Interesting People mailing list archives
response from PGP -- PGP EULA and Business Realities
From: Dave Farber <dave () farber net>
Date: Mon, 24 Feb 2003 06:31:10 -0500
------ Forwarded Message From: Jon Callas <jon () pgp com> Date: Sun, 23 Feb 2003 23:20:46 -0800 To: dave () farber net Subject: PGP EULA and Business Realities Dave, I'd like to respond to Tim O'Connor's concerns about our EULA. As part of being a business, we must process personal information. Perhaps most sensitively, your credit card number. Along with that, we may end up with a postal address (because credit card companies like that), an email address, and other bits of information about customers. It feels almost flippant to say this, but we have to send those credit card numbers and any necessary additional authentication information to a bank so that the transaction takes place. Beyond direct sales, PGP Corporation sells through distributors and resellers worldwide. In order for this system to work, personal information must flow among the multiple parties involved in the transaction, ourselves included, and often across national borders. As Matthew Blackmon points out, we go out of our way to inform our customers of this fact; this is part of our corporate culture. We feel we have a duty to inform our customers as accurately as we can about what will happen with the information they provide to us. To provide a quick comment on the business transfer clause, we agree with Matthew Blackmon. Experience in the business world has shown that if we said anything more, we'd be at best optimistic and at worst negligent. We're not going to promise something we think we couldn't deliver on. If any readers have concrete ideas on how to make the EULA accurate, informative, and less ominous, please send them to me. We have made corrections in the past to it. In plain English, the EULA says: As part of buying stuff from us, we may bill you, ship stuff to you, email you, and so on. As part of that process, we'll learn personal things about you. We must give your credit card number to your bank. They may require your billing address. If we ship something, we must give your shipping address to the shipping company. We won't give out superfluous information. For example, we won't send your bank information to the shipping company. Would it help at all if we put in a couple of sentences as an example? I have thought of putting in one that says something like (FOR EXAMPLE, WE MAY GIVE YOUR SHIPPING ADDRESS TO OUR SHIPPER) but to my mind, that is almost like getting a pizza in a box that says, "Warning, contents may be hot." A reasonable person would read each of these and reply, "What do you mean *may*? You'd better!" More information is better, but I would rather not be the subject of someone else grousing about creeping lawyerese. We are doing our utmost to protect our customers. We also feel compelled to let you know what we might do, without having to enumerate every possible case. I would love to find ways that allow us to be more accurate about describing our business realities, but without becoming excessively detailed, rendering such a license even more soporific or unintentionally funny. Jon -- Jon Callas CTO, CSO PGP Corporation Tel: +1 (650) 319-9016 3460 West Bayshore Fax: +1 (650) 319-9001 Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3 USA 28b6 52bf 5a46 bc98 e63d ------ End of Forwarded Message ------------------------------------- You are subscribed as interesting-people () lists elistx com To unsubscribe or update your address, click http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- response from PGP -- PGP EULA and Business Realities Dave Farber (Feb 24)