In a recent Boston Internet.com article, a possible clause in the end user license agreement (EULA) for Microsoftis Windows 2000 Service Pack 3 and Windows XP Service Pack 1 might cause banks to inadvertently break federal laws. The story quotes Lester Warby, a chief information officer at the Seattle Metropolitan Credit Union, on his reading of the fine-print regarding Microsoftis "automatic update" feature. From the article:
That [the automatic update feature], says Warby, conflicts with federal regulations for financial institutions, such as the Gramm-Leach-Bliley Act of 2001. The new law, which goes into effect next May, forbids financial service companies from giving third parties access to customer data without express consent from the customer. European countries generally have even stricter data privacy laws.
"Weire forced into a position where weire either out of compliance with Microsoftis licensing, which is not acceptable, or weire out of compliance with the law, which is not acceptable either. Under these circumstances, weill probably change our operating system," says Warby.
While similar in function to Appleis own software update mechanism present in Mac OS X, which claims no right to access your Mac or your information, Microsoftis license agreement grants the company permission to obtain information from your computer through the automatic update feature. In past service packs to Windows, this has included searching the machine for unlicensed versions of software. From the Service Pack 1 license agreement for Windows XP:
Solely for the purpose of preventing unlicensed use of the applicable OS Software, the OS Components will include installation on your computer of technological measures that are designed to prevent unlicensed use, and Microsoft may use this technology to confirm that you have a licensed copy of the OS Software.
The license agreement for the aforementioned service packs also includes giving the update feature access to "software information" -- a vague term. From the Boston Globe article:
The term could include "information about proprietary systems, or about data," he says. "Does a stored procedure -- which could contain proprietary algorithms -- constitute software? Does the term include information about competitoris products, or about the use of software from a company with whom Microsoft might have a legal dispute?"
It doesnit stop there, either. What currently is an option in Windows may not be one in the future. The article says that Microsoft will eventually remove the ability for users to turn off automatic update, effectively giving Microsoft access to oneis PC by default, through the licensing agreement. That is the problems that banks are seeing, and it could lead to banks leaving Microsoft behind, or lawsuits from either bank customers or the federal government if banks are in violation of the law.
More information on the license agreement and the law affecting financial institutions, as well as more of the opinions of Mr. Warby, can be found in the entire Boston Internet.com article.