Legal Discuss
  1. Legal Discuss
  2. LEGAL-93

Contributions from the US Federal Goverment

    Details

    • Type: Question Question
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Labels:
      None

      Description

      Some folks who work for the US federal government want to contribute a codebase to Apache, through the Incubator. The US government is not permitted to claim copyright over works it creates. The Incubator requires a CCLA or Software Grant for codebases brought to Apache. Both of these forms require that the author grant a copyright license to Apache, but I don't see how this is possible when the author is the US Government, which does not hold copyright. What's our process in this case?

      Similarly, how can an employee of the US Federal Government file an ICLA, since that also requires a grant of copyright license?

        Issue Links

          Activity

          Hide
          Benson Margulies added a comment -

          I don't see a problem with the icla. It grants rights to what they have rights to grant. When operating on taxpayer dollars, they don't have rights.

          Have they supplied a sample of what sort of notice of origin is on the source files? I've seen different things in different govt contexts.

          Show
          Benson Margulies added a comment - I don't see a problem with the icla. It grants rights to what they have rights to grant. When operating on taxpayer dollars, they don't have rights. Have they supplied a sample of what sort of notice of origin is on the source files? I've seen different things in different govt contexts.
          Hide
          Doug Cutting added a comment -

          I have not seen a sample file. I think the notice may not yet be fixed.

          I think they'd like attribution, e.g., something for our NOTICE file.

          What might we hope to see in the file headers in such a case?

          Show
          Doug Cutting added a comment - I have not seen a sample file. I think the notice may not yet be fixed. I think they'd like attribution, e.g., something for our NOTICE file. What might we hope to see in the file headers in such a case?
          Hide
          Benson Margulies added a comment -

          Well, you're likely to see something that says, /* UNCLASSIFIED */, but that hardly helps. We might see a FARS/DFARS notice, or some other text that refers to the statutes and regulations that set out the policy about copyrights that you stated.

          Show
          Benson Margulies added a comment - Well, you're likely to see something that says, /* UNCLASSIFIED */, but that hardly helps. We might see a FARS/DFARS notice, or some other text that refers to the statutes and regulations that set out the policy about copyrights that you stated.
          Hide
          Lawrence Rosen added a comment -

          Perhaps we can add a FAQ entry for our CLA procedures:

          Q: Do we require CLAs for U.S. Federal Government contributions?

          A: Yes, an ICLA or a CCLA is required even if the contribution is the work of a U.S. Federal Government employee. Such works are in the public domain (17 U.S.C. 105) and we could, if we wish, simply take those works and copy them for our software purposes. But Apache isn't just about copyright, it is also about cooperation. Our CLAs indicate the affirmative dedication of a work by a contributor to Apache and so to the public. We work with agencies and employees of the U.S. Federal Government all the time (and many other governments and government agencies) to develop open source software. We distribute our software under the Apache License even when portions of our software are derived from works in the public domain, and we identify the original source of those contributions by a CLA.. That is why we require an ICLA or a CCLA for every contribution to Apache.

          Show
          Lawrence Rosen added a comment - Perhaps we can add a FAQ entry for our CLA procedures: Q: Do we require CLAs for U.S. Federal Government contributions? A: Yes, an ICLA or a CCLA is required even if the contribution is the work of a U.S. Federal Government employee. Such works are in the public domain (17 U.S.C. 105) and we could, if we wish, simply take those works and copy them for our software purposes. But Apache isn't just about copyright, it is also about cooperation. Our CLAs indicate the affirmative dedication of a work by a contributor to Apache and so to the public. We work with agencies and employees of the U.S. Federal Government all the time (and many other governments and government agencies) to develop open source software. We distribute our software under the Apache License even when portions of our software are derived from works in the public domain, and we identify the original source of those contributions by a CLA.. That is why we require an ICLA or a CCLA for every contribution to Apache.
          Hide
          Tim Williams added a comment -

          I like the idea of the FAQ, but it seems much more complicated than that. In many (most?) cases, the creator of the code is not a federal employee but rather under contract to the federal government. The wide variance is number of contract vehicles, subs, and flow-down T&C's make it hard for a single A, no?

          Show
          Tim Williams added a comment - I like the idea of the FAQ, but it seems much more complicated than that. In many (most?) cases, the creator of the code is not a federal employee but rather under contract to the federal government. The wide variance is number of contract vehicles, subs, and flow-down T&C's make it hard for a single A, no?
          Hide
          Sam Ruby added a comment -

          Tim: the beauty of a FAQ is that it doesn't need to answer all possible questions, it just needs to answer the questions it does pose well.

          Larry proposed a great start. A few comments:

          We don't require an ICLA for every contribution. Small patches via mailing lists and bug tracking systems are fine. We may require an ICLA for a substantial (set of) contribution(s). We always require an ICLA before you can be assigned and Apache ID and become a committer. Answering that specific question (do we require ICLAs from employees of the Federal Government before they can become a committer) may be all that is required to address that part of Doug's original question.

          I also think that we don't need to mention a CCLA here. Does anybody read section 4 of the ICLA as requiring one in this circumstance?

          Going back to the original question, Doug mentioned a Software Grant. While I agree that a Software Grant is unlikely to be needed in this case, what documentation can be captured now which can be used down the road to establish provenance? If there is a concrete proposal that satisfies this need, I doubt that there will be any push back.

          Finally, I'm not sure that this question is yet a frequently asked question. Until then, perhaps this JIRA issue will suffice?

          Show
          Sam Ruby added a comment - Tim: the beauty of a FAQ is that it doesn't need to answer all possible questions, it just needs to answer the questions it does pose well. Larry proposed a great start. A few comments: We don't require an ICLA for every contribution. Small patches via mailing lists and bug tracking systems are fine. We may require an ICLA for a substantial (set of) contribution(s). We always require an ICLA before you can be assigned and Apache ID and become a committer. Answering that specific question (do we require ICLAs from employees of the Federal Government before they can become a committer) may be all that is required to address that part of Doug's original question. I also think that we don't need to mention a CCLA here. Does anybody read section 4 of the ICLA as requiring one in this circumstance? Going back to the original question, Doug mentioned a Software Grant. While I agree that a Software Grant is unlikely to be needed in this case, what documentation can be captured now which can be used down the road to establish provenance? If there is a concrete proposal that satisfies this need, I doubt that there will be any push back. Finally, I'm not sure that this question is yet a frequently asked question. Until then, perhaps this JIRA issue will suffice?
          Hide
          Benson Margulies added a comment -

          Larry,

          Can you cite precedent for 'work with US government agencies all the time,' or show a CCLA-ish document from one of them? Note that, for example, when I've done work on behalf of the government at the ASF, the particular arrangements allowed for me, as an employee of contractor claiming 'commercial rights', to assert copyright and then grant under my employer's ccla and my icla. That's not going to be the case this time.

          A precedent and example might make it easier to guide this particular bit of government into delivering what you ask for, if, as per the immediate previous contribution, we really need a grant.

          I can tell you from personal experience that getting legal documents signed by someone with authority to sign them in this neighborhood can be a rather extended struggle.

          I think that it would be fairly straightforward to get two things: (1) source code notices that state the provenance as a government-owned, and thus uncopyrightable, work, and (2) iclas from the committers. I'm not claiming, so far, that something along the lines of a CCLA would be impossible, just that it might take time and pain, and I'd like to spare the people involved the pain if I can.

          --benson

          Show
          Benson Margulies added a comment - Larry, Can you cite precedent for 'work with US government agencies all the time,' or show a CCLA-ish document from one of them? Note that, for example, when I've done work on behalf of the government at the ASF, the particular arrangements allowed for me, as an employee of contractor claiming 'commercial rights', to assert copyright and then grant under my employer's ccla and my icla. That's not going to be the case this time. A precedent and example might make it easier to guide this particular bit of government into delivering what you ask for, if, as per the immediate previous contribution, we really need a grant. I can tell you from personal experience that getting legal documents signed by someone with authority to sign them in this neighborhood can be a rather extended struggle. I think that it would be fairly straightforward to get two things: (1) source code notices that state the provenance as a government-owned, and thus uncopyrightable, work, and (2) iclas from the committers. I'm not claiming, so far, that something along the lines of a CCLA would be impossible, just that it might take time and pain, and I'd like to spare the people involved the pain if I can. --benson
          Hide
          Lawrence Rosen added a comment -

          Benson,

          I'll cite this example, not involving Apache, that I worked on a couple of years ago as a project for DISA in the Department of Defense. They had software that was written by U.S. federal government employees called CMIS. They wanted to release this software under an open source license so that it could benefit from wider adoption and encourage a larger development community both within the U.S. government and outside. They even wanted to encourage commercial ventures to take on this software and enhance it for all users.

          We could have just taken it. The software was public domain, available if not automatically then at least under a formal Freedom of Information Act request. But instead, we negotiated a Cooperative Research and Development Agreement (CRADA), executed between DISA (DOD) and an outside non-profit open source foundation, the Open Source Software Institute (OSSI). That CRADA allowed OSSI to take over responsibility for the software; build a forge-like infrastructure for development purposes; and subsequently distribute the software to the world under the Open Software License (OSL 3.0). The U.S. government now uses the OSL version of the software rather than its previous public domain version.

          When I mentioned earlier that we work with US government agencies "all the time", that may have been a slight exaggeration. I was referring to projects such as OODT, which was sponsored by NASA and conveyed to Apache. I don't know how much of that code was written by contractors and how much by government employees. That shouldn't be an important distinction, though, for those of us who want to transform such software into FOSS so that it can be distributed under recognized and defensible licenses. I also note that NASA has other projects it chooses to release under its own open source license, the NOSA. (http://ti.arc.nasa.gov/opensource/).

          The National Institute of Standards and Technology worked with the OpenSSL project to create a government-certified version of the software. That indispensable program remained open source. (http://gcn.com/Articles/2006/07/18/Status-of-OpenSSL-FIPS-certification-shifts-again.aspx)

          When the Department of Homeland Security develops advanced technology nowadays, it is choosing to do so under an open source regime. (http://www.oss-institute.org/index.php?option=com_content&view=article&id=422:host-2-demo&catid=141:dhs-host&Itemid=216)

          These may not be so many examples as to justify my saying "all the time", but it is often enough nowadays to create a trend and to provide models that other U.S. federal government agencies can follow.

          /Larry

          Show
          Lawrence Rosen added a comment - Benson, I'll cite this example, not involving Apache, that I worked on a couple of years ago as a project for DISA in the Department of Defense. They had software that was written by U.S. federal government employees called CMIS. They wanted to release this software under an open source license so that it could benefit from wider adoption and encourage a larger development community both within the U.S. government and outside. They even wanted to encourage commercial ventures to take on this software and enhance it for all users. We could have just taken it. The software was public domain, available if not automatically then at least under a formal Freedom of Information Act request. But instead, we negotiated a Cooperative Research and Development Agreement (CRADA), executed between DISA (DOD) and an outside non-profit open source foundation, the Open Source Software Institute (OSSI). That CRADA allowed OSSI to take over responsibility for the software; build a forge-like infrastructure for development purposes; and subsequently distribute the software to the world under the Open Software License (OSL 3.0). The U.S. government now uses the OSL version of the software rather than its previous public domain version. When I mentioned earlier that we work with US government agencies "all the time", that may have been a slight exaggeration. I was referring to projects such as OODT, which was sponsored by NASA and conveyed to Apache. I don't know how much of that code was written by contractors and how much by government employees. That shouldn't be an important distinction, though, for those of us who want to transform such software into FOSS so that it can be distributed under recognized and defensible licenses. I also note that NASA has other projects it chooses to release under its own open source license, the NOSA. ( http://ti.arc.nasa.gov/opensource/ ). The National Institute of Standards and Technology worked with the OpenSSL project to create a government-certified version of the software. That indispensable program remained open source. ( http://gcn.com/Articles/2006/07/18/Status-of-OpenSSL-FIPS-certification-shifts-again.aspx ) When the Department of Homeland Security develops advanced technology nowadays, it is choosing to do so under an open source regime. ( http://www.oss-institute.org/index.php?option=com_content&view=article&id=422:host-2-demo&catid=141:dhs-host&Itemid=216 ) These may not be so many examples as to justify my saying "all the time", but it is often enough nowadays to create a trend and to provide models that other U.S. federal government agencies can follow. /Larry
          Hide
          Robert Burrell Donkin added a comment -

          Has consensus been reached on this issue?

          Robert

          Show
          Robert Burrell Donkin added a comment - Has consensus been reached on this issue? Robert

            People

            • Assignee:
              Unassigned
              Reporter:
              Doug Cutting
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development