[conspire] OT?: Ridiculous licence terms

Rick Moen rick at linuxmafia.com
Thu Sep 23 19:29:23 PDT 2010

Quoting that waiver clause, again:

>   Notwithstanding any other provision of this Release and Waiver of
>   Liability (this "Release"), Participant releases ACS and the Site Owner,
>   but no other Releasee, from any liability whatsoever arising from any
>   injury, damage, or death to Participant where said injury, damage, or
>   death is the result of, or arises from any intentional or criminal
>   conduct upon the part of an ACS or Site Owner employee, agent or
>   volunteer.

Who's 'Site Owner'?  That appears to be Convio, Inc.

   At Convio, we:

    * Provide marketing, fundraising, advocacy and donor database tools
      that help you take advantage of the inherent effectiveness and
      efficiency of the Internet to motivate your donors and other
    * Created the first donor database/CRM system that helps you move
      beyond just storing data, to using data for raising money more
      effectively and advancing your mission.
    * Opened our software to work with other open systems, so you can
      leverage social networking sites, online calendars, photo sharing,
      viral video, and more or build custom functions just for your
      organization's unique needs.
    * Build all of our solutions on the Software as a Service (SaaS)
      model so you can use our software via the Internet -- anytime,
      anyplace -- with no expensive software to install or maintain.
    * Gather an active community of leading strategy, services and
      technology firms serving the nonprofit sector that share ideas,
      foster innovation, and speed the adoption of best practices.

Aha.  So, American Cancer Society _outsourced_ its dealings with donors
and volunteers to some bunch of Web 2.0 clowns in Berkeley and Austin.
Whom *I* don't know from Adam, and yet I'm being asked to enter into a
contractual business relationship with them, just for the privilege of 
running around in circles to benefit American Cancer Society.

My point is, there's a lot of that going around.  Keep your eye out for
it, and you'll see quite a bit -- and cases where you'll find it in your
interest to say 'no'.

About a year after I left employment in the Linux division of a large
EDA-industry firm, I got a letter from yet another company I'd never
heard of.  They claimed they'd been hired by the EDA firm to offer me 
free-of-charge services to protect against possible identity theft,
which they said I might suffer because the EDA firm had suffered a
security incident with some sensitive data including personal
information about me.  So, they explained, I was entitled to a year of 
'identity protection'.  All I had to do was send back a form where I
told them my Social Security number.

I boggled a bit at the sheer hilarity of a firm I don't know offering me
free-of-charge 'identity theft' protection if I told them my Social
Security number, then I laughed and set the letter aside.  It's still on
my desk.

I kept meaning to write to the EDA firm's Chief Information Officer, to
inquire about whether they had indeed hired these people.  The sad thing
is, I strongly suspect they really did.

While working at the EDA firm, on many occasions I received at my work
e-mail address a request that I visit some outside firm's Web site and
enter proprietary company-confidential data there.  _Never_ did I get
a 'Oh, by the way, we've hired these guys' heads-up from management
within my firm, but they were all legitimate inquiries as far as they

I still might write to the firm's CIO about the 'indentity protection' 
letter, but tone is a problem:  Should I just say 'Is this legitimate?'
Should I say 'You know, it's extremely ironic to expect us to accept
privacy-risking services from a firm we don't know, without even an
introduction from you'.

Should I say 'What sort of incompetents _are_ you, to furnish our names
and other personal details without our leave to an outside consulting
firm, and then hire them to "protect" our security through a customer
regime that starts with them asking us to make a really boneheaded
security error?'

Firms don't clean up their acts just because you wrote to the CIO -- who
might well have been the person who signed off on the contract -- and 
read him/her the riot act about incompetence with information security,
and it's not obvious what I could achieve through an inquiry, so that
letter remains unwritten.

More information about the conspire mailing list