Even assuming that Respondents have the right and ability to deliver such software to end users, there can be no way to ensure that software updates are installed, and stay installed. End users ultimately have control over which software is on their computers. If an end user does not want a software update, there is no way to make her take it.
This point mattered because Hollywood had suggested that Grokster should have used its software-update facility to deploy filtering software. (Apparently there is some dispute over whether Grokster had such a facility. I don’t know who is right on that factual question.)
Picker wonders whether ordinary users can really exercise this control in practice. As he notes, the user can disconnect from the net, but that’s too high a price for most people to pay. So how can users prevent updates?
The easiest method is simply to write-protect the program’s files or directories, so that they can’t be changed. Alternatively, the user can make a backup copy of the software (perhaps by copying it to another directory) and restore the backup when an update is installed.
Standard system security tools are also useful for controlling automatic updates. Autonomously self-updating programs look a lot like malicious code – the program code changes on its own (like a virus infection); the program makes network connections to odd places at odd times (like spyware); the program downloads and installs code without asking the user (like a malicious bot). Security tools specialize in identifying and blocking such behaviors, and the tools are reasonably configurable. Personal firewalls, for example, can block a program from making unapproved network connections. Some firewalls even do this by default.
Finally, a skilled person can figure out how to patch the program to disable the auto-update feature. He can then encapsulate this knowledge in a simple tool, so that other users can disable their auto-update by downloading the tool and double-clicking it. (This tool may violate copyright by modifying the program; but if we trusted users to obey copyright law we wouldn’t be having this conversation.)
The bottom line is that in computer security, possession is nine-tenths of control. Whoever has physical access to a device can control what it does. Whoever has physical control of a computer can control what software is installed on it. And users have physical control of their PCs.
A followup question is whether you can program the software to shut itself off if the user blocks updates for too long. As far as I know, nobody is claiming that Grokster had such a capability, but in principle a P2P system could be designed to (try to) work that way. This raises interesting issues too, but I’m approaching my word count limit so I’ll have to address them another day.