The DropBox hoopla shows the downside of writing your terms in a readable language: people actually read them out of curiosity.
And since people have no clue how to interpret the legal bits that are necessarily included if you don't want to be sued into oblivion, they completely misunderstand them.
So the lesson is: keep your T&Cs cryptic, unintelligible, long, boring, etc - so that people don't read them. This way you can put whatever you want in them, including potentially nasty clauses (unlike the clause we're discussing here), since no one will read it anyway.
We need more people writing their T&Cs in clear ways. There are many advantages in a clear T&C, not just for the consumer but also for you. You are stating upfront what relationship you want to have with a customer and obscure T&Cs means you have an obscure relationship.
If even you can't understand your T&Cs then they're worthless, you actually don't know if you're covered or not.
Just because Dropbox made a muckup, looking like they let a lawyer convince them that they needed that to cover their ass when they didn't, doesn't mean we should all run round hysterically paying for arcane language from a lawyer.
I just don't believe they needed to write that clause that way.
Imagine if it had read something like:
By submitting your stuff to the Services, you are instructing us to use your rights as a licence holder or the copyright holder to copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service on your instructions. This is to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.
In the end this isn't a new scenario, do you think a printer asks for a worldwide license on the stuff he prints? And yet they're somehow pretending it is. They just want to say that you're instructing them to use the file in a particular way and that you have to ensure you have the rights to do that, a licence or the copyright.
IANAL but it seems pretty clear to me that they let themselves get talked into putting a clause in there that actually wasn't clear.
to the extent we think it necessary for the Service
vs
to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services.
I am astounded that people here would criticize anyone for erring on the side of caution. If anyone can argue that the former is equivalent "plain english" for the latter, or that the latter is complicated legalese for the former then go ahead and signing contracts to that effect.
Does Dropbox keep a revision history of your 1password data? It does that by default with other files.
If there is a Dropbox breach, I would want to prevent hackers from getting their hands on older versions of my passwords locked with an outdated (eg, no longer top secret) master password.
WebDAV is too slow? Really? Wow, I guess all those sharepoint users around the world must be cursing Webdav, along with the MobileMe users (and soon to be iCloud users, no doubt).
Also claims that APIs aren't available for other platforms, I find a little disingenuous. Wuala supports iPhone, Android as well as Win, Mac and Linux. I would struggle to understand how Wuala wouldn't want to provide 1Password with access to an already existing API on the aforementioned mobile platforms.
I curse Sharepoint with every time I have to use it (and its WebDAV implementation only works well with Windows). If you haven't noticed, iDisk is one of those things that doesn't work well with MobileMe.
1Password also uses a lot of tiny files in its workflow (one of my items, a license stored in 1Password, ffdfa… has a 5k PNG, a 261 byte plist, and a 791 byte JSON file in two different directories; those separate files and directories are what make the sync efficient). Share point deals with larger files over WebDAV, where it can be more efficient for those files.
If you spent five minutes on the Wuala website you would notice that they only have a GET series of APIs, not anything that the 1Password guys can use because the mobile apps can write as well as read. So, no, they aren't wrong.
Compare the above version to this new form: "This license is solely to enable us to technically administer, display, and operate the Services"
It would appear that you didn't look into the issue at all before jumping to the defense of your main service provider. Is this the level of diligence we can expect from your product?
Dont fucking mod me down. The author claims that this is the paragraph that caused the furor:
We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission. [Emphasis added]
When in fact this is the modified version that was posted after the furor. The original version is this:
By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent we think it necessary for the Service.
Significantly different. And it was changed for a reason.
to the extent we think it necessary for the Service.
I know HN only has one viewpoint on these matters. However, I was hoping someone could explain to this poor soul how a scenario like the following is ruled out by this language:
I'm the dropbox CEO. I provide a free service for most of my users. As time goes on, I'm having trouble making ends meet. I find that unless I get more cash in the next 7 days, I will be unable to pay my hosting bill and my service will be shuttered. Thus, obtaining more cash is necessary for the Service.
Now along comes a firm, we'll just call them SLP. SLP is willing to give me a bridge loan on very good terms immediately. The only catch is that they require me to sublicense worldwide royalty-free rights to use, copy and publicly display all works stored in the dropbox service. Their purposes for wanting the data is unclear, however it is quite clear that I won't have oversight on the use of the data. I can imagine, however, that they might be interested in using it for data mining, advertising or industrial espionage. We don't speak of any details, though. If I revoke the license, the bridge loan plus penalties immediately comes due.
I can find no other source of funding at this time - I've played all my other cards. I, as the CEO, believe taking this loan at these terms is absolutely necessary if I am going to continue providing the service. So, I sign, sublicense, and don't actually inform even many people in my company let alone the user base. SLP quietly gets read only access to all the data. To whatever extent SLP uses this data, they believe their use of it is necessary for the Service in that they don't believe the bridge loan will ever be repaid and they believe it is necessary to extract value from the data to recoup any losses they expect on the loan.
Now, mind you, I don't actually believe that dropbox has any sort of intent of doing something like this, or that they'd be likely to do so even if their back was against the wall. I also agree it's a pretty far fetched scenario.
I'm simply wondering how a license like this (and the multitide of others like it, I'm not intending to single dropbox out at all) prevents this behavior. You know, because I'm one of the total morons that can't understand simple english.
IANAL, but the "service" and the "company's survival" are not the same concept. When, as GrantTree, I sign an NDA to file a grant application for a client, it states, like most NDAs do, that I can disclose it to subcontractors/advisers/etc "for the performance of their work".
As a programmer, you might say, like you just have, "AHA! But if you don't pay your subcontractors, they won't do their work. So, for the performance of their work, you can sell your data to anyone, if the company's survival is threatened!"
Unfortunately (or fortunately), lawyers, judges, prosecutors and juries are not programmers, and I think you'll find they don't interpret it that way. "For the performance of their work" is clearly intended to mean "directly linked to their work" as well.
The same is true of the DropBox terms. "Necessary for the Service" does not mean "whatever you might imagine could be necessary if you were arguing with a magical genie as to the possible definitions of terms" - it means "what is directly necessary so that the service can operate as normal". So I don't think any judge or jury would accept that selling out all their customers was "necessary for the Service", in the hypothetical case you mention.
Remember, law isn't about theoretical logic - it's about practically resolving disputes between people.
No, I think they completely missed the issue. Which is
* dropbox's customers are not lawyers
* serving up people's files without passwords one week reduces people's confidence when the read new TOCs next week.
No, nix that, the real issue is standards of blogging. The author made a claim about what caused the furor, including a quote, and that quote, regardless of whether or not you believe it to be legally equivalent, was not the TOCs that caused the furor.
Had the author made all the same points about, after quoting the original TOCs, then a) I would not have posted and b) you would be right.
It was changed because all the idiots who couldn't read the words "to the extent we think it necessary for the Service" were throwing a hissy fit. I'm guessing you were in that group and needed the clarification.
What was the reason that you think it was changed? Do you think that they had plans to share user's private files with anyone they would like that they now had to cancel with new language in the ToS?
I believe it was changed because the first version caused a massive furor.
I don't believe that dropbox has any intention of screwing people over. Nor do I believe that they had any intention of allowing users to log in to any account without a password. I do believe that the latter incident, and the TOCs, are huge gaffes, and that the 1password guy misrepresented the TOC issue with incorrect facts.
Their is no difference in policy. They only added terms to explain what the policy meant. The actual policy remained the same. Why did they do this? Because people were making false assumptions and don't understand legalese.
As for your language and comment, drop it. HN is for intelligent discussion, not this tripe.
Edit: Just looked at your comment history. It's pretty bad. You'd best learn to be civil, or leave now.
Ah yes, the old "we can fuck you as long as we use nice words while we do it" argument. I made a "civil" argument and was modded down. Censorship isn't civil.
And your 2.8 avg isnt anything to shout about either.
And since people have no clue how to interpret the legal bits that are necessarily included if you don't want to be sued into oblivion, they completely misunderstand them.
So the lesson is: keep your T&Cs cryptic, unintelligible, long, boring, etc - so that people don't read them. This way you can put whatever you want in them, including potentially nasty clauses (unlike the clause we're discussing here), since no one will read it anyway.