December 15, 2024

A Software License Agreement Takes it On the Chin

[Update: This post was featured on Slashdot.]

[Update: There are two discrete ways of asking whether a court decision is “correct.” The first is to ask: is the law being applied the same way here as it has been applied in other cases? We can call this first question the “legal question.” The second is to ask: what is the relevant social or policy goal from a normative standpoint (say, technological progress) and does the court decision advance that goal? We can call this second question “the policy question.” Eric Felten, who addressed my August 31st post at length in his article in the Wall Street Journal (Video Game Tort: You Made Me Play You), is clearly addressing the policy question. He describes “[t]he proliferation of annoying and obnoxious license agreements” as having great social utility because they prevent customers from “abusing” software companies. What Mr. Felten fails to grasp, however, is that I have not weighed in on the policy question at all. My point is much simpler. My point addressed only the legal question and set forth the (apparently controversial) proposition that courts should be faithful to the law. In the case of EULAs, that means applying the same standards, the same doctrines, and the same rules as the courts have applied to analogous consumer contracts in the brick and mortar world. Is that too much to ask? Apparently it was not too much to ask of the federal court in Smallwood, because that was exactly how the court proceeded. Mr. Felten’s only discussion of why the Smallwood decision may be legally incorrect involves the question of whether or not “physical” injury occurred. Although this is an interesting factual question with respect to the plaintiff’s “Negligent Infliction of Emotional Distress” claim (count 7), the court found it irrelevant with respect to the plain-old negligence and gross negligence claims (counts 4 and 5). These were the counts that my original blog post primarily addressed. It’s hard to parse Prof. Zittrain’s precise legal reasoning from the quotes in Mr. Felten’s article, but it’s possible that the two of us would agree on the law. In any event, Mr. Felten is content to basically bypass the legal questions and merely fulminate–superficially, I might add–on the policy question.]

The case law governing software license agreements has evolved dramatically over the past 20 years as cataloged by Doug Phillips in his book The Software License Unveiled. One of the recent trends in this evolution, as correctly noted by Phillips, is that courts will often honor contractual limitations of liability which appear in these agreements, which seek to insulate the software company from various claims and categories of damages, notwithstanding the lack of bargaining power on the part of the user. The case law has been animated, in large part, by the normative economics of Judges associated with the University of Chicago. Certain courts, as a result, could be fairly criticized as being institutionally hostile to the user public at large. Phillips notes that a New York appellate court, in Moore v. Microsoft Corp., 741 N.Y.S.2d 91 (N.Y. App. Div. 2002), went so far as to hold that a contractual limitation of liability barred pursuit of claims for deceptive trade practices. Although the general rule is that deceit-based claims, as well as intentional torts, cannot be contractually waived in advance, there are various doctrines, exceptions, and findings that a court might use (or misuse) to sidestep the general rule. Such rulings are unsurprising at this point, because the user, as chronicled by Phillips, has been dying a slow death under the decisional law, with software license agreements routinely interpreted in favor of software companies on any number of issues.

It was against this backdrop that, on August 4, 2010, a software company seeking to use a contractual limitation of liability as a basis to dismiss various tort claims, met with stunning defeat. The U.S. District Court for the District of Hawaii ruled that the plaintiff’s gross negligence claims could proceed against the software company and that the contractual limitation of liability did not foreclose a potential recovery of punitive damages based on such claims. Furthermore, the matter remains in federal court in Hawaii notwithstanding a forum selection clause (section 15 of the User Agreement) in which the user apparently agreed “that any action or proceeding instituted under this Agreement shall be brought only in State courts of Travis County, State of Texas.”

The case is Smallwood v. NCsoft Corp., and involved the massively multiplayer, subscription-based online fantasy roll-playing game “Lineage II.” The plaintiff, a subscriber, alleged that the software company failed to warn of the “danger of psychological dependence or addiction from continued play” and that he had suffered physically from an addiction to the game. The plaintiff reportedly played Lineage II for 20,000 hours from 2004 through 2009. (Is there any higher accolade for a gaming company?) The plaintiff also alleged that, in September of 2009, he was “locked out” and “banned” from the game. The plaintiff claimed that the software company had told him he was banned “for engaging in an elaborate scheme to create real money transfers.” The plaintiff, in his Second Amended Complaint, couched his claims against the software company in terms of 8 separate counts: (1) misrepresentation/deceit, (2) unfair and deceptive trace practices, (3) defamation/libel/slander, (4) negligence, (5) gross negligence, (6) intentional infliction of emotional distress, (7) negligent infliction of emotional distress and (8) punitive damages.

The software company undertook to stop the lawsuit dead in its tracks and filed a motion to dismiss all counts. The defendants argued, among other things, that Section 12 of the User Agreement, entitled “Limitation of Liability,” foreclosed essentially any recovery. The provision, which is common in the industry, purported to cap the amount of the software company’s liability at the amount of the user’s account fees, the price of additional features, or the amount paid by the user to the software company in the preceding six months, whichever was less. The provision also stated that it barred incidental, consequential, and punitive damages:

12. Limitation of Liability
* * *
IN NO EVENT SHALL NC INTERACTIVE . . . BE LIABLE TO YOU OR TO ANY
THIRD PARTY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL,
PUNITIVE OR EXEMPLARY DAMAGES . . . REGARDLESS OF THE THEORY
OF LIABILITY (INCLUDING CONTRACT, NEGLIGENCE, OR STRICT
LIABILITY) ARISING OUT OF OR IN CONNECTION WITH THE SERVICE,
THE SOFTWARE, YOUR ACCOUNT OR THIS AGREEMENT WHICH MAY BE
INCURRED BY YOU . . . .

The Court considered the parties’ arguments and then penned a whopping 49-page decision granting the software company’s motion to dismiss, but only partially. The Court determined that the User Agreement contained a valid “choice of law” provision stating that Texas law would govern the interpretation of the contract. However, the Court then ruled that both Texas and Hawaii law did not permit people to waive in advance their ability to make gross negligence claims. The plaintiff’s remaining negligence claims survived as well. The claims based on gross negligence remained viable for the full range of tort damages, including punitive damages, whereas the straight-up negligence-based claims would be subject to the contractually agreed on limitation on damages.

The fact that the gross negligence claims survived is significant in and of itself, but in reality having the right to sue for “gross negligence” is the functional equivalent of having the right to sue for straight-up negligence as well—thus radically broadening the scope of claims that (according to the court) cannot be waived in a User Agreement. Although it is true that negligence and gross negligence differ in theory (“negligence” = breach of the duty of ordinary care in the circumstances; “gross negligence” = conduct much worse than negligence), it is nearly impossible to pin down with precision the dividing line between the two concepts. Interestingly, Wikipedia notes that the Brits broadly distrust the concept of gross negligence and that, as far back as 1843, in Wilson v. Brett, Baron Rolfe “could see no difference between negligence and gross negligence; that it was the same thing, with the addition of a vituperative epithet.” True indeed.

The lack of a clear dividing line is an important tactical consideration. A plaintiff often pleads a single set of facts as supporting claims for both negligence and gross negligence and—in the absence of a contractual limitation on liability—expects both claims to survive a motion to dismiss, survive a motion for summary judgment, and make it to a jury. When the contractual limitation of liability is introduced into the mix, and the plaintiff is forced to give up the pure negligence claims, it hardly matters: the gross negligence claims—based on the exact same facts—cannot be waived (at least under Texas and Hawaii law) and therefore survive, at least up to the point of trial. Courts will not decide genuine factual disputes—that is the function of the jury. This is usually enough for the plaintiff, since the overwhelming majority of cases settle. Thus, a gross negligence claim, in most situations, is the functional equivalent of a negligence claim. For these reasons, the Smallwood decision, if it stands, may achieve some lasting significance in the software license wars.

Comments

  1. the game “Lineage II” has a warning “within the game itself” like a prompt telling you that you have been playing for “x amount” of hours, every hours.

  2. [REPOST: apparently intact http links are verboten. You could have bothered to tell us this up front you know.]

    I can’t say I agree with this. EULAs are evil, but this is the wrong part to attack.

    The software industry has enjoyed tremendous innovation, partly fueled by low barriers to entry. Part of that has been that publishing new software carries low legal liability exposure (if you avoid blatant copyright infringement and other easily-avoided legal pitfalls). Two things threaten to make difficult-to-avoid liability exposure much worse for software publishers now:

    1. Software patents.

    2. Pushes to increase “product liability” exposure of software authors and distributors.

    The general understanding has been that software is generally buggy and not 100% reliable; users should save their work often; mission critical operations especially should keep backups and perform testing of new/changed software before deploying it organization-wide in a difficult-to-undo manner.

    Software companies should be liable for direct damages (basically, for a refund if it doesn’t perform at all as advertised and they can’t or won’t patch it so it does) and for deceptive practices and intentional torts only.

    The area where EULAs need reining in is not in their disclaimers of warranty and liability, but in their attempts to impose restrictions on end use that go far beyond the exclusive rights enumerated in copyright law.

    These restrictions are not found on other products, even those such as books that contain copyrighted content; you buy it you own it, modulo the exclusive rights in copyright law.

    (And thus, the phrase “in the case of EULAs, that means applying the same standards, the same doctrines, and the same rules as the courts have applied to analogous consumer contracts in the brick and mortar world” becomes void since there are no “analogous consumer contracts in the brick and mortar world”. Have you ever bought a book or a TV or something, conducted your transaction with the retailer, gotten it home, opened it, and then found inside an attempt by the *manufacturer*, whom you have no direct dealings with, to claim you’re bound by a contract of adhesion with them?)

    Further, EULA use-restrictions’ force rests on a legal fiction: that subsequent to purchase of software on media, to copy it to your computer as part of installation you require additional permission of the copyright holder to make that copy and thus must enter into an agreement with the manufacturer during the install process (when the EULA is traditionally presented). The install process EULA presentation is clearly meant to reinforce the notion that the copyright holder must bless each install for it to be legal, and yet that’s explicitly not the case.

    From http : //en.wikisource.org/wiki/United_States_Code/Title_17/Chapter_1/Section_117 we have this section of Title 17 (the US Copyright Code):

    § 117—Limitations on exclusive rights: Computer programs

    (a) Making of Additional Copy or Adaptation by Owner of Copy.—

    Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:

    (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner

    This clearly is blanket authorization to install, and to load into RAM, software you own, given that such is “an essential step in the utilization of the computer program”, as is generally the case.

    YOU DO NOT NEED THE COPYRIGHT HOLDER’S PERMISSION TO INSTALL, in other words, given that you obtained a copy on media lawfully (e.g. by retail purchase of the copy).

    This means that the EULA expects you to trade away some of the rights you’d normally have under fair use and accept additional restrictions that go far beyond the ones enumerated as exclusive rights (copying, preparing derivative works, broadcasting/performing) in exchange for permission to install which YOU DON’T NEED ANYWAY. So, in exchange for nothing you did not already have.

    That makes it a totally one-sided contract. ONLY the statements of waiver of warranty and liability should stand in the typical case! (And yes, any waiver-of-liability terms for things like deceptive practices on the part of the vendor clearly do overreach and should also be void.)

    • …we just put them in a moderation queue to avoid spam, as explained by the message you got when trying to post. No need to re-post.

      • Actually, there is a need to repost. If I don’t; if I just go away; and a while later it becomes apparent that the post is failing to appear (as indeed the original has yet to appear here); then it is forever lost since my browser will by then retain no record of its text. Web form contents are ephemeral; they must be preserved when the user hits submit unless you’re 100% certain they’re spam.

        Or are you expecting users to leave a tab open on your site with their not-yet-posted post in a form, for however long it takes before the post appears (if it ever does), and meanwhile risking loss if the power goes out or Windows needs to restart to apply some update or another?

        The ergonomics just doesn’t work. That’s mostly the fault of web browser/web form nature in general rather than specific to this site.

        On the other hand, there is a much easier way: just add a captcha to the submission form. That will weed out all automated submissions and allow legitimate posters who post successfully to see the results immediately and be secure in the knowledge that they need not preserve the form contents locally anymore. No delays and nothing getting lost in the mail (or even mistaken for spam when it’s not).

        I suggest you do this. Get rid of the two-week timeout on commentability and the “moderation queue” or whatever you called it and replace both with a captcha that all posts require to be successful.

  3. Michael Donnelly says

    It comes up a lot and I hate seeing it cited like that.

    The lawsuit was not frivolous. The coffee handed to that woman was significantly hotter than other chains’ coffee. She had third-degree burns over 6% of her skin and second-degree over 16%. She also tried to settle very reasonably and McDonald’s refused.

    It’s an interesting negligence case and a nice read over at Wikipedia.

  4. tushar nene says

    i’m a world of warcraft player myself – the EULA i agreed too seemed to be far more specific than the excerpts i’ve read from lineage 2, going into enough detail to actually claim loss of goodwill and work stoppage in their section on limit of liability and indemnity.

    anyway, in this case, i’m surprised that the judge let any of the charges stand. considering that the user’s account was banned in the past for direct EULA violation involving real cash transfers, in my head the situation points to this guy being a fraud. my mind immediately went to the mcdonalds coffee lawsuit. frivolous but unfortunately it seems that enough loopholes exist for this kind of stuff to be successful in court. let’s hope he doesn’t get addicted to litigation.

    what a month for software lawsuits though – first paul allen vs the internet, now this.

  5. This judge is going to get slapped pretty hard for allowing this claim in when this thing goes to appeal. Don’t be surprised if his expansion of users’ rights gets thrown into the mix when the appela decision gets written, as further evidence of the judge’s lunacy.

    If anything, this decision is going to set user rights back, by associating them with such a wacky decision in such a wacky lawsuit.

  6. If this party did have addiction it was not from game content. There is something else that will cause apparent addiction when computers are used in unprotected workspace Subliminal Distraction exposure.

    Video game manufacturers as well as computer manufacturers are unaware of a simple problem discovered when it caused mental breaks for office workers forty years ago. The cubicle was designed to deal with the vision startle reflex to prevent Subliminal Distraction exposure by 1968.

    It does require repeating detectable movement in peripheral vision while the game if being played. But that can be supplied by any number of sources. In the case of the Everquest addiction uproar of 2002 Tommy Stein had an aquarium with a single huge fish in it just an arm’s reach from him on his right. When Ben Stein sent him away to school his addiction and bizarre behavior stopped.

    All software and computers should have a warning that Subliminal Distraction exposure can cause bizarre behavior as well as psychosomatic complaints.

    This has happened in 14 elementary schools in Ontario Canada where parents believe WiFi EMR is responsible for medical complaints of students using laptops in those schools.

    Video and pictures used by news sources to illustrate computer use in the schools show students crowded together, sitting in each other’s peripheral vision, without Cubicle Level Protection, That’s Subliminal Distraction exposure. VisionAndPsychosis.Net is a seven year investigation of SD.

  7. Steve, I understand that you’d like to weaken the power of EULAs to reduce software publishers’ legal liability. But what about this particular lawsuit’s claims of liability? Do you believe that online game companies should be held liable for the “addictiveness” of their games? And if not, what does it say about your overall position that its practical effects likely include the proliferation (and in this case, quite possibly the success, given this ruling) of liability lawsuits of this type? Do you really think such a result would be good for software users, let alone for the industry?

    • Dan, My overarching concern with judicial decisions involving EULAs is that there has been a judicial tendency to abandon precedent and the doctrines of contract law in favor of reasoning based on economic theororizing. When the economic theory goes out of favor, one is left with decisional law that is a mess–a problem for a precedent-based system like the one we have in the U.S. The law is inherently conservative, and when “bad” decisional law gets cooked into precedent, it takes a long time to dial it back and undue the damage. As for addictiveness claims, I think that they will be especially difficult to establish in this, and other matters. In the abstract and off-the-cuff, my perception is that economic-based claims (as opposed to bodily injury/addiction claims) would tend to have more merit, and perhaps more outside the traditional gaming industry than within it. The next round of interesting proceedings in the present case will be summary judgment motions, and I expect those applications to be hard fought.

      • My problem with EULAs and that I’m pretty sure would not hold up in court in my country (Norway) is the limitations on use. We have no DMCA and we have very good free use laws. Bnetd case and similar where companies can stopgate someone from free use (eg circumventing cdkey protection on something you own or create Bots/hacks) I find ridiculous.

        You buy something, you own it.

        I do though find this particular case ludicris as suing a gamecompany for addictiveness is about as borderline mental as suing McDonalds/Burgerking for getting scolded over a hot cup of cofee… “THey hadn’t marked it being scolding”…

        Isn’t it about time the US judicial system gets an overhaul?