www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: Antideficiency Act
Date Tue, 06 Mar 2012 15:37:25 GMT
Well, they already get it at a fixed cost: 0.00 $

Seriously, it might be as easy as just a political/lobby originated bullying game...

To me it feels very logical that quite a few commercial vendors are using their political
influences to push such arguing behind the scene.


----- Original Message -----
> From: Steven A Rowe <sarowe@syr.edu>
> To: "legal-discuss@apache.org" <legal-discuss@apache.org>
> Cc: 
> Sent: Tuesday, March 6, 2012 4:31 PM
> Subject: RE: Antideficiency Act
> IANAL, but wouldn't indemnity insurance give gov't entities what they 
> want, i.e. a fixed cost?
> -----Original Message-----
> From: Philip Odence [mailto:podence@blackducksoftware.com] 
> Sent: Tuesday, March 06, 2012 7:19 AM
> To: <legal-discuss@apache.org>
> Cc: legal-discuss@apache.org; Lawrence Rosen
> Subject: Re: Antideficiency Act
> I was at the meeting and although there was such a naive comment made, generally 
> I believe the govt procurement folks understood the impracticality of 
> negotiating OSS licenses. They just felt caught between a rock and hard place 
> wrt the ADA.  That said, I really don't understand the Army's position. 
> I'll try some of my contacts in DoD and if I can get someone to articulate 
> it, will report back to the list. 
> Phil Odence, Black Duck Software
> Sent from my iPad
> On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <ben@links.org> wrote:
>>  On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lrosen@rosenlaw.com> 
> wrote:
>>>  [This email is NOT confidential.]
>>>  A colleague recently sent me his notes from a U.S. Department of 
>>>  Defense "Open Source Software Public Meeting" last January. 
> This 
>>>  meeting was held primarily to discuss with government suppliers of 
>>>  software the new DFARS policies on the acquisition of open source 
>>>  software. I had reviewed the DFARS document a few months earlier and 
>>>  expected no particular issues to arise at the meeting. I didn't go.
>>>  However, I learned later that there were several references at that 
>>>  meeting to the Antideficiency Act, codified generally at 31 U.S.C. §§ 
>>>  1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit 
>>>  any government agency from authorizing any obligation in excess of 
>>>  the amount appropriated unless authorized by law.
>>>  This affects Apache because of this obscure (to me) provision in 
>>>  Apache License 2.0:
>>>  9. Accepting Warranty or Additional Liability. While redistributing 
>>>  the Work or Derivative Works thereof, You may choose to offer, and 
>>>  charge a fee for, acceptance of support, warranty, indemnity, or 
>>>  other liability obligations and/or rights consistent with this 
>>>  License. However, in accepting such obligations, You may act only on 
>>>  Your own behalf and on Your sole responsibility, not on behalf of any 
>>>  other Contributor, and only if You agree to indemnify, defend, and 
>>>  hold each Contributor harmless for any liability incurred by, or 
>>>  claims asserted against, such Contributor by reason of your accepting 
> any such warranty or additional liability.
>>>  [Emphasis added by underlining.]
>>>  Here is how my colleague described the particular 
> "incompatibility" 
>>>  between the Antideficiency Act and Apache License 2.0 that affected 
>>>  one of his client's transactions:
>>>  We are using certain Apache code in one of our proprietary products.  
>>>  The code is subject to Apache 2.0 and we make the necessary 
>>>  disclosure of this in our software license.  After reviewing the 
>>>  Apache 2.0 license, a division of the Army (one of our customers) 
>>>  believes that Section 9 (indemnification) constitutes an 
>>>  Anti-Deficiency Act (ADA) violation and therefore has rejected the 
>>>  order on grounds that it cannot accept this ADA risk.  An ADA 
>>>  violation arises when a Government agency makes or authorizes an 
>>>  expenditure or obligation of money (i) in excess of the amount 
>>>  available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) 
>>>  due to a contract or obligation for the payment of money before an 
>>>  appropriation is made, unless authorized by law (31 USC 1341 
>>>  (a)(1)(B)).  Indemnification clauses run afoul of the ADA because the 
> Government in essence is agreeing to an unknown monetary amount in absence of an 
> appropriation.
>>>  We have argued incessantly to the Army that we do not believe that 
>>>  the indemnification clause applies to them so long as they merely use 
>>>  the software program as a consumer (i.e. so long as they do not offer 
>>>  warranties, indemnification, support, or other legal obligations to 
>>>  any other third parties. which is the case as the Army is only using 
>>>  the software as a downstream consumer).  The Army, however, believes 
>>>  that any contingency indemnification obligation, no matter how 
>>>  unlikely, constitutes an ADA violation.  Basically the Army believes 
>>>  that any indemnity obligation, no matter how remote, constitutes an 
>>>  obligation to commit government funds.  Note, too, that even if we 
>>>  were to agree with the Government that we would stand in the 
>>>  Government's shoes as indemnitor (which we will not do), the 
>>>  Government has taken the position that even that would not be 
>>>  sufficient to do away with the ADA violation risk.  Short of removing 
>>>  Section 9 indemnity from the Apache license. which we are powerless 
>>>  to do even if we wanted to, or somehow asking Apache to relax Section 
>>>  9 (which I do not expect Apache to do), or removing the Apache code 
>>>  and replacing it with either commercially available code or our own 
>>>  suitable replacement (which is possible but causes a lot of other side 
> engineering issues and delays), I am having trouble finding a way around the 
> problem.
>>>  In our view, the Army is taking a hyper-sensitive view of the 
>>>  indemnity clause and the ADA.  They also are ignoring the fact that 
>>>  Apache code is some of the most widespread code in use within the 
>>>  Department of Defense (if you believe the Mitre study on this and 
>>>  recent reports that the DoD CIO has put out).  One also wonders how 
>>>  the Government can advocate encouraging the use of OSS within the 
> Government when faced with intractable positions like
>>>  we are facing with the Army.   The Army attorney I am dealing with told 
> me
>>>  that she would prefer that Apache, GPL, and others all make their OSS 
>>>  licenses more "government friendly" to avoid things like 
>>>  indemnification and choice of law (i.e. substituting a particular 
>>>  state for governing law in favor of federal common law).  ...  I do 
>>>  believe this particular wing of the Army is taking an untenable, 
>>>  overly conservative view of the ADA.  My guess is that it is not 
>>>  within the norm of how most government agencies. civilian and DoD. 
> interpret the Apache license.
>>>  One senior government official reportedly opined at the January 
>>>  meeting that "contractors should not discount the possibility of 
>>>  negotiating license deviations from the OSS license with entities 
>>>  like Apache or FSF." I note this only to point out the absurdity 
> of 
>>>  certain expectations about open source. :-)
>>>  Better than just yelling in frustration, though, and in the interest 
>>>  of providing a sensitive and well-reasoned response to vendors 
>>>  hawking Apache wares to the U.S. government, do any of you have a 
>>>  ready answer why our license isn't incompatible with the 
>>>  Antideficiency Act that we can share with the government and on our 
> website?
>>  Well, it seems to me the licence says "you can only do X if you offer 
>>  indemnity", and the ADA says "you can't offer 
> indemnity", so it seems 
>>  quite clear that this means the ADA says "you can't do X". 
> So, I'd 
>>  suggest they don't do X, and we're all happy.
>>  If the Army want to be morons, that's up to them, surely?
>>  ---------------------------------------------------------------------
>>  To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>  For additional commands, e-mail: legal-discuss-help@apache.org
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message