www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawrence Rosen" <lro...@rosenlaw.com>
Subject RE: ICLA US Government
Date Fri, 16 May 2014 04:03:01 GMT


Perhaps a sarcastic argument from me will point out the silliness of your refusal to sign
an Apache ICLA. Shall Apache users who want your public domain code simply file a Freedom
Of Information Act (FOIA) request to get it and ignore the ICLA and your department's approval
and your participation altogether? 


If your software is truly public domain, then we don't actually need you to give us your code.
 It is ours regardless of what mechanism you use to hand it over to us. [I'm not speaking
of government *confidential* code, so don't worry about my reckless grab!]


In that sense, your lawyers are right. The ICLA is a frivolity for public domain contributions.


But redundant or no, I believe I can describe Apache's mandatory procedures this way: In order
for any *individual* to become an Apache contributor, *that person* must sign an ICLA. 


This is entirely nondiscriminatory, by the way. I am a lawyer and haven't written a line of
code in years. Yet I signed an ICLA when I got here just like everybody else. And so my contributions
here, such as this email response, are licensed to Apache – and hence to you and to the
US government -- under the Apache license. This is true even if my emails quote US law, as
I occasionally do here. The fact that US law that I cite happens to be public domain is irrelevant.


The ICLA is an individual requirement for you too if you want to become an Apache contributor.


Your lawyers are making a mountain out of a molehill. Is yours the only US government department
that objects to Apache's  long-held contribution requirements? Or do we have a bigger problem
with US government agencies that we need to address more broadly?


Good luck convincing your department to follow Apache's procedures and to allow you personally
to contribute – with an ICLA. I'm certain that this will serve the national interest in
great *open source* software regardless of your lawyers' concerns about free *public domain*
code of yours that everyone already has rights to. 


I'm more than happy to speak directly with your attorneys without cluttering this list with
legal arguments. I'd like to explain how Apache and many other FOSS projects have dealt with
the "joint work" issue [17 USC 101] over the years. I might also help them understand why
Open Source Initiative, despite many requests over the years to do so, has so far refused
to certify the "public domain" as an "open source license." Encourage them to contact me directly
if they want to.




Lawrence Rosen

Rosenlaw & Einschlag ( <http://www.rosenlaw.com/> www.rosenlaw.com) 

3001 King Ranch Road, Ukiah, CA 95482

Cell: 707-478-8932   Fax: 707-485-1243


From: Evan Ward [mailto:evan.ward@nrl.navy.mil] 
Sent: Wednesday, May 14, 2014 10:02 AM
To: legal-discuss@apache.org
Subject: Re: ICLA US Government



I passed along your message to our legal department and I've included the response below.
They can provide a more detailed response sometime next week, if you would like one. From
what I understand existing Apache code + my contributions can be released under the Apache
license, but the ICLA specifically references my contributions, which by themselves can only
be released in the public domain.


On 05/13/2014 05:51 PM, Kerry Broome wrote:

Essentially we disagree with how they are interpreting the two citations. The first citation
is a memo about government employees using open source software. It has nothing to do with
government developed software. 


In the second citation, the joint work release specifically says that “the resulting work
is a “joint work” (see 17 USC § 101) which is partially copyrighted and partially public
domain and “[t]he resulting joint work as a whole is protected by the copyrights of the
non-government authors and may be released according to the terms of the original open-source
license.” However, the ICLA language says that we are granting a copyright liscense for
our portion to them, which we don’t have and cannot do. I read that statement as Apache
would have copyright over a version of their software with your code, which is correct, but
we don’t agree with the language of the ICLA on how we transfer that software to them.


The question above their URL in the FAQ under “Q: Can government employees develop software
and release it under an open source license?” specifically states our position on this.
That is, “Software developed by US federal government employees (including military personnel)
as part of their official duties is not subject to copyright protection and is considered
“public domain” (see 17 USC § 105). Public domain software can be used by anyone for
any purpose, and cannot be released under a copyright license (including typical open source
software licenses).” That’s essentially what we changed with our modified ICLA.





On 05/06/2014 07:05 PM, Lawrence Rosen wrote:

Evan Ward  <mailto:evan.ward@nrl.navy.mil> <evan.ward@nrl.navy.mil> wrote:

> After a long review by my counsel, going many levels above my head, the

> result is still the same: I am not authorized to sign the Apache ICLA.

> ...

> If Apache can accept the public domain ICLA then we can 

> put all this behind us and get back to coding.


Evan, I'm confused by this analysis. Even the Chief Information Officer of the U.S. Department
of the Navy doesn't consider public domain software a form of open source. See the memorandum
entitled "Department of the Navy Open Source Software Guidance <http://www.doncio.navy.mil/ContentView.aspx?id=312>
". Here is what it says about public domain: 


"Open Source Software: Computer software that includes source code that can be used and modified
by the user; this software has been copyrighted and includes a license agreement restricting
its use, modification, and distribution. Open Source Software is software that is copyrighted
and licensed under a license agreement that is not public domain software or freeware. The
Open Source Initiative (OSI) web site (http://opensource.org) contains more information on
open source and open source licenses." (Emphasis by underlining added.)


More particularly, I also refer your counsel to the DoD Open Source Software (OSS) FAQ <http://dodcio.defense.gov/OpenSourceSoftwareFAQ.aspx#Q:_Has_the_U.S._government_released_OSS_projects_or_improvements.3F>
, published by the CIO of the U.S. Department of Defense, which specifically authorizes government
employees to contribute code to open source software projects under the license(s) used by
the existing project(s). That FAQ explains several ways that the government's public domain
software can be contributed for FOSS, none of which involve a public domain dedication.


I'm sure the rest of the Apache community will be delighted when we can, as you say, "put
all this behind us and get back to coding." But it is your lawyers, not ours, who are standing
in the way.




-----Original Message-----
From: Evan Ward [mailto:evan.ward@nrl.navy.mil] 
Sent: Tuesday, May 6, 2014 12:26 PM
To: legal-discuss@apache.org <mailto:legal-discuss@apache.org> 
Cc: private@commons.apache.org <mailto:private@commons.apache.org> 
Subject: Re: ICLA US Government


Hi All,


After a long review by my counsel, going many levels above my head, the

result is still the same: I am not authorized to sign the Apache ICLA.

My agency decided it would not take the NSA's position that the subtlety

of it was not worth arguing over ("de minimis non curat lex").


I can still sign the modified ICLA I proposed earlier that puts all

contributions in the public domain. It seems contradictory that Apache

projects can include public domain works, but Apache will not accept a

public domain ICLA. If I post my public domain work to GitHub and an

Apache commiter commits it, then Apache finds that perfectly acceptable.

If I sign an agreement with Apache placing all of my work in the public

domain and I commit it directly to Apache, then Apache would reject it!

Which situation has less risk? If Apache can accept the public domain

ICLA then we can put all this behind us and get back to coding.


Best Regards,



On Mon 07 Apr 2014 11:28:04 AM EDT, Evan Ward wrote:


> Update: Heard back from Daniel Risacher today. Apparently the NSA had

> the same concerns we have, but decided not to argue about subtle

> differences ("de minimis non curat lex"). Still waiting to hear if this

> agency will take the same position.


> Best Regards,

> Evan


> On Thu 27 Mar 2014 03:10:55 PM EDT, Doug Cutting wrote:


>> On Thu, Mar 27, 2014 at 6:46 AM, Evan Ward < <mailto:evan.ward@nrl.navy.mil>

>> wrote:


>>> As Luc, said I can post the contributions to github (or JIRA) and make

>>> clear that the project as a whole is under the Apache License, and my

>>> patches are in the public domain. Then based on the Apache's legal FAQ

>>> and Larry's earlier comments Apache is both able and glad to accept the

>>> contributions.



>> If you can do this, then you can sign an ICLA and commit these changes

>> directly. When you attach to Jira, intentionally submitting to an

>> Apache-licensed project, you agree to the same terms as the ICLA.

>> What makes you think these are different?



>>> As I mentioned before, If someone from Apache wants to talk directly to

>>> the people here with the power to make a decision, I can provide contact

>>> information.



>> You do not need your employer's permission to sign an ICLA. You need

>> your employer's permission to contribute software under the Apache

>> License. Once you have that permission, whether you choose to attach

>> to Jira or sign an ICLA and commit directly makes no legal difference

>> to you or to your employer.


>> Doug


>> ---------------------------------------------------------------------

>> To unsubscribe, e-mail:  <mailto:legal-discuss-unsubscribe@apache.org> legal-discuss-unsubscribe@apache.org

>> For additional commands, e-mail:  <mailto:legal-discuss-help@apache.org> legal-discuss-help@apache.org





View raw message