You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Lawrence Rosen <lr...@rosenlaw.com> on 2012/03/06 01:58:48 UTC
Antideficiency Act
[This email is NOT confidential.]
A colleague recently sent me his notes from a U.S. Department of Defense
"Open Source Software Public Meeting" last January. This meeting was held
primarily to discuss with government suppliers of software the new DFARS
policies on the acquisition of open source software. I had reviewed the
DFARS document a few months earlier and expected no particular issues to
arise at the meeting. I didn't go.
However, I learned later that there were several references at that meeting
to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
and 1517(a). These obscure (to me) statutes prohibit any government agency
from authorizing any obligation in excess of the amount appropriated unless
authorized by law.
This affects Apache because of this obscure (to me) provision in Apache
License 2.0:
9. Accepting Warranty or Additional Liability. While redistributing the Work
or Derivative Works thereof, You may choose to offer, and charge a fee for,
acceptance of support, warranty, indemnity, or other liability obligations
and/or rights consistent with this License. However, in accepting such
obligations, You may act only on Your own behalf and on Your sole
responsibility, not on behalf of any other Contributor, and only if You
agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by
reason of your accepting any such warranty or additional liability.
[Emphasis added by underlining.]
Here is how my colleague described the particular "incompatibility" between
the Antideficiency Act and Apache License 2.0 that affected one of his
client's transactions:
We are using certain Apache code in one of our proprietary products. The
code is subject to Apache 2.0 and we make the necessary disclosure of this
in our software license. After reviewing the Apache 2.0 license, a division
of the Army (one of our customers) believes that Section 9 (indemnification)
constitutes an Anti-Deficiency Act (ADA) violation and therefore has
rejected the order on grounds that it cannot accept this ADA risk. An ADA
violation arises when a Government agency makes or authorizes an expenditure
or obligation of money (i) in excess of the amount available in an
appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
obligation for the payment of money before an appropriation is made, unless
authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses run
afoul of the ADA because the Government in essence is agreeing to an unknown
monetary amount in absence of an appropriation.
We have argued incessantly to the Army that we do not believe that the
indemnification clause applies to them so long as they merely use the
software program as a consumer (i.e. so long as they do not offer
warranties, indemnification, support, or other legal obligations to any
other third parties
which is the case as the Army is only using the
software as a downstream consumer). The Army, however, believes that any
contingency indemnification obligation, no matter how unlikely, constitutes
an ADA violation. Basically the Army believes that any indemnity
obligation, no matter how remote, constitutes an obligation to commit
government funds. Note, too, that even if we were to agree with the
Government that we would stand in the Governments shoes as indemnitor
(which we will not do), the Government has taken the position that even that
would not be sufficient to do away with the ADA violation risk. Short of
removing Section 9 indemnity from the Apache license
which we are powerless
to do even if we wanted to, or somehow asking Apache to relax Section 9
(which I do not expect Apache to do), or removing the Apache code and
replacing it with either commercially available code or our own suitable
replacement (which is possible but causes a lot of other side engineering
issues and delays), I am having trouble finding a way around the problem.
In our view, the Army is taking a hyper-sensitive view of the indemnity
clause and the ADA. They also are ignoring the fact that Apache code is
some of the most widespread code in use within the Department of Defense (if
you believe the Mitre study on this and recent reports that the DoD CIO has
put out). One also wonders how the Government can advocate encouraging the
use of OSS within the Government when faced with intractable positions like
we are facing with the Army. The Army attorney I am dealing with told me
that she would prefer that Apache, GPL, and others all make their OSS
licenses more government friendly to avoid things like indemnification and
choice of law (i.e. substituting a particular state for governing law in
favor of federal common law). ... I do believe this particular wing of the
Army is taking an untenable, overly conservative view of the ADA. My guess
is that it is not within the norm of how most government agencies
civilian
and DoD
interpret the Apache license.
One senior government official reportedly opined at the January meeting that
"contractors should not discount the possibility of negotiating license
deviations from the OSS license with entities like Apache or FSF." I note
this only to point out the absurdity of certain expectations about open
source. :-)
Better than just yelling in frustration, though, and in the interest of
providing a sensitive and well-reasoned response to vendors hawking Apache
wares to the U.S. government, do any of you have a ready answer why our
license isn't incompatible with the Antideficiency Act that we can share
with the government and on our website?
/Larry
bcc:
Lawrence Rosen
Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com)
3001 King Ranch Road, Ukiah, CA 95482
Cell: 707-478-8932
Apache Software Foundation, board member (www.apache.org)
Re: Antideficiency Act
Posted by Philip Odence <po...@blackducksoftware.com>.
Sorry, I'm behind in my email and just noticed that I wasn't the first to
come across the Fierce Government IT article. I've actually written up a
little blog on the subject which should show up on opensourcedelivers.com
next week. Will let you all know.
On 3/11/12 8:30 AM, "Mark Struberg" <st...@yahoo.de> wrote:
>Great finding, Emmanuel!
>
>And also thanks to Larry for initially bringing this 'problem' to our
>attention.
>
>
>Wouldn't that make a great blog post?
>I guess this or similar arguments are often used by companies/lobbyists
>when arguing against open source projects and for their closed source
>products. Could be good to spread the word that this is just FUD.
>
>LieGrue,
>strub
>
>
>----- Original Message -----
>> From: Emmanuel Lécharny <el...@gmail.com>
>> To: legal-discuss@apache.org
>> Cc:
>> Sent: Sunday, March 11, 2012 12:21 PM
>> Subject: Re: Antideficiency Act
>>
>> Interesting article.
>>
>>
>>http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-licen
>>se-indemnification-snafu/2012-03-08#ixzz1odszDpgw
>>
>> It would be good to get the sources, of course.
>>
>> Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
>>> [This email is NOT confidential.]
>>>
>>>
>>>
>>> A colleague recently sent me his notes from a U.S. Department of
>>>Defense
>>> "Open Source Software Public Meeting" last January. This meeting
>> was held
>>> primarily to discuss with government suppliers of software the new
>>>DFARS
>>> policies on the acquisition of open source software. I had reviewed
>>>the
>>> DFARS document a few months earlier and expected no particular issues
>>>to
>>> arise at the meeting. I didn't go.
>>>
>>>
>>>
>>> However, I learned later that there were several references at that
>>>meeting
>>> to the Antideficiency Act, codified generally at 31 U.S.C. §§
>>>1341(a),
>> 1342,
>>> and 1517(a). These obscure (to me) statutes prohibit any government
>>>agency
>>> from authorizing any obligation in excess of the amount appropriated
>>>unless
>>> authorized by law.
>>>
>>>
>>>
>>> This affects Apache because of this obscure (to me) provision in
>>>Apache
>>> License 2.0:
>>>
>>>
>>>
>>> 9. Accepting Warranty or Additional Liability. While redistributing
>>>the
>> Work
>>> or Derivative Works thereof, You may choose to offer, and charge a
>>>fee for,
>>> acceptance of support, warranty, indemnity, or other liability
>>>obligations
>>> and/or rights consistent with this License. However, in accepting such
>>> obligations, You may act only on Your own behalf and on Your sole
>>> responsibility, not on behalf of any other Contributor, and only if
>>>You
>>> agree to indemnify, defend, and hold each Contributor harmless for any
>>> liability incurred by, or claims asserted against, such Contributor by
>>> reason of your accepting any such warranty or additional liability.
>>> [Emphasis added by underlining.]
>>>
>>>
>>>
>>> Here is how my colleague described the particular
>> "incompatibility" between
>>> the Antideficiency Act and Apache License 2.0 that affected one of his
>>> client's transactions:
>>>
>>>
>>>
>>> We are using certain Apache code in one of our proprietary products.
>>>The
>>> code is subject to Apache 2.0 and we make the necessary disclosure of
>>>this
>>> in our software license. After reviewing the Apache 2.0 license, a
>> division
>>> of the Army (one of our customers) believes that Section 9
>> (indemnification)
>>> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
>>> rejected the order on grounds that it cannot accept this ADA risk.
>>>An ADA
>>> violation arises when a Government agency makes or authorizes an
>> expenditure
>>> or obligation of money (i) in excess of the amount available in an
>>> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a
>>>contract or
>>> obligation for the payment of money before an appropriation is made,
>>>unless
>>> authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses
>>>run
>>> afoul of the ADA because the Government in essence is agreeing to an
>> unknown
>>> monetary amount in absence of an appropriation.
>>>
>>>
>>>
>>> We have argued incessantly to the Army that we do not believe that the
>>> indemnification clause applies to them so long as they merely use the
>>> software program as a consumer (i.e. so long as they do not offer
>>> warranties, indemnification, support, or other legal obligations to
>>>any
>>> other third partiesŠ which is the case as the Army is only using the
>>> software as a downstream consumer). The Army, however, believes that
>>>any
>>> contingency indemnification obligation, no matter how unlikely,
>>>constitutes
>>> an ADA violation. Basically the Army believes that any indemnity
>>> obligation, no matter how remote, constitutes an obligation to commit
>>> government funds. Note, too, that even if we were to agree with the
>>> Government that we would stand in the Government¹s shoes as indemnitor
>>> (which we will not do), the Government has taken the position that
>>>even
>> that
>>> would not be sufficient to do away with the ADA violation risk.
>>>Short of
>>> removing Section 9 indemnity from the Apache licenseŠ which we are
>> powerless
>>> to do even if we wanted to, or somehow asking Apache to relax Section
>>>9
>>> (which I do not expect Apache to do), or removing the Apache code and
>>> replacing it with either commercially available code or our own
>>>suitable
>>> replacement (which is possible but causes a lot of other side
>>>engineering
>>> issues and delays), I am having trouble finding a way around the
>>>problem.
>>>
>>>
>>>
>>> In our view, the Army is taking a hyper-sensitive view of the
>>>indemnity
>>> clause and the ADA. They also are ignoring the fact that Apache code
>>>is
>>> some of the most widespread code in use within the Department of
>>>Defense
>> (if
>>> you believe the Mitre study on this and recent reports that the DoD
>>>CIO has
>>> put out). One also wonders how the Government can advocate
>>>encouraging the
>>> use of OSS within the Government when faced with intractable
>>>positions like
>>> we are facing with the Army. The Army attorney I am dealing with
>>>told me
>>> that she would prefer that Apache, GPL, and others all make their OSS
>>> licenses more ³government friendly² to avoid things like
>>>indemnification
>> and
>>> choice of law (i.e. substituting a particular state for governing law
>>>in
>>> favor of federal common law). ... I do believe this particular wing
>>>of
>> the
>>> Army is taking an untenable, overly conservative view of the ADA. My
>>>guess
>>> is that it is not within the norm of how most government agenciesŠ
>>>civilian
>>> and DoDŠ interpret the Apache license.
>>>
>>>
>>>
>>> One senior government official reportedly opined at the January
>>>meeting
>> that
>>> "contractors should not discount the possibility of negotiating
>> license
>>> deviations from the OSS license with entities like Apache or FSF." I
>> note
>>> this only to point out the absurdity of certain expectations about
>>>open
>>> source. :-)
>>>
>>>
>>>
>>> Better than just yelling in frustration, though, and in the interest
>>>of
>>> providing a sensitive and well-reasoned response to vendors hawking
>>>Apache
>>> wares to the U.S. government, do any of you have a ready answer why
>>>our
>>> license isn't incompatible with the Antideficiency Act that we can
>> share
>>> with the government and on our website?
>>>
>>>
>>>
>>> /Larry
>>>
>>>
>>>
>>> bcc:
>>>
>>>
>>>
>>> Lawrence Rosen
>>>
>>> Rosenlaw& Einschlag, a technology law firm (www.rosenlaw.com)
>>>
>>> 3001 King Ranch Road, Ukiah, CA 95482
>>>
>>> Cell: 707-478-8932
>>>
>>> Apache Software Foundation, board member (www.apache.org)
>>>
>>>
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Mark Struberg <st...@yahoo.de>.
Great finding, Emmanuel!
And also thanks to Larry for initially bringing this 'problem' to our attention.
Wouldn't that make a great blog post?
I guess this or similar arguments are often used by companies/lobbyists when arguing against open source projects and for their closed source products. Could be good to spread the word that this is just FUD.
LieGrue,
strub
----- Original Message -----
> From: Emmanuel Lécharny <el...@gmail.com>
> To: legal-discuss@apache.org
> Cc:
> Sent: Sunday, March 11, 2012 12:21 PM
> Subject: Re: Antideficiency Act
>
> Interesting article.
>
> http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license-indemnification-snafu/2012-03-08#ixzz1odszDpgw
>
> It would be good to get the sources, of course.
>
> Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
>> [This email is NOT confidential.]
>>
>>
>>
>> A colleague recently sent me his notes from a U.S. Department of Defense
>> "Open Source Software Public Meeting" last January. This meeting
> was held
>> primarily to discuss with government suppliers of software the new DFARS
>> policies on the acquisition of open source software. I had reviewed the
>> DFARS document a few months earlier and expected no particular issues to
>> arise at the meeting. I didn't go.
>>
>>
>>
>> However, I learned later that there were several references at that meeting
>> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a),
> 1342,
>> and 1517(a). These obscure (to me) statutes prohibit any government agency
>> from authorizing any obligation in excess of the amount appropriated unless
>> authorized by law.
>>
>>
>>
>> This affects Apache because of this obscure (to me) provision in Apache
>> License 2.0:
>>
>>
>>
>> 9. Accepting Warranty or Additional Liability. While redistributing the
> Work
>> or Derivative Works thereof, You may choose to offer, and charge a fee for,
>> acceptance of support, warranty, indemnity, or other liability obligations
>> and/or rights consistent with this License. However, in accepting such
>> obligations, You may act only on Your own behalf and on Your sole
>> responsibility, not on behalf of any other Contributor, and only if You
>> agree to indemnify, defend, and hold each Contributor harmless for any
>> liability incurred by, or claims asserted against, such Contributor by
>> reason of your accepting any such warranty or additional liability.
>> [Emphasis added by underlining.]
>>
>>
>>
>> Here is how my colleague described the particular
> "incompatibility" between
>> the Antideficiency Act and Apache License 2.0 that affected one of his
>> client's transactions:
>>
>>
>>
>> We are using certain Apache code in one of our proprietary products. The
>> code is subject to Apache 2.0 and we make the necessary disclosure of this
>> in our software license. After reviewing the Apache 2.0 license, a
> division
>> of the Army (one of our customers) believes that Section 9
> (indemnification)
>> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
>> rejected the order on grounds that it cannot accept this ADA risk. An ADA
>> violation arises when a Government agency makes or authorizes an
> expenditure
>> or obligation of money (i) in excess of the amount available in an
>> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
>> obligation for the payment of money before an appropriation is made, unless
>> authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses run
>> afoul of the ADA because the Government in essence is agreeing to an
> unknown
>> monetary amount in absence of an appropriation.
>>
>>
>>
>> We have argued incessantly to the Army that we do not believe that the
>> indemnification clause applies to them so long as they merely use the
>> software program as a consumer (i.e. so long as they do not offer
>> warranties, indemnification, support, or other legal obligations to any
>> other third parties… which is the case as the Army is only using the
>> software as a downstream consumer). The Army, however, believes that any
>> contingency indemnification obligation, no matter how unlikely, constitutes
>> an ADA violation. Basically the Army believes that any indemnity
>> obligation, no matter how remote, constitutes an obligation to commit
>> government funds. Note, too, that even if we were to agree with the
>> Government that we would stand in the Government’s shoes as indemnitor
>> (which we will not do), the Government has taken the position that even
> that
>> would not be sufficient to do away with the ADA violation risk. Short of
>> removing Section 9 indemnity from the Apache license… which we are
> powerless
>> to do even if we wanted to, or somehow asking Apache to relax Section 9
>> (which I do not expect Apache to do), or removing the Apache code and
>> replacing it with either commercially available code or our own suitable
>> replacement (which is possible but causes a lot of other side engineering
>> issues and delays), I am having trouble finding a way around the problem.
>>
>>
>>
>> In our view, the Army is taking a hyper-sensitive view of the indemnity
>> clause and the ADA. They also are ignoring the fact that Apache code is
>> some of the most widespread code in use within the Department of Defense
> (if
>> you believe the Mitre study on this and recent reports that the DoD CIO has
>> put out). One also wonders how the Government can advocate encouraging the
>> use of OSS within the Government when faced with intractable positions like
>> we are facing with the Army. The Army attorney I am dealing with told me
>> that she would prefer that Apache, GPL, and others all make their OSS
>> licenses more “government friendly” to avoid things like indemnification
> and
>> choice of law (i.e. substituting a particular state for governing law in
>> favor of federal common law). ... I do believe this particular wing of
> the
>> Army is taking an untenable, overly conservative view of the ADA. My guess
>> is that it is not within the norm of how most government agencies… civilian
>> and DoD… interpret the Apache license.
>>
>>
>>
>> One senior government official reportedly opined at the January meeting
> that
>> "contractors should not discount the possibility of negotiating
> license
>> deviations from the OSS license with entities like Apache or FSF." I
> note
>> this only to point out the absurdity of certain expectations about open
>> source. :-)
>>
>>
>>
>> Better than just yelling in frustration, though, and in the interest of
>> providing a sensitive and well-reasoned response to vendors hawking Apache
>> wares to the U.S. government, do any of you have a ready answer why our
>> license isn't incompatible with the Antideficiency Act that we can
> share
>> with the government and on our website?
>>
>>
>>
>> /Larry
>>
>>
>>
>> bcc:
>>
>>
>>
>> Lawrence Rosen
>>
>> Rosenlaw& Einschlag, a technology law firm (www.rosenlaw.com)
>>
>> 3001 King Ranch Road, Ukiah, CA 95482
>>
>> Cell: 707-478-8932
>>
>> Apache Software Foundation, board member (www.apache.org)
>>
>>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Emmanuel Lécharny <el...@gmail.com>.
Interesting article.
http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license-indemnification-snafu/2012-03-08#ixzz1odszDpgw
It would be good to get the sources, of course.
Le 3/6/12 1:58 AM, Lawrence Rosen a écrit :
> [This email is NOT confidential.]
>
>
>
> A colleague recently sent me his notes from a U.S. Department of Defense
> "Open Source Software Public Meeting" last January. This meeting was held
> primarily to discuss with government suppliers of software the new DFARS
> policies on the acquisition of open source software. I had reviewed the
> DFARS document a few months earlier and expected no particular issues to
> arise at the meeting. I didn't go.
>
>
>
> However, I learned later that there were several references at that meeting
> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
> and 1517(a). These obscure (to me) statutes prohibit any government agency
> from authorizing any obligation in excess of the amount appropriated unless
> authorized by law.
>
>
>
> This affects Apache because of this obscure (to me) provision in Apache
> License 2.0:
>
>
>
> 9. Accepting Warranty or Additional Liability. While redistributing the Work
> or Derivative Works thereof, You may choose to offer, and charge a fee for,
> acceptance of support, warranty, indemnity, or other liability obligations
> and/or rights consistent with this License. However, in accepting such
> obligations, You may act only on Your own behalf and on Your sole
> responsibility, not on behalf of any other Contributor, and only if You
> agree to indemnify, defend, and hold each Contributor harmless for any
> liability incurred by, or claims asserted against, such Contributor by
> reason of your accepting any such warranty or additional liability.
> [Emphasis added by underlining.]
>
>
>
> Here is how my colleague described the particular "incompatibility" between
> the Antideficiency Act and Apache License 2.0 that affected one of his
> client's transactions:
>
>
>
> We are using certain Apache code in one of our proprietary products. The
> code is subject to Apache 2.0 and we make the necessary disclosure of this
> in our software license. After reviewing the Apache 2.0 license, a division
> of the Army (one of our customers) believes that Section 9 (indemnification)
> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
> rejected the order on grounds that it cannot accept this ADA risk. An ADA
> violation arises when a Government agency makes or authorizes an expenditure
> or obligation of money (i) in excess of the amount available in an
> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
> obligation for the payment of money before an appropriation is made, unless
> authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses run
> afoul of the ADA because the Government in essence is agreeing to an unknown
> monetary amount in absence of an appropriation.
>
>
>
> We have argued incessantly to the Army that we do not believe that the
> indemnification clause applies to them so long as they merely use the
> software program as a consumer (i.e. so long as they do not offer
> warranties, indemnification, support, or other legal obligations to any
> other third parties… which is the case as the Army is only using the
> software as a downstream consumer). The Army, however, believes that any
> contingency indemnification obligation, no matter how unlikely, constitutes
> an ADA violation. Basically the Army believes that any indemnity
> obligation, no matter how remote, constitutes an obligation to commit
> government funds. Note, too, that even if we were to agree with the
> Government that we would stand in the Government’s shoes as indemnitor
> (which we will not do), the Government has taken the position that even that
> would not be sufficient to do away with the ADA violation risk. Short of
> removing Section 9 indemnity from the Apache license… which we are powerless
> to do even if we wanted to, or somehow asking Apache to relax Section 9
> (which I do not expect Apache to do), or removing the Apache code and
> replacing it with either commercially available code or our own suitable
> replacement (which is possible but causes a lot of other side engineering
> issues and delays), I am having trouble finding a way around the problem.
>
>
>
> In our view, the Army is taking a hyper-sensitive view of the indemnity
> clause and the ADA. They also are ignoring the fact that Apache code is
> some of the most widespread code in use within the Department of Defense (if
> you believe the Mitre study on this and recent reports that the DoD CIO has
> put out). One also wonders how the Government can advocate encouraging the
> use of OSS within the Government when faced with intractable positions like
> we are facing with the Army. The Army attorney I am dealing with told me
> that she would prefer that Apache, GPL, and others all make their OSS
> licenses more “government friendly” to avoid things like indemnification and
> choice of law (i.e. substituting a particular state for governing law in
> favor of federal common law). ... I do believe this particular wing of the
> Army is taking an untenable, overly conservative view of the ADA. My guess
> is that it is not within the norm of how most government agencies… civilian
> and DoD… interpret the Apache license.
>
>
>
> One senior government official reportedly opined at the January meeting that
> "contractors should not discount the possibility of negotiating license
> deviations from the OSS license with entities like Apache or FSF." I note
> this only to point out the absurdity of certain expectations about open
> source. :-)
>
>
>
> Better than just yelling in frustration, though, and in the interest of
> providing a sensitive and well-reasoned response to vendors hawking Apache
> wares to the U.S. government, do any of you have a ready answer why our
> license isn't incompatible with the Antideficiency Act that we can share
> with the government and on our website?
>
>
>
> /Larry
>
>
>
> bcc:
>
>
>
> Lawrence Rosen
>
> Rosenlaw& Einschlag, a technology law firm (www.rosenlaw.com)
>
> 3001 King Ranch Road, Ukiah, CA 95482
>
> Cell: 707-478-8932
>
> Apache Software Foundation, board member (www.apache.org)
>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Jim Jagielski <ji...@jaguNET.com>.
On Mar 16, 2012, at 8:53 AM, Philip Odence wrote:
> Evidently that Army Material Command has come to its senses:
> http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license-indemnification-snafu/2012-03-08
>
Yeppers.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Philip Odence <po...@blackducksoftware.com>.
Evidently that Army Material Command has come to its senses:
http://www.fiercegovernmentit.com/story/army-lawyers-dismiss-apache-license
-indemnification-snafu/2012-03-08
On 3/6/12 10:37 AM, "Mark Struberg" <st...@yahoo.de> wrote:
>Well, they already get it at a fixed cost: 0.00 $
>
>Seriously, it might be as easy as just a political/lobby originated
>bullying game...
>
>To me it feels very logical that quite a few commercial vendors are using
>their political influences to push such arguing behind the scene.
>
>LieGrue,
>strub
>
>
>----- Original Message -----
>> From: Steven A Rowe <sa...@syr.edu>
>> To: "legal-discuss@apache.org" <le...@apache.org>
>> Cc:
>> Sent: Tuesday, March 6, 2012 4:31 PM
>> Subject: RE: Antideficiency Act
>>
>> IANAL, but wouldn't indemnity insurance give gov't entities what they
>> want, i.e. a fixed cost?
>>
>> -----Original Message-----
>> From: Philip Odence [mailto:podence@blackducksoftware.com]
>> Sent: Tuesday, March 06, 2012 7:19 AM
>> To: <le...@apache.org>
>> Cc: legal-discuss@apache.org; Lawrence Rosen
>> Subject: Re: Antideficiency Act
>>
>> I was at the meeting and although there was such a naive comment made,
>>generally
>> I believe the govt procurement folks understood the impracticality of
>> negotiating OSS licenses. They just felt caught between a rock and hard
>>place
>> wrt the ADA. That said, I really don't understand the Army's position.
>> I'll try some of my contacts in DoD and if I can get someone to
>>articulate
>> it, will report back to the list.
>> Phil Odence, Black Duck Software
>>
>> Sent from my iPad
>>
>> On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <be...@links.org> wrote:
>>
>>> On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lr...@rosenlaw.com>
>> wrote:
>>>> [This email is NOT confidential.]
>>>>
>>>>
>>>>
>>>> A colleague recently sent me his notes from a U.S. Department of
>>>> Defense "Open Source Software Public Meeting" last January.
>> This
>>>> meeting was held primarily to discuss with government suppliers of
>>>> software the new DFARS policies on the acquisition of open source
>>>> software. I had reviewed the DFARS document a few months earlier and
>>>> expected no particular issues to arise at the meeting. I didn't go.
>>>>
>>>>
>>>>
>>>> However, I learned later that there were several references at that
>>>> meeting to the Antideficiency Act, codified generally at 31 U.S.C.
>>>>§§
>>>> 1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit
>>>> any government agency from authorizing any obligation in excess of
>>>> the amount appropriated unless authorized by law.
>>>>
>>>>
>>>>
>>>> This affects Apache because of this obscure (to me) provision in
>>>> Apache License 2.0:
>>>>
>>>>
>>>>
>>>> 9. Accepting Warranty or Additional Liability. While redistributing
>>>> the Work or Derivative Works thereof, You may choose to offer, and
>>>> charge a fee for, acceptance of support, warranty, indemnity, or
>>>> other liability obligations and/or rights consistent with this
>>>> License. However, in accepting such obligations, You may act only on
>>>> Your own behalf and on Your sole responsibility, not on behalf of
>>>>any
>>>> other Contributor, and only if You agree to indemnify, defend, and
>>>> hold each Contributor harmless for any liability incurred by, or
>>>> claims asserted against, such Contributor by reason of your
>>>>accepting
>> any such warranty or additional liability.
>>>> [Emphasis added by underlining.]
>>>>
>>>>
>>>>
>>>> Here is how my colleague described the particular
>> "incompatibility"
>>>> between the Antideficiency Act and Apache License 2.0 that affected
>>>> one of his client's transactions:
>>>>
>>>>
>>>>
>>>> We are using certain Apache code in one of our proprietary products.
>>>>
>>>> The code is subject to Apache 2.0 and we make the necessary
>>>> disclosure of this in our software license. After reviewing the
>>>> Apache 2.0 license, a division of the Army (one of our customers)
>>>> believes that Section 9 (indemnification) constitutes an
>>>> Anti-Deficiency Act (ADA) violation and therefore has rejected the
>>>> order on grounds that it cannot accept this ADA risk. An ADA
>>>> violation arises when a Government agency makes or authorizes an
>>>> expenditure or obligation of money (i) in excess of the amount
>>>> available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii)
>>>> due to a contract or obligation for the payment of money before an
>>>> appropriation is made, unless authorized by law (31 USC 1341
>>>> (a)(1)(B)). Indemnification clauses run afoul of the ADA because
>>>>the
>> Government in essence is agreeing to an unknown monetary amount in
>>absence of an
>> appropriation.
>>>>
>>>>
>>>>
>>>> We have argued incessantly to the Army that we do not believe that
>>>> the indemnification clause applies to them so long as they merely
>>>>use
>>>> the software program as a consumer (i.e. so long as they do not
>>>>offer
>>>> warranties, indemnification, support, or other legal obligations to
>>>> any other third parties. which is the case as the Army is only using
>>>> the software as a downstream consumer). The Army, however, believes
>>>> that any contingency indemnification obligation, no matter how
>>>> unlikely, constitutes an ADA violation. Basically the Army believes
>>>> that any indemnity obligation, no matter how remote, constitutes an
>>>> obligation to commit government funds. Note, too, that even if we
>>>> were to agree with the Government that we would stand in the
>>>> Government's shoes as indemnitor (which we will not do), the
>>>> Government has taken the position that even that would not be
>>>> sufficient to do away with the ADA violation risk. Short of
>>>>removing
>>>> Section 9 indemnity from the Apache license. which we are powerless
>>>> to do even if we wanted to, or somehow asking Apache to relax
>>>>Section
>>>> 9 (which I do not expect Apache to do), or removing the Apache code
>>>> and replacing it with either commercially available code or our own
>>>> suitable replacement (which is possible but causes a lot of other
>>>>side
>> engineering issues and delays), I am having trouble finding a way
>>around the
>> problem.
>>>>
>>>>
>>>>
>>>> In our view, the Army is taking a hyper-sensitive view of the
>>>> indemnity clause and the ADA. They also are ignoring the fact that
>>>> Apache code is some of the most widespread code in use within the
>>>> Department of Defense (if you believe the Mitre study on this and
>>>> recent reports that the DoD CIO has put out). One also wonders how
>>>> the Government can advocate encouraging the use of OSS within the
>> Government when faced with intractable positions like
>>>> we are facing with the Army. The Army attorney I am dealing with
>>>>told
>> me
>>>> that she would prefer that Apache, GPL, and others all make their
>>>>OSS
>>>> licenses more "government friendly" to avoid things like
>>>> indemnification and choice of law (i.e. substituting a particular
>>>> state for governing law in favor of federal common law). ... I do
>>>> believe this particular wing of the Army is taking an untenable,
>>>> overly conservative view of the ADA. My guess is that it is not
>>>> within the norm of how most government agencies. civilian and DoD.
>> interpret the Apache license.
>>>>
>>>>
>>>>
>>>> One senior government official reportedly opined at the January
>>>> meeting that "contractors should not discount the possibility of
>>>> negotiating license deviations from the OSS license with entities
>>>> like Apache or FSF." I note this only to point out the absurdity
>> of
>>>> certain expectations about open source. :-)
>>>>
>>>>
>>>>
>>>> Better than just yelling in frustration, though, and in the interest
>>>> of providing a sensitive and well-reasoned response to vendors
>>>> hawking Apache wares to the U.S. government, do any of you have a
>>>> ready answer why our license isn't incompatible with the
>>>> Antideficiency Act that we can share with the government and on our
>> website?
>>>
>>> Well, it seems to me the licence says "you can only do X if you offer
>>> indemnity", and the ADA says "you can't offer
>> indemnity", so it seems
>>> quite clear that this means the ADA says "you can't do X".
>> So, I'd
>>> suggest they don't do X, and we're all happy.
>>>
>>> If the Army want to be morons, that's up to them, surely?
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>>> For additional commands, e-mail: legal-discuss-help@apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Mark Struberg <st...@yahoo.de>.
Well, they already get it at a fixed cost: 0.00 $
Seriously, it might be as easy as just a political/lobby originated bullying game...
To me it feels very logical that quite a few commercial vendors are using their political influences to push such arguing behind the scene.
LieGrue,
strub
----- Original Message -----
> From: Steven A Rowe <sa...@syr.edu>
> To: "legal-discuss@apache.org" <le...@apache.org>
> Cc:
> Sent: Tuesday, March 6, 2012 4:31 PM
> Subject: RE: Antideficiency Act
>
> IANAL, but wouldn't indemnity insurance give gov't entities what they
> want, i.e. a fixed cost?
>
> -----Original Message-----
> From: Philip Odence [mailto:podence@blackducksoftware.com]
> Sent: Tuesday, March 06, 2012 7:19 AM
> To: <le...@apache.org>
> Cc: legal-discuss@apache.org; Lawrence Rosen
> Subject: Re: Antideficiency Act
>
> I was at the meeting and although there was such a naive comment made, generally
> I believe the govt procurement folks understood the impracticality of
> negotiating OSS licenses. They just felt caught between a rock and hard place
> wrt the ADA. That said, I really don't understand the Army's position.
> I'll try some of my contacts in DoD and if I can get someone to articulate
> it, will report back to the list.
> Phil Odence, Black Duck Software
>
> Sent from my iPad
>
> On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <be...@links.org> wrote:
>
>> On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lr...@rosenlaw.com>
> wrote:
>>> [This email is NOT confidential.]
>>>
>>>
>>>
>>> A colleague recently sent me his notes from a U.S. Department of
>>> Defense "Open Source Software Public Meeting" last January.
> This
>>> meeting was held primarily to discuss with government suppliers of
>>> software the new DFARS policies on the acquisition of open source
>>> software. I had reviewed the DFARS document a few months earlier and
>>> expected no particular issues to arise at the meeting. I didn't go.
>>>
>>>
>>>
>>> However, I learned later that there were several references at that
>>> meeting to the Antideficiency Act, codified generally at 31 U.S.C. §§
>>> 1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit
>>> any government agency from authorizing any obligation in excess of
>>> the amount appropriated unless authorized by law.
>>>
>>>
>>>
>>> This affects Apache because of this obscure (to me) provision in
>>> Apache License 2.0:
>>>
>>>
>>>
>>> 9. Accepting Warranty or Additional Liability. While redistributing
>>> the Work or Derivative Works thereof, You may choose to offer, and
>>> charge a fee for, acceptance of support, warranty, indemnity, or
>>> other liability obligations and/or rights consistent with this
>>> License. However, in accepting such obligations, You may act only on
>>> Your own behalf and on Your sole responsibility, not on behalf of any
>>> other Contributor, and only if You agree to indemnify, defend, and
>>> hold each Contributor harmless for any liability incurred by, or
>>> claims asserted against, such Contributor by reason of your accepting
> any such warranty or additional liability.
>>> [Emphasis added by underlining.]
>>>
>>>
>>>
>>> Here is how my colleague described the particular
> "incompatibility"
>>> between the Antideficiency Act and Apache License 2.0 that affected
>>> one of his client's transactions:
>>>
>>>
>>>
>>> We are using certain Apache code in one of our proprietary products.
>>> The code is subject to Apache 2.0 and we make the necessary
>>> disclosure of this in our software license. After reviewing the
>>> Apache 2.0 license, a division of the Army (one of our customers)
>>> believes that Section 9 (indemnification) constitutes an
>>> Anti-Deficiency Act (ADA) violation and therefore has rejected the
>>> order on grounds that it cannot accept this ADA risk. An ADA
>>> violation arises when a Government agency makes or authorizes an
>>> expenditure or obligation of money (i) in excess of the amount
>>> available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii)
>>> due to a contract or obligation for the payment of money before an
>>> appropriation is made, unless authorized by law (31 USC 1341
>>> (a)(1)(B)). Indemnification clauses run afoul of the ADA because the
> Government in essence is agreeing to an unknown monetary amount in absence of an
> appropriation.
>>>
>>>
>>>
>>> We have argued incessantly to the Army that we do not believe that
>>> the indemnification clause applies to them so long as they merely use
>>> the software program as a consumer (i.e. so long as they do not offer
>>> warranties, indemnification, support, or other legal obligations to
>>> any other third parties. which is the case as the Army is only using
>>> the software as a downstream consumer). The Army, however, believes
>>> that any contingency indemnification obligation, no matter how
>>> unlikely, constitutes an ADA violation. Basically the Army believes
>>> that any indemnity obligation, no matter how remote, constitutes an
>>> obligation to commit government funds. Note, too, that even if we
>>> were to agree with the Government that we would stand in the
>>> Government's shoes as indemnitor (which we will not do), the
>>> Government has taken the position that even that would not be
>>> sufficient to do away with the ADA violation risk. Short of removing
>>> Section 9 indemnity from the Apache license. which we are powerless
>>> to do even if we wanted to, or somehow asking Apache to relax Section
>>> 9 (which I do not expect Apache to do), or removing the Apache code
>>> and replacing it with either commercially available code or our own
>>> suitable replacement (which is possible but causes a lot of other side
> engineering issues and delays), I am having trouble finding a way around the
> problem.
>>>
>>>
>>>
>>> In our view, the Army is taking a hyper-sensitive view of the
>>> indemnity clause and the ADA. They also are ignoring the fact that
>>> Apache code is some of the most widespread code in use within the
>>> Department of Defense (if you believe the Mitre study on this and
>>> recent reports that the DoD CIO has put out). One also wonders how
>>> the Government can advocate encouraging the use of OSS within the
> Government when faced with intractable positions like
>>> we are facing with the Army. The Army attorney I am dealing with told
> me
>>> that she would prefer that Apache, GPL, and others all make their OSS
>>> licenses more "government friendly" to avoid things like
>>> indemnification and choice of law (i.e. substituting a particular
>>> state for governing law in favor of federal common law). ... I do
>>> believe this particular wing of the Army is taking an untenable,
>>> overly conservative view of the ADA. My guess is that it is not
>>> within the norm of how most government agencies. civilian and DoD.
> interpret the Apache license.
>>>
>>>
>>>
>>> One senior government official reportedly opined at the January
>>> meeting that "contractors should not discount the possibility of
>>> negotiating license deviations from the OSS license with entities
>>> like Apache or FSF." I note this only to point out the absurdity
> of
>>> certain expectations about open source. :-)
>>>
>>>
>>>
>>> Better than just yelling in frustration, though, and in the interest
>>> of providing a sensitive and well-reasoned response to vendors
>>> hawking Apache wares to the U.S. government, do any of you have a
>>> ready answer why our license isn't incompatible with the
>>> Antideficiency Act that we can share with the government and on our
> website?
>>
>> Well, it seems to me the licence says "you can only do X if you offer
>> indemnity", and the ADA says "you can't offer
> indemnity", so it seems
>> quite clear that this means the ADA says "you can't do X".
> So, I'd
>> suggest they don't do X, and we're all happy.
>>
>> If the Army want to be morons, that's up to them, surely?
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
>> For additional commands, e-mail: legal-discuss-help@apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
RE: Antideficiency Act
Posted by Steven A Rowe <sa...@syr.edu>.
IANAL, but wouldn't indemnity insurance give gov't entities what they want, i.e. a fixed cost?
-----Original Message-----
From: Philip Odence [mailto:podence@blackducksoftware.com]
Sent: Tuesday, March 06, 2012 7:19 AM
To: <le...@apache.org>
Cc: legal-discuss@apache.org; Lawrence Rosen
Subject: Re: Antideficiency Act
I was at the meeting and although there was such a naive comment made, generally I believe the govt procurement folks understood the impracticality of negotiating OSS licenses. They just felt caught between a rock and hard place wrt the ADA. That said, I really don't understand the Army's position. I'll try some of my contacts in DoD and if I can get someone to articulate it, will report back to the list.
Phil Odence, Black Duck Software
Sent from my iPad
On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <be...@links.org> wrote:
> On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lr...@rosenlaw.com> wrote:
>> [This email is NOT confidential.]
>>
>>
>>
>> A colleague recently sent me his notes from a U.S. Department of
>> Defense "Open Source Software Public Meeting" last January. This
>> meeting was held primarily to discuss with government suppliers of
>> software the new DFARS policies on the acquisition of open source
>> software. I had reviewed the DFARS document a few months earlier and
>> expected no particular issues to arise at the meeting. I didn't go.
>>
>>
>>
>> However, I learned later that there were several references at that
>> meeting to the Antideficiency Act, codified generally at 31 U.S.C. §§
>> 1341(a), 1342, and 1517(a). These obscure (to me) statutes prohibit
>> any government agency from authorizing any obligation in excess of
>> the amount appropriated unless authorized by law.
>>
>>
>>
>> This affects Apache because of this obscure (to me) provision in
>> Apache License 2.0:
>>
>>
>>
>> 9. Accepting Warranty or Additional Liability. While redistributing
>> the Work or Derivative Works thereof, You may choose to offer, and
>> charge a fee for, acceptance of support, warranty, indemnity, or
>> other liability obligations and/or rights consistent with this
>> License. However, in accepting such obligations, You may act only on
>> Your own behalf and on Your sole responsibility, not on behalf of any
>> other Contributor, and only if You agree to indemnify, defend, and
>> hold each Contributor harmless for any liability incurred by, or
>> claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
>> [Emphasis added by underlining.]
>>
>>
>>
>> Here is how my colleague described the particular "incompatibility"
>> between the Antideficiency Act and Apache License 2.0 that affected
>> one of his client's transactions:
>>
>>
>>
>> We are using certain Apache code in one of our proprietary products.
>> The code is subject to Apache 2.0 and we make the necessary
>> disclosure of this in our software license. After reviewing the
>> Apache 2.0 license, a division of the Army (one of our customers)
>> believes that Section 9 (indemnification) constitutes an
>> Anti-Deficiency Act (ADA) violation and therefore has rejected the
>> order on grounds that it cannot accept this ADA risk. An ADA
>> violation arises when a Government agency makes or authorizes an
>> expenditure or obligation of money (i) in excess of the amount
>> available in an appropriation or fund (31 USC 1341(a)(1)(A)) or (ii)
>> due to a contract or obligation for the payment of money before an
>> appropriation is made, unless authorized by law (31 USC 1341
>> (a)(1)(B)). Indemnification clauses run afoul of the ADA because the Government in essence is agreeing to an unknown monetary amount in absence of an appropriation.
>>
>>
>>
>> We have argued incessantly to the Army that we do not believe that
>> the indemnification clause applies to them so long as they merely use
>> the software program as a consumer (i.e. so long as they do not offer
>> warranties, indemnification, support, or other legal obligations to
>> any other third parties. which is the case as the Army is only using
>> the software as a downstream consumer). The Army, however, believes
>> that any contingency indemnification obligation, no matter how
>> unlikely, constitutes an ADA violation. Basically the Army believes
>> that any indemnity obligation, no matter how remote, constitutes an
>> obligation to commit government funds. Note, too, that even if we
>> were to agree with the Government that we would stand in the
>> Government's shoes as indemnitor (which we will not do), the
>> Government has taken the position that even that would not be
>> sufficient to do away with the ADA violation risk. Short of removing
>> Section 9 indemnity from the Apache license. which we are powerless
>> to do even if we wanted to, or somehow asking Apache to relax Section
>> 9 (which I do not expect Apache to do), or removing the Apache code
>> and replacing it with either commercially available code or our own
>> suitable replacement (which is possible but causes a lot of other side engineering issues and delays), I am having trouble finding a way around the problem.
>>
>>
>>
>> In our view, the Army is taking a hyper-sensitive view of the
>> indemnity clause and the ADA. They also are ignoring the fact that
>> Apache code is some of the most widespread code in use within the
>> Department of Defense (if you believe the Mitre study on this and
>> recent reports that the DoD CIO has put out). One also wonders how
>> the Government can advocate encouraging the use of OSS within the Government when faced with intractable positions like
>> we are facing with the Army. The Army attorney I am dealing with told me
>> that she would prefer that Apache, GPL, and others all make their OSS
>> licenses more "government friendly" to avoid things like
>> indemnification and choice of law (i.e. substituting a particular
>> state for governing law in favor of federal common law). ... I do
>> believe this particular wing of the Army is taking an untenable,
>> overly conservative view of the ADA. My guess is that it is not
>> within the norm of how most government agencies. civilian and DoD. interpret the Apache license.
>>
>>
>>
>> One senior government official reportedly opined at the January
>> meeting that "contractors should not discount the possibility of
>> negotiating license deviations from the OSS license with entities
>> like Apache or FSF." I note this only to point out the absurdity of
>> certain expectations about open source. :-)
>>
>>
>>
>> Better than just yelling in frustration, though, and in the interest
>> of providing a sensitive and well-reasoned response to vendors
>> hawking Apache wares to the U.S. government, do any of you have a
>> ready answer why our license isn't incompatible with the
>> Antideficiency Act that we can share with the government and on our website?
>
> Well, it seems to me the licence says "you can only do X if you offer
> indemnity", and the ADA says "you can't offer indemnity", so it seems
> quite clear that this means the ADA says "you can't do X". So, I'd
> suggest they don't do X, and we're all happy.
>
> If the Army want to be morons, that's up to them, surely?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Philip Odence <po...@blackducksoftware.com>.
I was at the meeting and although there was such a naive comment made, generally I believe the govt procurement folks understood the impracticality of negotiating OSS licenses. They just felt caught between a rock and hard place wrt the ADA. That said, I really don't understand the Army's position. I'll try some of my contacts in DoD and if I can get someone to articulate it, will report back to the list.
Phil Odence, Black Duck Software
Sent from my iPad
On Mar 6, 2012, at 5:23 AM, "Ben Laurie" <be...@links.org> wrote:
> On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lr...@rosenlaw.com> wrote:
>> [This email is NOT confidential.]
>>
>>
>>
>> A colleague recently sent me his notes from a U.S. Department of Defense
>> "Open Source Software Public Meeting" last January. This meeting was held
>> primarily to discuss with government suppliers of software the new DFARS
>> policies on the acquisition of open source software. I had reviewed the
>> DFARS document a few months earlier and expected no particular issues to
>> arise at the meeting. I didn't go.
>>
>>
>>
>> However, I learned later that there were several references at that meeting
>> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
>> and 1517(a). These obscure (to me) statutes prohibit any government agency
>> from authorizing any obligation in excess of the amount appropriated unless
>> authorized by law.
>>
>>
>>
>> This affects Apache because of this obscure (to me) provision in Apache
>> License 2.0:
>>
>>
>>
>> 9. Accepting Warranty or Additional Liability. While redistributing the Work
>> or Derivative Works thereof, You may choose to offer, and charge a fee for,
>> acceptance of support, warranty, indemnity, or other liability obligations
>> and/or rights consistent with this License. However, in accepting such
>> obligations, You may act only on Your own behalf and on Your sole
>> responsibility, not on behalf of any other Contributor, and only if You
>> agree to indemnify, defend, and hold each Contributor harmless for any
>> liability incurred by, or claims asserted against, such Contributor by
>> reason of your accepting any such warranty or additional liability.
>> [Emphasis added by underlining.]
>>
>>
>>
>> Here is how my colleague described the particular "incompatibility" between
>> the Antideficiency Act and Apache License 2.0 that affected one of his
>> client's transactions:
>>
>>
>>
>> We are using certain Apache code in one of our proprietary products. The
>> code is subject to Apache 2.0 and we make the necessary disclosure of this
>> in our software license. After reviewing the Apache 2.0 license, a division
>> of the Army (one of our customers) believes that Section 9 (indemnification)
>> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
>> rejected the order on grounds that it cannot accept this ADA risk. An ADA
>> violation arises when a Government agency makes or authorizes an expenditure
>> or obligation of money (i) in excess of the amount available in an
>> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
>> obligation for the payment of money before an appropriation is made, unless
>> authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses run
>> afoul of the ADA because the Government in essence is agreeing to an unknown
>> monetary amount in absence of an appropriation.
>>
>>
>>
>> We have argued incessantly to the Army that we do not believe that the
>> indemnification clause applies to them so long as they merely use the
>> software program as a consumer (i.e. so long as they do not offer
>> warranties, indemnification, support, or other legal obligations to any
>> other third parties… which is the case as the Army is only using the
>> software as a downstream consumer). The Army, however, believes that any
>> contingency indemnification obligation, no matter how unlikely, constitutes
>> an ADA violation. Basically the Army believes that any indemnity
>> obligation, no matter how remote, constitutes an obligation to commit
>> government funds. Note, too, that even if we were to agree with the
>> Government that we would stand in the Government’s shoes as indemnitor
>> (which we will not do), the Government has taken the position that even that
>> would not be sufficient to do away with the ADA violation risk. Short of
>> removing Section 9 indemnity from the Apache license… which we are powerless
>> to do even if we wanted to, or somehow asking Apache to relax Section 9
>> (which I do not expect Apache to do), or removing the Apache code and
>> replacing it with either commercially available code or our own suitable
>> replacement (which is possible but causes a lot of other side engineering
>> issues and delays), I am having trouble finding a way around the problem.
>>
>>
>>
>> In our view, the Army is taking a hyper-sensitive view of the indemnity
>> clause and the ADA. They also are ignoring the fact that Apache code is
>> some of the most widespread code in use within the Department of Defense (if
>> you believe the Mitre study on this and recent reports that the DoD CIO has
>> put out). One also wonders how the Government can advocate encouraging the
>> use of OSS within the Government when faced with intractable positions like
>> we are facing with the Army. The Army attorney I am dealing with told me
>> that she would prefer that Apache, GPL, and others all make their OSS
>> licenses more “government friendly” to avoid things like indemnification and
>> choice of law (i.e. substituting a particular state for governing law in
>> favor of federal common law). ... I do believe this particular wing of the
>> Army is taking an untenable, overly conservative view of the ADA. My guess
>> is that it is not within the norm of how most government agencies… civilian
>> and DoD… interpret the Apache license.
>>
>>
>>
>> One senior government official reportedly opined at the January meeting that
>> "contractors should not discount the possibility of negotiating license
>> deviations from the OSS license with entities like Apache or FSF." I note
>> this only to point out the absurdity of certain expectations about open
>> source. :-)
>>
>>
>>
>> Better than just yelling in frustration, though, and in the interest of
>> providing a sensitive and well-reasoned response to vendors hawking Apache
>> wares to the U.S. government, do any of you have a ready answer why our
>> license isn't incompatible with the Antideficiency Act that we can share
>> with the government and on our website?
>
> Well, it seems to me the licence says "you can only do X if you offer
> indemnity", and the ADA says "you can't offer indemnity", so it seems
> quite clear that this means the ADA says "you can't do X". So, I'd
> suggest they don't do X, and we're all happy.
>
> If the Army want to be morons, that's up to them, surely?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org
Re: Antideficiency Act
Posted by Ben Laurie <be...@links.org>.
On Tue, Mar 6, 2012 at 12:58 AM, Lawrence Rosen <lr...@rosenlaw.com> wrote:
> [This email is NOT confidential.]
>
>
>
> A colleague recently sent me his notes from a U.S. Department of Defense
> "Open Source Software Public Meeting" last January. This meeting was held
> primarily to discuss with government suppliers of software the new DFARS
> policies on the acquisition of open source software. I had reviewed the
> DFARS document a few months earlier and expected no particular issues to
> arise at the meeting. I didn't go.
>
>
>
> However, I learned later that there were several references at that meeting
> to the Antideficiency Act, codified generally at 31 U.S.C. §§ 1341(a), 1342,
> and 1517(a). These obscure (to me) statutes prohibit any government agency
> from authorizing any obligation in excess of the amount appropriated unless
> authorized by law.
>
>
>
> This affects Apache because of this obscure (to me) provision in Apache
> License 2.0:
>
>
>
> 9. Accepting Warranty or Additional Liability. While redistributing the Work
> or Derivative Works thereof, You may choose to offer, and charge a fee for,
> acceptance of support, warranty, indemnity, or other liability obligations
> and/or rights consistent with this License. However, in accepting such
> obligations, You may act only on Your own behalf and on Your sole
> responsibility, not on behalf of any other Contributor, and only if You
> agree to indemnify, defend, and hold each Contributor harmless for any
> liability incurred by, or claims asserted against, such Contributor by
> reason of your accepting any such warranty or additional liability.
> [Emphasis added by underlining.]
>
>
>
> Here is how my colleague described the particular "incompatibility" between
> the Antideficiency Act and Apache License 2.0 that affected one of his
> client's transactions:
>
>
>
> We are using certain Apache code in one of our proprietary products. The
> code is subject to Apache 2.0 and we make the necessary disclosure of this
> in our software license. After reviewing the Apache 2.0 license, a division
> of the Army (one of our customers) believes that Section 9 (indemnification)
> constitutes an Anti-Deficiency Act (ADA) violation and therefore has
> rejected the order on grounds that it cannot accept this ADA risk. An ADA
> violation arises when a Government agency makes or authorizes an expenditure
> or obligation of money (i) in excess of the amount available in an
> appropriation or fund (31 USC 1341(a)(1)(A)) or (ii) due to a contract or
> obligation for the payment of money before an appropriation is made, unless
> authorized by law (31 USC 1341 (a)(1)(B)). Indemnification clauses run
> afoul of the ADA because the Government in essence is agreeing to an unknown
> monetary amount in absence of an appropriation.
>
>
>
> We have argued incessantly to the Army that we do not believe that the
> indemnification clause applies to them so long as they merely use the
> software program as a consumer (i.e. so long as they do not offer
> warranties, indemnification, support, or other legal obligations to any
> other third parties… which is the case as the Army is only using the
> software as a downstream consumer). The Army, however, believes that any
> contingency indemnification obligation, no matter how unlikely, constitutes
> an ADA violation. Basically the Army believes that any indemnity
> obligation, no matter how remote, constitutes an obligation to commit
> government funds. Note, too, that even if we were to agree with the
> Government that we would stand in the Government’s shoes as indemnitor
> (which we will not do), the Government has taken the position that even that
> would not be sufficient to do away with the ADA violation risk. Short of
> removing Section 9 indemnity from the Apache license… which we are powerless
> to do even if we wanted to, or somehow asking Apache to relax Section 9
> (which I do not expect Apache to do), or removing the Apache code and
> replacing it with either commercially available code or our own suitable
> replacement (which is possible but causes a lot of other side engineering
> issues and delays), I am having trouble finding a way around the problem.
>
>
>
> In our view, the Army is taking a hyper-sensitive view of the indemnity
> clause and the ADA. They also are ignoring the fact that Apache code is
> some of the most widespread code in use within the Department of Defense (if
> you believe the Mitre study on this and recent reports that the DoD CIO has
> put out). One also wonders how the Government can advocate encouraging the
> use of OSS within the Government when faced with intractable positions like
> we are facing with the Army. The Army attorney I am dealing with told me
> that she would prefer that Apache, GPL, and others all make their OSS
> licenses more “government friendly” to avoid things like indemnification and
> choice of law (i.e. substituting a particular state for governing law in
> favor of federal common law). ... I do believe this particular wing of the
> Army is taking an untenable, overly conservative view of the ADA. My guess
> is that it is not within the norm of how most government agencies… civilian
> and DoD… interpret the Apache license.
>
>
>
> One senior government official reportedly opined at the January meeting that
> "contractors should not discount the possibility of negotiating license
> deviations from the OSS license with entities like Apache or FSF." I note
> this only to point out the absurdity of certain expectations about open
> source. :-)
>
>
>
> Better than just yelling in frustration, though, and in the interest of
> providing a sensitive and well-reasoned response to vendors hawking Apache
> wares to the U.S. government, do any of you have a ready answer why our
> license isn't incompatible with the Antideficiency Act that we can share
> with the government and on our website?
Well, it seems to me the licence says "you can only do X if you offer
indemnity", and the ADA says "you can't offer indemnity", so it seems
quite clear that this means the ADA says "you can't do X". So, I'd
suggest they don't do X, and we're all happy.
If the Army want to be morons, that's up to them, surely?
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org