The Google Nexus One “superphone” has been attracting a great deal of media coverage since its launch last week – though the coverage has turned sour for Google today, with widespread reports of customer dissatisfaction as early adopters receive their new purchases.
Most complaints relate to technical problems (such as getting the phone connected to a 3G network) or to the availability (or otherwise) of discounted deals. A further layer of “meta-complaints” then quickly sprang up as people expressed their dissatisfaction with how Google had handled their original complaints. However, the complaint that caught my eye was the seemingly more minor one of the 190 MB limit on installed applications.
The Nexus One’s storage capacity can be expanded to 32 GB using a Micro SD card. However, at present applications have to be installed on the phone’s internal memory of 512 MB. In practice the amount of space available is reported at only 190 MB. Google explained at the Nexus One launch event that this is to “protect [software developers] from piracy”, and that they are working on other means to achieve this through encryption.
The point is that it is Google that has imposed this restriction, not the customer who buys the device. If I buy a netbook – a concept seen by some as threatened by the rise of the smartphone – I can install any software I like on it and use the hardware as I choose. (Indeed, the netbook on which I’m typing this has an entirely different operating system from the one with which it was supplied). If I buy a smartphone, I’m subject to whatever restrictions the manufacturer and/or network operator decide to impose on it (a point made eloquently by Jeff Atwood in this post).
This highlights a wider problem as we move into an era of mobile technology and cloud computing: who’s in control? As computers move into our pockets and our software and data move out into the cloud, we gain a great deal in convenience, but we may be losing out on control. At the very least, we need to make sure we understand the trade-offs we’re making, whether as individuals or businesses.
This morning, Google has launched Google Dashboard, a “privacy dashboard” intended to help users see what information Google holds about them across its various services.
Google is able to track a huge proportion of its account-holders’ online activities. Google has my personal emails (27,473 conversations since 2004), my personal contacts’ details, a full history of my web searches and of much of my web browsing. It knows what videos I’ve watched on YouTube, and what RSS feeds I’ve read through Google Reader.
It’s useful to have this summary of the different ways in which Google knows about us. That said, does this really tell us what Google knows? As any company in the data management business can confirm, the power of personal data comes not from the raw information, but from the ability to analyse that information in order to identify patterns of behaviour and so on.
So a criticism that could be made of Google Dashboard is that it is an example of “informing to conceal”. We are given apparently comprehensive details of the information Google possesses about us. But the real privacy concerns – not to mention the commercial value to Google of the information – comes from what they are able to deduce about us from this information: and that, not surprisingly, they are keeping to themselves.
One of the most unloved (and unread) features of commercial websites, the “disclaimer”, may have been given a new lease of life by a recent court decision which appears to have endorsed a disclaimer as a means of avoiding liability for inaccurate statements made on a website. However, in my view this case is not an endorsement of website “small print” so much as a sensible refusal by the courts to impose costly duties of care on websites providing information to the public.
Gary and Karen Patchett were suing the Swimming Pool and Allied Trades Association (SPATA) after their swimming pool contractor – whose details they had obtained from SPATA’s website – ceased trading. The Patchetts claimed that SPATA’s website had failed to make it clear that the contractor was only an “associate member”, and thus not covered by SPATA’s insurance scheme.
The court held that SPATA did potentially owe a duty to the Patchetts, as the site was directed only to those planning to have swimming pools installed rather than the general public at large. However, SPATA was not liable, because (as Lord Clarke put it in his judgment), “when the website is read as a whole, it urges independent enquiry” before people made a buying decision.
In particular, Lord Clarke singled out the following statement on the site:
“SPATA supplies an information pack and members lists which give details of suitably qualified and approved installers in the customer’s area. The pack includes a Contract Check List which sets out the questions that the customer should ask a would-be tenderer together with those which must be asked of the appointed installer before work starts and prior to releasing the final payment.”
Had the Patchetts requested the information pack and members list, they would have seen that their contractor was not a full member of SPATA, and hence SPATA were not liable for the inaccurate statement on their website.
What are the implications of this for businesses with websites providing information to the public?
1. Don’t panic
Many lawyers will be taking this opportunity to encourage their clients to review their website “disclaimers”, warning them of the dangers this case poses to those who fail to do so.
However, the first lesson to draw from this case is the courts’ reluctance to impose a duty of case on website owners to those using their sites, even where a website is directed towards a specialised audience who are likely regard it as authoritative (as in the case of SPATA).
2. Be alert
That said, the case does show the need to ensure information on commercial websites is kept accurate. SPATA may have fought off the Patchetts’ claim, but the inaccurate and misleading information on their website will have cost them dearly in legal costs (not all of which they will be able to recover from the Patchetts), lost management time and adverse publicity.
SPATA were not saved by a legalistic disclaimer buried on an obscure corner of their website. Looking at their 2006 site on the Internet Archive, the statement about their information pack was set out on the first-linked page from their welcome page. There is every reason (including a famous Lord Denning judgment) to believe that the courts will look less favourably at the sort of small-print verbiage lurking on many sites behind the “Terms and conditions” link.
The lesson is not “rely on your lawyers” but “make sure you are clear and accurate in the first place”.
3. Follow the money
A final practical observation. The reason SPATA ended up in court was, in the end, because the Patchetts’ contractor had gone bust and had no money with which to compensate them. SPATA did have resources to meet a claim, and hence the Patchetts (quite reasonably) sought redress from them.
Even if your involvement in a transaction is pretty tangential – there was no direct contact between the Patchetts and SPATA, beyond Mr Patchett’s accessing their website – if you are the “last person standing” with any money, then you may well be a target for legal action. As observed above, this is a far from pain-free experience even if you eventually win.
This should concentrate businesses’ minds on making sure they get their website content right. It is notable that, looking at SPATA’s current website, they appear to have concentrated on removing room for misunderstanding rather than adding legalistic disclaimers.
That strikes me as the right approach – but (and you knew this was coming, didn’t you?) my firm’s insurers will want me to emphasise that (like everything else on here) this is my personal view and should not be relied upon as legal advice!
One of the benefits of cloud computing is that it allows applications to be updated easily without the involvement of end-users. On the other hand, one of the biggest risks of cloud computing is that it allows applications to be updated easily without the involvement of end-users, exposing them to security risks or unwelcome changes in functionality.
A small, but telling, illustration of this is a recent incident with the Google Reader Notifier. This is a small add-on for the Firefox browser that helps people keep in touch with their RSS feeds on Google Reader by putting a small notifier on their status bar. It’s an ideal application of small-scale cloud computing: it means people can keep track of their feeds in an unobstrusive manner from any computer on which they have the notifier installed. I’ve been using it for some time.
Today, however, I noticed a new and highly unwelcome addition to my toolbar: an ugly and intrusive link to “eBay: UK Site” (see right for a similar version, from here). I had no idea where this had come from, but a quick foray onto Google revealed that the culprit was the latest update to the Google Reader Notifier. Like many others, I have now uninstalled this add-on, thus solving the problem, and a cascade of one-star reviews is likely to reduce the number of people installing the add-on in future.
This is a small incident in itself, but it does highlight a couple of issues of more general application.
- As browsers become more complex – complex enough to become operating systems in their own right – the number of potential vulnerabilities increases accordingly. In this case, it was a simple matter to uninstall the add-on and remove the problem – but in the meantime, those people using the add-on have had their privacy and computer security compromised.
- It demonstrates the need for businesses to take care in how they use cloud computing. Many free-of-charge cloud applications are of high quality and usefulness, making them tempting to use for business purposes. However, they are weak on legal protection and transparency: businesses using them may have no comeback for outages or poor service, and are vulnerable to sudden changes in the software or even in the ethics of the people providing the cloud application. Businesses need to select their cloud computing providers with the same care as conventional IT suppliers, and with the same attention to the contractual terms.
Widely predicted for some time, and now official: Google is to produce its own operating system, Chrome OS. Google describe this modestly as an “attempt to re-think what operating systems should be” in a world of cloud computing and web applications.
On a “traditional” operating system, the browser is just one application among many. In Chrome OS, the browser will be the main interface, with applications being run through the browser as web applications. As Google put it:
For application developers, the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.
Is this a “Windows killer”, as some have predicted? The focus on web applications and netbooks suggests otherwise. It sounds like Google is aiming at providing an alternative experience for those who want access to web-based applications while on the move, and who will probably continue to have Windows running on their main PCs.
I wonder if versions produced for larger PCs will be designed for “dual booting”, so that people can turn their computer on within a few seconds to access the web using Chrome OS, and then boot into Windows for more substantial work requiring conventional, installed software such as Microsoft Office. Chrome OS is built on an underlying Linux platform and – however much it may frustrate those who, like this writer, use Linux quite happily for their everyday computing – most consumers have proven stubbornly resistant to using non-Windows OSes on their PCs, to an extent which even Google may struggle to overcome. Presenting Chrome OS as quick-to-use alternative sitting alongside Windows may be an easier sell.
What Chrome OS does illustrate is how relatively unimportant operating systems are becoming in a cloud computing era. Google clearly sees the OS not as an important revenue-generator in itself, but as a means to increasing use of its revenue-generating services online. As Google put it:
any time our users have a better computing experience, Google benefits as well by having happier users who are more likely to spend time on the Internet [looking at Google advertising, as they might have added].
Chrome OS will accelerate the trend towards our computing experience being conducted through our web browsers, regardless of the operating system.
It will also no doubt increase the scrutiny of Google from privacy regulators and competition authorities in the US, Europe and elsewhere. The Department of Justice in the US is already investigating Google’s deal with book publishers, and Microsoft will no doubt be asking the European Commission why it is wrong for Microsoft to bundle a web browser with its operating system, but OK for Google to bundle an operating system with its web browser.
There are some interesting parallels between construction contracts and IT contracts. Both types of contract often involve large expenditures in a project whose final outcome and parameters are not always clear. Both involve an interplay between how the project proceeds on an ongoing basis, and how the final delivery can be assessed and accepted. The resulting contracts are often highly complex, and negotiated against tight deadlines. And there are real dangers of the responsibility for important provisions falling between the “legal” and “commercial” representatives for a party.
A dispute involving the housebuilder Persimmon Homes shows the problems that can arise where a contractual clause in a complex contract turns out, once a dispute arises, to be far less clear than the parties may have assumed when the agreement was signed. Persimmon bought a development site in Wandsworth from a company called Chartbrook Limited. The agreement included provision for an additional payment to Chartbrook were Persimmon to achieve a higher price than anticipated for the residential units it built on the site. This “Additional Residential Payment” (ARP) was defined as:
23.4% of the price achieved for each Residential Unit in excess of the Minimum Guaranteed Residential Unit Value [MGRUV] less the Costs and Incentives.
Now, what does this clause mean in practice? Chartbrook and Persimmon soon came to blows over this, with starkly differing interpretations. Chartbrook argued that a literal interpretation of the clause meant that it should receive a total ARP of £4,482,862 – almost doubling the original price paid by Persimmon for the land. Persimmon argued that, taking the commercial purpose of the clause into account, the ARP should come to £897,051 – a healthy top-up to reflect the prices achieved for the flats, but now the near-100% uplift sought by Chartbrook.
The usual position in English law is that the literal interpretation of the contract should be followed, and this is the position followed by the High Court and Court of Appeal in the earlier stages of the case. However, when the case reached the House of Lords (whose judgment was issued this week), Lord Hoffman took a very different view.
Lord Hoffman argued that “something must have gone wrong with the language” in the ARP clause, and argued (on the basis of previous cases) that:
In such a case, the law did not require a court to attribute to the parties an intention which a reasonable person would not have understood them to have had.
“To interpret the definition of ARP in accordance with ordinary rules of syntax makes no commercial sense”, Hoffman continued. It was therefore open the court to apply “red ink” to the contract, rejigging the wording so that it accomplished what the court took to have been the parties’ mutual intention. He continued:
There is not, so to speak, a limit to the amount of red ink or verbal rearrangement or correction which the court is allowed. All that is required is that it should be clear that something has gone wrong with the language and that it should be clear what a reasonable person would have understood the parties to have meant.
There are a number of lessons for those involved in negotiating complex commercial agreements, not least IT contracts, to take from this:
- Those drafting clauses of this nature would probably be advised to make sure the agreement makes some reference to the commercial purpose for the clause. It is now clear that the courts will take this into account and, where the actual wording of the contract is wildly at odds with the stated purpose, may allow the commercial purpose to override the literal wording.
- One point not mentioned by the court, but which is apparent from the wording of the ARP clause: this looks like an attempt to turn a mathematical formula into legal text. In the process, “something has gone wrong”, as Lord Hoffman put it. There is a reason why mathematicians abandoned prose centuries ago in favour of formulas, and lawyers would do well to learn from them. Where a mathematical formula needs to be applied, why not just put that in the contract rather than attempting a translation into legal prose?
- I have no idea of the circumstances in which the ARP clause was worded, but my mental picture is of a hard-fought negotiation, possibly going well into the night, in which words were added into and out of the clause, but no-one had the time or presence of mind to try to put a few numbers through the clause to see if it worked. Those circumstances are almost unavoidable – but lawyers in particular would do well to try to keep a cool head when involved in such negotiations. While Persimmon may have won this case, the possibility that they might lose this dispute – at a cost of over £3.5m in additional ARP – may well have caused their lawyers a few sleepless nights, not to mention a claim on their PI insurance.
- Finally, does this case (as some have suggested) strike a blow against certainty of contract? This case does provide another weapon for commercial litigators to employ when faced with a clause whose literal interpretation is deeply unhelpful for their client. However, Lord Hoffman’s judgment makes it clear that the court will only depart from the literal interpretation where the literal wording “appear[s] arbitrary and irrational”, not where it merely represents a “bad bargain” for one party.
One of the perceived advantages of cloud computing services is the ability of service providers to update and upgrade their software in a seamless manner, without having to install new software on customers’ systems.
Unfortunately – from the point of view of customers – the same can apply to service providers’ terms of business, particularly on consumer-facing services where no written contract is in place. Many major websites routinely alter their terms of business, privacy policy and other key policies, and it is often difficult for users to see what changes have been made since they signed up. This has led to controversy on a number of occasions, such as when Facebook was forced to withdraw changes it had introduced, after protests by users.
The Electronic Frontier Foundation (EFF) has now set up a new site, TOSBack.org, to track these changes in policy on a range of major websites, including Apple, Amazon, Facebook, eBay and Google. It’s somewhat US-centric, but a number of the terms and policies listed will be relevant to UK users.
UK businesses need to bear in mind that the technical ability to change their online terms is not necessarily matched by the legal ability to enforce those terms. Terms in consumer contracts allowing unilateral variations to the terms are likely to be invalid under the Unfair Terms in Consumer Contracts Regulations 1999 unless they are carefully drafted (see the OFT’s very helpful guidance on the Unfair Terms Regulations). Any change which adversely affects consumers’ rights is likely to be unenforceable, and may also give rise to harmful publicity, as experienced by Facebook.
The Business Software Alliance is promoting a “Software Health Check” – a software licensing “self-audit” scheme to encourage businesses to ensure they have valid licences for all the software they use (and for all the ways in which they use it).
Software licensing can be highly complex, especially as virtualisation, multi-core processors and outsourcing transform how companies use their IT. There are probably few companies that are 100% licensed for all the software they use.
Of course, there is another side to the BSA’s initiative. I’ve noticed a trend in recent months for software companies to approach their customers demanding an audit of their licensing, and this voluntary self-audit scheme probably has a similar motivation: namely, software owners making extra efforts to ensure they receive their full entitlement of licensing and support income from existing customers, in a climate where new business is harder to come by.
And the BSA’s website includes prominent links for those wishing to “report piracy”. Again, this may be an important area of exposure for many businesses, as layoffs (not least in IT departments) may prompt disgruntled ex-employees to report their former employers for use of unlicensed (or “under-licensed”) software.
So it’s highly recommended that businesses take the hint and review their software licensing position. However, they should take care to note that each software licence needs to be considered on its own terms, and will need looking at particularly carefully if:
- they are using software in a “non-traditional” way (such as virtualisation, remote access or “in the cloud”); or
- they have grown significantly as a business since entering into their software licence agreements.
If in doubt (and you knew this was coming, but it needs saying anyway!): talk to your lawyers to check you are within the terms of your licences, and certainly talk to them (and quickly) if the BSA comes knocking on your door.
John Halton is a technology lawyer in the south-east of England, specialising in intellectual property, technology law and related commercial contracts. He is a partner in the law firm Cripps Harries Hall LLP, based in Tunbridge Wells, Kent.