Executive Summary: Autopsy of an OverDrive EULA

I examined the (EULA) software license for the freely available application OverDrive Media Console (OMC) version 3.2 on Windows, released almost exactly one year ago.  It is required for library staff and patrons to use some version of OMC to access content from OverDrive, so when we buy OverDrive content, we are endorsing use of OMC.  We aren’t buying that software per se, but we have an interest in it’s soundness and legitimacy.  Unfortunately, upon examination I concluded it is neither sound nor legitimate.

The EULA is poorly composed with nonsensical references, contradictions and copy/paste sloppiness.  In fact, many prevent the user from practical use (see the full writeup for details).  But the top major issues are:

  • OMC is explicitly not “production” software.  Use is restricted to “testing and evaluation”.  This provision is typical of shareware, not mature client applications.  Library patrons and staff need license to actually use OMC for real.
  • Forced upgrades: the user is obligated to upgrade immediately when OverDrive posts a new version.  Besides being impractical, the license, functionality and potential cost of the future version are not specified.  Therefore, the EULA constitutes a “contract of adhesion”.
  • Mozilla Public License violation: OMC includes code from 3rd parties, including some licensed under Mozilla Public License (MPL) version 1.1.  But the terms of that open source license are not fulfilled, meaning it is invalid for anyone to use or distribute OMC.  It is unclear what code is MPL-licensed, so we don’t know how much of the application is implicated (further analysis required).  It could be a lingering mistake, or it could be they appropriated the entire browser engine.

There are both practical and strategic implications for OverDrive customers.  At a minimum, OverDrive will be notified and given a chance to fix things.  They must stop distributing OMC 3.2.  In order to have a satisfactory subsequent release, they must revise the EULA and probably overhaul some code.  They can choose MPL-compliance or no MPL code.  However, libraries would do well to see their other issues addressed in the next release as well.  The MPL issue is not the only dealbreaker.

On a broader level, I think some libraries will interpret this as a character finding against OverDrive.  They are the agents we are trusting to negotiate content licenses with publishers.  For their EULA terms to be so inadequate and haphazard while their software fails to live up to its own license requirements suggests they are not well suited for the task.

Of course, that we haven’t noticed these problems for an entire year doesn’t reflect well on libraries either.  If we are going to be well suited to the task, the time to get serious is now.

About Joe Atzberger

Joe Atzberger (atz) is a library hacker in Palo Alto, CA. He worked with Galen at both LibLime and Equinox Software, Inc. as an open source developer on Koha and Evergreen. Joe currently works on Hydra and institutional digital repository infrastructure at Stanford.

2 Responses to Executive Summary: Autopsy of an OverDrive EULA

  1. Pingback: Underdone: Autopsy of an OverDrive EULA | Library Hackers Unite!