Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OSSDC 2012: OSS Legal Issues and Best Practices for Federal Agencies

nasa
June 20, 2012

OSSDC 2012: OSS Legal Issues and Best Practices for Federal Agencies

Presented by Vicki E. Allums, Associate General Counsel for Intellectual Property, Defense Information Systems Agency, Department of Defense.

nasa

June 20, 2012
Tweet

More Decks by nasa

Other Decks in Technology

Transcript

  1. OPEN SOURCE SOFTWARE (OSS) – LEGAL ISSUES AND BEST PRACTICES

    FOR FEDERAL AGENCIES Vicki E. Allums Associate General Counsel for Intellectual Property Defense Information Systems Agency (DISA) Department of Defense June 20, 2012
  2. 2 AGENDA DoD Policy Guidance How Does the DFARS Address

    the Use of OSS? Using OSS -- Legal Issues for Federal Agencies Using OSS – Other Issues for Federal Agencies Forge.mil -- DISA’s Open Source Project
  3. 3 THE BASICS ¡  What is Open Source Software (OSS)?

    ¡  How does OSS differ from other Commercial Software? ¡  Can Federal Agencies own the Copyright in Software? ¡  What are the FAR and DFARS? ¡  What are some of the Common OSS licenses and their distribution schemes?
  4. 4 DoD POLICIES ¡  DoD Memo Clarifying Guidance Regarding OSS,

    16 October 2009 “http://cio-nii.defense.gov/sites/oss” l  Supersedes DoD CIO Memo 28 May 2003 ¡  Department of Navy CIO Memo “http://www.doncio.navy.mil/PolicyView.aspx? ID=312 ¡  The Open Technology Development Roadmap, 7 June 2006 “http://www.acq.osd.mil/jctd/articles/ OTDRoadmapFinal.pdf” ¡  US Army Regulation 25-2, Paragraph 4-6.h “http://www.army.mil/uspa/epubs/pdf/r25_2.pdf” ¡  OMB Memorandum “http://www.whitehouse.gov/omb/memoranda/fy/04/ m04-16.html”
  5. 5 OTHER GUIDANCE ¡  DOD Open Source Software (OSS) FAQ

    “http://cio-nii.defense.gov/sites/oss” ¡  CENDI Frequently Asked Questions About Copyright and Computer Software “ http://www.cendi.gov/publications/ 09-1FAQ_OpenSourceSoftware_FINAL_11010 9 .pdf” ¡  NASA Open Source Software and NASA Procedural Requirements 2210.A-External Release of NASA Software ¡  Federal Deposit Insurance (FDIC) Corporation
  6. 6 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS, 16 OCTOBER 2009

    “In almost all cases, OSS meets the definition of “commercial computer software” and shall be given appropriate statutory preference in accordance with 10 USC 2377 (reference (b)) (see also FAR 2.101(b), 12.000, 12.101 (reference (c)); and DFARS 212.212, and 252.227-7014(a)(1) (reference (d)).”
  7. 7 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS ¡  Conduct Market

    Research ¡  Positive Aspects of OSS l  Continuous and broad peer-review l  Unrestricted ability to modify software source code l  Reliance on a particular software developer or vendor may be reduced l  OSS license do not restrict who can use software l  Cost advantage l  Suitable for rapdid prototyping and experimentation
  8. 8 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS ¡  Critical Question

    Is the Government obligated to distribute the source code of any modified OSS to the public? Does this issue present a problem for use in classified or other sensitive DoD systems?
  9. 9 DoD MEMO CLARIFYING GUIDANCE REGARDING OSS “Use the software

    that meets the Department’s Mission” Open Source or Non-Open Source
  10. 10 HOW DOES THE DFARS ADDRESS THE USE OF OSS?

    Issue Unique to DoD Agencies -- Distributing OSS “LICENSING RIGHTS V. COPYRIGHT OWNERSHIP”
  11. 11 GOVERNMENT LICENSING RIGHTS ¡  Distribution of Software created by:

    (1)  DoD employees as part of official duties; (2)  A vendor, acting on DoD’s behalf (procurement or other award instrument) (3)  DoD employees or vendors, acting on their behalf, which include commercial OSS components
  12. 12 GOVERNMENT LICENSING RIGHTS ¡  DoD employees as part of

    official duties l  Government-created software l  No Copyright Ownership (17 USC Section 105) l  Software is property owned by the Government
  13. 13 GOVERNMENT LICENSING RIGHTS ¡  A vendor, acting on DoD’s

    behalf (procurement or other award instrument) What are the Government’s Licensing Rights?
  14. 16 GOVERNMENT LICENSING RIGHTS Unlimited Rights License “Rights to use,

    modify, reproduce, release, perform, display, or disclose computer software or computer software documentation in whole or in part, in any manner and for any purpose whatsoever, and to have or authorize others to do so.” DFARS 252.227-7014(a)(15)
  15. 18 GOVERNMENT LICENSING RIGHTS Government Purpose Rights License “Use, modify,

    reproduce, release, perform, display, or disclose computer software or computer software documentation within the Government without restriction; “Release or disclose computer software or computer software documentation outside the Government and authorize persons to whom release or disclosure has been made to use, modify, reproduce, release, perform, display or disclose the software or documentation for United States government purposes.” DFARS 252.227-7014(a)(10)
  16. 19 GOVERNMENT LICENSING RIGHTS GOVERNMENT PURPOSE “Any activity in which

    the United States Government is a party, including cooperative agreements with international or multi-national defense organizations or sales or transfers by the United States Government to foreign governments or international organizations. Government purposes include competitive procurement, but do not include the rights to use, modify, reproduce, release, perform, display, or disclose computer software or computer software documentation for commercial purpose or authorize others to do so.” DFARS 252.227-7014(a)(11)
  17. 21 OSS COMMERCIAL SOFTWARE Software applications created by ¡  DoD

    employees or vendors, acting on their behalf, which include commercial OSS components ¡  What are the Issues?
  18. 22 OSS COMMERCIAL SOFTWARE ¡  Commercial computer software means software

    developed or regularly used for nongovernmental purposes which— (i) Has been sold, leased, or licensed to the public; (ii) Has been offered for sale, lease, or license to the public; (iii) Has not been offered, sold, leased, or licensed to the public but will be available for commercial sale, lease, or license in time to satisfy the delivery requirements of this contract; or (iv) Satisfies a criterion expressed in paragraph (a)(1) (i), (ii), or (iii) of this clause and would require only minor modification to meet the requirements of this contract. (DFARS 252.227-7014(a)(1) ¡  Minor modification means a modification that does not significantly alter the nongovernmental function or purpose of the software or is of the type customarily provided in the commercial marketplace. (DFARS 252.227-7014(a)(12)
  19. 23 OSS COMMERCIAL SOFTWARE ¡  Agency must evaluate: l  Licensing

    rights under original contract or award instrument l  Requirements of the open source licensing scheme
  20. 24 USING OSS – LEGAL ISSUES ¡  Identify the Agency’s

    Goals l  Acquire Commercial Open Source Software v. other Commercial Software ¡  Pitfalls of Using OSS l  Licensing Scheme l  Can the Government live with the licensing terms? (e.g. Redistribution of modified code)
  21. 25 USING OSS – LEGAL ISSUES ¡  Licensing Terms to

    Consider l  Warranties l  Maintenance/Support l  Indemnification l  Applicable law and dispute resolution mechanisms
  22. 26 USING OSS – OTHER ISSUES ¡  Security Considerations l 

    Assessment – Technical and Information Technology Security Personnel l  Compliance with: ¡  National Security Telecommunications and Information Systems Security Policy Number 11 ¡  Federal Information Security Management Act (FISMA) l  Questions: 1)  Will the code be used in classified systems? 2)  Is there prompt identification and repair of defects?
  23. 27 USING OSS – PRACTICAL ISSUES ¡  Concerns Raised by

    Using OSS l  Limited Maintenance and Support l  Inability to Negotiate License Terms
  24. 28 PROPOSED DFARS 227.7104-5(c) ¡  75 Fed Reg 59412, 9/27/10

    (Case 2010-001) l  See PGI & line-in/line-out at DFARS Pub. Notice 20100927: http://www.acq.osd.mil/dpap/dars/change_notices.html l  Comments due 11/26/10 ¡  DoD Industry Meeting (January 2012)
  25. 29 Forge.mil -- DISA OSS PROJECT ¡  What is FORGE.MIL?

    l  DISA-led activity designed to improve ability of DoD to rapidly deliver dependable software, services and systems in support of net-centric operations and warfare. l  Family of Services ¡  SoftwareForge ¡  ProjectForge
  26. 30 Forge.mil -- DISA OSS PROJECT ¡  Forge.mil Users l 

    U.S. military l  DoD Government civilians and DoD contractors (authorized government use) l  Requires Common Access Card or PKI certificate issued by a DoD Approved External Certificate Authority
  27. 31 Forge.mil -- DISA OSS PROJECT ¡  Software Forge User

    Agreement l  DoD Community l  Unique Nature of Project l  Terms ¡ Use of Services ¡ Licensing and Other Terms ¡ Copyrights and other DoD Community Source Usage Rights