OPEN SOURCE SOFTWARE (OSS) – LEGAL ISSUES AND BEST PRACTICES FOR FEDERAL AGENCIES Vicki E. Allums Associate General Counsel for Intellectual Property Defense Information Systems Agency (DISA) Department of Defense June 20, 2012
2 AGENDA DoD Policy Guidance How Does the DFARS Address the Use of OSS? Using OSS -- Legal Issues for Federal Agencies Using OSS – Other Issues for Federal Agencies Forge.mil -- DISA’s Open Source Project
3 THE BASICS ¡ What is Open Source Software (OSS)? ¡ How does OSS differ from other Commercial Software? ¡ Can Federal Agencies own the Copyright in Software? ¡ What are the FAR and DFARS? ¡ What are some of the Common OSS licenses and their distribution schemes?
4 DoD POLICIES ¡ DoD Memo Clarifying Guidance Regarding OSS, 16 October 2009 “http://cio-nii.defense.gov/sites/oss” l Supersedes DoD CIO Memo 28 May 2003 ¡ Department of Navy CIO Memo “http://www.doncio.navy.mil/PolicyView.aspx? ID=312 ¡ The Open Technology Development Roadmap, 7 June 2006 “http://www.acq.osd.mil/jctd/articles/ OTDRoadmapFinal.pdf” ¡ US Army Regulation 25-2, Paragraph 4-6.h “http://www.army.mil/uspa/epubs/pdf/r25_2.pdf” ¡ OMB Memorandum “http://www.whitehouse.gov/omb/memoranda/fy/04/ m04-16.html”
5 OTHER GUIDANCE ¡ DOD Open Source Software (OSS) FAQ “http://cio-nii.defense.gov/sites/oss” ¡ CENDI Frequently Asked Questions About Copyright and Computer Software “ http://www.cendi.gov/publications/ 09-1FAQ_OpenSourceSoftware_FINAL_11010 9 .pdf” ¡ NASA Open Source Software and NASA Procedural Requirements 2210.A-External Release of NASA Software ¡ Federal Deposit Insurance (FDIC) Corporation
6 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS, 16 OCTOBER 2009 “In almost all cases, OSS meets the definition of “commercial computer software” and shall be given appropriate statutory preference in accordance with 10 USC 2377 (reference (b)) (see also FAR 2.101(b), 12.000, 12.101 (reference (c)); and DFARS 212.212, and 252.227-7014(a)(1) (reference (d)).”
7 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS ¡ Conduct Market Research ¡ Positive Aspects of OSS l Continuous and broad peer-review l Unrestricted ability to modify software source code l Reliance on a particular software developer or vendor may be reduced l OSS license do not restrict who can use software l Cost advantage l Suitable for rapdid prototyping and experimentation
8 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS ¡ Critical Question Is the Government obligated to distribute the source code of any modified OSS to the public? Does this issue present a problem for use in classified or other sensitive DoD systems?
11 GOVERNMENT LICENSING RIGHTS ¡ Distribution of Software created by: (1) DoD employees as part of official duties; (2) A vendor, acting on DoD’s behalf (procurement or other award instrument) (3) DoD employees or vendors, acting on their behalf, which include commercial OSS components
12 GOVERNMENT LICENSING RIGHTS ¡ DoD employees as part of official duties l Government-created software l No Copyright Ownership (17 USC Section 105) l Software is property owned by the Government
16 GOVERNMENT LICENSING RIGHTS Unlimited Rights License “Rights to use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation in whole or in part, in any manner and for any purpose whatsoever, and to have or authorize others to do so.” DFARS 252.227-7014(a)(15)
18 GOVERNMENT LICENSING RIGHTS Government Purpose Rights License “Use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation within the Government without restriction; “Release or disclose computer software or computer software documentation outside the Government and authorize persons to whom release or disclosure has been made to use, modify, reproduce, release, perform, display or disclose the software or documentation for United States government purposes.” DFARS 252.227-7014(a)(10)
19 GOVERNMENT LICENSING RIGHTS GOVERNMENT PURPOSE “Any activity in which the United States Government is a party, including cooperative agreements with international or multi-national defense organizations or sales or transfers by the United States Government to foreign governments or international organizations. Government purposes include competitive procurement, but do not include the rights to use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation for commercial purpose or authorize others to do so.” DFARS 252.227-7014(a)(11)
21 OSS COMMERCIAL SOFTWARE Software applications created by ¡ DoD employees or vendors, acting on their behalf, which include commercial OSS components ¡ What are the Issues?
22 OSS COMMERCIAL SOFTWARE ¡ Commercial computer software means software developed or regularly used for nongovernmental purposes which— (i) Has been sold, leased, or licensed to the public; (ii) Has been offered for sale, lease, or license to the public; (iii) Has not been offered, sold, leased, or licensed to the public but will be available for commercial sale, lease, or license in time to satisfy the delivery requirements of this contract; or (iv) Satisfies a criterion expressed in paragraph (a)(1) (i), (ii), or (iii) of this clause and would require only minor modification to meet the requirements of this contract. (DFARS 252.227-7014(a)(1) ¡ Minor modification means a modification that does not significantly alter the nongovernmental function or purpose of the software or is of the type customarily provided in the commercial marketplace. (DFARS 252.227-7014(a)(12)
23 OSS COMMERCIAL SOFTWARE ¡ Agency must evaluate: l Licensing rights under original contract or award instrument l Requirements of the open source licensing scheme
24 USING OSS – LEGAL ISSUES ¡ Identify the Agency’s Goals l Acquire Commercial Open Source Software v. other Commercial Software ¡ Pitfalls of Using OSS l Licensing Scheme l Can the Government live with the licensing terms? (e.g. Redistribution of modified code)
26 USING OSS – OTHER ISSUES ¡ Security Considerations l Assessment – Technical and Information Technology Security Personnel l Compliance with: ¡ National Security Telecommunications and Information Systems Security Policy Number 11 ¡ Federal Information Security Management Act (FISMA) l Questions: 1) Will the code be used in classified systems? 2) Is there prompt identification and repair of defects?
29 Forge.mil -- DISA OSS PROJECT ¡ What is FORGE.MIL? l DISA-led activity designed to improve ability of DoD to rapidly deliver dependable software, services and systems in support of net-centric operations and warfare. l Family of Services ¡ SoftwareForge ¡ ProjectForge
30 Forge.mil -- DISA OSS PROJECT ¡ Forge.mil Users l U.S. military l DoD Government civilians and DoD contractors (authorized government use) l Requires Common Access Card or PKI certificate issued by a DoD Approved External Certificate Authority
31 Forge.mil -- DISA OSS PROJECT ¡ Software Forge User Agreement l DoD Community l Unique Nature of Project l Terms ¡ Use of Services ¡ Licensing and Other Terms ¡ Copyrights and other DoD Community Source Usage Rights
nasa
i35_267
stefafafan
niftycorp
biwashi
shibuiwilliam
yukimatsuyoshi
onlinesalon
hygradme
orgachem
coconala_engineer
kei_s
is_ryo
tammyeverts
tenderlove
wjessup
addyosmani
jeffersonlam
malarkey
dotmariusz
lynnandtonic
tanoku
jmmastey
myddelton
bkeepers