Tagged:Law

The End of An Awesome Growing Season

P1040206

The last fresh tomatoes of the season were greatly enjoyed (typically, we have fresh tomatoes in the fridge ’til early December, but this year’s weather was crazy, so we have to call an end to the season earlier than normal, sad as it is).

Apologies on the light posting, in general. It turns out, legal work subject to confidentiality obligations makes for bad blog fodder — and, I am blessed to have more legal work than I can handle.

But rest assured. The Tech. The Law. The Garden. They are all my continued passions. And I’m enjoying and interested in following and influencing how all of them are playing out in today’s world.

Indemnities — Boring, But Important

If there’s one topic that’s guaranteed to make my clients’ eyes glaze over, it’s indemnities. My clients will fight to the death regarding the business points that they believe are important. But, often, by the time we get to Section 18 on page 13, they’re ready to mentally check out of the conference call and leave the lawyers to fight about the legalese.

From a legal fee standpoint, this isn’t a great idea — Lawyers can fight all day about just about anything, but especially about indemnities, because, truly, they’re just risk shifting. There is no “right” or “wrong.”

Just think of an indemnity as insurance, without a premium — Great to have one in your favor, not so great to be offering one to the other party.

When someone says, “You should indemnify us for all claims related to your breach, or your negligence” what they’re really saying is, “I don’t want to have to prove that you were in breach or that you were negligent. If it looks like you might be, I want you to be on the hook. And, I don’t want you to have any defenses or arguments about why it’s not your fault or problem.”

Here’s a hypothetical example:

Startup is running a software as a service and offers access to their service via an API. Big Company wants to wrap the API’s functionality into their product or service and offer it to their end users.

The indemnity issues *really* matter:

1. Who should be on the hook if the end users breach the end user terms of service? (e.g. what if the end users break the law? Shouldn’t that be the end users’ problem? Does it make sense to have one company responsible for all legal costs and damages associated with end users’ actions? If so, which company? Big Company will try to make certain it is Startup.)

2. Who should be on the hook for a patent lawsuit regarding the combination of the API’s functionality with the other side’s functionality? (In the absence of an indemnity, the liability would be shared. But Big Company’s default form will try to make it entirely Startup’s issue.)

3. Who should be on the hook for changes in the law that require changes to the software/service? (Again, this is an ordinary risk of doing business that all companies face. But Big Company will try to push the entirety of this risk and all associated costs on to Startup.)

The biggest issue with an indemnity, however, is that unless drafted narrowly, it will cover *all* claims, regardless of their value. So, if a malicious, false, and/or vindictive claim is filed, the indemnifying party is still on the hook. An indemitor can end up insuring against the defense and settlement of claims filed by the indemnitee’s enemies or folks looking to go after deep pockets for a quick settlement.

As a final risk, many General Liability insurance policies explicitly carve out indemnity obligations from “insured contracts.” I always advise my clients to check with their insurance brokers to find out if they are accepting un-insured liability by taking on an indemnity obligation. At a minimum, the increased premiums required to accept such a clause (if you can get coverage) can be a useful bargaining chip when discussing whether an indemnity is “standard” or “required” or “normal.”

The anti-NDA

In the last two weeks, I’ve seen a surprising glut of Non-Disclosure Agreements that were exactly the *opposite* of what my clients expected to see.

What to do I mean?

I mean, these NDAs all had express permissions for the receiving party to use or disclose the information they receive in the course of their business. In other words, these contracts had the standard confidentiality obligations one would expect to see in an NDA but then also included some carve-outs. However, the effect of the carve-outs was so big that they turned the NDA on its head.

Essentially, August 2011 has been the month where the big company form Non-Dislcosure Agreements I received morphed into a Permission to Compete With My Client (By Using Their Disclosures) Agreement.

In several cases, given the business realities and the difficulty of getting big company legal time to review my edits, I recommended that my clients refuse to sign and limit their disclosure to only those things they’d feel comfortable disclosing without an NDA.

Thankfully, this approach worked against several large companies. Apparently, the message that’s been conveyed to the random middle/high-level project/product manager at several Fortune 50 Companies is: “Get ’em to sign our terrible form if you can. If not, don’t sign anything, but have a limited meeting anyways.”

This is a shift for me. Historically, my experience with large companies was that they wanted you to sign their form before the meeting, no matter what. Several years ago, however, their forms weren’t draconion permission to compete agreements with free perpetual non-assert clauses (I’m not exaggerating, one form I received included an non-assert clause for all IP rights associated with everything disclosed by my client in connection with the agreement).

Moral of the story? NDAs, while typically boilerplate and uninteresting, can occasionally contain provisions that give up the ghost. My August clients are very happy they were safer rather than sorrier (and several reported back with entertaining tales of embarrassing their business counterparts at the big companies when they pointed out why they just couldn’t sign the new version of Fortune 50 company’s NDA)

A Novel Open Source License

I’m in London, finishing up a European vacation with a visit to a couple of clients for work before heading back to Silicon Valley.

Today, one client’s CEO showed me around and introduced me to one of the tech guys. After shaking my hand, one of them immediately enlarged the newest open source license he wanted to get approved for his project:

The Do What the Fuck You Want License.

I had never encountered this license in the past and was a little flabbergasted to encounter it on-site on-screen for immediate approval.

I am happy to report, I managed to maintain some semblance of composure and let them know that for this particular client’s needs, this license was acceptable.

Also, I immediately went back to my hotel and looked up the history, as I couldn’t believe that this license was already on Version 2.0 after only a decade or so… The GPL is only on 3.0 after 23+ years!

Amazon Calls California’s Cards

Wednesday, California’s Governor signed a bill into law that modifies the definition of “doing business in the state” for the purposes of collecting sales tax.

The bill explicitly includes retailers

entering into agreements under which a person or persons in this state, for a commission or other consideration, directly or indirectly refer potential purchasers, whether by an Internet-based link or an Internet Web site, or otherwise, to the retailer, provided the total cumulative sales price from all sales by the retailer to purchasers in this state that are referred pursuant to these agreements is in excess of $10,000 within the preceding 12 months, and provided further that the retailer has cumulative sales of tangible personal property to purchasers in this state of over $500,000, within the preceding 12 months

Amazon responded today by terminating all of its California Affiliates.

Internet taxation by States is an ongoing conflict on many fronts, and no doubt there will be many battles that will be fought in the future.

For example, The Performance Marketing Association is currently challenging a similar law in Illinois on the grounds that it is unconstitutional.

For the meantime, the end result is that California will not be collecting any sales tax from Amazon, *and* it won’t be getting any income tax from the terminated affiliates either.

Year in Review

Wow!  That was fast.

I”ve been running my own law firm for over a year.  It’s been a blast and I’ve been very fortunate — quite a bit of exciting and interesting work came to my door last year.

Some of the highlights include:

  • Managing a dispute from initial demand letter to arbitration award — on my first day running my own firm, one of my clients received a cease and desist letter which we believed was invalid.  We pitched the case to litigators, hired them, and I was able to act as in-house counsel for the 7 month JAMS arbitration: editing and adding factual clarity to filings, attending all depositions and hearings, and eventually delivering the news after judgment.  In general, this is not my day-to-day practice, but it was very educational and modified my perspective on how contracts should be drafted and disputes relating to contracts should be approached.
  • Acting as on-site in-house technology counsel one day a week — sitting in the legal department of one of my larger clients gave me a very different understanding of the role that attorneys play within an organization.  I supported the third party inputs to software (reviewing both open source and third party proprietary licenses) and the enterprise licensing division and often witnessed first-hand the delicate balance that must be maintained between legal risk and business risk within a corporation.
  • Negotiating against the big guys — it’s part of the typical start-up experience.  Sure, you often negotiate and partner with other start-ups, but at some point, you will need something from one of the big established players.  It may just be Internet connectivity.  Or, large companies may be your sales targets.  Regardless, negotiating against a large company who insists that *we never change our forms*,  *everyone signs this without edits* and *this is completely standard* requires the expertise of someone who has seen many *standard* offerings in the applicable industry.  Over the years, I’ve dealt with Fortune 100 and Fortune 1000 companies in almost every industry, and this year was no exception.  Examples from this year include: Advertising Agencies, Amazon, Barclays, Blue Cross Blue Shield (of America and of various States), Bank of America, Chubb, Credit Suisse, CUNA Mutual Insurance, Discover, DOE Pacific, Earnst and Young, Experian, Facebook, Fidelity, Google, Honeywell, Horace Mann, Humana, JP Morgan Chase, KPMG, Lloyds, Lockheed Martin, Mass Mutual, Microsoft, Morgan Stanley, NBC Universal, Nationwide, PWC, Safeway, Samsung, State Farm, T-Mobile, Toys R US, Viacom, Walmart, and Warner Brothers.
  • Setting up the legal side of the business (forms) — a large portion of my job is limiting the amount of work I do.  I try to get my start-up companies into a position where their internal IP creation departments, online systems, sales forces, and business development teams can function with minimal legal input.  This involves an up-front investment of time to create forms that are correct for their business models.  I talk to my clients and truly understand their businesses before drafting, which avoids the extra legal fees companies often incur when their attorney starts with a square hole for a round peg.  Examples include:  Enterprise license agreements, Software-as-a-Service Agreements, trademark license agreements (branding/endorsement/certification programs), software development agreements, click-throughs (standard terms, privacy policies, API license agreements, payment obligations, revenue share, and more), commission agreements, reseller agreements, professional services agreements, master purchase agreements, NDAs, partner program agreements and technology assignment agreements.
  • Open Source — I went to law school because I was fascinated by the legal rights issues in Open Source Software.  I even wrote an award winning student note on the topic.  This year, I continued my commitment to Open Source legal issues with projects in several areas:  (i) aided a client in cleanly open sourcing a proprietary language they had developed (open source license evaluation and selection, branding issues, IP contribution agreements); (ii) performed open source audits of client codebases with the engineering teams and cleaned up any issues found; (iii) acted as special open source counsel in an Asset Purchase and Leveraged Buy-Out to help the acquirors become comfortable with the state of my clients’ open source uses; (iv) represented (and continue to represent) two clients whose business models are built around open source software projects that they manage (with monetization through professional services, support, maintenance, priority bug fixes, and bespoke development); (v) aided clients in the development of open source policies and approval processes to maintain the codebase in the proper state.
  • Everyday advice, counseling and communications — this catch all category is where the most surprises come.  Sometimes it’s just a phone call asking for a sanity check — Can we do this?  But sometimes there are more exciting issues such as requests from law enforcement, lawsuits that have been filed against clients, high level discussions about IP strategy (should we talk to patent counsel?  Should we file a TM?), letters hinting that lawsuits may be filed, formal letter writing in response to unfortunate situations, termination of contracts, privacy concerns, and much more.

Overall, last year was a great year full of good work, great learning opportunities and wonderful clients.  I can’t wait to see what this year brings.

The Sneaky Sleepycat License

Generally, commercial entities are fairly comfortable using open source software in the products they distribute if the license is a the BSD license. Entities other than UC Berkeley often deploy the BSD license in their own name, so it is common to hear people refer to a BSD-style license, or a license that is BSD-esque when referencing the BSD license in another entity’s name.

Oracle Berkeley DB is one of the few open source software products that Oracle sells. It is dually licensed under a commercial license and an open source license. You can use the open source version for free or you can pay to use the commercial version.

A quick glance at the Oracle Berkeley DB open source license looks like a collection of BSD licenses, first from Berkeley, then from Harvard, and then from Oracle.

Visually, it would easily fall into the category of “BSD-style” or “BSD-esque.”

The standard BSD license has a copyright statement, 3 numbered paragraphs, and a big disclaimer of warranties and limitation of liability in all caps at the bottom. At a glance, it’s fairly easy to recognize (partially because it is so short and sweet compared to many open source licenses).

From 2000-2006, the top license in the Berkeley DB license was in the name of Sleepycat, and when Oracle acquired Sleepycat, they modified the copyright statement in the top license to refer to Oracle.

On closer look, the former Sleepycat and current Oracle license is most definitely *not* identical to the standard BSD license. In fact, it is very, very different.

The third paragraph in the standard BSD license states:

  • Neither the name of the [COPYRIGHT HOLDER] nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

But, the third paragraph in the Sleepycat/Oracle Berkeley DB license is quite different:

  • Redistributions in any form must be accompanied by information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software. The source code must either be included in the distribution or be available for no more than the cost of distribution plus a nominal fee, and must be freely redistributable under reasonable conditions. For an executable file, complete source code means the source code for all modules it contains. It does not include source code for modules or files that typically accompany the major components of the operating system on which the executable file runs.

Both of these requirements are completely legitimate license conditions.

However, the traditional BSD license is a license that is notable for its lack of copyleft obligations — in other words, you can use software that comes to you via the BSD license without too much concern about it affecting the commercial license terms that you may put on your software that incorporates it.

On, the other hand, the Sleepycat/Oracle Berkeley DB license is an extremely strong copyleft license and requires that you distribute the source code to every piece of code you distribute that utilizes the Berkeley DB.

So, word to the wise, engineering managers and software legal departments: just because it’s a BSD-style license in the visual form, does *NOT* mean it’s BSD-style with respect to software freedom and copyleft.

As much as it’s annoying, someone with a licensing background needs to review and approve every third party in-license if the technology or software is going to be incorporated into a proprietary product or code.

You Don’t Have to Talk to Their Lawyer

Occasionally, a client calls me to tell me that the other side’s lawyer reached out directly to them and wants to have a quick direct conversation to discuss the outstanding issues.

In California, Rule 2-100 of the Professional Conduct Rules says that a lawyer may not speak with the opposing party directly (if the opposing party has counsel) without getting the opposing party’s lawyer’s consent.

ABA Rule 4.2 says roughly the same thing.

In litigation or active disputes, this rule is almost always scrupulously observed. But in business deals, where things are less contentious, sometimes people forget.

So, in short, no, if their business folks decide it’s time to bring in their lawyer, you don’t have to take the call without your own lawyer to back you up. The other side’s lawyer can talk to you, but only if you (and your lawyer) consent.

Oracle is *not* going to play nice

I spend quite a bit of time talking through *theoretical* risks associated with using third party software in products, particularly with respect to software that’s been developed in connection with some type of promise of openness.

I try to explain to my clients that just because things have gone smoothly thus far with respect to a particular piece of code does not mean that it will continue to go smoothly.

Oracle has just made this explanation *much* easier for me by suing Google for its use of Java in Android.

The complaint is pretty straightforward (I guess he likes it here, because after spending so much time here with respect to the Prop 8 litigation, David Boies is named as pro hac vice on behalf of Oracle).

The complaint alleges infringement by Google in its use of Java technology in the Android Platform. 7 patents held by Oracle America (the new name of the former “Sun” subsidiary) are asserted. It also alleges copyright infringement.

In many ways, this move is shocking. The entire Java mobile development community is going to be reeling. But, in other ways, I think there will be some closure. Many of my clients have been waiting to see how Oracle would treat Java. And now we know…

In particular, I’m curious how the release of Java (including the Hotspot JVM upon which the Google JVM may very well be based) under the GPL v 2.0 by Sun prior to the Sun-Oracle acquisition will play into this. Does the GPL v 2.0 license contain an implicit patent license and/or create an argument for patent exhaustion?

**UPDATE: I have been informed that the Google JVM Dalvik is a completely new implementation, written from scratch by Google, which, assuming it’s true means that any arguments based on the GPL release of the Hotspot JVM are going to need to be much more complicated (e.g. it may play into the damages calculation, or perhaps they will still try to make the patent exhaustion argument).

Stay tuned.

This should be VERY interesting.