www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Odence <pode...@blackducksoftware.com>
Subject Re: Antideficiency Act
Date Fri, 16 Mar 2012 12:53:44 GMT
Evidently that Army Material Command has come to its senses:

On 3/6/12 10:37 AM, "Mark Struberg" <struberg@yahoo.de> wrote:

>Well, they already get it at a fixed cost: 0.00 $
>Seriously, it might be as easy as just a political/lobby originated
>bullying game...
>To me it feels very logical that quite a few commercial vendors are using
>their political influences to push such arguing behind the scene.
>----- Original Message -----
>> From: Steven A Rowe <sarowe@syr.edu>
>> To: "legal-discuss@apache.org" <legal-discuss@apache.org>
>> Cc: 
>> Sent: Tuesday, March 6, 2012 4:31 PM
>> Subject: RE: Antideficiency Act
>> IANAL, but wouldn't indemnity insurance give gov't entities what they
>> want, i.e. a fixed cost?
>> -----Original Message-----
>> From: Philip Odence [mailto:podence@blackducksoftware.com]
>> Sent: Tuesday, March 06, 2012 7:19 AM
>> To: <legal-discuss@apache.org>
>> Cc: legal-discuss@apache.org; Lawrence Rosen
>> Subject: Re: Antideficiency Act
>> I was at the meeting and although there was such a naive comment made,
>> I believe the govt procurement folks understood the impracticality of
>> negotiating OSS licenses. They just felt caught between a rock and hard
>> wrt the ADA.  That said, I really don't understand the Army's position.
>> I'll try some of my contacts in DoD and if I can get someone to
>> it, will report back to the list.
>> Phil Odence, Black Duck Software
>> Sent from my iPad
>> On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <ben@links.org> wrote:
>>>  On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lrosen@rosenlaw.com>
>> wrote:
>>>>  [This email is NOT confidential.]
>>>>  A colleague recently sent me his notes from a U.S. Department of
>>>>  Defense "Open Source Software Public Meeting" last January.
>> This 
>>>>  meeting was held primarily to discuss with government suppliers of
>>>>  software the new DFARS policies on the acquisition of open source
>>>>  software. I had reviewed the DFARS document a few months earlier and
>>>>  expected no particular issues to arise at the meeting. I didn't go.
>>>>  However, I learned later that there were several references at that
>>>>  meeting to the Antideficiency Act, codified generally at 31 U.S.C.
>>>>  1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit
>>>>  any government agency from authorizing any obligation in excess of
>>>>  the amount appropriated unless authorized by law.
>>>>  This affects Apache because of this obscure (to me) provision in
>>>>  Apache License 2.0:
>>>>  9. Accepting Warranty or Additional Liability. While redistributing
>>>>  the Work or Derivative Works thereof, You may choose to offer, and
>>>>  charge a fee for, acceptance of support, warranty, indemnity, or
>>>>  other liability obligations and/or rights consistent with this
>>>>  License. However, in accepting such obligations, You may act only on
>>>>  Your own behalf and on Your sole responsibility, not on behalf of
>>>>  other Contributor, and only if You agree to indemnify, defend, and
>>>>  hold each Contributor harmless for any liability incurred by, or
>>>>  claims asserted against, such Contributor by reason of your
>> any such warranty or additional liability.
>>>>  [Emphasis added by underlining.]
>>>>  Here is how my colleague described the particular
>> "incompatibility"
>>>>  between the Antideficiency Act and Apache License 2.0 that affected
>>>>  one of his client's transactions:
>>>>  We are using certain Apache code in one of our proprietary products.
>>>>  The code is subject to Apache 2.0 and we make the necessary
>>>>  disclosure of this in our software license.  After reviewing the
>>>>  Apache 2.0 license, a division of the Army (one of our customers)
>>>>  believes that Section 9 (indemnification) constitutes an
>>>>  Anti-Deficiency Act (ADA) violation and therefore has rejected the
>>>>  order on grounds that it cannot accept this ADA risk.  An ADA
>>>>  violation arises when a Government agency makes or authorizes an
>>>>  expenditure or obligation of money (i) in excess of the amount
>>>>  available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii)
>>>>  due to a contract or obligation for the payment of money before an
>>>>  appropriation is made, unless authorized by law (31 USC 1341
>>>>  (a)(1)(B)).  Indemnification clauses run afoul of the ADA because
>> Government in essence is agreeing to an unknown monetary amount in
>>absence of an 
>> appropriation.
>>>>  We have argued incessantly to the Army that we do not believe that
>>>>  the indemnification clause applies to them so long as they merely
>>>>  the software program as a consumer (i.e. so long as they do not
>>>>  warranties, indemnification, support, or other legal obligations to
>>>>  any other third parties. which is the case as the Army is only using
>>>>  the software as a downstream consumer).  The Army, however, believes
>>>>  that any contingency indemnification obligation, no matter how
>>>>  unlikely, constitutes an ADA violation.  Basically the Army believes
>>>>  that any indemnity obligation, no matter how remote, constitutes an
>>>>  obligation to commit government funds.  Note, too, that even if we
>>>>  were to agree with the Government that we would stand in the
>>>>  Government's shoes as indemnitor (which we will not do), the
>>>>  Government has taken the position that even that would not be
>>>>  sufficient to do away with the ADA violation risk.  Short of
>>>>  Section 9 indemnity from the Apache license. which we are powerless
>>>>  to do even if we wanted to, or somehow asking Apache to relax
>>>>  9 (which I do not expect Apache to do), or removing the Apache code
>>>>  and replacing it with either commercially available code or our own
>>>>  suitable replacement (which is possible but causes a lot of other
>> engineering issues and delays), I am having trouble finding a way
>>around the 
>> problem.
>>>>  In our view, the Army is taking a hyper-sensitive view of the
>>>>  indemnity clause and the ADA.  They also are ignoring the fact that
>>>>  Apache code is some of the most widespread code in use within the
>>>>  Department of Defense (if you believe the Mitre study on this and
>>>>  recent reports that the DoD CIO has put out).  One also wonders how
>>>>  the Government can advocate encouraging the use of OSS within the
>> Government when faced with intractable positions like
>>>>  we are facing with the Army.   The Army attorney I am dealing with
>> me
>>>>  that she would prefer that Apache, GPL, and others all make their
>>>>  licenses more "government friendly" to avoid things like
>>>>  indemnification and choice of law (i.e. substituting a particular
>>>>  state for governing law in favor of federal common law).  ...  I do
>>>>  believe this particular wing of the Army is taking an untenable,
>>>>  overly conservative view of the ADA.  My guess is that it is not
>>>>  within the norm of how most government agencies. civilian and DoD.
>> interpret the Apache license.
>>>>  One senior government official reportedly opined at the January
>>>>  meeting that "contractors should not discount the possibility of
>>>>  negotiating license deviations from the OSS license with entities
>>>>  like Apache or FSF." I note this only to point out the absurdity
>> of 
>>>>  certain expectations about open source. :-)
>>>>  Better than just yelling in frustration, though, and in the interest
>>>>  of providing a sensitive and well-reasoned response to vendors
>>>>  hawking Apache wares to the U.S. government, do any of you have a
>>>>  ready answer why our license isn't incompatible with the
>>>>  Antideficiency Act that we can share with the government and on our
>> website?
>>>  Well, it seems to me the licence says "you can only do X if you offer
>>>  indemnity", and the ADA says "you can't offer
>> indemnity", so it seems
>>>  quite clear that this means the ADA says "you can't do X".
>> So, I'd 
>>>  suggest they don't do X, and we're all happy.
>>>  If the Army want to be morons, that's up to them, surely?
>>>  ---------------------------------------------------------------------
>>>  To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>  For additional commands, e-mail: legal-discuss-help@apache.org
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message