Understanding Software Licensing Agreements

The great Yogi Berra is often quoted as having said "in theory, there is no difference between practice and theory. In practice, there is."  Perhaps the same can be said about software licensing agreements. There are often two dimensions to any software license agreement: what’s in the agreement and how the commercial relationship is implemented in practice. Despite the best efforts of a company’s legal team, the divergence of these two dimensions can create problems in administering in-term contracts as both parties might not be certain of precisely what the contractual rights and obligations are.

The Definition of a Software License Agreement

Software licensing agreements are contracts that allow the use of software by a customer (“licensee”) while protecting the interests of the supplier (“licensor”). Software licensing agreements specify responsibilities and who gets what in the exchange. Specifically, the agreement codifies the allocation of benefits (e.g., usage rights and payment of fees) and risks (e.g., indemnities and liabilities) if something should go wrong during the relationship.

Software agreements, even if clickwrap, shrink wrap, or open source licenses, are a prerequisite to the sale or use of every piece of software.

The Divergence Between Theory and Practice

So, if certainty is to be preferred over ambiguity, why is it common to see deviations from the written terms of a contract in practice?

The legally operative language of the contract can be inherently vague. There are a variety of reasons for this, but essentially it is not possible to specify all the features of the software in a human-readable contract. The provider of the software is a natural incentive for ambiguity and may therefore choose to leave the product description vague as it makes it more difficult for the provider to breach the agreement.

Moreover, a software company’s products and services evolve over time, as do the way in which they are used by the customer. So, the contract drafters normally equivocate on specifying the software features by creating a catch-all term “Documentation” that incorporates all the features, specifications, and data usages of the product. Documentation is similarly vaguely defined along the lines of “user manuals, developer documentation, and other technical materials.” So while the vagueness enables flexibility for both parties, it can create uncertainty as to the distribution of rights and responsibilities.

The Problem of Ambiguity

Ambiguity can result in an incomplete understanding of what customer data is being allowed in and more importantly, what customer data is being allowed out of the licensor’s software or infrastructure. This lack of visibility greatly increases a licensee’s data breach risk profile. A data breach is unauthorized disclosure of sensitive data; and if there is ambiguity of what are legitimate data transfers, it follows that unauthorized transfers might not be detected. In the event of an actual or suspected data breach, it might be impossible to know what has been lost or to manage breach notifications.  Worst of all, the company may be leaking data in a way that might violate its contractual obligations to its own customers and vendors.

This lack of clarity in software license agreements  also makes diligence on contracts and data breach risk harder for would-be investors and acquirers. 

The Fix is Automation

Theoretically, understanding software license agreements’ data rights and responsibilities need not be complicated in practice, and this is possible through automation. Riscosity’s data flow management platform keeps track of any data you want to control within any agreement. Within a few seconds, the Riscosity platform will monitor all data being sent via external connections and give companies the ability to track and protect all outbound traffic before it reaches a third-party endpoint. Riscosity achieves this by:

• Constantly scanning your production codebase.
• Providing comprehensive and accurate reports for legal teams to maintain insights into the “what is really happening” part of the service contracts.
  

Visit the Riscosity website to learn more about the ways the platform can help, from policy implementation, data lineage, traffic tracking, and in-flight data redaction with world-class security. Curious to see how it works? Talk to the team to see how automated data flow security management can help maintain your wild, hard-to-manage Software License Agreement environment.