pixel - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

NSS Labs-Cisco spat raises licensing restriction enforceability

The NSS Labs-Cisco tiff raises questions on the validity of licensing that prohibits customers from testing software performance and publishing the results.

Cisco's recent refusal to activate the Viptela SD-WAN software purchased by NSS Labs was a highly unusual tactic to prevent a reviewer from testing a product. But the action succeeded in sidestepping the thorny legal issues that would have arisen if Cisco had tried to stop the publication of the review or sued the lab after the release of the report.

As long as Cisco returns the money NSS Labs spent on the product -- somewhere between $30,000 and $40,000 -- then the vendor has the right not to provide the lab with the digital key needed to activate its license and turn on the Viptela software.

"There's no obligation to give someone a license," said Jeremy Aber, an Austin, Texas, lawyer who represents software makers.

Withholding the key effectively ended a NSS Labs-Cisco spat that started when NSS Labs sought its participation in a review of SD-WAN products, which the research firm published this month. The two sides disagreed over the tests used to evaluate the software, so Cisco withdrew its support.

NSS Labs bought the software to do the testing by itself, which led Cisco to refuse to activate the product. The company has said it would provide NSS Labs with a refund.

Legal issues in NSS Labs-Cisco dispute

Beyond a squabble between two companies, the conflict raises the question of what Cisco could have done if NSS Labs had tested Viptela and published its findings. The possibilities shed some light on the legalities surrounding independent software testing, which can be of great value to corporate tech buyers.

There's a strong motivation to try and restrict both criticism and information about products.
Kit WalshElectronic Frontier Foundation

Cisco's Customer License Agreement for Viptela prohibits buyers to "publicly disseminate performance information or analysis about the products, including, without limitation, benchmarking test results." Lawyers agree NSS Labs likely would have violated that agreement by reviewing the product.

The law is not clear on whether that clause is enforceable, however. Aber argued it is, saying Cisco could have sued before or after the publication of the report, claiming a violation of the agreement, which would avoid the stickier issue on whether the testing was unfair.

"They could have sued them not on unfairness grounds, but for breach of the license agreement," Aber said.

While acknowledging vendors' restrictions against testing their software fall into a legal gray area, "there's no case law that says it is not enforceable," Aber said. "So, you see this is in lots of agreements, and if clients ask us today to draft it or recommend it, we'll put it in there."

Laws against restrictions

Other lawyers doubt Cisco could win on the grounds of an agreement violation, given it would be trying to prevent the right of NSS Labs to disclose the results of independent research of value to consumers.

"It's a relatively new area of law," said Kit Walsh, staff lawyer for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. "It's not settled yet, but there are good reasons why Cisco wouldn't be able to enforce this term as a matter of contract law."

One good reason is the Consumer Review Fairness Act of 2016, Walsh said. Congress passed the law to protect a customer's right to criticize products and services online. The act stopped businesses from inserting into form contracts clauses prohibiting customers from posting negative reviews.

"In terms of talking about the negative characteristics of a product or service, that's an area where we actually have congressional guidance that those things aren't enforceable," Walsh said.

Nevertheless, whether the act would stand up in a challenge to software testing isn't clear. Therefore, businesses that want to push the legal envelope to restrict product criticism and its potential impact on sales have an opening. "There's a strong motivation to try and restrict both criticism and information about products," Walsh said.

Dig Deeper on Software-defined WAN (SD-WAN)

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What's your opinion of Cisco prohibiting Viptela SD-WAN customers from publishing the results of performance testing?

what are they trying to hide ?

Cisco should not have the right to prohibit 2nd or 3rd party performance testing of their products. My opinion includes and is not limited to Cisco alone. It includes all manufactures, not just Cisco (HP, Microsoft, etc.). By prohibiting, what are they hiding? Are they another Volkswagon case. They are not cars manufactures and do not emit emissions but still claim performance. Without 2nd and 3rd party testing how can a consumer / purchaser be fully confident that he will be actually receiving what the company is claiming. If I was Cisco I would be welcoming the chance to prove my claims. So the question arises, What is Cisco afraid of? Albiet, in defense of Cisco, not all performance test are created equal either. That is why more than one party (2nd, 3rd, 4th parties etc.) should be invited to test. Furthermore each party should have to provide a description of the testing process and procedure along with their results.

Its very strange act of Cisco and this spat is actually more harmful for Cisco Viptela than the actual outcome of the testing would have been. This spat news is creating an element of doubt in the customer minds. NSS Labs reports are highly valued by corporates since these are meant to be neutral without any bias actual performance testing. But on the other side we really don’t know why Cisco did not agree, may be lot more reason than is actually published in the news.
This sounds like the 'old' protective Cisco I dealt with for many years. It's a new world, Cisco...Open Source especially for SD-WAN, other technologies has been the trend for a couple of years--take a look at AT&T's dNOS, DANOS Foundation.
Glad I am not the only one that believes Cisco is doing more damage with their little spat than they are good. There are other products and there was a time that Cisco was the only way to go, but those days are mostly gone. I still like Cisco for what it is, but if this sort of thing continues to happen, I have no choice but to look at alternatives from manufacturers that welcome the testing and are going to stand behind their product. I understand not giving away that kind of money, but if someone purchases the software, then they deserve what comes with it.

Cisco, if you are concerned that they are testing improperly, how about finding another tester to test and then you can have them test it "properly". Had someone just come along and foul mouthed Cisco, I would simply pass it off but, this has my attention.
I don't believe Cisco is trying to hide something. Rather, the company wanted NSS Labs to change its testing methodology, which wasn't favorable to Cisco's Viptela SD-WAN. When NSS Labs refused, Cisco opted to prevent it from activating the software bought from a reseller. Vendors often complain about NSS Labs' testing methodology, but Cisco is the first company to refuse to sell its software to NSS Labs. Cisco has the right to do that, so it'll be interesting to see if other vendors do the same in the future. If they do, then the impact on NSS Labs's work could be significant. Also, I want to thank everyone for their comments. 
I agree. At this point NSS has realized that they can push around the vendors because they do not have much compellng competition in the netsec third-party valiidatiion space. What this causes is vendors engineering for the NSS testing procedures instead of investing in what theiir customers (like me) actually need them to be focused on. I wonder how many millioins of dollars have been spent to enginieer products to perform well on specific tests from NSS instead of delivering customer value?
That's an interesting take on NSS. Can you think of an example of a product feature developed to satisfy an NSS test?