www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven A Rowe <sar...@syr.edu>
Subject RE: Antideficiency Act
Date Tue, 06 Mar 2012 15:31:04 GMT
IANAL, but wouldn't indemnity insurance give gov't entities what they want, i.e. a fixed cost?

-----Original Message-----
From: Philip Odence [mailto:podence@blackducksoftware.com] 
Sent: Tuesday, March 06, 2012 7:19 AM
To: <legal-discuss@apache.org>
Cc: legal-discuss@apache.org; Lawrence Rosen
Subject: Re: Antideficiency Act

I was at the meeting and although there was such a naive comment made, generally I believe
the govt procurement folks understood the impracticality of negotiating OSS licenses. They
just felt caught between a rock and hard place wrt the ADA.  That said, I really don't understand
the Army's position. I'll try some of my contacts in DoD and if I can get someone to articulate
it, will report back to the list. 
Phil Odence, Black Duck Software

Sent from my iPad

On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <ben@links.org> wrote:

> On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lrosen@rosenlaw.com> wrote:
>> [This email is NOT confidential.]
>> 
>> 
>> 
>> A colleague recently sent me his notes from a U.S. Department of 
>> Defense "Open Source Software Public Meeting" last January. This 
>> meeting was held primarily to discuss with government suppliers of 
>> software the new DFARS policies on the acquisition of open source 
>> software. I had reviewed the DFARS document a few months earlier and 
>> expected no particular issues to arise at the meeting. I didn't go.
>> 
>> 
>> 
>> However, I learned later that there were several references at that 
>> meeting to the Antideficiency Act, codified generally at 31 U.S.C. ยงยง 
>> 1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit 
>> any government agency from authorizing any obligation in excess of 
>> the amount appropriated unless authorized by law.
>> 
>> 
>> 
>> This affects Apache because of this obscure (to me) provision in 
>> Apache License 2.0:
>> 
>> 
>> 
>> 9. Accepting Warranty or Additional Liability. While redistributing 
>> the Work or Derivative Works thereof, You may choose to offer, and 
>> charge a fee for, acceptance of support, warranty, indemnity, or 
>> other liability obligations and/or rights consistent with this 
>> License. However, in accepting such obligations, You may act only on 
>> Your own behalf and on Your sole responsibility, not on behalf of any 
>> other Contributor, and only if You agree to indemnify, defend, and 
>> hold each Contributor harmless for any liability incurred by, or 
>> claims asserted against, such Contributor by reason of your accepting any such warranty
or additional liability.
>> [Emphasis added by underlining.]
>> 
>> 
>> 
>> Here is how my colleague described the particular "incompatibility" 
>> between the Antideficiency Act and Apache License 2.0 that affected 
>> one of his client's transactions:
>> 
>> 
>> 
>> We are using certain Apache code in one of our proprietary products.  
>> The code is subject to Apache 2.0 and we make the necessary 
>> disclosure of this in our software license.  After reviewing the 
>> Apache 2.0 license, a division of the Army (one of our customers) 
>> believes that Section 9 (indemnification) constitutes an 
>> Anti-Deficiency Act (ADA) violation and therefore has rejected the 
>> order on grounds that it cannot accept this ADA risk.  An ADA 
>> violation arises when a Government agency makes or authorizes an 
>> expenditure or obligation of money (i) in excess of the amount 
>> available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) 
>> due to a contract or obligation for the payment of money before an 
>> appropriation is made, unless authorized by law (31 USC 1341 
>> (a)(1)(B)).  Indemnification clauses run afoul of the ADA because the Government
in essence is agreeing to an unknown monetary amount in absence of an appropriation.
>> 
>> 
>> 
>> We have argued incessantly to the Army that we do not believe that 
>> the indemnification clause applies to them so long as they merely use 
>> the software program as a consumer (i.e. so long as they do not offer 
>> warranties, indemnification, support, or other legal obligations to 
>> any other third parties. which is the case as the Army is only using 
>> the software as a downstream consumer).  The Army, however, believes 
>> that any contingency indemnification obligation, no matter how 
>> unlikely, constitutes an ADA violation.  Basically the Army believes 
>> that any indemnity obligation, no matter how remote, constitutes an 
>> obligation to commit government funds.  Note, too, that even if we 
>> were to agree with the Government that we would stand in the 
>> Government's shoes as indemnitor (which we will not do), the 
>> Government has taken the position that even that would not be 
>> sufficient to do away with the ADA violation risk.  Short of removing 
>> Section 9 indemnity from the Apache license. which we are powerless 
>> to do even if we wanted to, or somehow asking Apache to relax Section 
>> 9 (which I do not expect Apache to do), or removing the Apache code 
>> and replacing it with either commercially available code or our own 
>> suitable replacement (which is possible but causes a lot of other side engineering
issues and delays), I am having trouble finding a way around the problem.
>> 
>> 
>> 
>> In our view, the Army is taking a hyper-sensitive view of the 
>> indemnity clause and the ADA.  They also are ignoring the fact that 
>> Apache code is some of the most widespread code in use within the 
>> Department of Defense (if you believe the Mitre study on this and 
>> recent reports that the DoD CIO has put out).  One also wonders how 
>> the Government can advocate encouraging the use of OSS within the Government when
faced with intractable positions like
>> we are facing with the Army.   The Army attorney I am dealing with told me
>> that she would prefer that Apache, GPL, and others all make their OSS 
>> licenses more "government friendly" to avoid things like 
>> indemnification and choice of law (i.e. substituting a particular 
>> state for governing law in favor of federal common law).  ...  I do 
>> believe this particular wing of the Army is taking an untenable, 
>> overly conservative view of the ADA.  My guess is that it is not 
>> within the norm of how most government agencies. civilian and DoD. interpret the
Apache license.
>> 
>> 
>> 
>> One senior government official reportedly opined at the January 
>> meeting that "contractors should not discount the possibility of 
>> negotiating license deviations from the OSS license with entities 
>> like Apache or FSF." I note this only to point out the absurdity of 
>> certain expectations about open source. :-)
>> 
>> 
>> 
>> Better than just yelling in frustration, though, and in the interest 
>> of providing a sensitive and well-reasoned response to vendors 
>> hawking Apache wares to the U.S. government, do any of you have a 
>> ready answer why our license isn't incompatible with the 
>> Antideficiency Act that we can share with the government and on our website?
> 
> Well, it seems to me the licence says "you can only do X if you offer 
> indemnity", and the ADA says "you can't offer indemnity", so it seems 
> quite clear that this means the ADA says "you can't do X". So, I'd 
> suggest they don't do X, and we're all happy.
> 
> If the Army want to be morons, that's up to them, surely?
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message