Shrink-wrap and click-wrap agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation of a piece of software.
They may also be encountered as part of the documentation provided with new software or a hardware component. They may even be found, with some searching, in a file entitled “license.txt” or similar name on the installation CD on which a new piece of software is delivered. Businesses seldom read these terms in any detail, generally view them as non-negotiable, and accept them as a necessary evil.
The fact is, these types of agreements can present significant legal and business issues. They can place a business’ sensitive data at risk, expose the business to liability, compromise the business’ ownership of its own intellectual property, and cause the business to pay additional, unforeseen fees. Three specific examples:
- A bank’s CIO comes into work one morning to find a group of auditors sent by a software licensor demanding the right to access the bank’s computer systems and facilities to confirm the bank has properly used the software. When the CIO objects on the ground it cannot permit third parties to access its facilities and systems because it would put the bank’s highly sensitive data at risk, the auditors point to a provision in the software license agreement permitting the licensor an unlimited right to conduct onsite audits without prior notice. The bank had no grounds to object or it would find itself in breach of contract. The bank had to permit the auditors access to its facilities and systems even though the software license agreement had no confidentiality protection for the bank’s data.
- In another case, a small business signed up for a cloud-based service. A few months later, it received a letter claiming it was infringing the patent rights of a third party in its use of the cloud service. When the small business contacted the cloud service provider, it was shocked to find out that it had no protection under its cloud service agreement for this claim, even though the provider was the cause of the infringement. Worse yet, the cloud service agreement required the small business to indemnify and hold harmless the cloud provider for the cloud provider’s own wrongful actions in infringing the third party’s patent rights.
- Finally, a customer licensed a piece of software from a start-up company and spent time talking with the company about improving their software. Ultimately, the customer decided to take its ideas and create its own software for use within its business. The customer received a letter from the software company pointing out the customer could not use the customer’s own ideas to create its software. In fact, the software company was demanding the customer pay a substantial fee for the customer to continue use of the customer’s own ideas. When the customer objected, the software company pointed to a clause in its software license agreement that conveyed ownership of all rights from the customer to the software company relating to the customer’s ideas.
This article discusses some of the key risks inherent in these types of transactions. Specifically, the following areas are addressed:
- Defining what constitutes a “shrink-wrap” license; (Part 1)
- The types of products commonly licensed or sold under shrink-wrap agreements; (Part 1)
- How the products are typically purchased; (Part 1)
- The difference between proprietary software and, so-called, open source software; (Part 1)
- The types of terms and conditions generally found in shrink-wrap agreements; (Part 2)
- The inherent risks presented by making purchases under a shrink-wrap agreement; and (Part 2)
- Potential methods of addressing risk. (Part 2)
What is a “Shrink-Wrap” License?
The term “shrink-wrap” derives from the method by which software was distributed as a package of installation disks and associated documentation sealed by shrink-wrap cellophane. The accompanying end user license agreement was often itself packaged in shrink-wrap cellophane and placed on the outside of the package or included as the top most item in the package. Today, shrink-wrap agreements can take a variety of forms and are found in both software and hardware acquisitions. However, they all have a common structure: essentially non-negotiable terms and conditions that accompany the product. The terms may appear as part of the documentation accompanying the product, as part of an on-line purchase process whereby the terms are displayed (and the purchaser, potentially, required to affirmatively click an “accept” button as part of the process), or presented to the purchaser on first use of the application as part of the installation process.
If the terms are displayed electronically, either online or in connection with the installation process, they are often referred to as “click-wrap” terms. For purposes of this discussion, there is no difference between click-wrap and shrink-wrap terms.
Courts in the United States have almost uniformly found that these types of agreements are enforceable (Conference America Inc. v. Conexant Sys. Inc., M.D. Ala., No. 2:05-cv-01088, 9/10/07). In fact, courts have held them enforceable even if the customer failed to read them (Druyan v. Jagger, S.D.N.Y., No. 06-cv-13729, 8/29/07).
Products Purchased Under Shrink-Wrap Agreements — Common Elements
While there are no bright-line rules as to the specific types of products that are made available under shrink-wrap agreements, the following are common elements:
- The product typically has a relatively low cost per unit (e.g., less than $20,000). While the cost per unit for a given product may be low, or even trivial (e.g., less than $100), the total cost to the organization should not be overlooked (e.g., 1,000 units at $100 per unit results in aggregate fees of $100,000). An easy example would be a copy of Microsoft Word or Adobe Acrobat. Essentially all open source software is licensed under shrink-wrap terms;
- The product is provided “off-the-shelf,” meaning that it is not customized for the purchaser. Each purchaser purchases the exact same version of the product as every other purchaser, without modification;
- The product requires very little implementation effort. The purchaser generally assumes all of the installation effort without obtaining professional services from the vendor or a third party;
- The product is generally not mission critical; and
- The product is typically well understood and established in the marketplace. Frequently, the product is available for trial and evaluation before a license is required.
The above are, of course, only generalities. It is important to note that there are many instances in which shrink-wrap agreements are used for the purchase of products that cost hundreds of thousands of dollars, require extensive customization and a significant implementation effort, and are mission critical to the organization. As discussed below, the risk of the products purchased under a shrink-wrap model can increase dramatically when the proposed application varies from the foregoing common elements.
Methods of Purchasing Shrink-Wrap Products
There are essentially two means of purchasing shrink-wrap products. First, the product can be directly purchased from the vendor that created it (e.g., downloading a copy of Acrobat from Adobe’s Web site). Second, the product can be purchased through a reseller or similar entity that is authorized by the vendor to distribute the product.
One benefit of using a reseller is the potential to license and purchase products, particularly large orders, at a substantial discount. Another advantage is the possibility of negotiating an enterprise or master contract with favorable legal and business terms for all licenses and purchases made through the reseller. In many instances, however, the use of resellers results in the licensee or purchaser obtaining substantially less favorable terms than if the licensee or purchaser directly negotiated with the vendor and eliminated the use of the reseller. Resellers generally insist on highly protective agreements that absolve them of liability for the products they distribute.
Any protections relating to the products are provided in the form of non-negotiable shrink-wrap agreements from the manufacturers or, worse yet, provided through Web sites that may change at any time. In either case, the product terms are (i) non-negotiable, and (ii) almost always very minimal, offering little in the way of substantive warranties and indemnities. A growing number of manufacturers are turning to reseller arrangements for the express purpose of avoiding having to extend appropriate, market-based contractual protections to their customers.
Reseller arrangement should generally only be considered when the product satisfies the common elements described above (e.g., low fees, non-critical use, off-shelf, well established, potentially trialed, etc.) and the cost-benefit of proceeding with transaction is justified. This usually means the reseller will be used for the purchase of a narrow range of pre-approved products for the organization. For example, purchases of standard office productivity applications (e.g., Microsoft Word, Adobe products, etc.).
Proprietary Versus Open Source Software
Software licensed under shrink-wrap terms can be broadly grouped into two categories: proprietary software and open source software.
Proprietary software is software that is generally developed by a single vendor, licensed for a fee, furnished in object code form only (i.e., the licensee has no access to the source code or the actual programming for the software), and provided under a license agreement that is specific to that vendor. Purchasers generally have no right to modify proprietary software. In contrast, open source software is software that is generally developed by multiple developers, provided without charging a license fee, for which the licensee is furnished with a complete copy of the source code and is encouraged to modify the software.
This 2 -part blog focuses only on the licensing of proprietary software. Open source software raises a different set of issues that are beyond the scope of this discussion.
Click HERE to continue to Part II of this blog…
**Note** Originally published on CSO Online by Michael R. Overly. See original article here.
Michael R. Overly
Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law. Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices.
Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.
Recognition
In 2010 – 2015, The Legal 500 recognized Mr. Overly for his information technology work in the U.S. In 2005, he was selected for inclusion in the Southern California Super Lawyers® list and also was honored by Los Angeles Magazine for this recognition. In addition, Mr. Overly was recognized by Chambers USA for his IT & outsourcing work (2013 – 2016).
Education
Mr. Overly is a graduate of Loyola Law School (J.D., 1989), where he was articles editor of the Loyola Law Review and elected to Order of the Coif, and Texas A&M University (M.S., electrical engineering, 1984; B.S., 1982). He was admitted to the California Bar in 1989.
Professional Memberships
Mr. Overly is chair of the Legal Working Group for the Cloud Standards Customer Council, an end user advocacy group dedicated to accelerating cloud’s successful adoption, and drilling down into the standards, security and interoperability issues surrounding the transition to the cloud. He is also a member of the Computer Security Institute, the Information Systems Security Association, the Computer Law Association, and the International Technology Law Association.
Thought Leadership
Mr. Overly’s numerous articles and books have been published in the United States, Europe, Korea, and Japan. He has been interviewed by a wide variety of print and broadcast media (e.g., the New York Times, Los Angeles Times, Business 2.0, Newsweek, ABCNEWS.com, CNN, and MSNBC) as a nationally recognized expert on technology and security related matters. In addition to conducting seminars in the United States, Norway, Japan, and Malaysia, Mr. Overly has testified before the U.S. Congress regarding online issues.
Selected Publications
- A Guide to IT Contracting: Checklists, Tools and Techniques (CRC Press; December 2012)
- The Executive MBA in Information Security (CRC Press 2009)
- Negotiating Telecommunication Agreements Line-by-Line (Aspatore Press 2005)
- Software Agreements Line-by-Line (Aspatore Press 2004)
- The Open Source Handbook (Pike & Fisher 2003)
- Overly on Electronic Evidence (West Publishing 1998)
- E-Policy: How to Develop Computer, E-Mail, and Internet Guidelines to Protect Your Company and Its Assets (American Management Association 1998)
- Document Retention in The Electronic Workplace (Pike & Fisher 2001)
[Disclaimer: The information on this blog or article is provided without any warranty or guarantee, does not provide legal advice to the reader, and does not create an attorney-client relationship with the reader. Any opinions expressed in this blog or article are those only of the author and do not necessarily reflect the views of the author’s law firm or any of the author’s or the law firm’s clients. In some jurisdictions, the contents of this blog or article may be considered Attorney Advertising.]