Monthly Archives: April 2008

Malware Licensing

Wow. More here.  And here.  And here (from the original Symantec Alert).  (For those who don’t want to click the links, a malware author inserted a EULA into their virus code.)

First, let’s be clear.  Even though the software could be used for malicious purposes, this doesn’t affect the ability to license it.  Copyright protection doesn’t have any exceptions when it comes to things that might be used in a bad way.  So, midway through the article where it says “While not legally binding…”, the author is incorrect.

However, what the software license holder would potentially have trouble with is enforcement. If you don’t want to make it known that you’re the one creating malware, it will be quite difficult to be public enough to obtain license compliance.

But I am impressed with the idea, as well as the creativity involved in coming up with their penalties (they threaten that they will turn a violator over to the antivirus companies and explain how to shut down the effects of the malware).

The best part of this is the statement from Symantec:  “Despite the clear licensing agreement and the associated warnings, this package still ended up being traded freely in underground forums shortly after it was released. It just goes to show you just can’t trust anyone in the underground these days. ;)”

Limitation of Liability

A contract is an allocation of risk and liability limits are a huge bone of contention.

Vendors want to limit their liability to very specific types of damages:  1.  They want to only be responsible for direct damages; and, 2. They only want to be liable up to a capped dollar amount.  Generally speaking, this is acceptable (we’ll talk about the dollar amount in a second), as it’s a question of reasonability.

With respects to the types of damages (direct, indirect, consequentials, specials, etc), direct damages (in a very layperson definition) are those that are connected to the cause of the liability.  So, for example, if Person A steals from Person B, the cost of the stolen goods would be direct damages.  But, in the event that the theft led to Person B being unable to complete another business transaction (and thus negatively impacting Person B), that negative impact would be “consequential.”  You can quickly see that damages other than directs can be hard to quantify or calculate – and someone who would be liable for more than directs would not have a good way to understand their total portfolio of liability.

For dollar amounts, most people used to say that you could reasonably ask for 3x the amount “spent” under the terms of the agreement.  But to be fair to both sides, any amount I might recommend here isn’t a fair assessment of damages.  When discussing software deals gone bad, I typically want every penny I’ve paid over the term of the agreement returned to me – this is less an exact science of knowing the amount of future damage and more of an understanding of what it costs to replace software once integrated into an environment.

With respects to both limitations on liability (type and amount), customers should be able to get three exceptions:  A.  Indemnification Obligations (including both IP and general indemnity), B.  Breach of Confidentiality, and C. Gross Negligence or Willful Misconduct.  These three things, in my (supported) opinion, are eligible for ALL forms of liability and without any financial limit, either.  In almost all cases, vendors do not challenge these exclusions from the limits.  They recognize, as does the customer, that indemnification is only valuable when unlimited, that breaches of confidentiality have far reaching implications, and that willful acts shouldn’t be capped, either.

However, even a generous vendor is only going to allow themselves to be “on the hook” for indemnification for software that they licensed in the form in which it was licensed, or for certain types of damages.  Modifications to the software, for example, usually prevent indemnification to the extent that the infringement is a result of those modifications and not based on the unmodified software received from the provider.  However, in many instances, vendors rely heavily on talking the customer through various issues via phone or via e-mail and they provide a variety of bug fixes in numerous ways.  It is advisable to change any language limiting liability as a result of modifications made by licensee to read “modifications made by customer unless authorized by provider.”  This allows for the ability of the customer to make changes to the software at the vendor’s direction but not remove the vendor’s liability for the changes that are made.

In some cases, vendors are concerned that even this language is not enough protection as the customer might not follow the directions/instructions provided by the vendor.  If that is the case, language such as “modifications made by customer unless authorized in writing by vendor and such modifications explicitly conform to the changes contained in the written authorization” can be used.  The net result is that the customer should not be harmed as a result of following the directions of the provider with respect to their software.

Recently, I’ve seen some significant push-back on the limitations section – a desire to avoid the exclusions and reductions in the financial amount, as well.  I’m pushing back and I continue to use one of my favorite bad-cop/jerk phrases when discussing what will happen if the vendor breaches confidentiality (“I want to own your company.”).  What’s happening in your deals?

Ahhh… and it comes full circle.

Well… while I do love to be right, I like it more when I can fit things into nice neat little boxes.  The Microsoft/Yahoo skirmish is playing out well for me in this way as we circle back around to a failure on the part of Microsoft to perform proper Information Gathering from the Five Fundamental Skills.  Scott Mortiz posits that Jerry Yang simply wants to know that he’s going to have a position of power within a combined organization, and that this is what is keeping Jerry from accepting Microsoft’s offer.  If that’s really the case, and Microsoft would’ve learned through a complete information gathering process that this is what Jerry really wanted, it’s amazing what might have been avoided in the last month.

The truth is that we all tend to forget that information gathering is a two-step process.  First, you have to identify your own needs and wants.  You have to figure out what you can live with and what you can give up.  Second, and perhaps more importantly, you have to go through the same identification of needs/wants for your opponent.  This is never as simple as asking.   It’s rare that a lot of folks go through the full information gathering process themselves and even if they did, they probably won’t tell you what they discovered.

This is where your abilities as a negotiator can really shine – plying the information out of the other side takes persistence, time and skill (and a little luck, too).  You have to ask questions, sometimes multiple times.  You have to listen to the answers given and the answers avoided.  And through it all, you have to be able to push aside your preconceptions of what you believe they want so that you’re receptive to what they really want.

Have you ever asked yourself what I want by writing this blog?  Have you figured out that I keep asking questions of you because I want to try to figure out what you want?  What’s the problem we both have?  Well, the most significant barrier we have is the lack of communication connectivity.  I write, you read.  It’s one-sided whereas successful communication requires a two-way street.  So what’s been my response so far?  I take guesses.  I try to write about things I think you’ll find interesting (and those that I find interesting to write about, too).  Sometimes I get a hit, sometimes not.  But I have noticed that when I responded to skribit, for example, interest in the issue was evident.  In other words, bi-directional communication worked when I listened to what you wanted and gave it to you.

The same could work for Microsoft… and what’s so interesting is how easy the “fix” can be once you know what the desires are. All you have to do is apply the Five Fundamental Skills.

Lines in the sand

I can’t remember the comedian who was discussing a war-torn area in the world and talking about the dictator who scratched a line in the sand and said “cross this line, and you’re dead.” When the opposition advanced forward over the line, the dictator repeated their behavior after taking a few steps backward. Three… four… five times. Ludicrous deadlines are meaningless. Repeating them over and over again in a failed attempt to create validity simply makes you sound foolish.

Which is exactly what Microsoft is doing to themselves. Since their line in the sand a week or two ago, Yahoo!’s stock has gone up, Microsoft’s has gone down. Microsoft is now saying that “Unless we make progress with Yahoo! towards an agreement by this weekend, we will reconsider our alternatives.  These alternatives clearly include taking an offer to Yahoo shareholders or to withdraw our proposal and focus on other opportunities.” (Microsoft Chief Financial Officer Chris Liddell).

So they’re not only continuing to threaten to go to Yahoo!’s board,  they’re now trying to give themselves a backdoor to get off stage and save face by withdrawing the proposal.

Ya know… I happen to know that Microsoft has several good contract negotiators both in their procurement and sales teams.   Apparently the C-level execs aren’t talking with them before they go and make these silly statements to the public.

Folks, if you’re going to use Power and Time, (or any other negotiation skill), use it properly and with an understanding of the consequences.  Don’t be Microsoft.  Please.

More on Letters of Intent

A few months ago, I discussed the reasons why I wasn’t in favor of letters of intent.  They’re simply poorly written contracts – and in most cases, they’re going to not cover the issue that causes a dispute over the relationship.

Consider the case of Alfred West vs IDT.  I trust that you can read the details, but the high-level on this is that West and IDT signed a two-page, handwritten contract (which, much to my amusement, contained the phrase “this is binding”) to the tune of several million dollars.

You know what’s going to happen – and sho’ nuff.  IDT terminated the relationship with West, West sued to enforce the contract.  As of today, the latest verdict gives him $10.5 million.

Folks:  Please do NOT sign letters of intent, term sheets or anything else that is NOT a full-blown agreement.  If you feel the need to do something like one of these documents (or you’re forced to by your business folks), please take these additional steps:

1.  State on the document that it’s NOT binding until a full agreement is later executed by both parties.

2.  Include “time-bomb” language that terminates the agreement in a very short window (so that even if it’s later determined to be a contract by a court of law, it will have expired).

3.  Try one more time to NOT do the letter of intent and push harder for completion of a full contract.  Show your business folks this post and explain the pitfalls of half-baked agreements.

Microsoft trying to convert you from perpetual to SaaS

Well, as I predicted years before I started writing this blog, Microsoft is now trying to convert the average home user from a perpetual software license model to “software as a service” (Saas).

My knee-jerk reaction is that this isn’t going to be good for the average (any) user – business or consumer.  But let’s play it out and see what happens:

In the current, perpetual model, the average cost of Microsoft Office 2007 is $119 (per Amazon.com).  This is a one-time expense and allows you to install Office on two machines (desktop and laptop) so long as you only use it on one machine at any given moment in time.  The average person never buys any kind of support for this product unless it’s a pay-per-incident issue that is SO complex that they can’t get help with it from friends or strangers via the internet.  But you do get all of the updates to the current version of the product (ie: if you’re on version 2004, you’d get all updates to 2004, but not get version 2007).

Because it’s a perpetual license, you can use this product FOR EVER, without ever having to pay another fee to Microsoft unless you want to upgrade to their latest version (which, at the time I’m writing this, happens about every 3 years per platform, alternating between PC and Macintosh).  From a depreciation perspective, if you were going to buy the latest and greatest version of the product every three years, you would divide the purchase price by 3 to find out your annual cost of ownership:  $39.67, which works out to $0.108/day.  Not too bad for the product that supports all of your e-mail, writing, spreadsheet and presentation tasks.

We don’t yet have pricing available for Microsoft’s new online offering, called Albany, but we do know that they’re going to bundle in a few already-available-for-free services.

We also know that Google already offers something quite similar (GoogleDocs) for free.  If you’re already a GoogleDocs user versus a Microsoft Office user, you have made a choice to go with one or the other for a reason (most would say that they choose Microsoft for “guaranteed compatibility” and “support if needed” … and Google users say that they want “openness”, “freedom” and “collaboration ability”).  I highly doubt that Microsoft is going to offer their product/service for free… but I’ve been wrong before.

However, this really isn’t about Microsoft versus Google – it’s about a bigger issue of whether a conversion from Perpetual Licensing to SaaS is really a benefit to either the vendor or the consumer.  Perpetual software users like not having to upgrade every time the vendor releases a “fix.”  They like knowing that they don’t have to keep paying for maintenance when the product hasn’t really changed much over time.  They like having a one-time depreciable expense (if they’re business users).  Oh, and they like knowing that if the vendor ever goes out of business, it doesn’t matter too much, since the software is installed locally.

SaaS offers a level of convenience not found with perpetual products.  You are always on the latest version, always covered by support and you have less of an administrative headache since the product isn’t installed locally.  Sure, you have to have greater bandwidth (I’m guessing Microsoft will actually have you download a full version of the product which will simply “phone home” every time you double-click on the product to use it).  But you give up the ability to sever your ties with the vendor yet continue using the product.

I like the SaaS model for some situations – I use one for my contract management system, for example.  But for everyday, standard use products?  Especially those in millions of homes world-wide?  I’m not sure we’re there yet.  I’m REALLY concerned about the quality of service – and the constant communication connection (from a privacy perspective) of all of these phone-home events.

What do you think?