www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tao Effect <cont...@taoeffect.com>
Subject Re: Serious problem with the Apache Contributor's License Agreement (CLA) v2.0
Date Tue, 17 Sep 2013 21:08:41 GMT
Two things to add to this thread while waiting for an official response:

(1) Someone messaged me off-list about this, and I'd like to quote part of my response to
them here, just in case anyone else has similar thoughts/objections:

> The patent terms are with respect to the work, which is the thing you downloaded, or
in the case of clause 5, the thing you modified. Your concern about future code changes affecting
what you contributed don't have grounds here.


This is incorrect. The "Work" is not the "thing I downloaded". Neither is the "work" the combination
of the "the thing I downloaded" with my contribution.

If that were the case, then when Numenta, or Apache, released their software ("the work")
for download and/or purchase, it would no longer be covered by the patent license, because
by that time it would no longer be "the thing I downloaded", nor would it likely even be "the
thing I downloaded" + my contributions.

Instead, at that point, it would be: "the thing I downloaded" + my contributions + X, where
X can be anything, potentially even the negation of my contributions, or even the negation
of my contributions and every single line of code that existed in the work previously (although
that would be unlikely).

Therefore, as I stated in the original email:
My concern is with the temporal definition of either "patent" or "work."

 
(2) I would like to point out that another very popular license, the Eclipse License 1.0 
has an almost identical clause related to the grant of a patent license, however they explicitly
address the scenario I'm talking about reject it within the license itself:

Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive,
worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to
sell, import and otherwise transfer the Contribution of such Contributor, if any, in source
code and object code form. This patent license shall apply to the combination of the Contribution
and the Program if, at the time the Contribution is added by the Contributor, such addition
of the Contribution causes such combination to be covered by the Licensed Patents. The patent
license shall not apply to any other combinations which include the Contribution. No hardware
per se is licensed hereunder.


- Greg Slepak

--
Please do not email me anything that you are not comfortable also sharing with the NSA.

On Sep 16, 2013, at 8:55 AM, Tao Effect <contact@taoeffect.com> wrote:

>> Not really, no. The ASF is a volunteer run not-for-profit. Our legal advice is, for
the most part, provided pro bono. It is hard, in such circumstances to give time estimates.
> 
> Understandable, thanks for the explanation.
> 
> - Greg
> 
> --
> Please do not email me anything that you are not comfortable also sharing with the NSA.
> 
> On Sep 16, 2013, at 12:53 AM, Ross Gardler <rgardler@opendirective.com> wrote:
> 
>> On 15 September 2013 14:57, Tao Effect <contact@taoeffect.com> wrote:
>>> In response to your request for a formal answer to your question. I will say,
as President of the ASF, please give us a little time to consider your comments.
>> 
>> Sure, could you please give me a ballpark figure on "a little time"?
>> 
>> Not really, no. The ASF is a volunteer run not-for-profit. Our legal advice is, for
the most part, provided pro bono. It is hard, in such circumstances to give time estimates.
>> 
>> Thanks for your patience.
>> 
>> Ross
>> 
>> 
>> 
>> It would really help me avoid unnecessarily filling people's mailboxes about this
issue.
>> 
>>> Until then it is best to assume that the referenced FAQ entry, which was written
in response to similar enquiries, remains the position of the ASF.
>> 
>> As I pointed out in the previous email, the FAQ does not address the issue that's
being raised as the FAQ is not part of the agreement(s).
>> 
>> Even if it was placed into the agreements, the FAQ is not clear in its meaning (as
I also pointed out).
>> 
>> Finally, the Apache FAQ plays zero role in the thousands(?) of AL copies & derivatives
out there. This is a big reason why urgent action from the ASF on this matter is being requested.
>> 
>> - Greg Slepak
>> 
>> --
>> Please do not email me anything that you are not comfortable also sharing with the
NSA.
>> 
>> On Sep 15, 2013, at 12:14 PM, Ross Gardler <rgardler@opendirective.com> wrote:
>> 
>>>  Hi Tao,
>>>  
>>> In response to your request for a formal answer to your question. I will say,
as President of the ASF, please give us a little time to consider your comments.
>>>  
>>> The legal documentation and structure of the ASF was created by many lawyers
and scrutinized by a great many more. The processes and documentation used here have been
approved by a representatives from many organizations that would have considered the possible
interpretation you highlight. Our formal consideration of your request needs to take this
into account.
>>>  
>>> Please remember that this is a discussion list populated by people who are not
lawyers (like me). Our Vice President of Legal Affairs is unlikely to make a statement here
without examining the details carefully. He will consider the questions you raise, will consult
with counsel if necessary and if appropriate will make a formal statement. Until then it is
best to assume that the referenced FAQ entry, which was written in response to similar enquiries,
remains the position of the ASF.
>>>  
>>> Thank you for raising your concerns. It is important that we consider all such
concerns and we can't do so unless people provide well researched and informed argument such
as your posts. Such discussion is what this list is for, I can assure you that VP Legal Affairs
is reading and considering.
>>> 
>>> Ross Gardler (@rgardler)
>>>  
>>>  
>>>  
>>>  
>>> 
>>> 
>>> On 15 September 2013 05:55, Tao Effect <contact@taoeffect.com> wrote:
>>>> And thanks for your emails.
>>> 
>>> Thanks Chris! And thanks for your reply as well!
>>> 
>>> BTW, good morning list! ^_^
>>> 
>>> Disclaimer: I haven't had my coffee yet.
>>> 
>>>> Probably in the legal definition either of a collective work (something
>>>> that incorporates your
>>>> licensed work or contribution, but in a "black box" way, by not changing
>>>> it); or a derivative
>>>> work (something that incorporates your licensed work by taking it and
>>>> directly modifying it
>>>> in some fashion). That would be my read on it.
>>> 
>>> 
>>> Oh boy. OK. I'm just going to put off addressing this for now because I don't
think we've quite reached the point where it's been proven that the FAQ matters at all. If
that is somehow proven (and I doubt that it will be), then I'll try to wrap my head around
the concepts involved here and see if the issue remains. There's still also the problem that
both our "reads"/"interpretations" of the text are just that, and the text itself is too vague
to limit itself to any one specific interpretation.
>>> 
>>>> IANAL.
>>> 
>>> K, well then are you an agent of the ASF who is authorized to make authoritative
legal interpretations of the intent/meaning of Apache's legal documents?
>>> 
>>>> It's relevant in that the ICLA is a part of the ASF, as is the FAQ that is
>>>> part of the
>>>> legal documentation of the ASF.
>>>> 
>>>> Further, http://www.apache.org/licenses/ is referenced in the ICLA, and
>>>> thus
>>>> so is the FAQ page [linked from the prior page] and thus
>>>> so is the http://www.apache.org/foundation/license-faq.html page [linked
>>>> from the prior page]
>>> 
>>> 
>>> I see multiple problems here:
>>> 
>>> - By what authority is it the case that the fact that one link was included in
the AL* (with absolutely no context for why it was included) is an indication that the agreement
being signed is not the entire agreement, and that additional parts of the agreement can be
found through any number of nested links within that link that was included?
>>> 
>>> - Through the "licenses" link I could probably reach every page on the internet.
Where is it specified what reachable links are valid and what reachable links are invalid
interpretations of the license?
>>> 
>>> - The FAQ page has been updated several times in the past, and will likely continue
to be modified in the future. Which version of the FAQ page is being agreed to by the signer
of the agreement? Is this version somehow preserved somewhere in a method that can verify
its authenticity?
>>> 
>>> This discussion also sidesteps the very serious issue of the fact that the AL's
have been copied by various organizations for their own purposes. These copies usually contain
this text verbatim, but with all the references to the ASF removed, including the (rather
useless, IMO) link to the ASF license FAQ page.
>>> 
>>> All of these copies can no longer be said to be matched to the ASF's internet/meaning,
whatever it might be. A single bad apple is all it takes to ruin it for everyone, and really
ruin it for the person who just lost all of the patent rights. If that were to happen, I can
see it potentially setting off a panicked reaction throughout the entire community.
>>> 
>>> The fact that Numenta, Inc. was able to see this problem with the AL and went
public about it sets a legal precedent that legitimizes the evil interpretation of the AL,
which can then be used in a court of law to uphold said evil interpretation.
>>> 
>>> My blog post hit the front page of Hacker News last night. Here's a link to the
comments: https://news.ycombinator.com/item?id=6387660
>>> 
>>> The comments include some interesting perspectives:
>>> 
>>> 
>>>> jwecker 11 hours ago | link | parent | flag
>>>> 
>>>> I don't believe a single stated "No" in the FAQ will be very meaningful,
except to point out that even the creators of the license failed to notice the loophole.
>>>> Edit: Also, the fact that the interpretation can exist and is in written
form is what suddenly makes it an issue, at the very least for anyone going forward. (IANAL)
>>>> 
>>> 
>>> And this one:
>>> 
>>>> 	
>>>> SEMW 11 hours ago | link
>>>> 
>>>> > many open source licenses have exactly such terms in order to fight
software patents
>>>> This misses the point. If you want an atypically wide patent grant (covering
not just patents infringed by your contributed code, but also to future contributions by other
people which infringe a patent of yours), then that should be done openly and explicitly.
Not by the backdoor with a clause that doesn't appear to do that but could be interpreted
as doing do if you took it to its logical conclusion.
>>>> 
>>>> (Though it's pretty clear that doing do wasn't actually their intention,
given their FAQ denies that interpretation - see DannyBee's post)
>>>> 
>>> 
>>> 
>>> 
>>>    —
>>> 
>>> I'm looking for a straight answer from an authorized agent of the ASF to this
question:
>>> 
>>> If the ASF does not intend to allow for the evil interpretation of their ALs
as described in these emails, then will the ASF make this clear within the text of the ALs
themselves? If not, what is the reason for the refusal to add the clarification?
>>> 
>>> Thanks,
>>> Greg Slepak
>>> 
>>> * AL = All of the Apache Licenses (CLA and otherwise) that include the questionable
patent clause.
>>> 
>>> P.S. Please forgive all typos you come across. I still haven't had my coffee
or breakfast and am getting cranky. :-p
>>> 
>>> --
>>> Please do not email me anything that you are not comfortable also sharing with
the NSA.
>>> 
>>> On Sep 14, 2013, at 10:42 PM, Chris Mattmann <mattmann@apache.org> wrote:
>>> 
>>>> Hi Greg,
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: Tao Effect <contact@taoeffect.com>
>>>> Reply-To: <legal-discuss@apache.org>
>>>> Date: Saturday, September 14, 2013 7:31 PM
>>>> To: <legal-discuss@apache.org>
>>>> Subject: Re: Serious problem with the Apache Contributor's License
>>>> Agreement (CLA) v2.0
>>>> 
>>>>> Hi Marvin,
>>>>> 
>>>>> Thanks for your reply!
>>>> 
>>>> And thanks for your emails.
>>>> 
>>>>> [..snip..]
>>>>> 
>>>>> 
>>>>> 
>>>>> Note, however, that licensable patent claims include those that you
>>>>> acquire in the
>>>>> future, as long as they read on your original contribution as made at
the
>>>>> original time.
>>>>> 
>>>>> 
>>>>> 
>>>>> This sentence is rather unclear to me. It sounds like what it's intending
>>>>> to say is that you grant a license to any future patent claims you make
>>>>> should they be based on "your original contribution"? If so, how,
>>>>> exactly, must they be "based on" it?
>>>> 
>>>> Probably in the legal definition either of a collective work (something
>>>> that incorporates your
>>>> licensed work or contribution, but in a "black box" way, by not changing
>>>> it); or a derivative
>>>> work (something that incorporates your licensed work by taking it and
>>>> directly modifying it
>>>> in some fashion). That would be my read on it. IANAL.
>>>> 
>>>>> 
>>>>> Also, this FAQ is not in any way referenced in the agreement that is
>>>>> actually signed, so I don't see how it is relevant to the discussion.
>>>> 
>>>> It's relevant in that the ICLA is a part of the ASF, as is the FAQ that is
>>>> part of the
>>>> legal documentation of the ASF.
>>>> 
>>>> Further, http://www.apache.org/licenses/ is referenced in the ICLA, and
>>>> thus
>>>> so is the FAQ page [linked from the prior page] and thus
>>>> so is the http://www.apache.org/foundation/license-faq.html page [linked
>>>> from the prior page]
>>>> 
>>>> Cheers,
>>>> Chris
>>>> 
>>>> 
>>>> 
>>>>> 
>>>>> Kind regards,
>>>>> Greg Slepak
>>>>> 
>>>>> --
>>>>> 
>>>>> Please do not email me anything that you are not comfortable also sharing
>>>>> with the NSA.
>>>>> 
>>>>> 
>>>>> On Sep 14, 2013, at 9:56 PM, Marvin Humphrey <marvin@rectangular.com>
>>>>> wrote:
>>>>> 
>>>>> 
>>>>> On Sat, Sep 14, 2013 at 4:38 PM, Tao Effect <contact@taoeffect.com>
wrote:
>>>>> 
>>>>> I recently finished a rather long exchange with Numenta, Inc. on a matter
>>>>> related to a paragraph taken from the Apache CLA v2.0.
>>>>> 
>>>>> 
>>>>> 
>>>>> For what it's worth, similar language exists in the Apache License 2.0.
>>>>> 
>>>>> [..] it appears to allow an interpretation that states that I¹m
>>>>> potentially
>>>>> giving away royalty-free licenses to all the software patent claims I
ever
>>>>> make should I make a single contribution to NuPIC, whatever it may be.
>>>>> 
>>>>> 
>>>>> 
>>>>> If I understand correctly, your concern is that once you've made a single
>>>>> contribution under an iCLA (or the ALv2), a malevolent party might
>>>>> contribute
>>>>> something to the same "Work" at some point in the future which infringes
>>>>> against an unrelated patent of yours, unfairly wresting a patent license
>>>>> from
>>>>> you.
>>>>> 
>>>>> For example:
>>>>> 
>>>>> *   An employee of Apple contributes some documentation to Dr. X's
>>>>> open-source
>>>>>   cryptography library.
>>>>> *   Dr. X subsequently adds a GUI to his cryptography library which
>>>>> utilizes
>>>>>   "slide to unlock".
>>>>> *   Dr. X has obtained a patent license from Apple for "slide to unlock".
>>>>> 
>>>>> Does that illustrate your concern accurately?  If so, I believe that
this
>>>>> FAQ
>>>>> entry is relevant:
>>>>> 
>>>>>   http://www.apache.org/foundation/license-faq.html#PatentScope
>>>>> 
>>>>>   [...]
>>>>> 
>>>>>   The only patent claims that are licensed to the ASF are those you own
>>>>> or
>>>>>   have the right to license that read on your contribution or on the
>>>>>   combination of your contribution with the specific Apache product to
>>>>> which
>>>>>   you contributed as it existed at the time of your contribution. No
>>>>>   additional patent claims become licensed as a result of subsequent
>>>>>   combinations of your contribution with any other software. Note,
>>>>> however,
>>>>>   that licensable patent claims include those that you acquire in the
>>>>>   future, as long as they read on your original contribution as made
at
>>>>> the
>>>>>   original time. [...]
>>>>> 
>>>>> Numenta discussed the matter with their legal team and decided to add
a
>>>>> few
>>>>> words to eliminate the dangerous interpretation. They announced this
via a
>>>>> blog post:
>>>>> 
>>>>> http://numenta.org/blog/2013/09/03/numenta-contributor-license-v1-1.html
>>>>> 
>>>>> 
>>>>> 
>>>>> IANAL, but my understanding is that that provision is there to guard
>>>>> against
>>>>> submarine patents.  I'd be curious whether the change described in that
>>>>> blog
>>>>> post weakens protections against contributors sneaking in technology
for
>>>>> which
>>>>> patents subsequently "surface" and for which royalties are demanded from
>>>>> end
>>>>> users.
>>>>> 
>>>>> Marvin Humphrey
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>> 
>>> 
>>> 
>> 
>> 
> 


Mime
View raw message