Cisco's recent refusal to activate the Viptela SD-WAN software purchased by NSS Labs was a highly unusual tactic...
to prevent a reviewer from testing a product. But the action succeeded in sidestepping the thorny legal issues that would have arisen if Cisco had tried to stop the publication of the review or sued the lab after the release of the report.
As long as Cisco returns the money NSS Labs spent on the product -- somewhere between $30,000 and $40,000 -- then the vendor has the right not to provide the lab with the digital key needed to activate its license and turn on the Viptela software.
"There's no obligation to give someone a license," said Jeremy Aber, an Austin, Texas, lawyer who represents software makers.
Withholding the key effectively ended a NSS Labs-Cisco spat that started when NSS Labs sought its participation in a review of SD-WAN products, which the research firm published this month. The two sides disagreed over the tests used to evaluate the software, so Cisco withdrew its support.
NSS Labs bought the software to do the testing by itself, which led Cisco to refuse to activate the product. The company has said it would provide NSS Labs with a refund.
Legal issues in NSS Labs-Cisco dispute
Beyond a squabble between two companies, the conflict raises the question of what Cisco could have done if NSS Labs had tested Viptela and published its findings. The possibilities shed some light on the legalities surrounding independent software testing, which can be of great value to corporate tech buyers.
Kit WalshElectronic Frontier Foundation
Cisco's Customer License Agreement for Viptela prohibits buyers to "publicly disseminate performance information or analysis about the products, including, without limitation, benchmarking test results." Lawyers agree NSS Labs likely would have violated that agreement by reviewing the product.
The law is not clear on whether that clause is enforceable, however. Aber argued it is, saying Cisco could have sued before or after the publication of the report, claiming a violation of the agreement, which would avoid the stickier issue on whether the testing was unfair.
"They could have sued them not on unfairness grounds, but for breach of the license agreement," Aber said.
While acknowledging vendors' restrictions against testing their software fall into a legal gray area, "there's no case law that says it is not enforceable," Aber said. "So, you see this is in lots of agreements, and if clients ask us today to draft it or recommend it, we'll put it in there."
Laws against restrictions
Other lawyers doubt Cisco could win on the grounds of an agreement violation, given it would be trying to prevent the right of NSS Labs to disclose the results of independent research of value to consumers.
"It's a relatively new area of law," said Kit Walsh, staff lawyer for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. "It's not settled yet, but there are good reasons why Cisco wouldn't be able to enforce this term as a matter of contract law."
One good reason is the Consumer Review Fairness Act of 2016, Walsh said. Congress passed the law to protect a customer's right to criticize products and services online. The act stopped businesses from inserting into form contracts clauses prohibiting customers from posting negative reviews.
"In terms of talking about the negative characteristics of a product or service, that's an area where we actually have congressional guidance that those things aren't enforceable," Walsh said.
Nevertheless, whether the act would stand up in a challenge to software testing isn't clear. Therefore, businesses that want to push the legal envelope to restrict product criticism and its potential impact on sales have an opening. "There's a strong motivation to try and restrict both criticism and information about products," Walsh said.