www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: Antideficiency Act
Date Sun, 11 Mar 2012 12:30:14 GMT
Great finding, Emmanuel!

And also thanks to Larry for initially bringing this 'problem' to our attention.

Wouldn't that make a great blog post?
I guess this or similar arguments are often used by companies/lobbyists when arguing against
open source projects and for their closed source products. Could be good to spread the word
that this is just FUD.


----- Original Message -----
> From: Emmanuel Lécharny <elecharny@gmail.com>
> To: legal-discuss@apache.org
> Cc: 
> Sent: Sunday, March 11, 2012 12:21 PM
> Subject: Re: Antideficiency Act
> Interesting article.
> http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license-indemnification-snafu/2012-03-08#ixzz1odszDpgw
> It would be good to get the sources, of course.
> Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
>>  [This email is NOT confidential.]
>>  A colleague recently sent me his notes from a U.S. Department of Defense
>>  "Open Source Software Public Meeting" last January. This meeting 
> was held
>>  primarily to discuss with government suppliers of software the new DFARS
>>  policies on the acquisition of open source software. I had reviewed the
>>  DFARS document a few months earlier and expected no particular issues to
>>  arise at the meeting. I didn't go.
>>  However, I learned later that there were several references at that meeting
>>  to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 
> 1342,
>>  and 1517(a). These obscure (to me) statutes prohibit any government agency
>>  from authorizing any obligation in excess of the amount appropriated unless
>>  authorized by law.
>>  This affects Apache because of this obscure (to me) provision in Apache
>>  License 2.0:
>>  9. Accepting Warranty or Additional Liability. While redistributing the 
> Work
>>  or Derivative Works thereof, You may choose to offer, and charge a fee for,
>>  acceptance of support, warranty, indemnity, or other liability obligations
>>  and/or rights consistent with this License. However, in accepting such
>>  obligations, You may act only on Your own behalf and on Your sole
>>  responsibility, not on behalf of any other Contributor, and only if You
>>  agree to indemnify, defend, and hold each Contributor harmless for any
>>  liability incurred by, or claims asserted against, such Contributor by
>>  reason of your accepting any such warranty or additional liability.
>>  [Emphasis added by underlining.]
>>  Here is how my colleague described the particular 
> "incompatibility" between
>>  the Antideficiency Act and Apache License 2.0 that affected one of his
>>  client's transactions:
>>  We are using certain Apache code in one of our proprietary products.  The
>>  code is subject to Apache 2.0 and we make the necessary disclosure of this
>>  in our software license.  After reviewing the Apache 2.0 license, a 
> division
>>  of the Army (one of our customers) believes that Section 9 
> (indemnification)
>>  constitutes an Anti-Deficiency Act (ADA) violation and therefore has
>>  rejected the order on grounds that it cannot accept this ADA risk.  An ADA
>>  violation arises when a Government agency makes or authorizes an 
> expenditure
>>  or obligation of money (i) in excess of the amount available in an
>>  appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
>>  obligation for the payment of money before an appropriation is made, unless
>>  authorized by law (31 USC 1341 (a)(1)(B)).  Indemnification clauses run
>>  afoul of the ADA because the Government in essence is agreeing to an 
> unknown
>>  monetary amount in absence of an appropriation.
>>  We have argued incessantly to the Army that we do not believe that the
>>  indemnification clause applies to them so long as they merely use the
>>  software program as a consumer (i.e. so long as they do not offer
>>  warranties, indemnification, support, or other legal obligations to any
>>  other third parties… which is the case as the Army is only using the
>>  software as a downstream consumer).  The Army, however, believes that any
>>  contingency indemnification obligation, no matter how unlikely, constitutes
>>  an ADA violation.  Basically the Army believes that any indemnity
>>  obligation, no matter how remote, constitutes an obligation to commit
>>  government funds.  Note, too, that even if we were to agree with the
>>  Government that we would stand in the Government’s shoes as indemnitor
>>  (which we will not do), the Government has taken the position that even 
> that
>>  would not be sufficient to do away with the ADA violation risk.  Short of
>>  removing Section 9 indemnity from the Apache license… which we are 
> powerless
>>  to do even if we wanted to, or somehow asking Apache to relax Section 9
>>  (which I do not expect Apache to do), or removing the Apache code and
>>  replacing it with either commercially available code or our own suitable
>>  replacement (which is possible but causes a lot of other side engineering
>>  issues and delays), I am having trouble finding a way around the problem.
>>  In our view, the Army is taking a hyper-sensitive view of the indemnity
>>  clause and the ADA.  They also are ignoring the fact that Apache code is
>>  some of the most widespread code in use within the Department of Defense 
> (if
>>  you believe the Mitre study on this and recent reports that the DoD CIO has
>>  put out).  One also wonders how the Government can advocate encouraging the
>>  use of OSS within the Government when faced with intractable positions like
>>  we are facing with the Army.   The Army attorney I am dealing with told me
>>  that she would prefer that Apache, GPL, and others all make their OSS
>>  licenses more “government friendly” to avoid things like indemnification 
> and
>>  choice of law (i.e. substituting a particular state for governing law in
>>  favor of federal common law).  ...  I do believe this particular wing of 
> the
>>  Army is taking an untenable, overly conservative view of the ADA.  My guess
>>  is that it is not within the norm of how most government agencies… civilian
>>  and DoD… interpret the Apache license.
>>  One senior government official reportedly opined at the January meeting 
> that
>>  "contractors should not discount the possibility of negotiating 
> license
>>  deviations from the OSS license with entities like Apache or FSF." I 
> note
>>  this only to point out the absurdity of certain expectations about open
>>  source. :-)
>>  Better than just yelling in frustration, though, and in the interest of
>>  providing a sensitive and well-reasoned response to vendors hawking Apache
>>  wares to the U.S. government, do any of you have a ready answer why our
>>  license isn't incompatible with the Antideficiency Act that we can 
> share
>>  with the government and on our website?
>>  /Larry
>>  bcc:
>>  Lawrence Rosen
>>  Rosenlaw&  Einschlag, a technology law firm (www.rosenlaw.com)
>>  3001 King Ranch Road, Ukiah, CA 95482
>>  Cell: 707-478-8932
>>  Apache Software Foundation, board member (www.apache.org)
> -- 
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message