www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Barnett" <j...@bea.com>
Subject RE: Corporate Contributions
Date Sat, 26 Mar 2005 00:44:45 GMT

Some thoughts inline, below.

-----Original Message-----
From: William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net] 
Sent: Friday, March 25, 2005 3:56 PM
To: Jim Barnett
Cc: lrosen@rosenlaw.com; Geir Magnusson Jr.; legal-discuss@apache.org
Subject: RE: Corporate Contributions

At 03:49 PM 3/25/2005, Jim Barnett wrote:

>I also agree that ASF should disclaim liability to the fullest extent
>possible.  ...  General disclaimers published on a website, however,
>are not as effective at limiting exposure.

"Jim you have totally missed the boat here.  Please read the CLA
you signed.  Understand that you OWNED the responsibility to grant
us license and the you OWNED the authority to do so, when you signed
the CLA.

We do not disclaim liability in the sense you are thinking, by posting
notices on our web site.  We disclaim liability because it *is* the
liability of our contributors."

Bill:  I wasn't suggesting that ASF currently places general disclaimers
on its website, nor that it should do so.  Rather I was responding to a
suggestion I've seen from a couple of others on this (growing) thread
that by conducting "public awareness" exercises emphasizing that
individual contributors are responsible for their contributions, and
that their employers, if any, are responsible for policing the
employee's actions, ASF would be in a strong defensive position in the
case of an improper contribution.  I disagree.  

I have read the CCLA and ICLA.  I understand that the contributor
signing the document makes representations to ASF that it has the right
to make the contribution, and that ASF relies on those representations.
That is great as far as establishing liability of the contributor who
breaches those obligations to ASF.  Absent some collusion between the
true owner (an employer for example) and the contributor, Apache's
reliance on the representation and resulting rights against the
contributor are not a perfect defense against the true owner.  ASF's
innocence and reasonable reliance may help in reducing monetary
liability, but it does not protect ASF or downstream licensees taking
through ASF from injunctions against use of the offending code, or other
undesirable consequences.   

"At times, without the contributor's intent, it may be that they
independently discover the patently obvious and previously (or in the
one year window) Patented invention, committing it to our repository.
In that case, the ASF would either contest the patent, appeal to the
holder for License, or remove the patented invention from our code.  
If none of these three solutions satisfied the patent holder, they
would have to prove injury to themselves and profit to the Foundation.
The foundation doesn't profit so this would be a hollow lawsuit, and
we would pursue through our legal team that the patent is invalid 
because it was too obvious to be patentable.

Let's say that the contributor was -aware- of the patent and took the
idea from the patent holder, and that it is a defensible patent.  In
that case, it actually becomes a matter that the contributor has broken
patent law, and further, that they broke their contract with the ASF. 
Further action against the ASF would be partially mitigated by the
of contract against us, and we would argue an innocent party defense.
In fact, if there is a finding against the foundation, and the committer
malevolently contributed the IP, you could see the Foundation suing the
committer for breach of contract and resulting damages.  (If there was 
no malice this would simply not happen.)"

Bill:  Again I think you are missing some other fairly credible
possibilities.  You're assuming that the only invention an ASF
contributor is likely to invent is one that is obvious.  It is entirely
possible that a contributor might actually independently invent
something novel, and non-obvious, which is nevertheless subject to a
pre-existing patent or patent application.  I agree with your assessment
that ASF could argue patent invalidity in the case where the patented
invention was not "novel" or "non-obvious," but that defense wouldn't
work except in those narrow circumstances.  In any case invalidity would
be an argument, not a guarantee.

You are also focusing on money liability and overlooking the agony of
injunction.  The right of an injured patent holder to obtain an
injunction against infringers does not depend on the infringers making a
profit.  (More importantly, ASF not making a profit doesn't really
affect its damages liability either, since a legitimate measure of
damages would be profits lost by the patent owner, not gains made by the
infringer.  But that's another topic.)  An injunction would be
devastating for the ASF project, but of more concern to me, it would be
even more painful for downstream licensees, whether distributors or end
users.  Hypothetically, think about key commercial distributors and
large scale end users of Tomcat getting served with a court order
instructing them to shut down their deployments and discontinue their
use.  Scary to me, but I am a paranoid lawyer after all, so YMMV.
I do think that ASF (and successful OSS organization for that matter)
has one key advantage not shared by proprietary software shops when it
comes to third party IP claims.  The PR fallout alone for attacking
established, depended on OSS, is devastating.  That fact, illustrated in
spades by the SCO shenanigans and resulting public lambasting of SCO,
mitigates many of these concerns to an extent.

Closing the circle, I think having employers of employee-contributors
sign a CCLA would be very beneficial in protecting ASF from a whole host
of potential IP entanglements.  I also understand that many employers
are going to be unwilling to do that, either out of lack of interest or
paranoia.  If ASF had an inflexible rule that all employee-contributors
must have their employers sign a CCLA would injure diversity in
contribution and therefore be a bad thing.  

Honestly before this thread started, I was naively under the impression
that the ASF rule already was that all employee contributors were
required to have their employers sign a CCLA.  I understand now that the
rule is otherwise.  I also now understand much more clearly the concerns
and challenges such a rule would present.  

To levelset,  am I correct that the CCLA is currently used when a
corporation desires to make a contribution of pre-existing code to and
ASF project, and that individual contributors, whether employed or
independent, are only required to sign an ICLA with no hard and fast
requirement for a corresponding employer CCLA?




DISCLAIMER: Discussions on this list are informational and educational
only, are not privileged and do not constitute legal advice.
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message