www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Odence <pode...@blackducksoftware.com>
Subject Re: Antideficiency Act
Date Fri, 16 Mar 2012 19:15:38 GMT
Sorry, I'm behind in my email and just noticed that I wasn't the first to
come across the Fierce Government IT article. I've actually written up a
little blog on the subject which should show up on opensourcedelivers.com
next week. Will let you all know.

On 3/11/12 8:30 AM, "Mark Struberg" <struberg@yahoo.de> wrote:

>Great finding, Emmanuel!
>
>And also thanks to Larry for initially bringing this 'problem' to our
>attention.
>
>
>Wouldn't that make a great blog post?
>I guess this or similar arguments are often used by companies/lobbyists
>when arguing against open source projects and for their closed source
>products. Could be good to spread the word that this is just FUD.
>
>LieGrue,
>strub
>
>
>----- Original Message -----
>> From: Emmanuel Lécharny <elecharny@gmail.com>
>> To: legal-discuss@apache.org
>> Cc: 
>> Sent: Sunday, March 11, 2012 12:21 PM
>> Subject: Re: Antideficiency Act
>> 
>> Interesting article.
>> 
>> 
>>http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-licen
>>se-indemnification-snafu/2012-03-08#ixzz1odszDpgw
>> 
>> It would be good to get the sources, of course.
>> 
>> Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
>>>  [This email is NOT confidential.]
>>> 
>>> 
>>> 
>>>  A colleague recently sent me his notes from a U.S. Department of
>>>Defense
>>>  "Open Source Software Public Meeting" last January. This meeting
>> was held
>>>  primarily to discuss with government suppliers of software the new
>>>DFARS
>>>  policies on the acquisition of open source software. I had reviewed
>>>the
>>>  DFARS document a few months earlier and expected no particular issues
>>>to
>>>  arise at the meeting. I didn't go.
>>> 
>>> 
>>> 
>>>  However, I learned later that there were several references at that
>>>meeting
>>>  to the Antideficiency Act, codified generally at 31 U.S.C. §§
>>>1341(a), 
>> 1342,
>>>  and 1517(a). These obscure (to me) statutes prohibit any government
>>>agency
>>>  from authorizing any obligation in excess of the amount appropriated
>>>unless
>>>  authorized by law.
>>> 
>>> 
>>> 
>>>  This affects Apache because of this obscure (to me) provision in
>>>Apache
>>>  License 2.0:
>>> 
>>> 
>>> 
>>>  9. Accepting Warranty or Additional Liability. While redistributing
>>>the 
>> Work
>>>  or Derivative Works thereof, You may choose to offer, and charge a
>>>fee for,
>>>  acceptance of support, warranty, indemnity, or other liability
>>>obligations
>>>  and/or rights consistent with this License. However, in accepting such
>>>  obligations, You may act only on Your own behalf and on Your sole
>>>  responsibility, not on behalf of any other Contributor, and only if
>>>You
>>>  agree to indemnify, defend, and hold each Contributor harmless for any
>>>  liability incurred by, or claims asserted against, such Contributor by
>>>  reason of your accepting any such warranty or additional liability.
>>>  [Emphasis added by underlining.]
>>> 
>>> 
>>> 
>>>  Here is how my colleague described the particular
>> "incompatibility" between
>>>  the Antideficiency Act and Apache License 2.0 that affected one of his
>>>  client's transactions:
>>> 
>>> 
>>> 
>>>  We are using certain Apache code in one of our proprietary products.
>>>The
>>>  code is subject to Apache 2.0 and we make the necessary disclosure of
>>>this
>>>  in our software license.  After reviewing the Apache 2.0 license, a
>> division
>>>  of the Army (one of our customers) believes that Section 9
>> (indemnification)
>>>  constitutes an Anti-Deficiency Act (ADA) violation and therefore has
>>>  rejected the order on grounds that it cannot accept this ADA risk.
>>>An ADA
>>>  violation arises when a Government agency makes or authorizes an
>> expenditure
>>>  or obligation of money (i) in excess of the amount available in an
>>>  appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a
>>>contract or
>>>  obligation for the payment of money before an appropriation is made,
>>>unless
>>>  authorized by law (31 USC 1341 (a)(1)(B)).  Indemnification clauses
>>>run
>>>  afoul of the ADA because the Government in essence is agreeing to an
>> unknown
>>>  monetary amount in absence of an appropriation.
>>> 
>>> 
>>> 
>>>  We have argued incessantly to the Army that we do not believe that the
>>>  indemnification clause applies to them so long as they merely use the
>>>  software program as a consumer (i.e. so long as they do not offer
>>>  warranties, indemnification, support, or other legal obligations to
>>>any
>>>  other third partiesŠ which is the case as the Army is only using the
>>>  software as a downstream consumer).  The Army, however, believes that
>>>any
>>>  contingency indemnification obligation, no matter how unlikely,
>>>constitutes
>>>  an ADA violation.  Basically the Army believes that any indemnity
>>>  obligation, no matter how remote, constitutes an obligation to commit
>>>  government funds.  Note, too, that even if we were to agree with the
>>>  Government that we would stand in the Government¹s shoes as indemnitor
>>>  (which we will not do), the Government has taken the position that
>>>even 
>> that
>>>  would not be sufficient to do away with the ADA violation risk.
>>>Short of
>>>  removing Section 9 indemnity from the Apache licenseŠ which we are
>> powerless
>>>  to do even if we wanted to, or somehow asking Apache to relax Section
>>>9
>>>  (which I do not expect Apache to do), or removing the Apache code and
>>>  replacing it with either commercially available code or our own
>>>suitable
>>>  replacement (which is possible but causes a lot of other side
>>>engineering
>>>  issues and delays), I am having trouble finding a way around the
>>>problem.
>>> 
>>> 
>>> 
>>>  In our view, the Army is taking a hyper-sensitive view of the
>>>indemnity
>>>  clause and the ADA.  They also are ignoring the fact that Apache code
>>>is
>>>  some of the most widespread code in use within the Department of
>>>Defense 
>> (if
>>>  you believe the Mitre study on this and recent reports that the DoD
>>>CIO has
>>>  put out).  One also wonders how the Government can advocate
>>>encouraging the
>>>  use of OSS within the Government when faced with intractable
>>>positions like
>>>  we are facing with the Army.   The Army attorney I am dealing with
>>>told me
>>>  that she would prefer that Apache, GPL, and others all make their OSS
>>>  licenses more ³government friendly² to avoid things like
>>>indemnification 
>> and
>>>  choice of law (i.e. substituting a particular state for governing law
>>>in
>>>  favor of federal common law).  ...  I do believe this particular wing
>>>of 
>> the
>>>  Army is taking an untenable, overly conservative view of the ADA.  My
>>>guess
>>>  is that it is not within the norm of how most government agenciesŠ
>>>civilian
>>>  and DoDŠ interpret the Apache license.
>>> 
>>> 
>>> 
>>>  One senior government official reportedly opined at the January
>>>meeting 
>> that
>>>  "contractors should not discount the possibility of negotiating
>> license
>>>  deviations from the OSS license with entities like Apache or FSF." I
>> note
>>>  this only to point out the absurdity of certain expectations about
>>>open
>>>  source. :-)
>>> 
>>> 
>>> 
>>>  Better than just yelling in frustration, though, and in the interest
>>>of
>>>  providing a sensitive and well-reasoned response to vendors hawking
>>>Apache
>>>  wares to the U.S. government, do any of you have a ready answer why
>>>our
>>>  license isn't incompatible with the Antideficiency Act that we can
>> share
>>>  with the government and on our website?
>>> 
>>> 
>>> 
>>>  /Larry
>>> 
>>> 
>>> 
>>>  bcc:
>>> 
>>> 
>>> 
>>>  Lawrence Rosen
>>> 
>>>  Rosenlaw&  Einschlag, a technology law firm (www.rosenlaw.com)
>>> 
>>>  3001 King Ranch Road, Ukiah, CA 95482
>>> 
>>>  Cell: 707-478-8932
>>> 
>>>  Apache Software Foundation, board member (www.apache.org)
>>> 
>>> 
>> 
>> 
>> -- 
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>> 
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message