UCITA still haunts IT
Computerworld - WASHINGTON -- It's been called a time bomb, code capable of disabling software, and some users fear its use could become pervasive if the controversial software law UCITA succeeds.
The Uniform Computer Information Transaction Act (UCITA), due for a renewed push for state-by-state adoption next year, lets vendors include code to trigger a shutdown if, for instance, a user's license has expired.
It's a type of code that poses operational and security issues for IT, said Ken Tyminski, chief security officer at Prudential Financial in Newark, N.J. A time bomb, or a software restraint, is a potential bug that can be triggered without warning, sending business systems crashing. Or it can be activated maliciously and give hackers a back door to your network.
"That, to me, is very, very dangerous for the [insurance] industry and companies at large," Tyminski said. In response, Prudential is ensuring that its vendor contracts prevent any use of these systems.
This type of code "can cripple the business, and it can do it in a method where there has been absolutely no due process, there has been no chance at remediation, no chance at explanation," he said.
The mere existence of restraint software or time bombs also raises security issues. Robert O'Connor, director of network integration services at Pennsylvania State University in University Park, warns, for instance, that a disgruntled former vendor employee could trigger such a system. "I don't trust anything like that," he said.
This concern about software restraints in a section of UCITA called "electronic regulation of performance" underscores the ongoing fears that users have about this complex software licensing law.
UCITA's authors, the National Conference of Commissioners on Uniform State Laws, tried to appease opponents by removing a "self-help" provision that would allow a vendor to remotely disable software in a contract dispute. But that change simply shifted attention to other parts of the law.
For example, the Institute of Electrical and Electronics Engineers Inc. in New York claims that UCITA's provisions give vendors the right to build in back doors, creating a potentially dramatic shift in software licensing.
"The industry is pushing very hard to turn it into a mainframe licensing model, where you will pay for your software on a year basis," said Alan Plastow, president of the International Association of IT Asset Managers in Akron, Ohio. "That requires the use of automatic restraints or it requires the use of a metering process."
But users aren't jumping on board. Also, Microsoft Corp. has said it has no plans to use embedded self-help features.
The use of software restraints won't help vendors win contracts with large enterprises, said Steve McHale, an analyst at IDC in Framingham, Mass. But such techniques could be attractive to vendors of pricey programs, such as engineering software systems.
Critics also assail UCITA because it protects vendors from liability. The Center for National Software Studies, formed earlier this year, is examining the problems with software quality and is working on a set of recommendations. UCITA's liability-limiting provision gives vendors little incentive to worry about the consequences of mistakes, said Alan Salisbury, who heads the Camp Springs, Md.-based center.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Gov't Legislation/Regulation White Papers | Webcasts