www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Antideficiency Act
Date Sun, 11 Mar 2012 11:21:58 GMT
Interesting article.


It would be good to get the sources, of course.

Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
> [This email is NOT confidential.]
> A colleague recently sent me his notes from a U.S. Department of Defense
> "Open Source Software Public Meeting" last January. This meeting was held
> primarily to discuss with government suppliers of software the new DFARS
> policies on the acquisition of open source software. I had reviewed the
> DFARS document a few months earlier and expected no particular issues to
> arise at the meeting. I didn't go.
> However, I learned later that there were several references at that meeting
> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
> and 1517(a). These obscure (to me) statutes prohibit any government agency
> from authorizing any obligation in excess of the amount appropriated unless
> authorized by law.
> This affects Apache because of this obscure (to me) provision in Apache
> License 2.0:
> 9. Accepting Warranty or Additional Liability. While redistributing the Work
> or Derivative Works thereof, You may choose to offer, and charge a fee for,
> acceptance of support, warranty, indemnity, or other liability obligations
> and/or rights consistent with this License. However, in accepting such
> obligations, You may act only on Your own behalf and on Your sole
> responsibility, not on behalf of any other Contributor, and only if You
> agree to indemnify, defend, and hold each Contributor harmless for any
> liability incurred by, or claims asserted against, such Contributor by
> reason of your accepting any such warranty or additional liability.
> [Emphasis added by underlining.]
> Here is how my colleague described the particular "incompatibility" between
> the Antideficiency Act and Apache License 2.0 that affected one of his
> client's transactions:
> We are using certain Apache code in one of our proprietary products.  The
> code is subject to Apache 2.0 and we make the necessary disclosure of this
> in our software license.  After reviewing the Apache 2.0 license, a division
> of the Army (one of our customers) believes that Section 9 (indemnification)
> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
> rejected the order on grounds that it cannot accept this ADA risk.  An ADA
> violation arises when a Government agency makes or authorizes an expenditure
> or obligation of money (i) in excess of the amount available in an
> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
> obligation for the payment of money before an appropriation is made, unless
> authorized by law (31 USC 1341 (a)(1)(B)).  Indemnification clauses run
> afoul of the ADA because the Government in essence is agreeing to an unknown
> monetary amount in absence of an appropriation.
> We have argued incessantly to the Army that we do not believe that the
> indemnification clause applies to them so long as they merely use the
> software program as a consumer (i.e. so long as they do not offer
> warranties, indemnification, support, or other legal obligations to any
> other third parties… which is the case as the Army is only using the
> software as a downstream consumer).  The Army, however, believes that any
> contingency indemnification obligation, no matter how unlikely, constitutes
> an ADA violation.  Basically the Army believes that any indemnity
> obligation, no matter how remote, constitutes an obligation to commit
> government funds.  Note, too, that even if we were to agree with the
> Government that we would stand in the Government’s shoes as indemnitor
> (which we will not do), the Government has taken the position that even that
> would not be sufficient to do away with the ADA violation risk.  Short of
> removing Section 9 indemnity from the Apache license… which we are powerless
> to do even if we wanted to, or somehow asking Apache to relax Section 9
> (which I do not expect Apache to do), or removing the Apache code and
> replacing it with either commercially available code or our own suitable
> replacement (which is possible but causes a lot of other side engineering
> issues and delays), I am having trouble finding a way around the problem.
> In our view, the Army is taking a hyper-sensitive view of the indemnity
> clause and the ADA.  They also are ignoring the fact that Apache code is
> some of the most widespread code in use within the Department of Defense (if
> you believe the Mitre study on this and recent reports that the DoD CIO has
> put out).  One also wonders how the Government can advocate encouraging the
> use of OSS within the Government when faced with intractable positions like
> we are facing with the Army.   The Army attorney I am dealing with told me
> that she would prefer that Apache, GPL, and others all make their OSS
> licenses more “government friendly” to avoid things like indemnification and
> choice of law (i.e. substituting a particular state for governing law in
> favor of federal common law).  ...  I do believe this particular wing of the
> Army is taking an untenable, overly conservative view of the ADA.  My guess
> is that it is not within the norm of how most government agencies… civilian
> and DoD… interpret the Apache license.
> One senior government official reportedly opined at the January meeting that
> "contractors should not discount the possibility of negotiating license
> deviations from the OSS license with entities like Apache or FSF." I note
> this only to point out the absurdity of certain expectations about open
> source. :-)
> Better than just yelling in frustration, though, and in the interest of
> providing a sensitive and well-reasoned response to vendors hawking Apache
> wares to the U.S. government, do any of you have a ready answer why our
> license isn't incompatible with the Antideficiency Act that we can share
> with the government and on our website?
> /Larry
> bcc:
> Lawrence Rosen
> Rosenlaw&  Einschlag, a technology law firm (www.rosenlaw.com)
> 3001 King Ranch Road, Ukiah, CA 95482
> Cell: 707-478-8932
> Apache Software Foundation, board member (www.apache.org)

Emmanuel Lécharny

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message