distracted like this. Or maybe not, if the bunfight throws up more little gems like this:

Autodesk had at least once gone to the ODA website, agreed to the click-through membership agreement, received their access password via email, downloaded each and every library on the ODA’s website, then denied they did it. (The ensuing conversation about this, between the ODA and Autodesk, was pretty interesting, to say the least.)

If that’s true (and I would welcome evidence from either party) it certainly puts an interesting slant on what Autodesk thinks about the enforceability of click-through agreements.

On a related subject, see the polls on the right. There has been one running for a while about whether you even read such “agreements”, and I’ve added two more. They ask if you feel morally and legally bound by the terms that lie under that “let me get on with the installation” button.