The Software Trap We Missed

The Stories of General Toywagen and Gooface Softfruit

Pretty simple, right? Well, it’s only simple if there’s nothing in that contract that makes you feel like queasy, because remember, under this “service” agreement, somebody else owns the mode of transportation you rely on.

When General Toywagen Wants to Be Gooface Softfruit

Back to story time. You are ready to lease the car from General Toywagen, but as part of the story, we’re following through with the business model of Alice and Bob, which means you get handed the “service” agreement and apart from the things you expect, you see the following conditions:

  1. You must never go past the speed limit. Ever!
  2. You will never use your car for any illegal purpose.
  3. You are only allowed to drive on roads we pre-approve.
  4. You will never honk your horn in a manner that is offensive to anybody.
  5. General Toywagen reserves the right to change these rules whenever it wants and will take away your car, even if you’re in the middle of nowhere if you violate these rules.
  6. Oh, and by the way, anybody who has a pre-2018 model, sorry, but General Toywagen will offer no more maintenance or support.
  7. And in 2020, General Toywagen is making a unilateral business decision that will mean you can only lease cars, no more buying.

But don’t worry, in order to make your life more convenient, General Toywagen will do the following:

  1. Make all cars look more or less the same because really, it’s just a car that still gets you from A to B.
  2. Give you a whole bunch of flashy updates, like new colors to tint your windows and more sounds for your signal indicators.
  3. Take away the person who explains to you all the minutia of the lease agreement and just hand you a stack of papers of legalese – which takes the average reader 15-20 minutes to read – and leave it all up to you to decide what you want to do, because, really, it’s easier this way.

Also, don’t give too much thought to that fine print that says General Toywagen is allowed to plant a super GPS/recording device on your car to make sure you’re following all the rules. Okay, in case you’re still worried, read this pamphlet produced by our PR machine that clearly demonstrates General Toywagen is doing this to make the roads safer for everybody, the need for social responsibility, being a good corporate citizen, and so on.

Look at these beautiful pictures of the children and the trees! Aren’t they pretty?

Let’s get back to reality now. Would you ever lease a car under these conditions? Probably not, especially if all you want to do is drive to work, take the kids to baseball practice, take the occasional road trip, and the liberty to avoid congested traffic spots by taking an alternate route home.

EULAs Need to Look More like Sales and Lease Contracts, Not Omnibus Bills

If we really want to get serious about some of these cybersecurity concerns, we need to start with some simpler solutions, not more complex ones. The most obvious place is the EULAs attached to software. Any reasonable person will say it’s a laughable proposition to spend 15-20 minutes to read the EULA, but that’s how long it takes. These EULAs need to get down to something that can be easily read in just a couple of minutes (and without a lawyer beside you). It may even be worthwhile to consider an industry-wide EULA template. When EULAs look like omnibus bills, it’s just the polite way of the software vendors saying to the user “we’re going to do whatever want and take on as little liability as we can.”

The next thing that needs to happen is a shakeup of this “service” business model that effectively traps every user of significant pieces of software. There is absolutely no consumer protection if a software vendor can push you into this “service” model and shut you down as they feel. And let’s drop the charade: there is no real competition. Most of the software we rely on is owned by only a handful of companies.

We once had the ability to buy the product outright. That meant having a piece of media, like a CD, and a product key, to install the software we needed. All of that was more or less tangible. Now, as we are being pushed into this “service” business model for the most critical applications, you need an e-mail address to activate the software, a credit card on file, and you’ll only be able to download an installer from the cloud. And all this needs to be done through a virtual store.

The “service” business model can work if EULAs are clear cut. Car leases are a good example. But the way the system is set up right now, the mega-corporations, many of which have more power than most countries, are moving into dangerous territory if you’re one that believes in personal freedoms and true free market choices.

If you want to stick with the “service” model, you need true competition in the marketplace, something that does not exist in the software space for the most critical applications. You can keep the ultra-restrictive and obscure EULAs under this model, but if there was a truly competitive marketplace, people would be deciding with their feet. The only way to ensure that there is some consumer protection is to make EULAs ridiculously short, easy to understand, and include an option to buy the software outright.

There is a dangerous trend starting that corporations, happening under the auspices of social responsibility, are becoming a type of law enforcement agency. Think about it like this: if you buy a General Toywagen and you do something reckless, like stunt driving, it’s not General Toywagen that takes away your car and denies you the ability to drive; it’s an initial write-up and possible confiscation from Buford T. Justice that takes away your car and says you can no longer drive. And even after that, Buford T., or some state representative, has to go in front of a judge and convince them that you should be denied the ability to operate a General Toywagen. Or any car for that matter. But if the underlying principles of “car ownership” moved towards a “service” business model, these ever-changing “codes of conduct” are really going to monkey with how we use things we rely on, because they allow the owners of software to become enforcement agents. It is a type of “outsourcing of the law” to private interests.

My preference is for the “product” model where possible, even if it usually means a higher upfront cost. I want to own what I use, within reason of course. Certain things, like telephone and internet, I expect to be serviced. That’s why they have always been traditionally called “service providers” and in case you missed it, service providers are generally regulated up the wazoo to ensure there is some consumer protection.

But if everything becomes a “service” that means that only allow a minority few will own and operate these critical services we rely on. That is a form of control which will fundamentally not only change how we do business but how we think and socially act. That is not good because it will be a private interest driving that discussion.

No corporation should ever have that sort of power. I don’t want to be held hostage by some tech company simply because I posted a blog that some faceless employee may find offensive or some algorithm will flag as inappropriate.

And don’t kid yourselves, algorithms have a bias. It is exactly impossible that they don’t because algorithms are designed by humans and every single human being has a bias.

Cardinal rule of AI: Algorithms that stop malware and network attacks, good. Algorithms that flag “offensive” commentary or “fake” news stories, bad.

The first is designed to protect you. The second is designed to influence you.

In closing, you wouldn’t lease a car under these “service” terms and I bet that for most of you today, your operating systems, word processors, and email services are just as vital to you as your car, if not more so. That’s why we need to figure out a way out of this software business model trap before we’re stuck in it for good.

George Platsis
George Platsis
George Platsis works the private, public and non-profit sectors to address their strategic, operational and training needs, focusing on projects related to business development, risk/crisis management, resilience, cyber and information security, and cultural relations. His primary focus is on human factor vulnerabilities related to cybersecurity, information security, and data security by separating the network and information risk areas. Some of the issues he tackles include: business continuity, resilience strategies, social engineering, insider threats, psychological warfare, data manipulation and integrity, and information dominance. He is a team member of SDI Cyber, based in Washington, DC, an independent consultant, educator, and a founding member of The #CyberAvengers. He holds a Bachelor of Business Administration and has graduate degrees in Business Administration, Disaster and Emergency Management, Law, and Cybersecurity. He has completed executive education in national/international security and cybersecurity at Harvard, Syracuse University, and Canadian Forces College.



"Human beings have an innate inner drive to be autonomous, self-determined, and connected to one another. And when that drive is liberated, people achieve more and live richer lives."


Powerful voices from around the globe that speak to our shared human experience. Add your story to our best-selling book series!



Must Read

Changing the Game: by Sharing Passions, Visions & Dreams

As Publisher and Editor-in-Chief of this global media platform & Chief Encouragement Officer of our affiliated pro bono social impact enterprise; GoodWorks 360°, I was delighted to have...