Introduction 431

I. Electronic Self-Help ........................................ 435

A. Software Licenses ........................................ 435

B. Software Development/Modification Contracts .............. 439

II. State Responses to Vendors' 'Logic Bombs' ................... 445

A. New York's Computer Tampering Legislation ................ 445

B. Virginia's Attempt at Creating a Criminal Penalty for a

Contractual Problem ....................................... 447

III. Computer Tampering Now a Federal Felony ..................... 449

IV. Proposed U.C.C. 'Self Help' Remedy .......................... 452

V. Lawfulness of Self Help Depends on Disclosure ............... 456

Conclusion 459
 
 

In recent years, the media has devoted extensive coverage to the unauthorized planting of viruses and other programmed threats into computer networks and systems. While these viruses [FN1] may be perceived by large companies to be a "technological reality," few companies realize the threat posed by software vendors, lessors, consultants or other parties to a contract, when encryption code -- sometimes referred to as a "logic bomb" [FN2] -- is purposefully embedded into a user's system. These devices have the potential to damage computer systems and to deny user access to files contained in the computer.

Logic bombs are portions of programs that are activated on the occurrence of some preordained event, on a certain date, or after a definite number of times a program is run. [FN3] They can disable software to prevent further use, block access to data, electronically repossess software, and/or damage software and data on the system. By embedding logic bombs, software licensors and developers can easily, inexpensively, and electronically enforce their agreements with end users. However, licensors' ability to enforce agreements by using logic bombs and the circumstances under which they may do so is a recent subject of debate. [FN4]

Encrypted code in logic bombs is used by vendors for a number of purposes, the most frequent being: (i) demonstration licenses in which the software shuts down at the termination date; (ii) object code licenses in which the software locks in order to prevent reverse engineering; (iii) software licenses in which the software is prevented from executing upon failure to make a timely license or maintenance fee payment; and (iv) software development contracts in which the software is also disabled upon failure to make timely payment. The latter two purposes are the focus of this discussion.

Sometimes the end user is forewarned of the deactivation device, either through prior notice by the vendor or a through an express contractual provision, but this is not always the case. [FN5] It is unclear exactly how widespread the practice of inserting logic bombs is, although industry commentators generally assume that its occurrence is frequent. [FN6]

Embedding logic bombs and deactivating or repossessing licensed software by software vendors raises a number of legal questions. First, it is not clear whether the activation of a logic bomb can be considered an act of lawful repossession, like the right of lessors under the Uniform Commercial Code (U.C.C.) to repossess leased property after payment default. [FN7] Second, there is also debate over whether the activation amounts to a common law trespass or breach of the peace; whether the exercise of an electronic remedy by a software vendor without authorization from the customer constitutes a breach of contract or extortion; or whether punitive damages may be recovered for a software licensee's loss resulting from deactivation.

Alternatively, from a criminal perspective, it is also unclear whether the attempted or actual electronic repossession of software is a violation of the Federal Computer Abuse Amendments Act of 1994, [FN8] or the Electronic Communications Privacy Act, [FN9] the Wire Fraud Act, [FN10] or traditional state criminal laws, such as trespass, nuisance, or conversion. With newer state legislation in force, the insertion or activation of logic bombs may violate state anti-virus and computer tampering criminal laws.

Under contract law, the customer's prior knowledge of the encrypted code might be relevant to a software deactivation suit. The issue of whether the customer suffers property damage or a third person is harmed may also be relevant. The vendor may be liable civilly and/or criminally if the "bomb" accidently discharges.

This discussion begins with a summary of the few court decisions and stories in the media dealing with software contracts -- both licenses and development/modification contracts -- involving logic bombs. Part II examines efforts by New York and Virginia to enact anti-tampering laws that may cover the vendor-purchaser logic bomb scenario. Part III focuses on federal legislation, the Computer Abuse Amendments Act of 1994, [FN11] which was recently signed by President Clinton as part of the Crime Bill. Part IV explores the preliminary proposals currently under consideration by the Commissioners on Uniform State Laws to the U.C.C. to cover software licenses. These proposals include the right of licensors to repossess software electronically as a remedy for material breaches in specified instances. Finally, Part V outlines some reasonable measures that can be exercised by end users to protect against such electronic surprises. [FN12] The discussion concludes by suggesting that parties to a contract protect themselves by negotiating software deactivation provisions, especially since federal and state criminal penalties may be involved.

In general, courts have not sanctioned the use of technology-based self-help remedies. This discussion is divided into two categories, namely, software licenses and software development/modification contracts, primarily because the legal implications may differ for these two types of contracts.

The first reported software deactivation decision was Franks & Sons, Inc. v. Information Solutions, Inc. [FN13] In that case, the parties had contracted for the purchase of a computer system (i.e., for purchase of hardware and license of software). [FN14] Franks, the customer, had not been informed that a disabling or "drop-dead" device had been programmed into the software at the time the license agreement was executed. [FN15] The device was designed to prevent Franks from accessing the software as well as any information that Franks had stored in the software program for some period of time. [FN16] The agreement provided that Franks would pay the balance of the purchase price when the system was fully installed and functional. [FN17]

Franks alleged that the system never operated in the manner that was contractually required. [FN18] While admitting that the system was not one- hundred percent functional,the vendor argued that the system was operational. [FN19] When Franks withheld payment, the vendor revealed the existence of the device and threatened to activate it. [FN20] Franks filed suit for an injunctive relief to prevent the device's activation, and for monetary damages. [FN21]

The vendor argued that enjoining use of the time bomb gave Franks an unfair advantage in allowing continued use of the system despite non-payment. [FN22] Franks could avoid disruption to its operations by releasing the payment due -- thus removing the threat of immobilization -- and sue the vendor for non-performance of the system. [FN23] Also, the vendor had the right to repossess its software for non-payment under an Oklahoma commercial statute, akin to Article 9 of the U.C.C., [FN24] which, the vendor argued, permitted repossession through immobilization. [FN25]

The District Court for the Northern District of Oklahoma, however, enjoined the use of the "drop-dead" device. [FN26] Franks demonstrated that his operation would be shut down if the device were activated; even if this were to occur for only one day, it would cause him loss of business and create havoc within his records. [FN27] The effect on Franks' company and its reputation for reliability would be irreversible. [FN28] Thus, the requisite element of "irreparable injury" had been satisfied. Additionally, the court refused to accept the vendor's analogy between the use of the disabling device and Article 9's self-help remedies because the existence of the device had not been revealed to Franks prior to executing the software license agreement. [FN29] Instead, the court found that it would be "unconscionable" to allow the economic duress represented by the device. [FN30]

The second decision, American Computer Trust Leasing v. Jack Farrell Implement Co., [FN31] involved remote software deactivation for failure to pay a license fee. Farrell, an agricultural equipment dealer, entered into a software license agreement with Automatic Data Processing (ADP). The contract provided that ADP could remotely access Farrell's computer in order to service the software and that the agreement could be canceled by ADP upon the licensee's default. [FN32] Moreover, the license agreement expressly provided that ADP retained full ownership of the software. [FN33]

Farrell stopped paying license fees, and after the account was significantly past due, ADP notified Farrell that it would terminate all processing and support services as of a given date. [FN34] On that date, ADP deactivated Farrell's software. [FN35] Thereafter, Farrell paid the amount due and ADP reactivated the programs. [FN36] In a suit brought by the software vendor to collect past-due payments under the lease agreement, Farrell brought a series of counterclaims based in part on the deactivation by ADP of its software system. Farrell claimed that the deactivation was a violation of the federal Racketeer Influenced and Corrupt Organizations Act (RICO) [FN37] and federal wire tapping [FN38] and electronic privacy laws, [FN39] as well as a violation of Minnesota State computer crime, [FN40] trespass, [FN41] and nuisance [FN42] laws.

First, the Federal District Court of Minnesota concluded that the defendants' allegations of RICO violations failed. [FN43] Farrell argued that the deactivation constituted "extortion," which under federal and state law required that ADP had to have obtained the property by "wrongful" or "unlawful" activities. [FN44] The court, however, stated that ADP had a legal right to deactivate Farrell's software under the contract and, therefore, found the deactivation "merely an exercise of [ADP's] rights under the software license agreement . . . ." [FN45]

Second, the court promptly dismissed Farrell's claim for treble damages for violations of the state computer crime statutes. The court noted that although civil recovery was provided for in a statutory amendment prior to the time of adjudication, the amendments were not approved until after the alleged deactivation occurred. [FN46] It also granted ADP's motion for summary judgment on Farrell's trespass claim because Minnesota requires that the property involved be "produced by and grown upon land." [FN47] Therefore, the deactivation was not the type of taking of property required by the statute. [FN48] The court also disagreed with Farrell's claim that ADP actions constituted a nuisance by obstructing free use of his property in violation of Minnesota law. [FN49] Since nuisance, like trespass, is a land-based crime, "[t]here can be no nuisance if a party cannot show an injury stemming from an interest in land." [FN50] Therefore, "[t]he alleged deactivation . . . is not the type of injury which courts have found to violate the nuisance statute because the use of a computer system is not the type of property protected by the statute." [FN51] Finally, the court also granted summary judgment for ADP on Farrell's claim that ADP misappropriated wire communications. [FN52]

In 1989, in a case minimally reported in the media, a software vendor based in Dallas deactivated software that was being evaluated by at least a dozen medical laboratories to compile their patients' test results, among them a lab in Milwaukee, Wisconsin. [FN53] Through telephone lines, a logic bomb was activated a week earlier than expected by the vendor, and one lab, believing that the act constituted industrial sabotage, filed suit. [FN54] Apparently, the suit was settled out of court, [FN55] leaving the area open for further litigation.

In 1990, a lower New York State court decided Art Stone Theatrical Corp. v. Technical Programming & Support Systems, Inc., [FN56] involving a software vendor's removal of a source code without the end user's knowledge following a lengthy dispute over software performance. [FN57] As a result of this removal, the customer could not adjust or modify the system. [FN58] Shortly thereafter, the parties entered into a general release agreement and the vendor restored the source code. [FN59] The customer then filed suit for breach of contract and warranties against the vendor for the losses it incurred due to its inability to use the software, while the vendor moved to dismiss on the basis that the customer signed a general release agreement. [FN60] The trial court granted the vendor's motion; however, the appellate division reversed. [FN61]

Stone's affidavit claimed that the removal of the source code rendered the system worthless, thereby leaving it no choice but to execute the general release. [FN62] The court ruled that since a contract may be voided on the grounds of economic duress, the affidavit was sufficient to raise a factual issue with regard to duress. Accordingly, it remanded the case for trial on the facts. [FN63]

That same year, in a suit that was covered extensively by the media, [FN64] a small software developer, Logisticon, Inc., involved in a payment dispute with Revlon over malfunctioning software, activated data-scrambling viruses that paralyzed Revlon's shipping operations for three days. [FN65] Revlon responded by asking a California court for injunctive relief, damages, punitive damages, and relief from all contractual obligations to the vendor. [FN66] Revlon, Inc. v. Logisticon, Inc., demonstrated to the public the power of the computer; the Revlon story was reported by major newspapers and trade publications nationwide. [FN67]

Revlon claimed that, under the written agreement, Logisticon was obligated to customize a real-time warehouse material management control system. [FN68] Failure to meet several of the "most important functional and operational specifications," and to meet milestones of the first phase, caused Revlon to withhold part of the payment due. [FN69] For approximately nine months, the parties attempted to cure the malfunctions without success. [FN70] Revlon then advised Logisticon by letter that it "was prepared to release Logisticon from its obligations under the Agreement . . . ." [FN71]

The next week Logisticon telecopied a letter to Revlon stating that it intended to repossess the software it had installed. [FN72] At 2 a.m. the following morning, the system began to break down. [FN73]  Logisticon had apparently deactivated the software by remote access. Later, Logisticon telecopied another letter to Revlon announcing the fact that a disabling device was at work. [FN74] For the next three days, Revlon's product distribution system was paralyzed and the company reported a resulting loss of $20 million. [FN75]

In its complaint, Revlon alleged eight causes of action: intentional interference with contractual relations and with prospective economic advantage; trespass; conversion; misappropriation of trade secrets; breach of contract; breach of express warranty and implied covenant of good faith and fair dealing. The cosmetic giant alleged unlawful interference with its property by accessing, using, and impairing the inventory management system. Additionally, by disabling, scrambling, and denying Revlon access to the system, Revlon claimed the unlawful exercise of dominion over Revlon property amounted to conversion.

The gravamen, however, was that in order to perpetuate its scheme, Logisticon used knowledge it obtained about Revlon's business and computer system under contract with Revlon. [FN76] Revlon, therefore, claimed that Logisticon had committed an oppressive, willful, and malicious misappropriation of trade secrets, and breach of good faith and fair dealing "by using knowledge it obtained under the Agreement in an attempt to coerce Revlon . . . ." [FN77] After the complaint was filed, however, the parties reached a settlement agreement whose terms remain undisclosed. [FN78]

In 1991, a Missouri court, in Clayton X-Ray Co. v. Professional Systems Corp., [FN79] upheld a jury's finding of conversion under similar facts and ruled that retaliatory deactivation of purchased software for non-payment may merit an award of punitive damages. Clayton entered into a contract for the purchase of a computer system from Professional Systems Corporation (PSC). [FN80] After installation and for the next four years, PSC attempted to debug the system. [FN81] PSC eventually wrote to Clayton claiming that the situation was past the "bug-fixing phase" and only required standard support. [FN82] The letter also reminded Clayton of its unpaid account, which included a portion of the original purchase price. [FN83]

Clayton did not pay its bill, and PSC, claiming the need to make program changes, went to Clayton's place of business and secretly installed a "time bomb" that at a pre-set time would lock the system so Clayton could not access its files. [FN84] Instead, a message appeared on the screen directing Clayton to call PSC concerning the unpaid bill. [FN85] Clayton hired a former PSC employee who was able to unlock the system and give Clayton access to its files. [FN86]

Clayton sued claiming breach of express warranty as well as actual and punitive damages for conversion in connection with the lock-up of its system. [FN87] PSC counterclaimed for the balance due on Clayton's account. [FN88] The jury returned verdicts in favor of both parties, including a punitive damage award of $10,000 to Clayton for the deactivation, and both parties appealed. [FN89]

PSC claimed the evidence did not support a claim for punitive damages, but the Missouri Court of Appeals disagreed. It found "the evidence sufficient for the submission of punitive damages. PSC had no legal right, or any colorable legal right, to lock up Clayton's computer system . . . The effect of the lock- up was to prevent Clayton's access to therecords of its business." [FN90] Therefore, the jury's judgment was affirmed. [FN91]

In Werner, Zaroff, Slotnick, Stern & Askenazy v. Lewis, [FN92] a New York City Civil Court was confronted with the issue of software deactivation. In that case, the Werner law firm contracted with Lewis to remedy problems it was experiencing with its computers and to help it purchase and install a new system to handle the tracking of its insurance claims work. [FN93] Lewis also modified the firm's existing software so that it would be compatible with the newly purchased hardware. [FN94] The law firm, feeling it had already paid Lewis enough money, [FN95] declined to enter into a service contract to cover any problems that might arise with the law firm's new system. [FN96]

Due to the conditional statement placed by Lewis into the computer program used by the firm to manage insurance claims, when the system reached claim number 56789, it shut down and the firm was unable to restart it. [FN97] The court inferred that Lewis was hoping that after the system stopped, the firm would again retain him to correct the problem. [FN98]

The court awarded the plaintiff law firm damages equal to the amount it spent to correct the problem. [FN99] Judge Braun also concluded that the plaintiff was entitled to punitive damages, [FN100] noting that it "should send a message to others who would consider committing similar acts in the future, and even to some who may eradicate their already planted, as yet silent viruses which are presently waiting to awaken and wreak their havoc." [FN101]

In closing his opinion, Judge Braun noted that Lewis' actions were intentional, and perhaps even criminal, when he wrote, "[t]o the extent that Defendant's actions may not fit under the Penal Law, the New York State Legislature should act in this computer age to amend the law." [FN102] Thereafter, the New York State legislature made computer tampering a felony under a new law which went into effect in November 1993. [FN103]

On November 1, 1993, New York State toughened its computer crime laws by adding Class C and D felony offenses for computer tampering. [FN104] Under the statute, computer tampering occurs when a person uses "a computer or computer service and having no right to do so he intentionally alters in any manner or destroys computer data or a computer program of another person." [FN105] If a person engages in computer tampering and intentionally alters or destroys computer data causing damages of more than $3,000, he is guilty of a class D felony. [FN106] If damages exceed $50,000, the person is guilty of a class C felony. [FN107] Accordingly, the penalties for violations of these statutes range from maximums of seven to fifteen years imprisonment and fines up to $5,000. [FN108]

The first prosecution under the new law made the front page of The New York Times [FN109] and was covered in other local news sources. [FN110] A furniture builder who ordered customized software to track accounts became dissatisfied with the system and withheld final payment. [FN111] The software vendor sent a technician to the customer's premises, ostensibly to improve the system. [FN112] Instead, the technician planted a virus to block the company's access to information at a future date [FN113] and had it been activated, damages might have amounted to one-half million dollars. [FN114] Although the virus was discovered by the customer before it could be activated, the software vendor's president and the technician were charged under the harsher computer tampering statute. As two legal commentators observed, the case and the harsher statute, "may make [software] vendors think twice before installing software-disabling devices" and should encourage parties to licensing contracts to take precautions to mitigate against the use of the devices. [FN115]

For at least the past two years, the Virginia legislature has unsuccessfully attempted to enact a criminal statute that would deter software vendors from resorting to self-help electronic repossession. [FN116] Had Virginia been able to pass the law, it would have been the first state to have specific laws dealing with disablement of software. [FN117] In 1994, the legislature passed a bill that would have prohibited software vendors from embedding disabling devices at all. [FN118] However, when the American Software Association [FN119] became informed about the proposed legislation, it appealed to the Governor, who sent the bill back to the legislature and required the bill to be passed by two consecutive sessions of the legislature before becoming law. [FN120]

In the legislature's most recent attempt, House Bill 1649, vendors would have had to provide written notice that its software contained disablement code or be guilty of a Class 1 misdemeanor. [FN121] The version of the bill that was approved by the House of Delegates in early February 1995 differed from the previous year's because it provided that a person who engaged in trespass "without authority" included, inter alia, someone "who use[d] [a] computer without written notice that he reserve[d] the right to do so." [FN122] Despite its more lenient nature, the State Senate's  Committee on Courts of Justice rejected the proposal [FN123] and the bill died.

Virginia's inability to enact this legislation may be rooted in the State's curious attempt to establish criminal penalties to address a problem that arises in contractual settings. While other states may attempt to follow Virginia's lead, legislators and courts should be prepared for the controversy to continue unless parties to software contracts can effectively deal with this problem themselves.

In 1984, Congress enacted The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 ("1984 Act"), [FN124] the first federal legislation prohibiting specific acts involving the use of a computer. The 1984 Act only provided narrow protection for important federal interests and was considered by critics to be flawed in many respects. [FN125] Subsequently, Congress amended the 1984 Act by enacting The Computer Fraud and Abuse Act of 1986 ("1986 Act"). [FN126] However, despite its expanded coverage, the 1986 Act also was considered too limited in protection. [FN127]

Congress recognized the limitations of the 1986 Act, and in 1989 and 1991, introduced unsuccessful amendments to broaden the scope of the Act. In 1989, the Computer Virus Eradication Act of 1989, introduced by Wally Herger, Representative of California, sought to amend the 1986 Act by including a new section that would specifically cover computer viruses. [FN128] The new provision would have penalized any person who "knowingly inserts into a program for a computer, or a computer itself, information or commands, knowing or having reason to believe that such information or commands may cause loss . . . to users of such computer . . . ." [FN129] Additionally, the bill provided for the recovery of civil damages by the injured party. [FN130]

Another bill, entitled, The Computer Protection Act of 1989, was introduced by Tom McMillen, Representative of Maryland, but was never passed. [FN131] Instead of amending section 1030, the bill sought to amend the malicious mischief and sabotage code [FN132] by outlawing willful and knowing sabotage of computer hardware and software systems [FN133] and providing for the recovery of civil damages. [FN134]

Finally, in 1991, Patrick J. Leahy, Senator of Vermont, introduced The Computer Abuse Amendments of 1991, [FN135] which sought to amend section 1030(a)(5) of the 1986 Act by addressing the problems of computer viruses and worms, and expanding coverage to computers used in interstate commerce. [FN136] Also, relief was needed in those states where courts found software lockups wrongful, but not a crime. [FN137] The bill was never passed by the Senate.

However, Section 1030 was eventually amended when the Computer Abuse Amendments Act of 1994 ("Amendents"), [FN138] included as part of the Crime Bill, was signed by President Clinton. The Amendments prohibit the knowing, unauthorized transmission in interstate commerce of code that is intended to damage or deny the use of a computer system, computer services, a network, or data if the damages are $1,000 or more during any one year period. [FN139] The Amendments also create a civil remedy for damages and injunctive relief. [FN140] There are several novel aspects of the Amendments.

First, while the culpability required to find a violation the Computer Fraud and Abuse Act of 1986 has been held to be proof of "intentional unauthorized access," [FN141] the Amendments broaden the required intent to include denying another party computer access. Thus, a time bomb which denies a user access, even though it does not act like a virus (destroying code or data), is covered by the Amendments if all other criteria are met.

Second, the felony can only occur if the code is placed into the system "without the authorization of the persons or entities who own or are responsible for the computer system receiving the program, information, code, or command . . . ." [FN142] For years, prudent lawyers have advised software vendors not to plant encrypted code, for whatever purpose, including for the prevention of reverse engineering, without informing the user during the formation of the contract. The Amendments underscore the wisdom of such advice.

Third, while intent to damage or to deny computer access is generally required, medical systems and data receive special protection. [FN143] Otherwise, the authorization and damage requirements are the same as for computers systems in general.

Finally, the Amendments provide that a civil action for damages or loss suffered can be maintained against violators if they intend to damage or deny computer access. [FN144] While compensatory damages and injunctive relief are generally available, if a medical system is involved, relief is not limited to economic damages. [FN145] As of April 1995, however, no criminal or civil cases have arisen under the new Amendments.

The National Conference of Commissioners on Uniform State Laws is currently considering a major expansion of Article 2 of the U.C.C. expressly to cover software transactions. [FN146] Presently, the Article's coverage is restricted to transactions in "goods," a limitation which has sometimes hindered courts from interpreting the phrase to include the licensing of software. [FN147] This discussion focuses on two of the proposed revisions to the article, Sections 2-2517 and 2-2518. [FN148] The remedies portion of the proposed amendments states that among the licensor's remedies for material breach of the entire contract is the right to "repossess and prevent further use." [FN149] This right is available both upon application to a court (Section 2-2517), [FN150] and without judicial process (Section 2-2518).

First, Section 2-2517, [FN151] entitled, "Licensor's Right to Repossess or Prevent Use," provides that upon such "material breach," [FN152] the licensor can, by judicial process, prevent a licensee from using the licensed intangibles and repossess the licensed property. The provision recognizes the limitations of current law pertaining to goods, because there is no general right to repossess by the seller, whether or not the buyer fails to pay the contract price. [FN153] The drafters' intent was to create a provision that would parallel the repossession rights in Articles 9 and 2A. [FN154]

The drafters feel that a repossession right is appropriate for intangibles for three reasons: 1) because the licensor retains ownership interests in the intangible property; 2) because the contract would normally limit the use of the property by the licensee; and 3) because existing intellectual property law provides that a right to repossess and prevent continued used of the property in the case of infringement. [FN155] Importantly, the drafters note that repossession is not "the first step in realizing against the property to recover an unpaid debt[,]" but rather, "an exercise of the lessor's property rights in the goods and a means to deny the lessee the continued benefits that it had been granted under the contract that it has breached." [FN156]

Secondly, Section 2-2518, entitled "Licensor's Self-Help," [FN157] provides that a licensor may exercise all of the remedies that a court can exercise under the U.C.C. if this can be accomplished without a breach of the peace and without substantial damage or destruction of the licensee's property not covered by the lease. [FN158] These rights may be exercised electronically (subject to the foregoing breach of peace and damage to property limitations), if the license agreement conspicuously so provides. [FN159] Notably, the self-help remedy "is closely constrained and limited" because there must first be a material breach by the licensee, and like Article 9, the licensor must proceed without creating a breach of the peace. [FN160] The drafters also included a provision that allows licensees whose data or property has been damaged to recover damages to compensate for their losses. [FN161]

It appears that the drafters have tried to incorporate the salient principles extracted from the few cases on the electronic self-help, "logic bomb" issue. However, at present, the draft is merely in a preliminary form. In fact, as of Fall 1994, the draft provisions had not yet been passed on by the drafting committee, and their presentation of the provisions to the National Conference of Commissioners on Uniform State Law is most likely many years away. [FN162]

The review of the court decisions and the state and federal criminal laws pertaining to software vendors' self-help disabling devices reveals an important principle: a software vendor should not plant encryption code without disclosing its existence to the purchaser or licensee. Generally, in the civil cases, the elements of coercion and surprise were repugnant to the judges and they accordingly awarded punitive damages to the customers. Lack of authorization is also a key element in making electronic shut-downs a federal felony. [FN163]

When the Computer Abuse Amendments of 1994 were being considered by Congress, manufacturers of software inquired whether the new law would criminalize the use of disabling codes which are sometimes used to enforce licensing agreements. [FN164]  According to Senator Patrick J. Leahy, the bill's sponsor, "it is not the intent of this legislation to criminalize the use of disabling codes when their use is pursuant to a lawful licensing agreement that specifies the conditions for reentry or software disablement." [FN165]

Unfortunately, the Senator's language is not entirely clear. For example, it is unclear whether the license has to specify that electronic remedies will be used in specified situations, or whether it is sufficient for the license to state that it will be cancelled under specified conditions. Is the prohibition of reverse engineering sufficient without specification of the remedy? At this early date it is only clear that Congress did not intend to prosecute companies for protecting their assets or enforcing their licenses provided the conditions for disablement are specified in the contract. However, Congress did provide for civil actions, and it is under this new cause of action that the civil law on electronic self help will most likely develop.

A review of the decisions, complaints and media coverage also indicates that computer tampering disputes principally arise when a software licensee believes it is justified in stopping payment, usually because the customized or modified software fails to perform properly. This can occur under both sale and licensing transactions. Under these circumstances, it is not clear whether the user should make the payments demanded.

The proposed U.C.C. remedies, however, would apply to all licensing transactions. It would seem more consistent with the analogy of leasing goods to restrict the proposed electronic remedies to packaged software which has been licensed in the marketplace for more than one year. Although the one- year criteria may be arbitrary, it is an attempt to make a distinction between "shrink-wrap" software products that can constitute goods, and new software products, as well as customized software. New software products and customized software are generally recognized to be more intangible than "goods" and more akin to a contract for the provision of services.

Software licensees should be aware of the possibility that their vendors may employ electronic self-help remedies. [FN166] If they do not wish to authorize such remedies, they should insist on a warranty that encryption code is not written into the system, will not later be planted, and that all of the vendor's statutory rights to such remedies are disclaimed. [FN167] While many vendors are reluctant to warrant flatly against implanted viruses because they cannot completely control their planting, this reluctance is unwarranted since shutdowns, data obstruction or damage due to deactivation devices are usually within the vendor's control.

In addition, to strengthen the warranties, a licensee should require that the vendor is responsible for any damage in the event of a shutdown, regardless of whether it is accidental or caused by an employee or other worker without vendor's authorization. [FN168] Recovery of consequential and punitive damages, and legal costs should also be provided.

If the software licensee wishes to authorize electronic remedies, it should do so with specificity. Examples of such specificity would include: the number of days of payment default before authorized exercise of the remedy; or the number of days and required form of a prior written notice. A licensee should also prohibit use of the electronic self-help remedy for payment defaults that occur in connection with auxiliary contracts with the vendor, such as maintenance contacts, or agreements to customize certain modifications. The contract should also protect the licensee by specifying remedies in the event of vendor's breach. Such remedies might include consequential and punitive damages, and the recovery of legal costs.

In conclusion, the express inclusion of electronic remedy provisions in a contract is advantageous to both parties. The preliminary draft of the U.C.C. proposed revisions generally seems to embrace this principle. If parties are able to negotiate specific electronic remedies and terms, the electronic repossession issue is removed from the realm of state and federal criminal law. Indeed, if parties to a contract were willing to negotiate such specific electronic remedy provisions, it would obviate the need for legislatures, like Virginia's, to enact criminal penalties for problems arising in contractual settings, a practice which is somewhat questionable.

[FNa] Esther C. Roditti is the editor and publisher of Computer Law & Tax Report , the author of the four-volume Matthew Bender treatise, Computer Contracts, Negotiating and Drafting Guide , and the author of Hiring and Firing: Knowledge Workers . She received her A.B., magna cum laude, Phi Beta Kappa, from the University of California at Los Angeles, and her J.D. from Harvard University. The author is grateful to Mina Rhee for her help in preparing this article for publication.

[FN1]. Viruses have been reported to cause extensive damage to computer networks. See, e.g., United States v. Morris, 928 F.2d 504 (2d Cir.), cert. denied, 502 U.S. 817 (1991). In that case, a Ph.D. candidate in computers at Cornell University thought he might test what he thought to be inadequate security devices on the Internet computer network. Id. at 505. To demonstrate this, he developed and released a worm on the Internet. Id. Because Morris' calculations were flawed, the worm paralyzed computers at various locations. Id. at 506. The costs associated with removal of the virus ranged from $200 to $53,000 at each infected location. Id.

[FN2]. Malevolent software is often referred to as "computer viruses" although this categorization is technically incorrect. In order for a program to be considered a virus, it must have the ability to replicate itself and append these copies to other files in the computer system. See Vicky H. Robbins, Vendor Liability for Computer Viruses and Undisclosed Disabling Devices in Software, 10 Computer Law. 20, 20 (1993). Besides "logic bombs," there are four other categories of such problematic software. They include: "trojan horses," software that seems harmless but is actually destructive; "worms," software designed to "crawl" or "wriggle" through computer networks and repeatedly copy itself; "computer viruses," software that can attack and infect other computer files; and "stealth viruses," similar to computer viruses but more difficult to detect. Id.; Bradley S. Davis, It's Virus Season Again, Has Your Computer Been Vaccinated? A Survey of Computer Crime Legislation as a Response to Malevolent Software, 72 Wash. U. L.Q. 411, 412-13 & nn.9-13 (1994).

[FN3]. See, e.g., Adam G. Ciongoli et al., Ninth Survey of White Collar Crime: Computer-Related Crimes, 31 Am. Crim. L. Rev. 425, 427 n.10 (1994).

[FN4]. Professor Raymond T. Nimmer has commented, "Remote or pretimed disabling of software may cause damage that goes beyond merely enforcing a contract. Data loss, system failure, and other consequences may ensue. Even though these may be compensated for, it is not clear that contract law should permit this risk." Raymond T. Nimmer, The Law of Computer Technology P 7.33, at 111 (2d ed. 1992).

Referring to the controversy surrounding such electronic self-help remedies, one author stated:

First, in any dispute, there are two sides to the story ... [and] [t]he [software] vendor has set itself up as judge, jury and, most importantly, executioner, and has denied the customer of its right to protest, to present its arguments to a legitimate forum, to negotiate a settlement or to do any of the other things we all have a right to expect in this country.

Lee Gruenfeld, Pay Up, or Bombs Away, Computerworld , June 18, 1990, at 23.

For law review commentaries on the state of the law regarding computerized self-help remedies prior to the 1994 amendments in federal legislation and the proposed changes to the U.C.C., see Henry Gitter, Self-Help Remedies for Software Vendors, 9 Santa Clara Computer & High Tech. L.J. 413 (1993); Stephen L. Poe & Teresa L. Conover, Pulling the Plug: The Use and Legality of Technology-Based Remedies by Vendors in Software Contracts, 56 Alb. L. Rev. 609 (1993); Robbins, supra note 2; Lance A. Raphael, Note, Teaching an Old Law a New Trick: Repossessing Software Through Disablement, 97 Com. L. League of Am. 276 (1992).

[FN5]. See discussion infra parts I.A. and I.B.

[FN6]. See, e.g., Gren Manuel, Computer Security, Fin. Times , Feb. 5, 1991, at I16 (reporting two instances in which such devices are routinely included in software programs).

[FN7]. See U.C.C. s 9-503 (1994).

[FN8]. 18 U.S.C. s 1030 (1994).

[FN9]. 18 U.S.C. s 1367 (1994).

[FN10]. 18 U.S.C. s 1001 (1994).

[FN11]. Pub. L. 103-322, 108 Stat. 2097 (codified at 18 U.S.C. s 1030 (1994)).

[FN12]. Note that this discussion is not about situations involving cases of electronic vandalism, programmed threats, reckless hackers, or disgruntled employees, which have been extensively covered elsewhere. See, e.g., Michael C. Gemignani, What is Computer Crime, and Why Should We Care?, 10 U. Ark. Little Rock L.J. 55 (1987-88); Ciongoli et al., supra note 3; Glenn D. Baker, Note, Trespassers Will be Prosecuted: Computer Crime in the 1990s, 12 Computer/L.J. 61 (1993). Rather, its focus is the commercial relationships between reputable vendors and end users of custom-developed or licensed software.

[FN13]. No. 88-C-1474-E, 1989 Comp. Indus. Lit. Rep. 8927 (N.D. Okla. Dec. 8, 1988).

[FN14]. Id. at 8927.

[FN15]. Id. at 8929, 8934-35.

[FN16]. Id. at 8930.

[FN17]. Id. at 8928-29.

[FN18]. Id. at 8930.

[FN19]. Id. at 8934.

[FN20]. Id. at 8929.

[FN21]. Id. at 8930.

[FN22]. Id.

[FN23]. Id. at 8930.

[FN24]. U.C.C. s 9-503 (1994).

[FN25]. Franks & Sons, 1989 Comp. Indus. Lit. Rep. at 8930, 8933.

[FN26]. Id. at 8933.

[FN27]. Id. at 8934.

[FN28]. Id. at 8934.

[FN29]. Id.

[FN30]. Id. at 8935. Judge Ellison wrote:

Public policy favors the non-enforcement of abhorrent contracts. Here, without the knowledge of Plaintiff, Defendants have included a surprise in their product which chills the functioning of any business whose operation is a slave to the computer. If the Plaintiff had known about this device at the time it entered into the contract with the Defendant then the result would be different. Here it would be unconscionable for the Court to give credence to this economic duress.

Id.

[FN31]. 763 F. Supp. 1473 (D. Minn. 1991), aff'd on other grounds sub nom., American Computer Trust Leasing v. Boerboom Int'l, Inc., 967 F.2d 1208 (8th Cir.), cert. denied, 113 S. Ct. 414 (1992).

[FN32]. Id. at 1492.

[FN33]. Id.

[FN34]. Id.

[FN35]. Id.

[FN36]. Id. at 1492.

[FN37]. 18 U.S.C. ss 1962(a), (c) & (d) (1988 & Supp. 1993).

[FN38]. 18 U.S.C. s 2511 (1988).

[FN39]. 18 U.S.C. ss 2701-10 (1988).

[FN40]. Minn. Stat. ss 609.52, 609.88, 609.89 (1987).

[FN41]. Minn. Stat. s 548.05 (1987). The statute read: "Whoever shall carry away, use or destroy any wood, timber, lumber, hay, grass, or other personal property of another person, without lawful authority, shall be liable to the owner thereof for treble the amount of damages assessed therefor in the action to recover such damages." Id.

[FN42]. Minn. Stat. s 561.01 (1987). Farrell alleged that ADP "made wrongful entry into Farrell's property and by use of direct force appropriated and destroyed" its accounting and inventory records. 763 F. Supp. at 1494. The nuisance provides that: "Anything which is injurious to health, or indecent or offensive to the senses, or an obstruction to the free use of property, so as to interfere with the comfortable enjoyment of life or property, is a nuisance." Minn. Stat. s 561.01 (1987).

[FN43]. American Computer Trust Leasing v. Jack Farrell Implement Co., 763 F. Supp. 1473, 1493 (D. Minn. 1991), aff'd on other grounds sub nom., American Computer Trust Leasing v. Boerboom Int'l, Inc., 967 F.2d 1208 (8th Cir.), cert. denied, 113 S. Ct. 414 (1992). It accordingly granted ADP's motion for summary judgment on that issue. Id.

[FN44]. Id. at 1492-93.

[FN45]. Id. at 1493.

[FN46]. Id. at 1493 & n.28. The current version incorporating civil recovery is found at Minn. Stat. Ann. s 332.51 (West. Supp. 1993).

[FN47]. Id. at 1493.

[FN48]. Id. at 1493-94.

[FN49]. Id. at 1494.

[FN50]. Id.

[FN51]. Id.

[FN52]. Id. 1494-95.

[FN53]. See Evelyn Richards, Revlon Suit Revives the Issue of 'Sabotage' by Software Firms; Manipulation of Computer Programs Damages Credibility, Wash. Post , Oct. 27, 1990, at C1.

[FN54]. Id.

[FN55]. Id.

[FN56]. 549 N.Y.S.2d 789 (App. Div. 1990).

[FN57]. Id. at 790.

[FN58]. Id.

[FN59]. Id.

[FN60]. Id.

[FN61]. Art Stone Theatrical Corp. v. Technical Programming & Support Sys., Inc., 549 N.Y.S.2d 789 (App. Div. 1990).

[FN62]. Id. at 790-91.

[FN63]. Id. at 791.

[FN64]. See, e.g., Tiny Software Firm Cripples Giant Revlon in Pay Dispute, L.A. Times , Oct. 25, 1990, at D4; Ken Siegman, Software Supplier "Repossesses" Revlon's Computer System, Chi. Trib. , Oct. 28, 1990, at C8; Manuel, supra note 6; Claire Bernstein, Data Destroyers Now a Weapon in Business Wars, Toronto Star , Dec. 28, 1993, at E1.

[FN65]. Plaintiff's Complaint at 2, Revlon, Inc. v. Logisticon, Inc. (No. 70-5933) (Cal. Super. Ct., Santa Clara Cty., filed Oct. 22, 1990) [hereinafter Complaint].

[FN66]. Id. at 18-19.

[FN67]. See sources cited supra note 64. Some media coverage portrayed Logisticon as a small, helpless software developer that had no alternative but to set off the deactivation device. See Tiny Software Firm Cripples Giant in Software Pay Dispute, L.A. Times , Oct. 25, 1990, at D4. Moreover, the view that small software firms, like Logisticon, find themselves in a position in which they have to defend themselves is shared by others. See Joe Dysart, Is Your Software About to Drop Dead?, Restaurant Hospitality , Feb. 1992, at 65. According to an experienced computer consultant in New York City, implanting software deactivation devices "goes on a lot more than you think -- and [he is] absolutely sympathetic to the software companies that do it," since "[t]he fact is that small software houses are being pushed to the wall by companies that essentially are making demands with a gun to their heads, and this is the way they've found to defend themselves." Id.

[FN68]. Complaint, supra note 65, at 4.

[FN69]. Id. at 6.

[FN70]. Id. at 7.

[FN71]. Id.

[FN72]. Id.

[FN73]. Complaint, supra note 65, at 8.

[FN74]. Id. The letter stated, "Logisticon disabled the operation of its ... software last night but took great care as to do it in an orderly fashion and not violate or corrupt [Revlon's] DATA ...When and if an agreement is reached on the outstanding payments the systems can be restored in a few hours." Id. at 8 (alterations in original).

[FN75]. See Revlon Settles Contract Suit Against Logisticon, Wall St. J. , Jan. 8, 1991, at B2; Robbins, supra note 2.

[FN76]. Complaint, supra note 65, at 2. Revlon contended that the defendants' illegal invasion of Revlon's computer system "[wa]s all the more outrageous because, to perpetrate their scheme, defendants used knowledge they obtained about Revlon's business and computer system under a contract with Revlon." Id.

[FN77]. Id. at 14, 16.

[FN78]. See Revlon Settles Contract Suit Against Logisticon, Wall St. J. , Jan. 8, 1991, at B2.

[FN79]. 812 S.W.2d 565 (Mo. Ct. App. 1991).

[FN80]. Id. at 565.

[FN81]. Id. at 566.

[FN82]. Id.

[FN83]. Id.

[FN84]. Id.

[FN85]. Id.

[FN86]. Id. at 567.

[FN87]. Id. at 566.

[FN88]. Id.

[FN89]. Id. at 566-67.

[FN90]. Id. at 567.

[FN91]. Id.

[FN92]. 588 N.Y.S.2d 960 (Civ. Ct. 1992).

[FN93]. Id. at 960.

[FN94]. Id.

[FN95]. Lewis received more than $21,000 for his services, even though the initial estimate was around $5,000. Id. Apparently, Lewis had hinted to the law firm that he was able to sabotage its computers when he told one of the partners that if they had not paid him for his services, "he would not have entered the data contained on [a certain] floppy disk into the computer, which would have subsequently crashed." Id.

[FN96]. Id.

[FN97]. Id. at 960.

[FN98]. Id. The court stated, "Defendant's computer business had slowed to a trickle at the time that he completed his work for plaintiff. It is this court's conclusion that defendant intentionally put the conditional statement into plaintiff's software, with the hope that, after the system stopped, plaintiff would retain him again to correct the problem." Id.

[FN99]. Id. at 960.

[FN100]. Id. at 960. The firm was awarded $18,000 in punitive damages, but the court seemed to "regret" that it could not award more, considering the "defendant's actions in breaching his contract with plaintiff were morally culpable and seemingly criminal." Id.

[FN101]. Id.

[FN102]. Id.

[FN103]. N.Y. Penal Law ss 156.26, 156.27 (Consol. 1984 & Supp. 1994).

[FN104]. N.Y. Penal Law ss 156.26, 156.27 (Consol. 1984 & Supp. 1994). Prior to the new law, the most severe penalty for computer tampering was a Class A misdemeanor or Class E felony. N.Y. Penal Law ss 156.20, 156.25 (Consol. 1984 & Supp. 1994).

[FN105]. N.Y. Penal Law ss 156.20 (Consol. 1984 & Supp. 1994).

[FN106]. N.Y. Penal Law s 156.26.

[FN107]. N.Y. Penal Law s 156.27.

[FN108]. N.Y. Penal Law s 70.00 (Consol. 1984).

[FN109]. Diana Jean Schemo, Software Maker Accused of Using Virus to Compel Client to Pay Bill, N.Y. Times , Nov. 23, 1993, at A1.

[FN110]. See Craig Gordon, Software Time-Bomb Backfires, Newsday , Nov. 23, 1993, at 6; Richard Raysman & Peter Brown, New York's Tougher Crime Statute, N.Y. L.J., Dec. 14, 1993, at 3.

[FN111]. Schemo, supra note 109.

[FN112]. Id.

[FN113]. Id.

[FN114]. Id.

[FN115]. See Raysman & Brown, supra note 110.

[FN116]. See Elizabeth Corcoran, Virginia House to Consider Law on "Disabling" Software; Firms Would Have to Label Coded Programs, Wash. Post , Feb. 4, 1995, at C1; Software Crime Bill: Virginia Software Crime Bill Draws Protest, Edge Work Group Computing Rep ., Feb. 6, 1995, 1995 WL 7138925; Jill Gambon, "Bomb" Bill Gains in Virginia: Software Time Bombs to Incur Criminal Penalties, Info.Wk. , Feb. 20, 1995, at 14; Jill Gambon, Virginia Kills "Time Bomb" Bill; Senate Rejects Proposal to Outlaw Secret Codes, Info.Wk. , Mar. 20, 1995, at 41; Steven N. Czetli, Model Law Regulating Sale of Software Under Revision, 5 Pa. Bus. & Tech. 17 (1994).

[FN117]. See Corcoran, supra note 116.

[FN118]. The bill was introduced by Alan A. Diamonstein, in response to a 1993 incident in which Newport News' largest shipbuilding company was allegedly nearly paralyzed due to a deactivation device placed in its software by a software vendor. See Cororan, supra note 116. The dispute arose when the shipbuilder and the vendor quarreled over terms of its software licenses. Id. The parties reached an out-of-court settlement and have been reluctant to reveal its terms. Id.

The 1994 version of House Bill 1649 read:

Be it enacted by the General Assembly of Virginia:

1. That the Code of Virginia is amended by adding ... Section 18.2-152.7:1. Illegally Disabling Operation of Computer Software; Penalty.

It shall be unlawful for any person or entity to knowingly sell or license computer software, or to knowingly furnish any update or other revision thereof, in which has been inserted or otherwise included any device or code which has the capacity of enabling anyone other than the user of the software to halt or otherwise disable the operation of such software in any way. A violation of this section shall be punishable as a Class 1 misdemeanor. The foregoing shall not apply during any temporary trial use period of one hundred twenty (120) days or less in the case of computer software made available to a user expressly for such purpose.

2. That the provisions of this act shall not become effective unless reenacted by the 1995 Session of the General Assembly.

H.B. 809 (Approved Apr. 20, 1994), available in LEXIS, Legis Library, STTEXT File.

[FN119]. The ASA is a division of the Information Technology Association of America (ITAA). The ITAA, consisting of 5,700 member companies "who create and market products and services associated with computers, communications and data." See Software Crime Bill, supra note 116.

[FN120]. See Corcoran, supra note 116.

[FN121]. See infra note 122.

[FN122]. The Bill included definitions of relevant terms, including "use" of a computer and "without authority." The text, in relevant part, reads:

Section 18.2-152.2 Definitions.

A person "uses" a computer or computer network when he:

1. Attempts to cause or causes a computer or computer network to perform or to stop performing computer operations;

2. Attempts to cause or causes the withholding or denial of the use of a computer, computer network, computer program, computer data or computer software to another user; or

3. Attempts to cause or causes another person to put false information into a computer.

A person is "without authority" when he (I) has no right or permission of the owner to use a computer, or, he (II) uses a computer is a manner exceeding such right or permission or (III) uses the computer without providing written notice that he reserves the right to do so.

Section 18.2-152.4. Computer trespass; penalty.

Any person who uses a computer or computer network without authority and with the intent to:

1. Temporarily or permanently remove or disable computer data, computer programs, or computer software from a computer or computer network;

2. Cause a computer to malfunction regardless of how long the malfunction persists;

3. Alter or erase any computer data, computer programs, or computer software ....

H.B. 1649 (Feb. 7, 1995), available in LEXIS, Legis Library, STTEXT File.

[FN123]. See Gambon, Virginia Kills "Time Bomb" Bill, supra note 116.

[FN124]. Pub. L. No. 98-473, s 2102(a), 98 Stat. 2190 (1984) (codified as amended at 18 U.S.C. s 1030 (1994)).

[FN125]. See S. Rep. No. 432, 99th Cong., 2d Sess. 4 (1986), reprinted in 1986 U.S.C.C.A.N. 2479, 2482.

[FN126]. Pub. L. No. 99-474, s 2, 100 Stat. 1213 (1986) (codified as amended at 18 U.S.C. s 1030 (1994)).

[FN127]. For a general overview of the legislative histories of the 1984 and 1986 Acts and their relevant criticisms, see Dodd S. Griffith, The Computer Fraud and Abuse Act of 1986: A Measured Response to a Growing Problem, 43 Vand. L. Rev. 453 (1990); Glenn D. Baker, Note, Trespassers Will be Prosecuted: Computer Crime in the 1990s, 12 Computer/L.J. 61 (1993).

[FN128]. H.R. 55, 101st Cong., 1st Sess. (1989).

[FN129]. 135 Cong. Rec . E2125 (daily ed. June 14, 1989) (statement of Rep. Herger).

[FN130]. H.R. 55, 101st Cong., 1st Sess. (1989).

[FN131]. H.R. 287, 101st Cong., 1st Sess. (1989).

[FN132]. 18 U.S.C. ss 1361-67 (1988 & Supp. V 1993).

[FN133]. H.R. 287, s 2(a).

[FN134]. Id.

[FN135]. S. 1322, 102d Cong., 1st Sess. (1991).

[FN136]. Id.

[FN137]. Id.

[FN138]. Pub. L. 103-322, 108 Stat. 2097-99 (codified as amended in 18 U.S.C. s 1030 (1994)).

[FN139]. 18 U.S.C. s 1030(a)(5)(A). The provision, in pertinent part states:

(a) Whoever --

through means of a computer used in interstate commerce or communications, knowingly causes the transmission of a program, information, code, or command to a computer or computer system if (i) the person causing the transmission intends that the transmission will -- (I) damage or cause damage to, a computer, computer system, network, information, data, or program; or (II) withhold or deny ... of the use of a computer, computer services, system or network, information, data or programs [shall be punished under this Act]

Id.

The Amendments also include a recklessness standard for the knowing, unauthorized transmission of such encryption code. 18 U.S.C. s 1030(a)(5)(B).

[FN140]. 18 U.S.C. s 1030(g).

[FN141]. 18 U.S.C. s 1030(a)(4).

[FN142]. 18 U.S.C. s 1030(a)(5)(A).

[FN143]. Id.

[FN144]. 18 U.S.C. s 1030(g). The provision reads:

Any person who suffers damage or loss by reason of a violation of the section, other than a violation of subsection (a)(5)(B) [i.e., if the violator acts with reckless disregard], may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief .... No action may be brought under this section unless such action is begun within 2 years of the date of the act complained of or the date of the discovery of the damage.

Id.

[FN145]. Id.

[FN146]. Professor Nimmer is the Reporter with respect to "Technology Issues" for the drafting committee responsible for proposing amendments to the Uniform Commercial Code (U.C.C.). The National Conferences of Commissioners on Uniform State Law is seeking to amend the U.C.C. to expressly cover computer software transactions. See George L. Graff, Status of the Proposed Licensing Amendments to Article 2 of the U.C.C., Bulletin of law, sci. & Tech. , Oct. 1994, (Special Insert) at 5-6.

[FN147]. E.g., RRX Indus., Inc. v. Lab-Con, Inc., 772 F.2d 543, 546-47 (9th Cir. 1985) (holding that software was to be treated as goods under the Code if the sales aspect of the contract predominated).

[FN148]. U.C.C. ss 2-2517, 2518 (Preliminary Draft 1994) (on file with author) [hereinafter Draft Revisions].

[FN149]. Id. at s 2-2515(a)(3).

[FN150]. The Reporter's Note to section 2-2517 states, "Because repossession issues were controversial during the period that the Discussion Draft was circulated, this section was rewritten to separate the right to prevent use through judicial process and, in subsection (c), to prevent use at the end of the license term, from the idea of self-help remedies[,]" which are addressed in the following section. Draft Revisions, supra note 148, s 2-2517, Reporter's Note para. 1.

[FN151]. Section 2-2517 states:

(a) Upon default under a license by a licensee of a type described in Section 2-2515(a), the licensor is entitled by judicial process to prevent the licensee's exercise of rights in the intangibles and to repossess property transferred pursuant to the contract. To the extent necessary to enforce this right a court may order that the licensor:

(1) take possession of any intangible objects containing the intangibles or information related thereto;

(2) without removal, render unusable the intangibles or any goods containing the intangibles or the capability to exercise rights in the intangibles;

(3) destroy any electronic records, data, or files containing the intangibles or information pertaining to the intangibles under the control or in the possession of the licensor or licensee or to which the licensee has access;

(4) obtain injunctive relief against the continued exercise of rights in the intangibles by the licensee; and

(5) if the contract so provides, require the licensee to assemble all materials containing the intangibles and information concerning the intangibles and make them available to the licensor at a place designated by the licensor which is reasonably convenient to both parties and to destroy electronic and other records or files containing the intangibles or information relating to the intangibles.

(b) The remedies in subsection (a) other than that in subsection (a)(4) are not available if the intangibles are data that prior to default was so altered or commingled as to no longer be reasonably separable or identifiable from other property or information available to the licensee in a form or manner that would enable the remedy to be administered without undue harm to the licensee's business or other activities.

Id. at s 2-2517.

[FN152]. The section adopts the distinction made in Article 2A between "material breach" and "nonmaterial breach"; the distinction does not exist in the sales article. Draft Revisions, supra note 148, s 2-2515, Reporter's Note para. 2. The note continues, "Materiality relates to the transferor's right to cancel the contract and retake or prevent use of the intangibles by the licensee." Id. The provision also distinguishes between material defaults related to specific events during the contractual relationship and defaults that affect the entire contract. Id. para. 3.

[FN153]. Id. s 2-2517, Reporter's Note para. 6. The remedies of the seller are limited because in general, the only circumstance that allows for repossession is when the seller has not yet delivered the goods or where fraud is committed by the buyer and the seller acts within reasonable time limits. See U.C.C. ss 2-702, 2-705 (1994).

[FN154]. Id. para. 4. Article 2A provides in pertinent part:

After a default by the lessee ... the lessor has the right to take possession of the goods .... Without removal, the lessor may render unusable any goods employed in trade or business, and may dispose of goods on the lessee's premises .... The lessor may proceed under [this section without judicial process if it can be done without breach of the peace or the lessor may proceed by action.

Id. para. 9 (citing U.C.C. s 2A-525) (alterations in original).

[FN155]. Id. s 2-2517, Reporter's Note para. 3, 11. The proposals are justified in part by reliance on remedies under the Copyright Act. See 17 U.S.C. s 502 (1988). However, repossession under the Copyright Act requires a federal court's order, the standards for injunctive relief are onerous for the applicant, and the defendant has the opportunity to argue as to why injunctive relief should not be granted.

[FN156]. Id. s 2-2517, Reporter's Note para. 10. The Reporter's Note continues, "In this sense, then, both retaking physical possession and the alternative of disabling the property from use serve the same purpose: they enforce the dominant interest of the lessor in the use and benefit from the goods." Id. The language of this Note is reiterated in s 2-2518 as well. Id. s 2-2518.

[FN157]. The provision reads:

(a) A licensor may proceed under Section 2-2518(a) without judicial process if this can be done without a breach of the peace and without substantial damage to or destruction of property of the licensee not covered by the license.

(b) The limitation on a licensor's right to act without judicial process may not be waived by the licensee prior to default.

(c) If a conspicuous term or provision of the contract provides that it may do so, the licensor may include in the subject matter of the license electronic means by which the licensor may enforce its rights under subsection (a). However:

(1) the licensor's use of electronic remedies to prevent further use of the intangibles is subject to subsection (a); and

(2) if the licensor's use of the means to prevent further use of the intangibles by the transferee damages property of the licensee not covered by the license, the licensee is entitled to recover as damages for the destruction or damage of the property any resulting loss in the ordinary course as measured in any manner that is reasonable.

Id. s 2-2518.

[FN158]. Id. s 2-2518(a).

[FN159]. The drafters' intent was to address the "highly controversial option of 'electronic self help."' Id. s 2-2518, Reporter's Note para. 4.

[FN160]. Id.

[FN161]. Id. s 2-2518(c)(2).

[FN162]. See Graff, supra note 146, at 5-6.

[FN163]. See discussion supra part III.

[FN164]. 140 Cong. Rec . S12309-02, S12313 (Aug. 23, 1994).

[FN165]. Id.

[FN166]. Two commentators have suggested that a typical clause, similar to the following, be inserted to software licensees to protect both parties: "Upon the default of licensee, the licensor shall have the right to act an automatic shutdown feature, which is incorporated in the licensed software. The activation of the shutdown feature will immediately render the licensed software inoperable." Marc S. Friedman & Lynn Pulchalski, Close Legal Doors on Software Locks, Computerworld , Sept. 30, 1991, at 85.

[FN167]. This statement might be inserted to protect the licensee who has been assured that no logic bombs have been inserted into their software program: "Licensor expressly warrants that the licensed software does not contain any feature that would impair in any way the operation of the licensed software, including but not limited to software locks, or drop-dead devices. Licensor further warrants that it will not impair the operation of the software in any way other than that ordered by a court of law." Id.

[FN168]. A software licensee may insist that a clause similar to the following be inserted into the licensing agreement:

Licensor further warrants and licensee understands that an automatic shutdown feature is incorporated in the licensed software, which if activated, would render the licensed software inoperable.

Licensor further warrants that the automatic shutdown feature will be activated only if licensee fails to pay the licensor at least 50% of the sums due under the contract after the system is found by an independent consultant to have met the performance requirements.

Licensor further warrants that if the automatic shutdown is activated for any other reason other than the one stated above, licensee shall be entitled to all direct and consequential damages resulting therefrom.

Id.

END OF DOCUMENT