20 May 2009

ALI's Proposed Principles of the Law of Software Contracts Approved for Final Release

In a previous blog posting, I discussed the new ALI Principles of the Law of Software Contracts. On May 19, 2009, the ALI membership, at its annual meeting, gave final approval to these principles. A number of provisions will prove controversial among software companies, particularly the new non-waivable implied warranty of no hidden material defects.

This implied warranty drew rebuke from a pair of unlikely allies: Microsoft and the Linux Foundation. In a joint May 14, 2009 letter to the academic representatives of the ALI responsible for the principles, Microsoft and the Linux Foundation requested that the ALI delay adoption of the principles pending further discussion and input from commercial software distributors and developers.
This [implied] warranty [of no hidden material defects] does not reflect existing commercial law: no similar warranty appears in the Uniform Commercial Code, and no explanation is given … for treating software contracts differently …. [T]he inability to disclaim the warranty does not reflect existing law or public policy: the UCC permits disclaimer of all implied warranties ….

Apparently the ALI stewards of the principles were unmoved by the entreaties of these two powerful representatives of both sides of the software industry spectrum.

18 May 2009

Fundamentals of Non-Disclosure Agreements


Among the nearly infinite variety of legal agreements in use today, the NDA is by far the most ubiquitous. Especially prominent among companies in technology, NDAs are signed on a daily basis. Every company has their own unique NDA template; paradoxically, most companies signs the opposite party's template more often than not. The party larger in size, reputation, market cap, or perceived importance usually wins the battle of the NDA form. This NDA ritual takes place thousands of times a day all over the world.

Fundamentally the purpose of the NDA should be simple and straightforward: protect information designated by each party from unauthorized use and disclosure. Both parties have an equal and legitimate interest in protecting their own information, and both parties usually recognize the other side's interests as well. In terms of accomplishing the ultimate objective of the document, therefore, the best NDAs are those that are short, simple, clear, and mutual. The worst are those that are needlessly complex, lengthy, and lack basic mutuality.

This article sets forth what I consider to be a model non-disclosure agreement, replicated above (right-click to open in a new window or tab in order to enlarge the view). This template is licensed under the Creative Commons Attribution 3.0 License. The article includes a summary explanation of each of the more important sections of the template. It then recites a top five list of NDA pet peeves.

Model NDA Template

The template above accomplishes the primary objective of any NDA: establish a balanced legal framework for the protection of each party's confidential information in a simple, clear and direct manner. All of the terms and obligations in this template are reciprocal. Neither side is advantaged. There are no unexpected provisions. The NDA is a modest one page in length.

Effective Date

The "Effective Date" in this template is the date of the last signature. The problem with leaving the date blank is that it often remains blank after both parties have signed. If the NDA protects information whether disclosed before or after the effective date, as this template does, then there's little significance to the effective date, other than clarifying when the agreement came into being.

Definition of Confidential Information

The agreement defines "Confidential Information" to include written as well as orally disclosed information. With respect to the latter, oral information is protected only if it is either (a) summarized in writing within 30 days after disclosure or (b) falls into certain specifically enumerated categories of information (here, "contemplated product or service plans, marketing or business strategies, third party relationships, or pricing or financial information").

The issue of orally disclosed information is a challenging one. Many companies, especially larger ones with active and sizable legal departments, are reluctant to tie themselves to confidentiality obligations with respect to any orally disclosed information that is not summarized in writing later. The problem of course is that such summaries are rarely completed. Without the summary, no protection applies. The template attempts to strike a balance between the two extremes. Few would argue that oral information about a company's publicly unreleased product plans or strategies, or financial information, should not be protected as confidential. For oral information that falls outside of these protected categories, the written summary requirement applies.

Yet another possible variant is to protect orally disclosed information falling into these categories only if "the information, given its nature and the details of its disclosure, should reasonably be considered as confidential in nature" or the like. This may ease the concerns of those who insist that all orally disclosed information should be protected only if summarized in writing. However, this concession may not be enough to satisfy the larger corporate legal departments that will insist on the written summary requirement. If so, then I'd recommend dropping the issue. The requirement that oral disclosures be summarized is so commonplace that to oppose it in every case would unjustifiably impede the transacting of necessary business. Educating the client to ensure that important conversations are memorialized is the best solution; refusing to sign a NDA due to opposition to this requirement is not.

One final point about orally disclosed information is that this template preserves the confidential nature of the information pending the production of the written summary. Without this clarification, the information may never be considered confidential unless and until the disclosing party produces the written summary. This may take time. Meanwhile, the receiving party could literally publish highly sensitive orally-disclosed information within hours of the parties' meeting, in the absence of a clause like this.

Duty of Confidentiality

This section of the template prohibits the disclosure of Confidential Information to anyone other than the receiving party's employees. Agents or employees of affiliates are not included here. The template can easily be modified to allow disclosure to such parties, but care should be taken to ensure that such agents and affiliates are tightly defined. Virtually any person or entity can be an agent or affiliate, including, obviously, competitors of the disclosing party.

Exceptions

The exceptions component of the NDA is the most important. Every NDA must exclude from the confidentiality obligation any information that is (a) known to the receiving party prior its disclosure by the disclosing party; (b) is or becomes generally known or available, or is in or becomes part of the public domain; (c) disclosed to the receiving party by a third party without any duty or breach of confidentiality; or (d) independently developed by the receiving party without use of any of the disclosing party's confidential information. All four exceptions should be included in any NDA or confidentiality section of any agreement.

One exception occasionally found in NDA forms is "disclosed by the disclosing party to a third party without restriction on disclosure. " Whichever party to the NDA has a stronger incentive to protect confidentiality will most likely object to the inclusion of such an exception, particularly if the NDA form already contains the public domain/generally known exception. If interpreted in conjunction with the latter, this exception is not logically redundant only in the situation in which the information owner's dissemination of its own information has not reached the level of being generally known, but has been selectively revealed to a certain few. While an argument can certainly be made that if the owner has been selectively disclosing the information in question to a select few, it should not be entitled to confidentiality protection at all, the sensitive information owner will argue that such intermittent disclosure may have been inadvertent, or under circumstances indicative of apparent, even if ultimately non-existent, confidentiality. Such party will argue that the public domain exception should suffice.

Termination

The model NDA form is evergreen in term; that is, it does not expire until either party, at such party's sole discretion, serves written notice of termination. Unlike other NDA forms in common use, this template does not limit the term of protection or extend protection only during a specified period. Rather, the NDA continues in force until either party elects for any reason to terminate it. Of course, confidentiality obligations survive for a period of time after such termination.

Top 5 NDA Pet Peeves

1. "Purpose" Requirement. It is unfortunately quite common for NDA templates to require that information protected under the NDA be relevant or germane to, or disclosed solely in furtherance of, a defined purpose in order to qualify for protection. Oftentimes the purpose definition is blank, requiring the business people involved in the discussions to complete what they believe the purpose should be. Business clients from either side may specify an inordinately narrow purpose, or the discussions may evolve beyond what is defined in the NDA's purpose statement. In such case, legal cycles are again consumed in order to amend the purpose statement or enter into a new NDA. Worst case, the parties will fail to realize that the discussions have evolved beyond the purpose statement set ou in the NDA, thus resulting in no confidentiality protections whatsoever.

Realistically, after the NDA is signed, it is forgotten, and it is extremely unlikely that representatives from either side will be closely monitoring the discussions to make sure they do not deviate from the expressed purpose scope. And finally, whether a given item of information is germane to the purpose may not be clear, thus inviting disputes in the future. Any information that is designated as confidential should be protected. The confidentiality exceptions are the best defense against assuming unnecessary or unrelated confidentiality obligations.

2. Documentary Proof Requirement. Variants of the confidentiality exclusions clause may require that applicability of the exceptions be proven by documentary evidence. The hidden premise behind such a requirement is that testimonial evidence is inherently untrustworthy or at least not as reliable as documentary evidence. I believe this premise is invalid. Oftentimes it may be impossible to find documentary proof of prior knowledge or independent development for a given piece of information. For example, it is easy to envision how a large company with R&D facilities all over the world could quite readily develop technology independently of any access to or use of the confidential information protected by the NDA and disclosed in a remote locale. Yet if the documentary proof requirement applies, it's not clear what type of proof would satisfy the requirement. Would documents proving the existence of the development of the same information in a far-flung R&D center be sufficient? Or would a court require documents affirmatively proving that the developers of the information specifically refused to expose themselves to the NDA-protected information?

3. Time-Limited Term. As discussed, many NDA forms contain a limited term of effectiveness. Such forms can be inconvenient if the NDA expires prior to the termination of the parties' negotiations or relationship. Such premature expiration will result in the need for a renewal amendment or for a new NDA, thus consuming inordinate legal resources. If the NDA is truly balanced and limited in scope, there's no logical reason to require that the NDA expire, particularly if either party is free, as is often the case, to terminate the NDA at will.

4. Non-Reciprocal Terms. Language granting an enhanced degree of protection for only one party's data, or securing a longer period of confidentiality protection for one party's source code, or requiring one party and not the other to bear the burden of proving the applicability of a confidentiality exceptions, are all common examples of non-reciprocal clauses that will inevitably invite negotiation and therefore delay. The rather limited legal benefit of such clauses should be balanced against the wasted cycles and delays in transacting business such provisions cause. The ultimate goal is to secure signatures on the NDA form as soon as possible, given that no business can take place until the NDA is closed.

5. Residual Rights. A residuals, or residual rights, clause clarifies that general knowledge or know how that has not been intentionally memorized is not subject to the confidentiality obligations of the agreement. Such clauses are common in source code licensing agreements. Example:

Nothing in this Agreement shall be construed to prevent the receiving party's employees who access Confidential Information from using Residuals for any purpose. The term "Residuals" means information of a general nature, such as general knowledge, professional skills, know-how, work experience or techniques, that is retained in the unaided memories (without conscious memorization or subsequent reference to the material in question) of the receiving party's employees who have had access to Confidential Information. Memory shall be considered unaided if the employee or contractor has not intentionally memorized the information contained within the Confidential Information for the purpose of retaining and subsequently using or disclosing same.

Such a clause essentially removes confidentiality protections for any information that is retained in the unaided memories of the receiving party's employees. At bottom it's a gaping hole in the non-disclosure and non-circumvention obligations of the NDA. "Anything that remains in my head" may be freely used and disclosed.

While such clauses may be appropriate in certain types of source code licensing agreements, in which the licensee wishes to preserve the ability to assign engineers to any work assignment without any implied clean room obligation, they have no legitimate place in a general-purpose non-disclosure agreement established solely in order to facilitate substantive preliminary discussions.

Symbian Foundation Legal Policy

Notwithstanding recent inroads made by Apple with respect to the iPhone Mac OS-based operating system, the Symbian operating system is the most successful operating system in use today for high-end smart phones, largely thanks to the efforts of Nokia. The Symbian Foundation, a non-profit consortium of various companies in the wireless industry, is charged with charting the future course of the open source Symbian Foundation Platform, based on Symbian OS. The Foundation has recently released legal documents comprising the framework for inbound source code contributions to the platform, as well as outbound licensed rights enjoyed by members and non-members alike. The following constitutes a high level summary of the Symbian Foundation licensing structure.

Inbound Contributions

A. Foundation Members.
(i) each member grants to the Foundation
- for each “Contribution”, a
- royalty-free, perpetual, worldwide, non-exclusive
- copyright and trade secrets license
- to use, distribute, copy and make derivative works of such Contributions
- as part of the Foundation Platform under the Foundation Member License.
(ii) “Contribution” = any work (including source, binary, and documentation) “originally submitted via any form of electronic or other written communication to the Foundation for inclusion in, or documentation of, the Foundation Platform”.
(iii) no patent licenses are granted; the Patent Policy exclusively controls (see below).
(iv) each member permits the Foundation to license the Contribution under the Foundation Public License, provided that the Foundation must name the contributing Member a distributor under the Foundation Public License.
(v) the Foundation agrees to treat as confidential Contributions in source code form.
(vi) each Member undertakes obligations to ensure that no third party software licensed under inconsistent terms has been introduced into any Contribution, including the obligation to use commercially reasonable efforts to procure substitute licenses from the third party or provide a replacement or workaround, and “otherwise offer the Foundation commercially reasonable assistance in resolving the issue.” This could be interpreted to require an indemnification or defense of the third party claim. However, patents would most likely not be an issue under this clause, as it appears to be limited to the situation in which third party code has been incorporated without authorization.

B. Foundation Non-Members.
(i) each non--member grants to the Foundation
- for each “Contribution” (defined identically to that above), a
- royalty-free, perpetual, worldwide, non-exclusive
- copyright and trade secrets license
- to use, distribute, copy and make derivative works of such Contributions
- as part of the Foundation Platform.
(ii) each non-member grants to the Foundation and recipients of Foundation’s distributions a
- royalty-free, perpetual, worldwide, non-exclusive license
- to make, have made, use, sell, offer to sell, export, import and otherwise dispose of the Foundation Platform
- under such non-member’s patents that are necessarily infringed by the Contributions as such and
- in combination with the Foundation Platform and any wireless devices.

C. Open Source Contributions.
The membership rules specify that once the platform is released under a public open source license approved by the Foundation’s board (currently, EPL) then future contributions will be governed by that license and not either of the two contribution agreements above.

Outbound Contributions

A. Symbian Foundation License (aka "Foundation Member License") (SFL)
(i) the Foundation grants to each member
- for each Software Component and Modification (definitions below)
- a royalty free, perpetual, worldwide, non-exclusive
- copyright and trade secrets license
- to use copy, and perform Software Components and Modifications
- to distribute to other members same in binary and source code forms, under the same terms as the SFL, and
- to distribute generally solely in binary code form in connection with the products or services of the member and only as part of the platform.
(ii) no patent licenses granted; the Patent Policy controls (see below)
(iii) “Software Components” = “software source code released and licensed by the Foundation or any member under this Agreement”.
(iv) “Modifications” = “any work of authorship being additions and/or changes to source code files of the Software Components”
(v) source code of Software Components must be kept confidential
(vi) mandatory delivery of Modifications to the Foundation (not clear whether Modifications need to be in binary or source code forms)
(vii) the member must indemnify, hold harmless and defend the Foundation from any claims arising from exploitation of the Software Components and Modifications

B. Foundation Public License
(i) currently this is designated as Eclipse Public License v. 1.0 (EPL)
(ii) weak copyleft and business friendly license
(iii) “contributions” = “additions or changes”
(iv) contributions must be open-sourced under EPL
(v) excludes additions which are (a) separate modules licensed separately and (b) not derivative works
(vi) binary forms may be distributed under terms of choice, provided that the source code of the Program is made available under the terms of EPL
(vii) contains an express patent license for Contributions, alone or in combination w/Program
(viii) “patent peace” clause: initiating patent litigation terminates all rights as of the time of bringing patent claim
(ix) commercial distributors required to indemnify and hold harmless other contributors for acts/omissions arising from commercialization, excluding IP infringement claims
(x) NY and US law controls; no jury trial; 1 year limitations period
(xi) the interaction or relationship between the Symbian Foundation License, the Member Contributor Agreement, and the Eclipse license is unclear; ie, is it possible for a member to provide contributions for, and to license externally, the platform under the terms of Eclipse?

The Symbian Foundation License will eventually be replaced, according to the Foundation's legal policy overview summary, with Eclipse, but older versions of the platform will continue to be licensed under SFL. It’s not clear whether the transition to the EPL would cover everything that had been licensed under SFL.

Also, the licenses above are not actually licenses covering the Foundation Platform. In other words, the licenses do not actually grant any rights to the platform. Rather, rights are granted with respect to components of software (as the Foundation may start with and as members contribute) that the Foundation agrees to include in the platform. Presumably the Foundation will, as expected, license everything that had always been included in Symbian OS, but there’s actually no guarantee that this will be the case. Noteworthy in this respect is that the Symbian Foundation is a non-profit entity separate and distinct from Symbian Software Limited, a division of Nokia. As the legal overview explains, “Symbian Software Limited retains exclusive responsibility for all licensing and marketing activities related to the proprietary operating system named ‘Symbian OS’”.

Patent Policy

A. Applies to and from each member.

B. Each member agrees to license “Platform Patents” (definition below) to the other members under fair, reasonable and non-discriminatory (FRAND) terms, provided that such terms
- permit each member to make, use, sell, offer to sell, import, export and otherwise dispose of, or to practice any process or method embodied in, any official Symbian release
- provided each such member is also a licensee of such Contribution
- for use in devices designed by a member or sold by or on behalf of a member.

C. Each member agrees to license “Contribution Patents” (definition below) to the other members a personal, royalty-free, worldwide, non-exclusive license to make, use, sell, offer to sell, import, export and otherwise dispose of, or to practice any process or method embodied in, any Contribution solely as part of the Symbian platform for a member-branded/distributed device.

D. Each member grants to the Foundation and other members a personal, royalty-free, worldwide, non-exclusive license under each Platform Patent the right to use any Symbian release or pre-release and any part thereof for research and development purposes.

E. “Platform Patents” = patents owned or licensable by a member necessarily infringed by the manufacture, use, sale, etc of any Symbian platform release issued during the member’s membership, alone or in combination with a member-branded/distributed device.

F. “Contribution Patents” = patents owned or licensable by a member necessarily infringed by the manufacture, use, sale, etc of any Contribution included in any Symbian platform release, alone or in combination with a member-branded/ distributed device.

G. Each patent license is subject to reciprocal patent licenses from/to each other member.

H. The licenses for Platform Patents and Contribution Patents described in 3.B and 3.C above are left to the parties’ negotiation in good faith.

I. Securing injunctions to remedy patent infringements by a member is not possible under this policy.

In summary, if the member owns any patents that happen to read on any part of the Foundation platform, now or in the future (even after termination of the relationship), the member is required to license those patents to other Foundation members under FRAND terms; ie, the member is permitted to impose commercial terms for the licensing of such patents, provided such terms are fair, reasonable and non-discriminatory. For Contributions the member makes to the Foundation, the member is obligated to license patents that read on any aspect of such Contributions under royalty-free, perpetual terms (but there is still the possibility of requiring a written agreement with the members who seek to use such Contributions).

Patent owners have reason to be a bit wary of this policy. If any of the members commit infringement of a patent owned by a member, the latter will be confronted with arguments based on vaguely worded clauses that could serve to unduly benefit patent infringers. For example, clause 8 states:

THE FOUNDATION, MEMBERS AND THEIR RESPECTIVE AFFILIATES WILL HAVE NO LIABILITY FOR ANY COST, LOSS OR DAMAGE, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR OTHER DAMAGES, INCURRED BY ANY PARTY FROM ANY EXPLOITATION OR ANY ATTEMPTED EXPLOITATION OF ANY PATENT OR PATENT LICENSE UNDER THIS PATENT POLICY.

This could be construed to preclude the availability of damages for patent infringements. When I pointed this out to Foundation counsel, counsel dismissed it as a radical interpretation, but I believe the clause as written gives unnecessary and unintended ammunition to a party infringing a member’s patents.

I found the patent policy to be unnecessarily complex, confusing in places, and overall, somewhat hostile to patent owners. For potential members with an extensive patent portfolio, this should be kept in mind. On the other hand, the policy certainly affords a high level of patent peace among the members.

Trademark Policy

The trademark policy permits members to use and display the official Foundation logo in connection with the marketing and distribution of Foundation platform implementation releases that satisfy Foundation testing requirements. Use of the logo is optional.

On-Line Contracts that May Be Modified at any Time per Notice Held Unenforceable

A United States district court in Texas issued an important ruling regarding the enforceability of online terms of use agreements, in a dispute between users of Blockbuster Online, an on-line video rental service Blockbuster Inc. controls, and the users of such service who alleged that Blockbuster violated the Video Privacy Protection Act. The Act prohibits disclosure of personally identifiable information in connection with video rentals. Blockbuster Online caused user's movie rental choices to be published on each user's Facebook pages.

Blockbuster moved to dismiss the case based on the service's on-line terms of use, which mandated that disputes be resolved via binding arbitration. Plaintiffs defended the dismissal notion by arguing that the arbitration provision was illusory and not supported by consideration, because Blockbuster reserved the right to at any time to modify the terms in its sole discretion, with such modifications purportedly becoming binding immediately upon such terms' posting on the site.

The district court agreed with the plaintiffs and denied Blockbuster's motion to compel arbitration. The court so held despite that Blockbuster had never modified the terms of service to add the arbitration provision post hoc. The mere existence of a right to unilaterally modify terms without notice was sufficient to render the arbitration clause unenforceable. The court stated "[T]he ability to change the rules at any time made the contract merely illusory …."

Given that thousands of websites contain on-line terms of use or terms of service, and that most expressly contemplate unilateral modifications with or without notice, the court's decision if withheld on appeal could prove highly significant.

US Appeals Court Rules an Irrevocable License Cannot Be Terminated Even in the Case of Material Breach

In 1998, Nano-Proprietary Inc. granted Canon Inc. an "irrevocable" and "perpetual" license under Nano-Proprietary's field emission display patents, useful in field of flat panel televisions. The license expressly prohibited sublicenses. A mere six months later, Canon entered into a joint development venture with Toshiba to develop technology utilizing Nano's patents. After Nano brought suit, the lower court in the case ruled that the joint venture constituted an impermissible sublicense and therefore a material breach of the agreement. Consequently, the lower court, notwithstanding the irrevocability language, ruled that this breach permitted Nano to terminate the license.

The appeals court (Fifth Circuit Court of Appeals) reversed, holding that under ordinary rules of contract interpretation, a perpetual and irrevocable license is exactly that. Nano would be entitled to pursue breach of contract remedies, but termination was not available per the terms of the parties' bargain. Adding insult to injury, the appellate court held that Nano's damages claims were disallowed as speculative, given the undeveloped and incipient nature of the market in which the patents applied.

ALI's Proposed Principles of the Law of Software Contracts Set for Final Release

Founded in 1923, the American Law Institute (ALI) consists of “judges, practicing lawyers, and legal scholars from all areas of the United States as well as some foreign countries, selected on the basis of professional achievement and demonstrated interest in the improvement of the law” who are tasked with publishing “various Restatements of the Law, model codes, and legal studies to promote the clarification and simplification of the law.”

Several years ago, the ALI, in partnership with the National Conference of Commissioners on Uniform (US) State Laws (NCCUSL), had promulgated Article 2B, the so-called "Uniform Computer Information Transactions Act", or UCITA, as a new component to the US states' Uniform Commercial Code (UCC). The UCC is a long-standing body of laws of commerce that has been adopted by nearly every state in the United States. UCITA did not fare as well as the larger set of laws embodied in the UCC, however; rather, only two states, Virginia and Maryland, adopted it. UCITA fell victim to controversies engendered by the attempt to codify rules that critics contended unfairly favored the interests of software companies over those of consumers. NCCUSL abandoned UCITA in 2003.

Since 2004, the ALI has been in the process of issuing a more modest set of guidelines applicable to software contracts, known as the Principles of the Law of Software Contracts. The intention is to secure broad consensus on a set of uniform principles, which could then, at some point in the future, evolve into a default set of licensing rules. The principles deal with issues such as enforceability of click-wrap or on-line agreements, forum selection, mandatory arbitration clauses, and embedded software.

On May 19, 2009, it is anticipated that the ALI will give final approval to these principles, barring any late proposals to postpone their adoption. A number of provisions will prove controversial among software companies. This article highlights a few of the more prominent features of the principles.

Implied Warranty of No Hidden Defects

Software developers often release software despite a long list of known defects, based on the assumption that the defects are not likely to materialize or prove fatal, with the intention to correct such errors in the next release. The principles' newly articulated implied warranty of no hidden defects may radically alter the way software is marketed and sold.

The principles require the software licensor to “warrant to any party in the normal chain of distribution that the software contains no material hidden defects” of which the licensor “was aware at the time” of the license or transfer of software. Unlike other implied warranties, such as the warranty of fitness for a particular purpose or merchantability, this new implied warranty cannot be excluded in the operative license agreement. Any such purported exclusions or disclaimers of this warranty will not be enforceable.

A hidden defect is defined as an error that "would not surface upon any testing that was or should have been performed by the transferee." The principles fail to provide any meaningful guidance on the severity of defect required to rise to the level of "material", other than state that such an error is one that renders the software "not fit for its ordinary purpose." Would a bug that renders the use of the software inconvenient but does not otherwise preclude the use of the software fall into this category? What of errors that render the software inordinately consumptive of memory or processing power? The principles are silent on this rather significant threshold issue.

The only way to avoid liability under this warranty is to either prove lack of knowledge, or fully disclose all known defects at the time of the license and beyond. In short, software vendors will be forced to produce a known defects list to its customers upon first license and constantly thereafter. The principles state that such disclosure should be done directly to the customer, and that a "mere posting of defects" on a website is "generally insufficient".

Software vendors will now need to seriously consider not only the most effective and diplomatic method of disclosing known defects to their customers, but also pursuing a list of known defects from each of their upstream suppliers, in order to be in a position to make the same disclosure downstream. This new implied warranty applies for the benefit of "any party in the normal chain of distribution", thus removing as defense lack of contractual privity.

Implied Indemnification Obligation

The principles advance a new implied indemnification obligation against intellectual property rights infringement for rights in existence at the initial time of the transfer or license of the software in question. The scope of the indemnity is limited to IP rights based on US state or federal law. The vendor "must pay those costs and damages incurred" by the licensee "that are specifically attributable to such claim" or those cost and damages agreed in settlement. If a court enjoins the licensee's use of the software, or rules that the software is infringing, the vendor is obligated to pay the customer's direct, indirect and consequential damages, and is further required to, at the vendor's election, replace or modify the software to render it non-infringing, or refund the fees paid for the use of the software (with a deduction for a reasonable allowance for the period of time the transferee used the software).

This implied obligation may be excluded in the operative license agreement only if the exclusion is in writing, is conspicuous, and "uses language that gives the transferee reasonable notice of the modification or notice that the transferor has no obligation to indemnify the transferee."

The comments to this section of the principles state that the commonly-used boilerplate, "THERE ARE NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS ….", would not suffice to satisfy this standard. The disclaimer must specifically reference the implied obligation of indemnification.

Effect on Open Source Licensing

Both the implied warrant of no hidden material defects, and the implied indemnification obligation, apply only in the situation in which the vendor receives monetary consideration in exchange for use of the software. Thus, open source software developers will not face liability under the principles. However, companies that aggregate, package and license open source components for a fee, for example, Red Hat, Montavista, Azingo, ACCESS, or the like, will not be exempt.

Conflicts with US Federal Law

The principles state that the term of a software license or transfer agreement is unenforceable if it (a) conflicts with a term of federal intellectual property law; (b) conflicts impermissibly with the purposes and policies of federal intellectual property law; or (c) would constitute federal intellectual property misuse in an infringement proceeding. Based on notions of federal intellectual property law preemption of contract terms, and caselaw regarding patent and copyright misuse, the principles provide illustrative examples of problematic provisions.

These examples include: contract terms that forbid reverse engineering; terms that prevent fair use under copyright law; restrictions on the dissemination of factual information; and enforcement of royalty or other obligations beyond the term of the intellectual property right in question.

The analysis, the principles suggest, may differ depending on whether the software is licensed under a mass-market click-accept agreement or under a arms-length negotiated agreement between two parties of relatively equal bargaining strength. Provisions restricting reverse engineering or fair use, for example, may be less likely to be enforced in the case of the former.

Interestingly, the commentary to this specific principle appears to call into question the enforceability of the GPL as interpreted to require that separate independently created works that merely link to or are integrated with GPL code be licensed reciprocally under GPL. This scrutiny comes in the form of a hypothetical:

Organization A licenses source code under standard terms that permit the licensee to modify and distribute the software provided that the licensee distributes its modifications under terms that replicate those in A’s standard form (including the term authorizing modifications provided they are distributed only with A’s terms). The term placing conditions on distribution of modifications is likely enforceable as long as those modifications are a derivative work of the original code. It is more troublesome if the modifications are independently developed and separable from the original code.