The reverse click-through EULA to cancel software audits
I was speaking to Jochen Hagenlocher on The ITAM Review podcast recently (My recording with Jochen will go live in the New Year).
Jochen shared a smart idea for thwarting audits before they start – The reverse click through EULA.
What is a click-through EULA?
A click through end user license agreement is whereby a user of software must click “I agree” to the terms in order to use the software – so the user unwittingly agrees to terms in the small print in order to use or install software.
We’ve written before about the perils of click through licensing. Everyone knows the biggest lie on the Internet is “I’ve read the terms and conditions”.
See Dangers of click-through licensing, EULAs explained in simple terms and Time to kill the EULA? Printer company Lexmark lose supreme court battle.
The reverse click-through EULA trick
Jochen’s idea is to use the EULA in reverse as follows:
- Anyone answering an RFP at his company must download the RFP from the company website
- By downloading the RFP document the individual must accept the EULA for the RFP
- The RPF EULA stipulates that by reading the RFP the company forfeits all audit rights for 12 months
So for example, an Oracle sales rep accepts the EULA to download and peruse the RFP (Just to read it, not to respond to it), by downloading he has removed all Oracle audit risk for 12 months. I’ve spoken to ITAM Review readers over the years that have stipulated participation in a tender cancels audit rights – this takes it to a whole new level.
Underhand? Foul play? No, just playing vendors at their own game. They’ve been using surreptitious EULAs and heavy handed sales techniques for decades – why not fight back using the same techniques?
Do you think this idea would work? Do you operate a similar reverse click through EULA technique or other means of thwarting audits before they begin? Please contact me or share your views in the comments.
Related articles:
- Tags: audit defence · EULA · Reverse EULA
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
For the past 3 years we have a number of reverse click-through
1) Any company involved in an RFP cannot audit during the RFP and my company auditing is automatically excluded from an RFP unless the audit is closed and the 12month non-audit right invoked.
2) If you win the RFP you cannot audit for the duration of the implementation and for 12 months following.
the purpose of the first part is that we refuse to get involved with an audit and then pay you for new software. It’s sales and thus there is only one sales avenue into our business.
The second part is that most of the time a vendor is used to implement a new solution and thus you give them access to your estate, this gives the vendor unpresidented access to your infrastructure which could potentially leave you exposed. So while we have paided the vendor for a new solution and the vendor is implementing it and for a futher 12 months after the implmentation they must agree to a overarching non-audit clause for that new revenue stream which could easily be 2 or more years.
An interesting approach but the terms of a contract are set at the point of contract, not at the point where a vendor downloads an RFP, so unless the terms of the contract contains a clause removing or postponing the audit rights then its not legally enforceable. I’ve seen deals that do have such a clause. If you plan on using this type of approach I’d get some good legal advise before relying on it to avoid audits
I love this idea. Thank you for sharing.
Great idea but what happens with those vendors who don’t get past the RFP stage but where you may be using their software already? Is this an invitation for them to audit?
I like the idea as a token in Daniels actual application, a little message that they are found out and trickery not acceptable.
Since a lot of SW license agreements are signed without an RFP and for 3-5 years, one would have to define the non-audit T&Cs in the agreements.
Usually the specific customer agreements overwrite any general license agreements, as well as the RFP conditions.
Doubt the SW vendors play along, but worth the try.
Interesting, but, at least in my opinion,legally hard to apply. As Jane says, the moment the contract becomes fully binding is just after the signing, and establishes the basis between parties. Thus, any clause affecting the contract shouldn’t be, normally, established by a previous document. Additionally, I think that most vendors might be reluctant to sign something like that, and it might even provoke absences on the RFP process, or, even worse, cost increases, due to the reduction of rights for the vendor. Tough to negotiate and apply, but, if successful, a really nice add to any RFP process.
Love where this could go, though it warrants deeper thought if this could legally amend prior terms on active agreements
I like the idea but as Jane says it is only binding if the vendor agrees at point of contract. So perhaps a reverse click through contract is the next step?