Legal quicksand: Shrink-wrap and click-wrap agreements

You see shrink-wrap and click-wrap agreements when you click through terms and conditions in accessing an online service. But Michael Overly cautions you to consider their legal and business liabilities before you blindly agree

By Michael R. Overly Esq., CISSP, CISA*

August 02, 2011 — CSO —

Shrink-wrap and click-wrap agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation of a piece of software.

They may also be encountered as part of the documentation provided with new software or a hardware component. They may even be found, with some searching, in a file entitled "license.txt" or similar name on the installation CD on which a new piece of software is delivered. Businesses seldom read these terms in any detail, generally view them as non-negotiable, and accept them as a necessary evil.

[Related: Click-wrap license agreement found binding on company even though it was accepted by the vendor]

The fact is, these types of agreements can present significant legal and business issues. They can place a business' sensitive data at risk, expose the business to liability, compromise the business' ownership of its own intellectual property, and cause the business to pay additional, unforeseen fees. Three specific examples:

• A bank's CIO comes into work one morning to find a group of auditors sent by a software licensor demanding the right to access the bank's computer systems and facilities to confirm the bank has properly used the software. When the CIO objects on the ground it cannot permit third parties to access its facilities and systems because it would put the bank's highly sensitive data at risk, the auditors point to a provision in the software license agreement permitting the licensor an unlimited right to conduct onsite audits without prior notice. The bank had no grounds to object or it would find itself in breach of contract. The bank had to permit the auditors access to its facilities and systems even though the software license agreement had no confidentiality protection for the bank's data.


• In another case, a small business signed up for a cloud-based service. A few months later, it received a letter claiming it was infringing the patent rights of a third party in its use of the cloud service. When the small business contacted the cloud service provider, it was shocked to find out that it had no protection under its cloud service agreement for this claim, even though the provider was the cause of the infringement. Worse yet, the cloud service agreement required the small business to indemnify and hold harmless the cloud provider for the cloud provider's own wrongful actions in infringing the third party's patent rights.


• Finally, a customer licensed a piece of software from a start-up company and spent time talking with the company about improving their software. Ultimately, the customer decided to take its ideas and create its own software for use within its business. The customer received a letter from the software company pointing out the customer could not use the customer's own ideas to create its software. In fact, the software company was demanding the customer pay a substantial fee for the customer to continue use of the customer's own ideas. When the customer objected, the software company pointed to a clause in its software license agreement that conveyed ownership of all rights from the customer to the software company relating to the customer's ideas.

• Print

• Click-Wrap License Agreement Found Binding on Company Even Though It was Accepted by the Vendor
• Data Held Hostage
• Dangers of Third Party Software Development Highlighted by New Report