Microsoft's Intrusive License Agreement Conflicts With Federal Banking Laws

by , 8:00 AM EDT, October 24th, 2002

In a recent Boston Internet.com article, a possible clause in the end user license agreement (EULA) for Microsoft's Windows 2000 Service Pack 3 and Windows XP Service Pack 1 might cause banks to inadvertently break federal laws. The story quotes Lester Warby, a chief information officer at the Seattle Metropolitan Credit Union, on his reading of the fine-print regarding Microsoft's "automatic update" feature. From the article:

That [the automatic update feature], says Warby, conflicts with federal regulations for financial institutions, such as the Gramm-Leach-Bliley Act of 2001. The new law, which goes into effect next May, forbids financial service companies from giving third parties access to customer data without express consent from the customer. European countries generally have even stricter data privacy laws.

"We're forced into a position where we're either out of compliance with Microsoft's licensing, which is not acceptable, or we're out of compliance with the law, which is not acceptable either. Under these circumstances, we'll probably change our operating system," says Warby.

While similar in function to Apple's own software update mechanism present in Mac OS X, which claims no right to access your Mac or your information, Microsoft's license agreement grants the company permission to obtain information from your computer through the automatic update feature. In past service packs to Windows, this has included searching the machine for unlicensed versions of software. From the Service Pack 1 license agreement for Windows XP:

Solely for the purpose of preventing unlicensed use of the applicable OS Software, the OS Components will include installation on your computer of technological measures that are designed to prevent unlicensed use, and Microsoft may use this technology to confirm that you have a licensed copy of the OS Software.

The license agreement for the aforementioned service packs also includes giving the update feature access to "software information" -- a vague term. From the Boston Globe article:

The term could include "information about proprietary systems, or about data," he says. "Does a stored procedure -- which could contain proprietary algorithms -- constitute software? Does the term include information about competitor's products, or about the use of software from a company with whom Microsoft might have a legal dispute?"

It doesn't stop there, either. What currently is an option in Windows may not be one in the future. The article says that Microsoft will eventually remove the ability for users to turn off automatic update, effectively giving Microsoft access to one's PC by default, through the licensing agreement. That is the problems that banks are seeing, and it could lead to banks leaving Microsoft behind, or lawsuits from either bank customers or the federal government if banks are in violation of the law.

More information on the license agreement and the law affecting financial institutions, as well as more of the opinions of Mr. Warby, can be found in the entire Boston Internet.com article.

The Mac Observer Spin:

Microsoft is going to find itself between a rock and a hard place. On the one hand, the company certainly wants the financial world's business. On the other hand, Microsoft is absolutely obsessed with controlling every aspect of its customers' computers. The company has shown this again and again.

While the Boston Internet.com article focuses on a specific instance where MS's EULA violates future federal laws (for financial institutions), this is an issue that will have an impact in other areas. The company is attempting to justify intrusions into computer systems with a simple and quiet update to a user agreement. Though that make their actions legal, it doesn't make them ethical.

The reality is that Microsoft will probably change its license agreement for banks (only) in order to not lose banking business. If it does so, however, it could open the floodgates for customers to start demanding that Microsoft get the heck out of their PCs.

Then again, the lemmings may just keep on marching towards the Microsoft cliff.

Let's contrast this with Apple's license agreement. A quick scan of Apple's EULA for Mac OS X reveals no sections whatsoever regarding rights the end user would grant to Apple -- especially in terms of access to information stored on a computer running Mac OS X. Apple manages to function quite nicely without those "rights," so why can't Microsoft?