Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: legal-discuss@apache.org
Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com
 designates 209.85.212.176 as permitted sender)
Message-ID: <4F5C8AD6.3000109@gmail.com>
Date: Sun, 11 Mar 2012 12:21:58 +0100
From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= <elecharny@gmail.com>
Reply-To: elecharny@apache.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: legal-discuss@apache.org
Subject: Re: Antideficiency Act
References: <0b0b01ccfb34$4b15c1d0$e1414570$@com>
In-Reply-To: <0b0b01ccfb34$4b15c1d0$e1414570$@com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Interesting article.

http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license-indemnification-snafu/2012-03-08#ixzz1odszDpgw

It would be good to get the sources, of course.

Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
> [This email is NOT confidential.]
>
>
>
> A colleague recently sent me his notes from a U.S. Department of Defense
> "Open Source Software Public Meeting" last January. This meeting was held
> primarily to discuss with government suppliers of software the new DFARS
> policies on the acquisition of open source software. I had reviewed the
> DFARS document a few months earlier and expected no particular issues to
> arise at the meeting. I didn't go.
>
>
>
> However, I learned later that there were several references at that meeting
> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
> and 1517(a). These obscure (to me) statutes prohibit any government agency
> from authorizing any obligation in excess of the amount appropriated unless
> authorized by law.
>
>
>
> This affects Apache because of this obscure (to me) provision in Apache
> License 2.0:
>
>
>
> 9. Accepting Warranty or Additional Liability. While redistributing the Work
> or Derivative Works thereof, You may choose to offer, and charge a fee for,
> acceptance of support, warranty, indemnity, or other liability obligations
> and/or rights consistent with this License. However, in accepting such
> obligations, You may act only on Your own behalf and on Your sole
> responsibility, not on behalf of any other Contributor, and only if You
> agree to indemnify, defend, and hold each Contributor harmless for any
> liability incurred by, or claims asserted against, such Contributor by
> reason of your accepting any such warranty or additional liability.
> [Emphasis added by underlining.]
>
>
>
> Here is how my colleague described the particular "incompatibility" between
> the Antideficiency Act and Apache License 2.0 that affected one of his
> client's transactions:
>
>
>
> We are using certain Apache code in one of our proprietary products.  The
> code is subject to Apache 2.0 and we make the necessary disclosure of this
> in our software license.  After reviewing the Apache 2.0 license, a division
> of the Army (one of our customers) believes that Section 9 (indemnification)
> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
> rejected the order on grounds that it cannot accept this ADA risk.  An ADA
> violation arises when a Government agency makes or authorizes an expenditure
> or obligation of money (i) in excess of the amount available in an
> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
> obligation for the payment of money before an appropriation is made, unless
> authorized by law (31 USC 1341 (a)(1)(B)).  Indemnification clauses run
> afoul of the ADA because the Government in essence is agreeing to an unknown
> monetary amount in absence of an appropriation.
>
>
>
> We have argued incessantly to the Army that we do not believe that the
> indemnification clause applies to them so long as they merely use the
> software program as a consumer (i.e. so long as they do not offer
> warranties, indemnification, support, or other legal obligations to any
> other third parties… which is the case as the Army is only using the
> software as a downstream consumer).  The Army, however, believes that any
> contingency indemnification obligation, no matter how unlikely, constitutes
> an ADA violation.  Basically the Army believes that any indemnity
> obligation, no matter how remote, constitutes an obligation to commit
> government funds.  Note, too, that even if we were to agree with the
> Government that we would stand in the Government’s shoes as indemnitor
> (which we will not do), the Government has taken the position that even that
> would not be sufficient to do away with the ADA violation risk.  Short of
> removing Section 9 indemnity from the Apache license… which we are powerless
> to do even if we wanted to, or somehow asking Apache to relax Section 9
> (which I do not expect Apache to do), or removing the Apache code and
> replacing it with either commercially available code or our own suitable
> replacement (which is possible but causes a lot of other side engineering
> issues and delays), I am having trouble finding a way around the problem.
>
>
>
> In our view, the Army is taking a hyper-sensitive view of the indemnity
> clause and the ADA.  They also are ignoring the fact that Apache code is
> some of the most widespread code in use within the Department of Defense (if
> you believe the Mitre study on this and recent reports that the DoD CIO has
> put out).  One also wonders how the Government can advocate encouraging the
> use of OSS within the Government when faced with intractable positions like
> we are facing with the Army.   The Army attorney I am dealing with told me
> that she would prefer that Apache, GPL, and others all make their OSS
> licenses more “government friendly” to avoid things like indemnification and
> choice of law (i.e. substituting a particular state for governing law in
> favor of federal common law).  ...  I do believe this particular wing of the
> Army is taking an untenable, overly conservative view of the ADA.  My guess
> is that it is not within the norm of how most government agencies… civilian
> and DoD… interpret the Apache license.
>
>
>
> One senior government official reportedly opined at the January meeting that
> "contractors should not discount the possibility of negotiating license
> deviations from the OSS license with entities like Apache or FSF." I note
> this only to point out the absurdity of certain expectations about open
> source. :-)
>
>
>
> Better than just yelling in frustration, though, and in the interest of
> providing a sensitive and well-reasoned response to vendors hawking Apache
> wares to the U.S. government, do any of you have a ready answer why our
> license isn't incompatible with the Antideficiency Act that we can share
> with the government and on our website?
>
>
>
> /Larry
>
>
>
> bcc:
>
>
>
> Lawrence Rosen
>
> Rosenlaw&  Einschlag, a technology law firm (www.rosenlaw.com)
>
> 3001 King Ranch Road, Ukiah, CA 95482
>
> Cell: 707-478-8932
>
> Apache Software Foundation, board member (www.apache.org)
>
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com


---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org