_________________

TechnologyTransactions_________________

HowtoNegotiate,DraftandCloseBetterDealsHowtoNegotiate,DraftandCloseBetterDeals

ii

Copyright 2019. John A. Newman. All Rights Reserved. TheoriginalillustrationsforthisbookarebyPaulaPaulson.This book is provided for informational purposes only and isnotofferedinlieuoflegalresearchoranalysisbyanattorney.Thisbookisprovided“asis”and“withallfaults”.The author, John A. Newman, is a graduate of GeorgetownUniversityLawCenter(LLM),WakeForestLawSchool(JD).Hehelps clients structure, draft and negotiate technologytransactions, createmodel templates, structure new businessmodelsandresolvedisputes.Hecanbecontactedatlegal@aol.com

iii

Introduction

This book focuses on practical legal skills needed to succeed in structuring,negotiating and documenting commercial technology transactions. Theemphasis is on Virginia’s Uniform Computer Information Transactions Act(Va.CodeTitle59.1(Trade&Commerce),Chapter43(UCITA),Sections501.1through 509.2), with cross-reference to the Model UCITA and ModelComments.ManyoftheprinciplescontainedinUCITAhavebeenadoptedbycommonlawinotherjurisdictions,sothisprogramshouldbeoffairlygeneralapplication.1Lawyers who handle technology transactions know there’snothing “soft” about the software industry. It’s a toughbusinessenvironmentpopulatedbyanassortmentoflargeandsmall players, each having competitive advantages, talents,hopes, aspirations and (in some cases) predatory instincts,fueledbyfantasticeconomicopportunities.Itisnotuncommonforasolosoftwareconsultantwithnolegalrepresentation to negotiate an agreement with a globalsoftware company’s experienced attorneys. And it is notuncommonforalargecompanywithnosoftwareexperienceto

1 UCITA elicited heated debate during the 1990’s and early 2000’s and has only been adopted in Virginia and Maryland. Other states apply the common law or UCC Article 2 (Sale of Goods). Prof. Ray Nimmer observes that if the true test of a contract law statute lies in how little litigation it creates, UCITA is succeeding: after more than a decade, there is only a trickle of cases, virtually none in Virginia. See also, Hillman & Rachlinkski, Standard-Form Contracting in the Electronic Age, 77 N.Y.U. L.Rev. 429, 491 (2002) (“[W]e contend that UCITA maintains the contextual, balanced approach to standard terms that can be found in the paper world.”).

iv

negotiate an agreement with an experienced softwareboutique.To make it on either side of the table, you need to knowsomething about technology transactions law.Better yet, youneedtoknowhowbusiness, lawandtechnologymixtogetherintoanever-changinglandscapeofbusinessmodelsanddeal-making.Technology law developed as lawyers scrambled to helpinnovatorscaptureopportunitiesoravoidlegalproblems.Thisbookwill give you practical tools for structuring, negotiatingand enforcing good contracts in the software and technologyindustry.Study this book and the next time you are presented with apotentialdeal,youwillbeinabetterpositiontokeepyourwitsaboutyou,understandtheissuesandnegotiateeffectively.Ignoretheselessonsandthe“invisiblehand”ofthefreemarketwilloftenpushdealsclosed,butontermsthattoooftenspringbacktohaunttheparticipants(seenextpage…)Sincerely,JohnNewman,Esq.

v

“RememberMeee?I’mLastYear’sBadDeal!”

vi

TABLEOFCONTENTS

PARTONE:SOFTWAREDEVELOPMENTANDLICENSEAGREEMENTS 1I. THENEGOTIATINGANDCONTRACTINGPROCESS A. SettingtheStageforSuccessfulNegotiations:

WhatMakesPeopleTick? 21. Reciprocity 32. Commitment&Consistency 43. SocialProof 44. Liking 55. Authority 66. Scarcity 6

B. PreliminaryMechanismsAffectDealOutcomes 8 1. ReviewYourMarketingLiterature 8

2. AboutFormAgreements 8

3. AboutCustomNegotiatedDeals 8

vii

4. EngagementLetters 9

5. Non-DisclosureAgreements 11

6. TeamingAgreements 137. LinkingWebDocumentsinto

theAgreement 148. EasyContractFormationwith

ClickwrapAgreements 15

II. ISSUESINDEVELOPMENT&LICENSING

TRANSACTIONS 18A. ProjectStaffingIssues 18B. HowGoodSoftwareDesignAffectsLegalIssues 20C. ProgressReports 21

D. TestingandAcceptance 22E. UnderstandYourPricingDynamics 23

F. CashFlowMatters 26

• LatePaymentSyndrome• TrickleDownTheory• InternationalIssues• RevenueRecognition

viii

G. OwnershipofWorkProduct 28

1. TimeofConveyance 292. AboutReusableCodeLibraries 31(a) CodeLicensedfromLibraryforCustomer's

Project 31

(b) CodeLicensedintotheLibraryforFutureProjects 32

H. GrantingExclusiveMarketingLicenses 32

1. GeographicalorVerticalMarketLimits 32

2. MinimumPerformance 32

3. ChannelConflict 33

4. SupportIssues 33

5. MinimumEnd-UserTerms 33

6. ElectronicRestraints 34I. Confidentiality 34J. Warranties 37

1. Non-InfringementWarranty 37

ix

2. ExpressWarranties 37

(a) "Casual"ExpressWarranties 37

• ReviewAdvertisingCollateral• WatchPost-SigningReassurances• BetaVersions

(b) FormalExpressWarranties 39

(c) ExpressWarranty:508Accessibility39

3. TheImpliedWarranties 41

• MerchantabilityofSoftwarePrograms

• InformationalContent• Licensee'sParticularPurpose• SystemIntegration

4. Disclaiming/Modifyingthe

ImpliedWarranties 43

5. InvalidationofWarrantiesbySoftwareCodeModifications 45

K. OverviewofLiabilities 47

1. ContractorDamages 472. CustomerDamages 47

x

L. LimitationofLiabilities 48

1. LimitationofLiabilityClause 482. CompartmentalizeYourLiability 50

M. Remedies 50

1. LimitationofRemedies 512. FailureofEssentialPurpose 513. NoRewritingofAgreements 524. Carve-OutsforCertainLiabilities 535. TheRightToCure 53

N. Indemnities 55

1. CommonTypesofIndemnities 55

(a) Non-InfringementIndemnity 55 (b) BodilyInjury,Death&Tangible

PropertyDamage 56 (c) DataBreach,Confidentiality 56 (d) GeneralIndemnity 58

2. CoordinationofIndemnitieswithLimitationofLiabilities 58

xi

O. Assignments&TransfersofContracts 51

1. "NoAssignment"Clauses 51

2. AbsentanAgreement 59P. ElectronicRegulationofAccess,Use

andRepossession 59

1. OnlineAccessContracts 60

2. ElectronicUsageRestrictions 60

3. Self-HelpRepossessiononCancellationforBreach 63

(a) PhysicalRepossession 63(b) ElectronicRepossession 63

Q. EntireAgreementClause 67III. IMPORTANTISSUESFORINTERNATIONAL

TRANSACTIONS 68A. IPProtection 68B. GoverningLaw&ForumClauses 68

1. GoverningLaw 68

xii

2. GoverningForum 703. ArbitrationProvisions 714. ExportRestrictions 725. ForeignCorruptPracticesAct 72

PARTTWO:SOFTWARESUPPORTAGREEMENTS 74A. SoftwareSupportAgreementsUnderUCITA 76B. UnderstandingDifferentTypesofSoftware

SupportTransactions 80

1. PackagedOff-the-ShelfSoftware 802. PackagedCoreSoftwarewith

Customizations 82

(a) CoreSoftwareorCustomizedSoftware? 82

(b) CustomizationsbyLicensororConsultant?83

3. SupportforCustomDevelopedSoftware 87

(a) ProjectStaffingIssues 87

(b) HowGoodSoftwareDesignAffectsSupport 88

xiii

(c) HowTestingandAcceptance

EffectSupport 89

(d) HowConfidentialityRestrictionsAffectSupport 90

C. OtherKeySoftwareSupportIssues 91

1. Whatisan"Error"intheSoftware? 91

2. KnowtheTypesofSoftwareReleases 92

3. UnderstandtheDifferentLevelsofSupport 93

4. ServiceHoursofSupport 94

5. ClassificationofSupportCalls 956. SomeTypicalSupportCaseClassifications957. TheImportanceofDefining

"ResponseTimes" 968. UsingEscalationProcedurestoAttract

NeededAttention 969. CertainLicenseeResponsibilities 9810. ServiceLevelCredits 99

11. MinimumPeriodofSupport 100

xiv

D. HowRevenueRecognitionRules

AffectSupportContracts 101

1. LicenseFeeRevenueRecognition 101

2. Post-ContractSupportRevenueRecognition 104

PARTTHREE: OPENSOURCESOFTWARE 107I. WhatisOpenSourceSoftware? 107II. OpenSourceSoftwarePolicies 108III. DefinitionstoKnow 109IV. IdentifyingtheGoverningOSSLicense&

RelevantLegalIssues 111A. OSSLicenseClassification 112B. DistributionofDerivativeWorks 116C. NoticeandAttributionResponsibilities 117D. SoftwareWarranty&SupportConsiderations 117E. TheOSSProjectSponsor 117F. RecordKeepingandCodeManagement 118

xv

G. CompliancewithOSSLicenses 119H. EmployeeCommunication,Education

andTraining 120I. SoftwareDevelopedbyVendors 120J. PatentConsiderations 120K. PotentialTrapsinDealingwith

OpenSource 121

EPILOGUE 121

1

PARTONE:SOFTWAREDEVELOPMENTANDLICENSEAGREEMENTS. UCITA applies to “computer information transactions” whichareagreementsto“create,modify,transferorlicensecomputerinformationor informationalrights incomputer information.”Itincludescomputersoftwareanddata,andsupportcontractsthatrelatetosoftwareandonlinesystems.Itdoesnotincludecontracts relating to financial services, insurance services,motionpictures(exceptmassmarketlicensetransactions)normusical works or contracts for employment (other thanindependent contractors who are not journalists). Otherexceptionsapply.SeeVa.Code59.1-501.3(Scope;Exclusions).I. THENEGOTIATINGANDCONTRACTINGPROCESSThe root of all substance is process. To negotiate a softwaredevelopment or license agreement containing substantiveprovisions that achieve your business objectives, whileprotectingyoulegally,thinkconsciouslyaboutwaystocontrolthecontractingprocessfromtheoutset.

Click-WrapProceduralWin:WeareallfamiliarwithClick-Wrap Agreements, which are presented onscreen and must be accepted before completing thesoftware installationor online access to the softwareservice. Many vendors attempt to hide behind theseclick-wraps as a procedural barrier to having tonegotiate their terms. It standardizes their contractsand their riskprofileandeliminates legalnegotiationfees. If their click-wrap is reasonable and addressesissues important tobothparties, thismaybeaviableapproach.Ifnot,andthelicensefeesaresignificantor

2

if the customer data to be loaded onto the system issensitive, then you’ll need to break through thisbarrier and negotiate at least a custom Addendumaddressingyourkeyissues.

Assuming an actual negotiation takes place, youwillwant tohave an appreciation of “negotiating psychology” as well asearly-stage mechanisms that can greatly affect the finaloutcome.Whilethesubjectof“whatmakespeopletick?”inthecontext of legal negotiations merits an entire MCLEpresentation,2belowaresixtipstoconsider.A. Setting the Stage for SuccessfulNegotiations:What

MakesPeopleTick?A successful contract negotiation involves not onlyunderstanding your client’s goals and deal “drivers” but alsounderstandingtheotherpartyandwhatdrivestheirbehavior.Simply ask direct questions and you are likely to get somesurprisingly direct answers: “How does your salescompensation programwork andwhere are you in the salescycle?”“Whendoyoureallyneedtoclosethedealtorecognizetherevenuethisperiod?”Inaddition toexplicitdealdrivers, researchhas identifiedsixmentalmodels that are fairly universal as learned behavior.3 2 The author has previously published a separate Continuing Legal Education seminar entitled: “What Makes People Tick? A Lawyer’s Guide.” 3 This discussion briefly summarizes research findings described in detail in the book “Influence: Science and Practice” by Robert Cialdini, © 2001, 2009 Pearson Education, Inc.

3

Applyingtheseprinciplescanhelptriggerapropensityinyourcounterpart toward automatic subconscious behavior thatresults in affirmative agreement (triggering the “Yes”response):

1. Reciprocity. Thedesire to reciprocateappearsto cross over all cultures.4 Small favors build up equity thatgreatly improves the chances of future reciprocation. Givingcandy or amint increases awaiter’s tip. Giving $5with eachsurvey request is more effective than giving $50 for eachreturnedsurvey.Includingpre-printedgummedaddresslabelsin unsolicited fundraising requests improves the success ratefrom 18% to 35%. If you ask someone to purchase anexpensive item and they refuse, ask them to purchase a lessexpensive itemand thesuccessratewill tripleon thesmallersale(theyperceivethesecondaryrequestasaconcessionthatinvitesreciprocation).

Lesson:Ifyouinviteapotentialcontractingpartnerto

4 This phenomenon may result from the presence of mirror neurons in the brain. The healthy brain contains neurons that allow us to mirror the brain activity of other individuals. This common human capacity allows us to stand in another’s shoes and see their point of view. This explains, in neurological terms, our ability to empathize with others. It explains why storytellers, orators, singers, dancers, actors and politicians can connect and move an audience emotionally. It explains why lawyers who take time to hear out the other side can establish the mutual rapport that can lead to creative solutions and resolution of legal disputes. Is it a coincidence that every major religion (Hinduism, Judaism, Zoroastrianism, Buddhism, Confucianism, Islam, Bahat and Christianity) contains some close variation of the empathetic Golden Rule: “Do unto others as you would have them do unto you”?

4

ameeting,it’shelpfultoproviderefreshments,snacksand other small favors and to be as courteous aspossible, even if (or especially if) the negotiation isexpectedtobecontentiousattimes.

2. CommitmentandConsistency. Onceapersondecides to back an idea, they tend to stick with it later. Forexample, ask someone to predict if theywill vote on electionday and the show-up rate increases by 700%. “How are youtonight?” (90% say “fine”; this affirmative response doublesthe acceptance rate on solicitations). Similarly, it’s best toobtainanewclientevenforaverysmallorder.Theynowseethemselves as a customer. Commitmentsmade publicly stickmore than commitments made in private. Those that entailsacrifice are stronger (this is why hazing cementscommitment). Getting commitment up front (volunteer onelectionday)keepspeopleonboardeveniftheyfindoutlateritentailsmoresacrificethanexpected(youneedtoshowupat5:00am).

Lesson:itisbesttobeexplicitduringnegotiationsandto peg you concession with a correspondingconcession from the other side: “Do I understandcorrectly that if I cangetyou thisdiscountprice,youcanclosethedealbyFriday?”

3. SocialProof.Wetakesocialcuesfromothersin

deciding how we will act, especially in an uncertainenvironment. Leaders are more effective when they have acadre of committed followers, who in turn influence others(and so on). This is why bartenders “salt” the tip jar, as itsuggests others are tipping and so should you. People learn

5

quicklybymimickingtheirpeers(e.g.,theMontessorimethod).

Lesson: This principle is exemplified by the phrase,“Nobody ever got fired by going with IBM” and byvendor websites that display logos of their keycustomers, to create a “me too” atmosphere ofcomfort.

4. Liking. ClarenceDarrow said themain thing atrial lawyer should do is have the jury like his client. That isalsotrueinnegotiations:peopletendtosayyestopeopletheyknow and like. Tupperware’s businessmodel rides on top ofpersonalfriendships,whereparticipantsfeelalmostcompelledtopurchase inordertosupportthefriend’sbusinessventure.The quality of the product is of secondary importance. Indeciding whether to like someone, people tend to look atpersonal attractiveness, good grooming, nice clothes thatmirrorothersinthegroup.Sincerecomplimentsalsohelp.

Lesson:itisalwayshelpfulbeforeameetingstartstochit-chatwiththeotherpartyandtheirattorneyaboutany sort of common interest, to establish somepersonal rapport, to defuse a situation with a littleself-deprecating humor. It is often helpful to let theotherpartytalkforsolongastheywant,toventtheirfrustrations. You want to hear what the other partyhastosay,what’simportanttothem.Ifyoucan,seeifyoucansay“yes”severaltimesinarow,nottosignalthatyounecessarilyagreewiththem,butsimplythatyouunderstandtheirpointofview.Ifyoutaketimetopenetrate their positions to understand the intereststhey are trying to advance, you will have a betterchanceofarrivingatamutuallyacceptablesolution.

6

5. Authority. People tend to follow directionsfrom an authority figure. If you convince a group leader ofsomething, he/shewill use chain of command to help obtaincooperationofothers(persuadethedecision-maker).Evidenceof “apparent” authority comes fromnice clothes, trappingsofpower (nice watch, car), association with prestigiousinstitutions.Slysincerityworksonthisprinciple(e.g.,awaiterwhoadvisesapatronthatsomethingtheyorderedwasnotthebestitemonthemenu,andrecommendssomethingbetteratalowerprice,establishesauthorityandsincerityandgetsbettertips).

Lesson: dress conservatively in an understated butpowerfulmanner, thenafterareasonabletime,breakthe tensionby figurativelyor literally rollingupyoursleeves to signal a working session amongprofessionals. Use layered authority to defer harderdecisions to an “authority figure”who is not present(but who “generally followsmy advice.”). From yourperspective, try to get the authority figures (decisionmakers) on the other side directly involved. Caveat:exhibitingtoomuchauthority,especiallybylargelawfirms, can backfire if the other lawyer views it assuperiority or arrogance. This can fuel a competitivereactionoranundercurrentofresentmentthatcanbecounterproductivetotheclient.

6. Scarcity. Make something scarce and hard-to-get,anditwill increasedemand.Researchshowsthatcookiessellfasterwhenthereareonlytwocookiesleft,thanwhenthejar is chocked fullof cookies.Thiscanbedifficult insoftwaresales,becausethemarginalcostofproducinganothercopyofsoftware is exactly zero. So look for other ways to create

7

scarcity,suchastheneedtomakeapurchasenowtoscheduletrainingslotsorimplementationservices(which,ofcourse,arefillingupfast….)

Side-note:AfterIreadtheInfluencebook,Idecidedtotryitout.IhadpreviouslyputanadinCraigslisttosellmy Classic Corvette Stingray, but received littleresponse. I then modified the ad to include thefollowing“scarcity”statement:“Ifyou’regoingtobuyaC3 (third generation Corvette) be sure to buy a 1972:that’s the last year that had metal bumpers on bothendsandnopollutioncontrolgeartolimitperformance.Thereareonlyafew1972Corvettesleftinthecountry.Andwhen they are gone, that’s it. They aren’tmakingthemanymore.”Isoldthecartothenextprospectformyfullaskingprice.Coincidence?

Herearesomeotherexamplesofthescarcityprincipleatworkthataretypicallyusedbysalespersons:

• “Unfortunately,Idon’tthinkwehaveanymoreofthesein stock. But if I can find one in the back, do Iunderstandthatyouwanttopurchaseitatthisprice?”

• “Youmightbuyextraproducts,because I’ve justheardon thegrapevine thatproduction isbackedupand I’mnotsurewhenwewillbegettinganymore.”

• “Exclusivelimitedtimeofferendssoon!”Automaticbehaviorismostoftentriggeredwhenoneormoreof the six principles are encountered and we are rushed for

8

time, stressed, uncertain, indifferent, distracted or fatigued.Automatic behavior saves us the mental effort of having tothinkconsciouslywhenwearealreadymaxedout.B. PreliminaryMechanismsthatAffectDealOutcomes.

1. ReviewYourMarketingLiterature: Customerexpectationscanbeestablishedatunrealisticallyhighlevelsifthelawyerdoesnotreviewproductliterature,websitecontentand proposals.Watch for superlatives and overstatements ofproduct capabilities. If you join a negotiation after suchmaterialswere delivered, be sure the resulting contract doesnotincorporatetheproposal,butinsteadsupersedesitwithaSOWandcontainsamergerclause.Ifyou’retheCustomer,bycontrast, have the agreement refer to the proposal or evenincorporateitintothecontract(seediscussionofExpressandImpliedWarranties,below).

2. About FormAgreements: Taking the initiative

procedurallymaybeassimpleasputtingyourformagreementon the table first and using that as the starting point innegotiations.Thisstrategycanworkforlicensingoff-the-shelfsoftware when your business model is mature and well-defined.Theformagreementshouldprotectyourinterests,butyou should consider including other provisions important totheotherside.Iftheformagreementistooone-sidedandyoudon’t have the bargaining power to make it stick, the otherpartywill simply disengage and insist on using its own formagreement.

3. About Custom Negotiated Deals: In a customnegotiatedtransaction,becarefulabouttryingtostartwithanagreement from a prior deal that does not fit the situation.

9

Instead, use a top-down structured process to design anagreementtowhichbothsidescanmakealegalandemotionalcommitment. Start by quizzing the business and technicalpeople about each party’s objectives and concerns going intothe deal. From this high level, produce a term sheet thatidentifies and deals with the structural issues conceptually.(later,volunteertoproducethefirstdraftoftheagreement).

Observation: Think carefully before signing a termsheetoraletterofintent.Theycanbebindingenoughtogetyousued,butnotsufficientlydetailedtoprovidelegalprotection.Stateexplicitlyinthetermsheetthatitisnon-bindingandanydefinitiveagreementmustbeexecuted by authorized representatives of bothparties.Ifyouarere-negotiatinga“baddeal”itisalsohelpful to state that all communications andnegotiations, whetherwritten or oral, are settlementdiscussionsnotadmissibleintoevidence.4. EngagementLetters:Consultantsoftenwantto

gettheirpeopleon-sitequicklywithsomeinitialconsultingora requirements analysis. Use a simple two-page EngagementLetter todocument thekey terms: theparties, scopeofwork,pricing and payment, ownership of work product,confidentiality,warranties/disclaimers, liability and remediesand some general terms (merger clause, amendments, choiceof law, etc.). Engagement Letters differ from term sheetsbecause they contain actual contract provisions, in a simpler,plain-English format. But you should only use EngagementLetters for small dollar projects or phases, since larger onesput more pressure on each provision of the agreement. Nomatterhowbusyyouallare,besurethese“small”agreementsgetproperlegalreview.

10

“TGIF,OnlyTwoMoreWorkingDays‘TilMonday.”

11

5. Non-Disclosure Agreements: NDAs can be

dangerousiftheylimityourR&Dandfuturecompetition:

“AcknowledgmentofCertainCompetitiveProjects.TheCompanyacknowledges thatBigcomaybeengaged in thedevelopmentoftechnology that may compete with existing or prospectivetechnologyorbusinessplansoftheCompany,andthatBigcomayalsobediscussing,ormaydiscussinthefuture,possiblebusinessventures with competitors of the Company. Nothing in thisAgreement or in the limited use of Confidential Information byBigco hereunder will be deemed inherently to involve thedisclosure ormisuse of the Company’s Confidential Informationin violation of this Agreement. Bigco will be deemed incompliancewiththisAgreementifitusesduediligencetoensurethat the individual employees or Representatives of Bigco whoreceive Confidential Information with the consent of theCompany do not disclose such information to third parties inviolationofthisAgreementanddonotdisclosesuchConfidentialInformationtootherpersonnelatBigcothatarenotapprovedbythe Company. Bigcowill identify the name and position of eachindividual who receives Confidential Information and let theCompanydeterminewhetheritwishestopermitsuchindividualtoobtainaccesstosuchConfidentialInformation.Reservation of Rights. Nothing in this Agreement obligates apartytoenterintoanybusinesstransactionorrelationshipwiththeotherpartyandnothinghereinshallbedeemedtoprecludeaparty from entering into a business transaction with any otherparty.”

Another issue seen in NDAs is a “Residual Rights” clause inwhich the recipient is free to reuse confidential informationwithout restriction to the extent it is “retained in recipient’sunaidedmemory.”Thelogicalfallacyofthatclauseisthatyourtrade secrets are only protected against someone who can’trememberthem.Probablynotwhatyouintended….

12

TheLawofUnintendedConsequences

13

6. Teaming Agreements: these are used early inthe contracting process to coordinate marketing effortsbetweentwopartiesworkingonajointproposaltoaprospect.Decidewhethertheteammembersareexclusivetoeachother,specifythepointofcontactforcustomernegotiations,addressconfidentialityissuesanddisclaimconsequentialdamages.Andmake sure the document contains an independent contractorclauseanddoesn’trefertotheteammembersas“partners”(asthat implies a general partnership with joint and severalliability). The proposed sub-contractor should also avoidcommitting in advance to a flow-down of the customer’sstandardcontractterms,particularlyiftheyhavenotyetbeenseen. Instead, reserve the right to negotiate reasonablechanges in the subcontract consistent with your part of theproposal. To the extent you are contributing off-the-shelfsoftware, try to have your standard license agreement apply(customer T&C’s, which you may not have seen yet, oftenobtain broad licensing rights, source code rights, warranty,remedy and liability provisions that you will want tonegotiate). And, if possible, specify explicitly whether thepurchase/saleaspectoftheagreementisbinding:

Observation: Teaming Agreements may or may notbebindingcontracts for the saleofgoodsor servicesbetween members. In W.J. Schafer Assoc., Inc. v.Cordant,Inc.,254Va.514,493S.E.2d512(1997),theagreementwasconsideredtooindefinitetobebindingbecause it: (a) allowed the Prime to designate areplacementSubcontractor;(b)didnotfirmlycommitthe Sub to sell the product (which was still indevelopment);(c)didnotspecifythepurchasepricein

14

advance (although the Sub later bid a price in theProposal and adjusted it in the BAFO) and (d) therewasno assurance that theproductwould exist if theprime contract was awarded. See also CyberlockConsultingv.InfoExperts,939F.Supp.2d572(E.D.Va.2013), aff’d 549 Fed. Appx. 211 (4th Cir. 2014)(teamingagreementwasanunenforceable“agreementtoagree”and subject to successful futurenegotiationofthesubcontract);accord,Navarv.Fed.Bus.Council,291 Va. 338 (2016). One way to improve theenforceability of a teaming agreement is to pre-negotiatethetermsoftheactualsubcontractandSOWandattach it as anexhibit to the teamingagreement.Theteamingagreementshouldrecitethattheparties’agreement now exists and that it is not subject tofuturenegotiationandwillbeexecutedbythepartiesiftheteam’sproposalwinsthecompetition.

Tip:Whentheotherpartystubbornlyclingstoaone-sided clause, find a reason to make the clausereciprocal.Thisforcesthemtoseetheissuebothwaysandcansoftentheirposition.

7. LinkingWebDocumentsintotheAgreement.

Software vendors often incorporate by reference into theAgreementdocumentsthatarepostedontheweb.Thesemayinclude Privacy Policies, Security Policies, Travel Policies,Acceptable Use Policies and so forth. It could also includeproductspecifications,softwaredocumentationandpricelists.It is important to review those documents, as they oftencontain “zingers” that define what your client is actuallygettingfortheprice.Thoselinkedprovisionsmayalsoprovide

15

thattheymaybemodifiedbypostinganewversiononline.ThepowertomodifytheAgreementunilaterallymeansyourclientlosescontroloverthetermsandsubstanceoftherelationship.Thisisespeciallytrueifthelinkeddocumentiseffectiveuponpostinganewversion (withoutactualnoticeor consent) anddoesnotlimitthenatureorextentofthepossiblerevisions.

Tip:Ifit’snecessarytoincorporatealinkeddocumentinto theAgreement, it’sbest to indicate that if futuremodifications arematerially adverse to your client,thatyour client’s express consent is required,or thatyour client may terminate the Agreement forconvenienceandobtainarefundofanypre-paidfees.If that fails, you could indicate that changes to thelinkeddocumentwillnotbeallowedtomodifycertainprovisions of the Agreement without a signedamendment (e.g., warranty, liability, indemnity,confidentiality, etc.). A related issue, of course, is toindicatethatPurchaseOrdersandsimilar transactiondocuments may be issued for administrativeconvenience,butdonotbecomepartoftheagreement.

8. Easy Contract Formation with ClickwrapAgreements.

UCITA indicates that a “writing” requirement can besatisfiedbyacomputer “record”and thatany “signature”requirement is satisfied by an “authentication.” Va. Code59.1-501.5. To “authenticate” means either to sign it or,with the intent to sign a record, to execute or adopt anelectronicsymbol,sound,message,orprocessreferringto,attached to, including in, or logically associated or linkedwith,thatrecord.Va.Code59.1-501.2(a)(6).

16

UCITA thus validates standard click-wrap licenseagreements in online access contracts, inwhich the userhasameaningfulopportunitytoreviewthetermspriortocontract formation, andmanifests assent, forexample,byclicking “I Agree.” See, Va. Code 59.1-501.13:1(“Opportunity to Review”) and 59.1-501.12 (“ManifestingAssent”).ItisenoughtoshowthattheusercouldnothaveaccessedthesystemwithoutfirstmanifestingassenttotheAgreement.Va.Code59.1-501.12(d).When mass-market software is delivered on tangiblemedia at retail, the clickwrap agreement that is laterpresented during installation is enforceable if the buyerhas a right to return the software for a refund if theproposedclickwrapagreement is rejected.Va.Code59.1-501.13:1(“OpportunitytoReview”).

Observation: Contract formation issues often arelitigated when an opportunistic competitor “freerides” on an established website by harvesting datafrom it and using that data in a competing website.When that happens, the binding effect of the onlineTerms of Use (which usually prohibit that type ofconduct)becomeparamountinimportance.

Note: InCvent v. Eventbrite, 735F.Supp.2d927, 937(E.D.Va.2010)thevendorhadposteditsTermsofUseatthebottomofthewebpageanddidnotorchestratea click-wrap acceptance procedure as a condition ofuse. The Court characterized this not as a click-wrapagreement, but as a more casual “browse-wrap”contract“buriedatthebottom”ofthewebsitethatdid

17

notachievecontract formationonthoseterms.Basedon the facts alleged in the complaint, the vendor’scontractclaimthatrelieduponprovisionsof theTOUto prohibit data harvesting was dismissed onsummaryjudgment.Lesson: lawyers shouldpayattention tohowa click-wrap agreement is actually presented for acceptanceand to work with the technical folks to ensure theprocess is legally valid. Presenting it as part of theinstallation or sign-up process, and ensuring it mustbe “accepted” before proceeding, is the bestmethod.Be sure the agreement is accessible later and can bedownloaded or printed off by the user. If the userrejectsthelicenseafterpaymenthasbeenmade,thenyoumustofferareturn/refundoption.Wrinkle: One Catch-22 that arises with contractformationinonlineagreementsisthechoiceoflaw.Ifthe contract specifies Virginia law, for example, butVirginia UCITA lawmust be relied upon to establishthatacontractwasformedonthosetermsinthefirstplace, you can end up in an odd circular argument.Still, courts in other jurisdictions have enforcedclickwrapagreementsbasedonUCCArt.2orcommonlawanalysis. SeeSpechtv.NetscapeCommunicationsCorp., 306 F.3d 17 (2d Cir. 2002); Davidson &Associates v. Internet Gateway, 334 F.Supp.2d 1164(E.D.Mo. 2004); I.Lan Systems v. Netscout, 183F.Supp.2d328(D.Mass.2002).

18

II. ISSUES IN DEVELOPMENT & LICENSINGTRANSACTIONS

Software Development Agreements should be structured toprovide a contractual framework to advance the technicalprocess of designing, developing, testing, implementing andsupportingasoftwaresystemthathelpsthecustomerachieveitsactualbusinessobjectives. Itshouldalsoprovideflexibilityfor reasonable changes, off-ramps and protections if the dealsours. End-User licenses for off-the-shelf products should bestandardizedtotheextentpossible,togivepredictabilitytothelicensor’sbusinessandpricingmodel.

Tip: If possible, customers should try to include atermination for convenience provision, under whichtheyarefreetoterminatetherelationshipuponsomeperiod of written notice, without having to prove amaterialdefaultbytheotherparty.Thisexit-rampcanbe helpful when confronted by a non-performingcounterparty and the customer wants to terminatewithoutanycontention(willingtowriteoffanymoneypaid to date). The customer should pay thecounterparty forwork performed that complieswiththecontract(thisiswhereanacceptanceprocedureasa condition of invoicing and payment helps). Anyremainingdisputecanbenarroweddowntothefinalinvoice,inmostcases.A. ProjectStaffingIssues.Itisimportantforboth

parties’ technical people to get to know each other prior toawarding the contract. Sometimes, bringing in an outsidedeveloperintrudesontheturfof in-housetechnicalpeopleorothercontractorswhocanundermineaproject’ssuccess.The

19

customer will want to review the resumes of contractorpersonnel to be assigned to the project and to assess theirtechnical ability and experience with similar systems. Eachparty should specify a Project Coordinator and the keytechnical people. The agreement should include a non-solicitation clause tomaintainworkforce stability and shouldprovide some level of reassurance regarding staffing stabilityand commitments, replacement/approval procedures,adherence toworkplace safety, security and substance abusepolicies.

LearningCurves. Losingorhavingtoreplaceprojectmanagersorkeytechnicalpersonnelduringaprojectcanhaveadevastatingeffectonprogressandqualityofwork.Developerswhoquitmayhavegotteninovertheirheads technically, so theirdeparturemaysignalproblems with the project. Replacing key staff mayentailasteeplearningcurveforthenewpeoplebeforetheybecomeproductive.Ifthecontactorremovesstaffwithoutcustomer’sconsent, thecontractmayrequirea transition instructional period and deny or limitcustomer’s obligation topay for theorientation time.The customer may also restrict reassignment ofcontractorpersonneltoprojectswithkeycompetitorsfor a specifiedperiodof time.The customerwill alsowant to be able to request that the contractor pullsomeoneofftheproject,simplybecauseofpersonalityissues. The contractor may resist that, given theirdesiretocontroltheirwork-force.Restrictive Covenants: If you are hiring contractworkers fromaplacementagency (a “bodyshop”)orhavecontractorworkersonsite,assumetheworkers

20

areboundbynon-circumventionandnon-solicitationclauses(evenifyourowncontractwiththeiremployerdoes not restrict it). The quickest way to trigger aheated dispute is to hire away a worker withoutconferring with their employer or agency. Smallplacement agencies are particularly aggressive indefendingtheirinterestsanditisimportanttorespectthevaluetheycontribute.Ifyourepresenttheagency,be sure to include a non-solicitation and no-hiringclause in the customer agreement, as poachingworkersisaconstanttemptation.

Use of Consultants: UCITA Section 505 states that aparty may perform its contractual duties through asubcontractor unless the contract prohibitssubcontracting or the customer has a substantialinterest in having the contractor perform the work(Va. Code59.1-505.5).Note: a banon subcontractorsmay be implied if the agreement’s confidentialityclause restricts access to “employees” and prohibitsdisclosure to thirdparties [Section505,Comment2].Thisclausecouldbeloosenedbyreplacingreferencestocontractor“employees”withcontractor“personnel”andincludingconsultantswithinthatcategory,solongas theyexecuteanNDA.The customermaywant theright to approve subcontractors, and the contractorwillthenadd:“whichapprovalshallnotunreasonablybewithheld.”

B. How Good Software Design Affects Legal

Issues. Lawyersneed tounderstand thatmanydevelopmentprojectsfailbecausethepartiesdonotallocatesufficienttimeand resources to identify the customer’s requirements and

21

prepare functional and detailed technical designs (includinginterfacesbetweenallsystems)priortoactualcoding.Arobustdesignphaseallowsyou tounhitchdesign fromdevelopmentand is the foundation for successful development anddebuggingphases.Havingagooddesignalsohelpsdemarcatelinesofresponsibilitybetweenanyco-developmentteamsanddefinestheprogramming interfaces.Theseareessential if thedevelopedsystemistooperateinalegacyenvironmentorwithoff-the-shelfsoftware.

Structuring Tip: Consider breaking the project intoseparate phases: requirements analysis, functionaldesign, technical description, coding & testing,implementation,training,support.Eachphasemustbecompleted,reviewed,acceptedandpaidforbeforethenext phase commences. This discipline can beenforcedbyusingaBasicOrderingAgreement (BOA)under which individual Task Orders are issued foreach project phase. The contractor’s need to proveitselfoneachTaskOrderbeforeanotheroneisissuedimposes discipline and tends to keep contractors ontheir good behavior. The Task Order approach mayalso help the contractor if the agreementcompartmentalizescontractor’sliabilitytotheamountpaidundereachTaskOrder.

C. ProgressReports. Bothpartiesshouldbesure

not to let thedevelopersgooffon theirown foranextendedperiod of development, since they can go astray or getsidetracked on projects for other customers that may be incrisis mode. It is important to monitor progress weekly andmonthly.Forlargerprojects,itishelpfultohaveyourtechnicalpeople (or an independent consultant) conduct periodic code

22

reviewsessions.ContractorsworkingonaT&Mbasiswillwanttheweeklyreviewstoincludesign-offsonweeklytimesheets.This contemporaneous sign-off procedure identifiesperformanceproblemsearlyandmakes ithard forcustomerstoholduppaymentsforacceptablework.

Tip: Customers prefer tomake “time of the essence”on key deliverables, while contractors will push tomake all schedules “reasonably accurate estimates,subject to revision once the scope of the project isbetter defined” and governed by a broadly draftedforcemajeureclause.D. Testing and Acceptance. Testing should be

conductedpursuanttoawrittentestplanthatisderivedfromthedesigndocuments.Eachunitofcodeshouldbeindividuallytestedforfunctionalityandreliability.Thesystemshouldthenbe tested to see whether the units function together as anintegratedsystemandwithothersystems.Efficientdebuggingusually depends on howwell the systemwas designed fromthe outset, as a good design allows developers to isolate,identifyandcorrectbugsquickly.Thisiswhyarobustdesignisso important to the development of a functional and reliablesystem.Asnotedearlier,therearetwobasicapproachestodraftinganacceptanceclause:

• Contractor version: “The Software shall be deemed accepted ifCustomerdoesnotnotifyContractorofanymaterialdefectsduringthe Test Period or, if Customer makes beneficial use of theSoftware, it shall conclusively be deemed accepted and anyoutstandingpunchlistitemsshallbecoveredtotheextentprovidedunderSection__(“Warranties”).”

23

• Customerversion:“TheSoftwareshallbeacceptedasconforming

totherequirementsofthisAgreementonlywhenCustomerissuesits written certification of acceptance. If Contractor fails withinthirty(30)calendardaystocorrectpunchlistitemsortheSoftwareotherwise fails to complywith the requirements of the Test Planwithinthedesignatedtime,Customermay:(a)rejecttheSoftwarein its entirety and recover amounts paid hereunder; (b) issue a“partialacceptance”oftheSoftware,withanequitableadjustmentinthepricetoaccountforsuchdeficiency;(c)conditionallyacceptthe Software, while reserving its right to revoke acceptance iftimelycorrectionisnotforthcoming,or(d)pursuewhateverotherremediesareavailableunderthisAgreement.”

E. UnderstandYourPricingDynamics. Different

pricing structures impose different dynamics on a project. Inthecommercialmarketplace,mostprojectsarecommissionedonafirmfixedpricebasisoratimeandmaterials(T&M)basis.

• Firm Fixed Pricing: It is axiomatic in softwaredevelopmenttransactionsthatafirmfixedpricecreatesan immediate tension over the scope of the projectbefore the ink dries on the signatures. The underlyingtension can be defused somewhat by separating thedesign phase from the development phase (assuggestedabove),andpricingeachoneseparately.Eventhen, be sure to includeChangeControl procedures toimpose a formal process on managing changes to thescope. This is important because project people willoftenenterintonumerousverbalsidedealsthatremainunder the legal radar until the project is behindschedule.Youalsowanttomakesurethefixedpriceismatched toa clearlydefinedscopeofworkand, if youare the customer, that the vendor’s stated“assumptions” that went into the pricing are not so

24

broad that they shift too much project risk to thecustomer. For that same reason, review the ForceMajeure clause to ensure it’s not so broad that itprovidesareadyescapehatchforanydelay.

• T&MPricing. ForT&Mprojects,manycustomerswill

requireatotaldollarbudgetforeachphase.Besuretospecifywhetherthis“budget”isanon-bindingestimateor, instead, a not-to-exceedbilling limit (a tight billinglimitwillcreatedynamicssimilartoafixedpricedeal).Customerswillwant tomatchbilling ratesnot only topositions (e.g. “Sr. Developer”) but also to specificindividuals assigned to the project. This keeps theContractor from raising rates indirectly through itsreclassificationofassignedworkers.

• Out-of-Pockets. Be sure the contract specifies which

partyisresponsibleforout-of-pockettravelandlodgingexpenses, as well as incidental expenses, such assoftware development hardware, software tools,communicationsaccessandthelike.Inafixedpricedealor a T&M projectwith a billing cap, the partiesmightspecify a budgeted number of trips and include aprocedure for approving additional travel under aChangeControlclause.Youmayalsowanttoreferenceaparty’s Travel Policy which should specify in somedetail what travel costs are acceptable and whatdocumentationisrequired.

25

HitchedtoaFixedPriceContract

26

• Auditing Records. Contractor should be required to

maintainadequatedocumentationtosubstantiateT&Mcharges and requests for out-of-pocketreimbursements.ContractorsshouldusetimecardsforT&M work that are signed off by Customer’s projectmanager each week. Customer will want the right toaudit such records during normal hours uponreasonable advance notice. Contractor will want theaudit to be conducted at customer’s expense and onlyonceayear.

F. CashFlowMatters.Cashflow(orlackofit)isa

commonpointofcontentioninsoftwaretransactionsandonewhichaccrualbasisContractorsoftenoverlookuntilpaymentislongoverdue.TheContractorwillwanttherighttosuspendperformance or stop work if amounts are not paid on time.Customerwillwant to tiepayments todeliveryofmilestonesand to its formal written acceptance of deliverables. TheContractorwill counter this bywanting “deemedacceptance”tooccuriftheCustomerisbeneficiallyusingthedeliverableforacertain time, suchas30days (theCustomerwill then insiston“30consecutivedays”).

Late Payment Syndrome. Contractors must not letCustomersgetbehindoninvoices.Customerscanusethistoextractanever-endingseriesofconcessionsontheprojectscope(usuallymetingoutpaymentononelongoverdueinvoice,justwhenanewoneisaddedtothe stack).Moreover, they can often hold up the lastmilestone payment indefinitely, effectively deprivingContractor of its profit margin on the deal. If initialpayments are late, itmaybe advisable to involve the

27

lawyer directly and invoke the right to suspendmeetingsorotherprojectlevelwork,focusingalleyesonthereceivableuntilitispaid.

Trickle Down Theory: Subcontractors, especiallythose licensing off-the-shelf products, should watchfor how payments are structured. Smallsubcontractors can get squeezed financially if itsinvoicesaretobepaidwithinastatednumberofdaysafter the prime contractor gets paid. Youmay nevergetpaidiftheprimecontractorrunsintoperformanceor financial trouble (they will almost always useavailablemoney tomake payroll before paying you).Instead, insist on being paid no later than a certaindeadline, such as 60 or 90 days after invoice. Makesure the deadline is specified as non-contingent oncustomer payments and reserve the right to stopwork.VirginiaLaw: “Pay-if-Paid”clauses, inwhichaprimecontractor is not obligated to pay its subcontractoruntil the prime is paid by the customer, are validunderUCITAandVirginiacaselaw.SeePilarServices,Inc. v. NCI Information Systems, 569 F.Supp.2d 563(E.D.Va. 2008), applying UCITA, and citing GallowayCorp. v. S.B. Ballard Constr. Co., 250 Va. 493, 464S.E.2d 349, 355 (1995) (a pay-if-paid clause is anabsolutedefensefortheprimecontractor).International Issues: Be sure to specify whatcurrency governs and what the currency conversionreferencedatewillbe. Ifnotspecified,onepartymay

28

time payments to push the risk of currencyfluctuationsontotheotherparty.Revenue Recognition Tip: Ordinarily, if you sign acontract and deliver a product before the end of aperiod,youcangenerally recognize the initial licensefee that period even if the invoice is payable afterperiod-end (e.g., Net 30). However, if a significantportionofthecontractpriceisdeferredformorethan12 months, the presence of the extended paymentterm will probably defer recognition of the initiallicensefeeuntiltheinvoiceactuallybecomesdue.TPA5100.42, SOP 97-2 Para. 28-29 (some companies aremore conservative and require deferral if paymentsextend 6+ months). For this reason, you might limitany extended payments and/or make initial licensefeesdueimmediatelyuponcontractexecution(ratherthannet30afterreceiptofinvoice).RevenueRecognitionTip:Ifyouprovidediscountsonfutureproductlicensesinordertocloseanimmediatesale, this may require you to defer a proportionateamountoftheinitiallicensefeecorrespondingtothediscounts intosubsequentperiods.TPA5100.51,SOP97-2. Thus, granting future discounts to close a salecan be somewhat self-defeating, especially for salespeoplewhosecommissionsaretiedtorevenue.

G. Ownership of Work Product. When an

employee develops software within the scope of his job, theemployerwill own the copyright to thework evenwithout awritten agreement. The opposite is true for independentcontractorsandconsultantsdevelopingcustomsoftware,even

29

if source code is delivered. When hiring a contractor, theremust be a written agreement containing an assignment ofownership to customer or the contractor will likely retainownership. If the contractor will retain ownership, theagreementshouldspecify thescopeofcustomer’s licenseandwhethersourcecodeistobedeliveredtothecustomer.

1. TimeofConveyance. Deliveryofacopy—evensourcecode--doesnotconveyanyownershipofIPrights inthesoftware.Evenwhereownership istobe conveyed to the customer, the agreement willcontrol the time at which it is conveyed. If nototherwise specified, ownership will be conveyedsimultaneously as the program is being developed(delivery of a copy is not necessary). Or, if theagreement soprovides, ownership could conveyonlyafter the customer pays the price (e.g., “Subject topaymentoftheprice[foreachdeliverable],Customerwillownallright,titleandinterest…”)[UCITASection501,Comment3;SeeVa.Code59.1-505.1].Tip:The timeofconveyanceofworkproduct isimportantwhen a payment dispute erupts. Thevendor will want to modify the default ruleunderVa.Code59.1-505.1bylinkingconveyanceofownershiptofinalpayment.Thecustomerwillwantimmediateconveyanceasworkprogresses.This keeps an aggressive vendor from trying toextract Change Orders for “out of scope” workthat was really in-scope. When parties argueover time of conveyance, what they are reallyarguingabout is leverageonpriceandpaymentissues.

30

WorkerClassificationIssuesCanImpactIPOwnership

31

2. About Reusable Code Libraries. Overtime, contractors may build up libraries of reusablecode. Code libraries save development time, reduceprices and/or improveprofits by allowing contractorto contribute pre-existing Embedded Software to theproject. If the customer owns the work product,Contractor may ask for a license to add codedeveloped for this customer to its library and reusethat code on future unrelated projects. Customersworried about funding the development of theircompetitorswillwant to restrict the contractor fromreusing the technology on projects for keycompetitors. The agreement may identify thetechnology or competitors definitionally or by name,or it may include a case-by-case approval procedure(contractors will want approval not to beunreasonably withheld, while customers will wantapprovaltobeintheirsolediscretion).(a) CodeLicensedfromtheLibraryforuseonCustomer’sProject:Example: “Except as otherwise specifically set forth in theStatement of Work: (a) this Agreement conveys no ownershiprightsbyContractortoCustomerwithrespecttoanyEmbeddedSoftware, and (b)ContractorherebygrantsCustomerapaid-up,perpetual,nonexclusivelicensetouseanyEmbeddedSoftwarein[object code] form strictly as an integral part of, and inconjunction with the Custom Work Product and for no otherpurpose. This license to Embedded Software is transferable byCustomer(providedCustomerdestroysallremainingcopies)butmay not be sublicensed without Contractor’s prior writtenconsent[,whichconsentshallnotunreasonablybewithheld].

32

(b) CodeLicensedintotheLibraryforUseonFutureProjects:Example: “Contractor is granted a royalty-free, perpetual,nonexclusivelicensetoreproduce,modify,useandsublicensetheCustomWorkProduct[solelyinobjectcodeform]inconjunctionwith other development projects of Contractor that are notcompetitivewith theCustomer’s intendeduseof theSoftware [,provided,thatforeachprojectwhereContractorwishestoreuseCustom Work Product, it shall first notify Customer of theintended use and obtain Customer’s prior written permission[whichpermissionshallnotunreasonablybewithheld]].H. GrantingExclusiveMarketingLicenses.

Granting exclusive marketing rights should be carefullystructured to avoid channel conflict and to prevent a non-performingmarketingpartnerfromlockingoutotherchannelparticipants.1. Geographical or Vertical Market Limits. It iscommontoparseoutexclusivityarrangementsgeographicallyaccording to the locationof (a) themarketingpartner, or (b)prospective customers. The “location” of a party/prospectcould be based on the location of operating facilities,management offices, corporate headquarters or theheadquarters of any upstream parent. Likewise, exclusivitycould be limited to a particular vertical market of potentialusers(worldwideorinaparticularregion).Wheresoftwareisbeingtranslatedand localized foraparticular foreignmarket,exclusivitycanalsobegrantedoverthelocalizedversion.2. Minimum Performance. Exclusivity is oftenconditioned upon the marketer producing a marketing plan,

33

committingaspecifiedmarketingbudgetandachievingalevelof success (e.g., unit or dollar sales), perhaps after an initialramp-upperiod.Failuretoachievethesegoalsmayconvertthelicense to a non-exclusive basis. Product discount schedulesmayalsobelinkedtosaleslevels.3. ChannelConflict.Besureanygrantofexclusivitydoesnot conflictwith (a) a pre-existing exclusiveornon-exclusivelicensecoveringthesameproducts,(b)thesamegeographicalscope,or(c)theabilitytograntnon-exclusiverights intargetmarkets (e.g., an exclusive agreement in a specific targetmarketmaypermitthegrantingof“globalmarketingrights”solongasthegranteeisnotheadquarteredinthetargetcountry).Besuretocoordinatewiththegrantor’sownmarketingplansfordirectsales.Theremayalsobea“changeofcontrol”clauseprovidingarightofterminationifthemarketerisacquiredbya competitor of the grantor. Finally, the grantormay reservetherighttoterminatetheagreementonshortnoticeorunderspecifiedconditionsafteraspecifiedramp-upperiod.4. SupportIssues.OEMagreementsshouldspecifywhichparty is responsible for customer support and maintenance(distinguishing first level or “frontline” support from secondlevel support). For example, it is not uncommon for themarketertoprovidefirstlevelcustomersupportdirectlywithend-usersof complex systems, since itmayalsobeprovidingcustom development, installation or training services.Marketerswillsometimeswanttherighttocontinueprovidingsupport to end-users following termination of marketingrights.5. MinimumEnd-UserTerms. Thegrantorwillwant toensure that the marketer either distributes products

34

containinggrantor’sstandard licensetermsor, ifsublicensingis permitted, that the marketer’s contract with the end-usercontainsminimum terms and conditions protecting grantor’sIP rights and addressing warranty, liability and indemnityissues. If the marketer is providing risky consulting orimplementation services, the licensormight distance itself byinsistingthatitEnd-UserLicenseAgreementbesigneddirectlyby the End-User (limiting the marketer’s contractual role tothat of an order-taker and helping to ensure privity onlimitationofliabilityprotections).6. Electronic Restraints. It is not uncommon in somethird world markets for resellers to disregard the reselleragreement and distribute products without signed licenseagreements.Therearealsoquestionsaboutlocalenforcementcapabilitiesinsomemarkets.Licensorssellingintothirdworldmarketsshouldconsiderusinglicensekeys,hardwaredonglesor other technology-based constraints as an additionalenforcementmechanism (see discussion of passive electronicrestraints,below).

I. Confidentiality. The confidentiality clause

recognizes that in the course of a project, trade secrets andsensitive information may be disclosed that need to beprotected. The clause may protect only the customer(especially if the customerownsallworkproduct).Or itmaybereciprocal,forexample,ifcontractorretainsownershipandlicensesthesoftwareinsourcecodeform.

The confidentiality clause should restrict access, use and

disclosure of Confidential Information (a defined term withcarve-outs for pre-existing or independently developedknowledgeorinformationinthepublicdomain).Itshouldalso

35

impose a standard of care (e.g., “the same degree of care asrecipient uses for its own confidential information, but in noeventlessthanduediligenceandcare”)andshouldrequiretherecipient to notify the disclosing party if its learns of anybreach. A separate provision usually provides for injunctiverelief to protect against any actual or threatened violation oftheprovision,withoutnecessityofpostingbond.

Practice Tip: Even if the contractor who retainsownership is willing to license source code, thecustomerwillwanttheagreementtoallowthirdpartyconsultants toaccessandworkwiththecodeso longas they abide by written confidentiality agreements.Otherwise, the contractormayuse the confidentialityclause to leverage out competitors and “sole source”ongoingsupport.Contractormay,however, justifiablywanttoprecludekeycompetitorsfromgainingaccessto its source code under the guise of providingmaintenance, so the agreement may exclude certaincompetitorsdefinitionallyand/orbyname.Observation:UCITASection807states:“Theremedyfor breach of contract for disclosure or misuse ofinformation that is a trade secret or in which theaggrievedpartyhasarightofconfidentiality includesas consequential damages compensation for thebenefitobtainedasaresultof thebreach.”(emphasisadded).SeeVa.Code59.1-508.7(c).

36

DaytimePartners,NighttimePoachers

37

J. Warranties.1. Non-Infringement Warranty. Customers expecteither good title or at least quiet enjoyment of licensedtechnologyfreeofanythirdpartyclaimsofinfringement:

Example:“Contractorrepresentsandwarrants[tothebestofitsknowledgeandbelief] that theSoftware,whenproperlyusedascontemplated herein, will not infringe or misappropriate any[UnitedStates]copyright,trademark,patent,orthetradesecretsof any third persons [and shall defend, indemnify and holdCustomer harmless from all costs, damages, liabilities, expenses(including reasonable legal fees) arising from any third partyclaimtothecontrary.]Uponbeingnotifiedofanyclaimcontrarytosuchwarranty,Contractorshallatitsownexpense:(i)defendthrough litigation or obtain through negotiation the right ofCustomer to continue using the Software; (ii) rework theSoftware so as to make it noninfringing while preserving theoriginal functionality, or (iii) replace the Software withfunctionally equivalent software. If none of the foregoingalternatives provide an adequate remedy, Customer mayterminatealloranypartofthisAgreementandrecoveramountspaidhereunder[withrespecttotheinfringingDeliverable].

2. ExpressWarranties.

(a) “Casual” Express Warranties. UCITA Section402(“ExpressWarranty”),Va.Code59.1-504.2,states thatanexpress warranty is created by, and that a deliverable willconformto:

• Anaffirmationoffactorpromisebythelicensortothelicensee, including advertising, which relates to thelicensedcontentandbecomesabasisofthebargain;

38

• Any description, sample,model or demonstration of a

final product, which is made part of the basis of thebargain (taking into account differences between thecontentandhowitwillbeactuallyused).Note:Section402 says product descriptions “will conform,” whilesamples, models and demos “will reasonablyconform….”

Review Advertising Collateral. Commentary toSection402 indicates that advertising (includingwebcontent)canbecomeabasisforthebargainifitmerely“played a role” in the decision to enter into thetransaction. Commentary further indicates that onceanexpresswarrantyismade,“theobligationscreatedordinarily cannot be easily deleted.” For this reason,lawyers should review marketing materials on aregular basis to prevent unintended expresswarranties.

WatchPost-SigningReassurances.Contractorsneedto be careful about giving customers post-contractreassurancesthatmaybeatoddswiththeagreement.UCITA commentary states: “If language is used aftertheclosingofthedeal(aswhenthelicenseeontakingdelivery asks for and receives an additionalassurance),theassurancemaybecomeamodificationof the contract. An agreed modification requires noconsideration to be binding.” [UCITA Section 303(a);Section402,Comment2].Beta Versions. Because the “sample, model ordemonstration” that creates an express warranty

39

relates to a “final product,” the authors of UCITArecognizethatbetaversionsareordinarilyunderstoodnot to be in final form and that the final deliverablewillvaryfromthebeta[UCITASection402,Comment5].

(b) Formal ExpressWarranties. Contractors will

expressly state in the agreement the extent to which theywarranttheirsoftware.Forexample:

“LimitedWarranties.

(i) Limited SoftwareWarranty. Licensor warrants for aperiodofninety(90)daysfollowingdeliveryoftheSoftwarethatthe Software will perform substantially in accordance with theDocumentation.

(ii) Limited Media Warranty. Licensor warrants for aperiodofninety(90)daysfollowingdeliveryoftheSoftwarethattheCD-ROMs,diskettesorothermediauponwhichtheSoftwareisdeliveredarefreefromdefectsinmaterialsandworkmanshipundernormaluse.

(iii) Limited Technical Support Services Warranty.Licensor warrants for a period of ninety (90) days followingperformance of the service that its Technical Support Serviceswill be performed consistent with generally accepted industrystandards.”

(c) Express Warranty of “508 Accessibility.”Under Section 508 of the Federal Rehabilitation Act(29 U.S.C. 794(d)), software, websites and digitalcontent (e.g., downloadable PDFs) should beaccessible to handicapped users. Content developersshould use contrasting colors (of a certain contrastratio)socolor-blinduserscandistinguishthefeatures;

40

photos should be tagged with alternative textualdescriptionsso“screenreaders”usedbytheblindcanread themout loud;videoshouldbeaccompaniedbycaptionsorsubtitlessothedeafcanunderstandthem.This is likely tobeanareaof increasedenforcement,as the DOJ will issue final regulations soon. Thoseregulations will incorporate features from aninternational technical standard, the “Web ContentAccessibility Guidelines, Version 2.0” (known as“WCAG 2.0”). The guidelines promote digital contentthat is “perceivable, operable, understandable androbust.” The following contract clause should helpaddressthisissue:

“Totheextentapplicable,the[Software/Website/Deliverables]willbecompliantwith:

(A) Section 508 of the federal Rehabilitation Act (29 U.S.C. 794(d))(“Section 508 Standards”), particularly the Web ContentAccessibilityGuidelines (WCAG2.0,AAStandard),which requireselectronic and information technology, including softwareapplications, Internet Web sites and related content, to beaccessibletopeoplewithdisabilities;and

(B) anyotherapplicablestateor international laworregulation,overjurisdictions in which the Services or deliverables are to beprovided,whichrequireaccessibilitygreaterthantheSection508Standards,andwhichareineffectatthetimeofcontracting.”

PracticeTip:Accessibilitycomplaintsaremost likelytobelodgedbyconsumeradvocacylawfirmsagainstalarge retailer with a non-compliant website. Anindividualconsumermayalso lodgeacomplaintwithDOJ (investigations are easy, since the websites aretypicallypubliclyavailable).

41

HedgingStrategy: If you are representing a licenseethat wishes to use third party software or onlineservicesthatarenotyetcompliant,thenyouwillwantto understand their roadmap for achievingcompliance,weigh theriskofproceedingand includean indemnity underwhich the vendorwill hold yourclient harmless from thirdparty claims. Consider thevendor’sfinancialabilitytocoversuchrisks(includinginsurancecoverage).Youmightalsoincludearighttoterminateforconvenienceandrecoverpre-paidfeesifsuch“accessibility”claimsdoarise.

3. The Implied Warranties: UCITA will imply variouswarranties under different circumstances unless disclaimed,includingsomenewwarranties:

• Merchantability of Software Programs (i.e., notdataor informationalcontent):amerchant impliedlywarrants toend-users that theprogram is fit for itsordinary purpose and warrants todistributors thatproducts are packaged and labeled as required andthattheprogramconformstoanyfactualstatementsorpromisesappearingonthepackageandlabels.Thisimplies “fair average” or middle-of-the road quality.UCITASec.403;Comment3(a);Va.Code59.1-504.3.

• Informational Content (i.e., not the softwareprogram itself): a merchant that is in a specialrelationship of reliance with a licensee, collects,compiles, processes, provides or transmitsinformational content warrants to that licensee thatthere is no inaccuracy in the content caused bylicensor’s failure toperformwithreasonablecare.

42

This warranty does not apply to “publishedinformationcontent”ortosomeonewhoisaconduitorprovidesonlyeditorialor summarizationservicesrelating to thirdpartycontent.Reasonablecaredoesnot requireperfect results, and the level of requiredcare depends on the circumstances. UCITA Sec. 404;Va. Code 59.1-504.4. Note: this is a new impliedwarranty.

Observation:Themerchantandcustomermustbe ina relationship of special reliance for the informationcontentwarrantytoapply:“Afundamentalaspectofaspecialrelationshipisthattheinformationproviderisspecifically aware of, and personally tailorsinformation to the needs of the licensee.” It does notapplytoinformationprovidedinstandardformat,butinstead“mustbepersonallytailoredfortherecipient.”Thewarrantydoesnotapplytopublishedinformationcontent, which is treated analogously to publishedbooksornewspapers.

• Licensee’s Particular Purpose: if the licensor hasreason to know of the particular purpose for whichthe computer information is required, and that thelicensee is relying on licensor’s skill or judgment toselect,developorfurnishsuitableinformation,thereisan impliedwarranty that the information is fit forthat particular purpose. The warranty coverssoftware, content and documentation. Section 405;Va.Code59.1-504.5.

T&M Caveat: if a developer is paid for the time oreffort expended (a T&M deal), then the implied

43

warrantyisthattheinformationwillnotfailtoachievetheparticularpurposeasaresultofthelicensor’slackofreasonableeffort.

• System Integration: if an agreement requireslicensor to provide or select a system consisting ofcomputer programs and goods (hardware) and thelicensor has reason to know that the licensee isrelying on the skill or judgment of the licensor toselect the components of the system, there is animplied warranty that the components will functiontogether as a system. Section 405; Va. Code 59.1-504.5(c).

Example: If theagreementprovides that the licensorwillselectacomputer,fivesoftwareapplicationsandaprinter, thewarranty is that thesoftwarewill runonthe computer and the printer will work with thesoftwareandcomputer[Comment6].

4. DisclaimingorModifyingtheImpliedWarranties.Va.Code59.1-504.6:

• Short Form Disclaimer: “AS-IS” and “WITH ALLFAULTS” is still effective to disclaim impliedwarranties, including thoseunderUCITA (except thenon-infringementwarranty).Asusual,thedisclaimersmustbeCONSPICUOUS.

• LongFormDisclaimers:

(a) WarrantyofMerchantabilityisdisclaimedbyincludingmagic words disclaiming “MERCHANTABILITY” or“QUALITY”orwordsofsimilarimport;

44

(b) Warranty of Informational Content is disclaimed byincludingmagicwordsdisclaiming“ACCURACY”orwordsofsimilarimport;

(c) WarrantiesofLicensee’sParticularPurpose&SystemIntegration are disclaimed by statements such as“THERE IS NOWARRANTY THAT THIS INFORMATION,OUR EFFORTSOR THE SYSTEMWILL FULFILL ANYOFYOURPARTICULARNEEDS”orwordsofsimilarimport.

SavingGrace:To“avoidatrapfortheunwary,”UCITAmakes clear that traditional disclaimers of“merchantability” and “fitness for a particularpurpose”underUCCArticle2 and2Aareeffective todisclaim the implied warranties describedimmediately above (including new ones) [UCITASection 406(b)(4); Comment 4(e); Va. Code59.1504.6(b)(4)].

Example: Disclaimer of All Other Warranties. THEWARRANTIESABOVEINTHISSECTION___AREEXCLUSIVEANDAREINLIEUOFALLOTHERWARRANTIES,WHETHEREXPRESSOR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OFMERCHANTABILITY,TITLE,ACCURACY,SYSTEMINTEGRATION,QUALITYANDFITNESSFORAPARTICULARPURPOSE.NOORALORWRITTEN INFORMATION OR ADVICE GIVEN BY LICENSOR,ITS DEALERS, DISTRIBUTORS, AGENTS OR EMPLOYEES(INCLUDING ADVERTISING MATERIAL) SHALL CREATE AWARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THEWARRANTIESGIVENINTHISSECTION,ANDLICENSEEMAYNOTRELYONANYSUCHINFORMATIONORADVICE.

LicensordoesnotwarrantthattheSoftwarewillmeetLicensee’srequirements, that the Software will operate in combinationsotherthanasspecified intheDocumentation, thattheoperationof the Software will be uninterrupted or error-free or that

45

Software errors will be corrected. Pre-production releases(including Alpha and Beta site releases) of Software andTechnicalSupportServicesrelatedtheretoaredistributed“ASIS”and“WITHALLFAULTS.”

Customer Examination: UCITA indicates that, “if alicenseebeforeenteringintoacontracthasexaminedthe information or the sample ormodel as fully as itdesired or has refused to examine the information,there is no implied warranty with regard to defectsthat an examination ought in the circumstances tohave revealed to the licensee.” This can be relevantwhere the licensee is provided a copy of software orsamples on a “try before you buy” basis [Section406(d)].Thiswouldnotexcludean impliedwarrantyagainst latent defects that passed initial review butsurfacedlaterundermorestressfulactualoperations.

5. Invalidation of Warranties by Software CodeModifications. If licenseemodifies a software program, thiswill invalidate all express and implied performance-basedwarranties regarding the modified version. A modificationoccursifthelicenseeaddscode,modifiescodeordeletescodefromtheprogram.Amodificationdoesnotoccurifthelicenseesimplyusesexistingprogramfeaturestoconfiguresoftwareormake normal use a Toolkit to assemble programs from pre-existingcomponents.No invalidationoccurs if thepartiesareengaged in joint development and one party modifies theother’sprogramaspartofitsauthorizedscopeofwork[UCITASection407;Comments1-2;Va.Code59.1-504.7].

46

“Yesshe’sfullywarrantedtobewithoutfaultsorfaculties.”

47

K. Overview of Liabilities. Absent an effective

exclusionorlimitationofdamages,thefollowinggeneralrulesapply:1. Contractor Damages: UCITA Section 808, Va. Code59.1-508.8,generallyallowsthelicensortorecover:(a)directdamages equal to the price due under the agreement, fewerexpensesavoidedasaresultofthebreach(yieldinglostprofitandoverhead)plus(b)incidentalandconsequentialdamages.Thecontractorhasageneraldutytomitigateloss.Ifthebreachmakesitpossibleforthecontractortoenterintoa“substitutetransaction,” damages are reduced either by a reasonableactual substitute transaction fee or by a reasonablehypotheticalsubstitutetransaction.

Examples: Comments to UCITA Section 808 indicatethat if the licenseeunderanon-exclusive license failstopay,thecontractormayrecoverthetotallicensefeedue. There is no reduction for a “substitutetransaction” on a non-exclusive license sincecontractor couldhavegrantedanynumberof similarlicenses. However, if the first license was exclusive,thentherecoveryshouldbereducedbyanyactualorhypothetical license fees from a substitute exclusivelicense that was made possible by breach andcancellation of the first license. These rules do notaffect separate recovery under IP law (e.g., if thelicenseecontinuestousetheproductbeyondthetermorpermittedscope).

2. CustomerDamages:UCITASection809,Va.Code59.1-508.9,generallyallowsalicenseetorecoverfromabreaching

48

licensor:(a)directdamagesuponbreachequalto:(i)recoveryof payments alreadymade for thedefectiveperformance; (ii)the FMV of the performance less the contract fee or (iii) thereasonablecostofsubstituteperformance(“cover”)ifobtainedwithout undue delay and for a substantially similar productwith the same scope of use terms, and (b) incidental andconsequentialdamages(includinglostprofits).Consequential damages may be limited by contract and aregenerally not recoverable under UCITA with respect to“published informational content” (e.g., online newspapers,interactivegames,stocktickerdatafeedsandthelike).Section807(b)(1);Va.Code59.1-508.7(b)(1).5

Note: licensee should try tomatch the terms for any“cover”transactiontotheoriginallicensegranted(i.e.,it’s best if licensee gets the same product with thesame license terms from another distributor at ahigher cost, if necessary, and then recover the pricedifferenceascostofcover).L. LimitationofLiabilities.

1. Limitation of Liability Clause. It is common insoftwaretransactionstolimitliabilitiesfordirectdamagestoarefundofthepricepaid(orperhapsto12months’subscriptionfees for online transactions) and to disclaim liability for 5 For a discussion of the somewhat obscure but important difference in damage calculations between Virginia’s UCITA and UCC Article 2 (Sale of Goods) see Delaney & Temeles, “Damages under the Virginia Uniform Computer Information Transactions Act: Blue Line v. Redmon Group,” J. of Va. Trial Lawyers Assoc., Vol. 21, No. 3, 2009 (analyzing a $1.14M jury damage award from Alexandria on a botched website development project).

49

indirect, incidentalandconsequentialdamages.Thecontactorwillwant to carveout exceptions for customer’sbreachof IPrelated clauses and licensee will want an exception forcontractor’sviolationofthenon-infringementwarranty(you’llneed to coordinate those issues with the Indemnity clause,discussedfurtherbelow):

Example: “NOTWITHSTANDING ANY PROVISION OF THISAGREEMENT TO THE CONTRARY, EXCEPT FOR LICENSEE'SVIOLATIONOFARTICLE __ (“PERMITTEDUSE”)OR SECTION___(“CONFIDENTIALITY”)[ORCONTRACTOR’SVIOLATIONOFSECTION__(“NON-INFRINGEMENTWARRANTY”)]HEREOF,INNO EVENT SHALL EITHER PARTY, NOR ANYONE ELSEWHOHAS BEEN INVOLVED IN THE CREATION, PRODUCTION ORDELIVERY OF THE SOFTWARE, INCLUDING CONTRACTOR’SLICENSORS, BE LIABLE FOR ANY INDIRECT, INCIDENTAL,SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES, ORDAMAGES FOR LOSS OF PROFITS, REVENUE, DATA OR USE,INCURRED BY EITHER PARTY OR ANY THIRD PARTY,WHETHER IN AN ACTION IN CONTRACT OR TORT, EVEN IFSUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OFSUCHDAMAGES.

CONTRACTOR’S LIABILITY FOR DAMAGES AND EXPENSESHEREUNDER OR RELATING HERETO (WHETHER IN ANACTION IN CONTRACT OR TORT) SHALL IN NO EVENTEXCEED THE AMOUNT OF LICENSE FEES PAID TOCONTRACTORWITHRESPECTTOTHISAGREEMENT,ANDIFSUCH DAMAGES RESULT FROM CUSTOMER’S USE OFPARTICULAR LICENSE FILES OR TECHNICAL SUPPORTSERVICES THEN SUCH LIABILITY SHALL BE LIMITED TOLICENSE FEES PAID TO CONTRACTOR FOR THE RELEVANTSOFTWARE OR SERVICES GIVING RISE TO THE LIABILITY.BECAUSESOMESTATESANDJURISDICTIONSDONOTALLOWTHE EXCLUSION OR LIMITATION OF LIABILITY, PORTIONSOFTHEABOVELIMITATIONMAYNOTAPPLYTOYOU.

50

THEPROVISIONSOFTHISAGREEMENTALLOCATETHERISKSBETWEEN CONTRACTOR AND CUSTOMER. CONTRACTOR’SPRICING REFLECTS THIS ALLOCATION OF RISK AND THELIMITATIONOFLIABILITYSPECIFIEDHEREIN.”

Watch the End Run on Liability: Agreements oftencontain a standard indemnity for negligent orwillfulacts causing bodily injury or property damage.Contractorswillwanttonarrowtheseclausestoavoidopening up liability for computer malpractice. Forexample, damage to “property” should be limited to“tangible property” to avoid implying liability fordamaged software or data. Also, try to make theindemnity subject to theoverall limitationof liabilityprovision or limit exposure to the amount of actualinsurancecoverage.

2. Compartmentalize Your Liability: Contractorssupplyingbothoff-the-shelfsoftwareandcustomdevelopmentor implementation services should consider using a separateSoftware License Agreement and a Software DevelopmentAgreement.Thishelpscompartmentalizeyourliability.Ifyourcontract limits liability to a refund of the price paid, then afailure by the development team only risks the developmentmoney, without jeopardizing the license fees received. Thecustomer, of course, will want to combine the provisions, orcross-reference the default and liability provisions to avoidsuchcompartmentalization.

M. Remedies. UCITA Section 801, Va. Code 59.1-

508.1,reflectsthegeneralrulethat“remediesarecumulative,butapartymaynotrecovermorethanonceforthesameloss.”Italsomakesclearthat“thepartiesbyagreementmayalteraremedyormakeitunavailable.Theagreementgovernsunless

51

expressly invalidated by this Act.” [Comment 2]. UCITA alsomakes clear that a remedy for contract breach, such asexceedingthescopeofuseunderalicense,doesnotdisplacearemedy for copyright infringement: “often the two forms ofrecovery refer to different damages and are not a doublerecovery.”[Comment4].1. LimitationofRemedies:UCITASection803,Va.Code59.1-508.3,generallyallowstheagreementtolimitoralterthemeasure of damages. The agreement may also limit otherremedies, such as by precluding a party’s right to cancel forbreach of contract, limiting remedies to returning copies andrefunding the price, or limiting remedies to repair orreplacementofnonconformingcopies.Resort toacontractualremedyisconsideredoptional,unlesstheremedyisexpresslyagreedtobeexclusive,inwhichcaseitisthesoleremedy.Thefollowing sample clause illustrates the classic “repair, replaceorrefund”astheexclusiveremedy:

Example: “If the Software does not perform as warranted,Contractor shall undertake to correct the Software, or ifcorrection of the Software is reasonably not possible, replacesuchSoftwarefreeofchargewithconformingsoftware.Ifneitherof the foregoing is commercially practicable, Contractor shallterminate this Agreement with respect to the non-conformingsoftware program and refund the monies paid by Customerattributable to such non-conforming software program. TheforegoingareCustomer’ssoleandexclusiveremediesforbreachofwarranty.”

2. Failureof EssentialPurpose: UCITA Section 803, Va.Code 59.1-508.3, also makes clear that “failure orunconscionability of an agreed exclusive or limited remedymakes a term disclaiming or limiting consequential or

52

incidental damages unenforceable unless the agreementexpressly makes the disclaimer or limitation independent ofthe agreed remedy.” Official comments to Section 803indicate that the remedy and liability provisions will bedeemed dependent unless the agreement expresslyindicatesotherwise.This is contrary to theruleunderUCCArticle2.

Interplay Between Remedy & Damage Limits:Comments to Section 803 place great emphasis onwhether a “repair or replacement” remedy is backedupbyarighttoarefund.Withoutarighttoarefund,acontractual disclaimer of consequential damageswillnotbeupheldunlessitisdraftedtobeindependentoftheremedyprovision.Soitisgoodpractice,ifpossible,to add a “refund” right to your exclusive “repair orreplace” remedy (remember that refund rights arealso central to the enforceability of shrink-wraplicenses).Note: refunds may be restricted to moneypaid for adefectiveproduct alone,without refundingmoney paid for other services or products thatwerenotdefective.

3. No Rewriting of Agreements: Commentary to UCITAalsostates:“Remedytermsareagreedallocationsofrisks,”andthat “if a remedy is provided and ismade exclusive, the factthat itdoesnot fully compensate theaggrievedparty isnotareason to allow that party to avoid the consequences of itsagreement.”

Example: A contract limits recovery for softwaredefects used in a satellite system to the price of thesoftware ($100,000). A defect in the software causes

53

the satellite to fall out of orbit, destroying the $1million satellite. The damage limit is valid. Thedecision to limit damages to $100,000 affects pricingandriskandcannotbesetasidejustbecausethelossfellmostlyononeparty.[Comment6toUCITASection803].

4. Carve-OutsforCertainLiabilities:Iftheconsequentialdamagelimitholdsup,itwillapplytoallsuchlossincurredbythe aggrieved party under the agreement, unless theagreement states otherwise. For this reason, a consequentialdamagelimitoftencarvesoutanexceptionforclaimsrelatingto IP infringement, breach of confidentiality or exceeding thelicensescope.Section803alsostatesthatexclusionofliabilityof consequential damages for personal injury is presumedunconscionable,whileexclusionofconsequentialdamages forcommerciallossisnot.Va.Code59.1-508.3(d).5. The Right To Cure. The contractor generally has aright to cure a breach if it does so before any deadline forperformancepasses. Itmayalsocure if it reasonablybelievestheperformancewouldbeacceptable(withorwithoutapriceadjustment)anditnotifiesthecustomerandproceedstocurewithin a reasonable time after performance was due.Contractormayalsocureifitnotifiescustomerofitsintentionsandactuallycuresbeforecustomercancelsthecontract[UCITASection703;Va.Code59.1-507.3].

54

TheRisk/ReturnTradeoff

55

N. Indemnities

1. CommonTypesofIndemnities.

(a) Non-Infringement Indemnity. Thisindemnity allocates the risk of a third partyinfringement claim brought against either party as aresultoflicensee’suseofthesoftware.Belowisafairlytypical long-form indemnity clause (the phrase“Intellectual Property Rights” is a defined term thatusually refers to [United States] copyright and tradesecrets):

Indemnity by Licensor. Licensor will defend, indemnify andhold Licensee harmless from and against any loss, cost andexpense thatLicensee incursbecauseofa thirdpartyclaimthatthe Subscription Software infringes any United States patent orother Intellectual Property Rights of others. Licensor’sobligationsunderthis indemnificationareexpresslyconditionedon the following: (i) Licenseemust promptly notify Licensor ofanysuchclaim;(ii)Licenseemust inwritinggrantLicensorsolecontrolofthedefenseofanysuchclaimandofallnegotiationsforitssettlementorcompromise(ifLicenseechoosestorepresentitsown interests inanysuchaction,Licenseemaydosoat itsownexpense, but such representationmust not prejudice Licensor’sright to control the defense of the claim and negotiate itssettlement or compromise); (iii) Licensee must cooperate withLicensor to facilitate the settlement or defense of the claim.Licensorwill not have any liability hereunder to the extent theclaim arises from (a) any modification of the SubscriptionSoftware; or (b) the use or combination of the SubscriptionSoftware with any computer, computer platform, operatingsystem and/or data base management system other thanprovidedbyLicensor.Inaddition,ifanySubscriptionSoftwareis,or in Licensor’s opinion is likely to become, the subject of an

56

infringementclaim,thenLicensor,atitssoleoptionandexpense,willeither:(A)obtainforLicenseetherighttocontinueusingtheSubscription Software under the terms of this Agreement; (B)replace the Subscription Software with products that aresubstantially equivalent in function, or modify the SubscriptionSoftware so that it becomes non-infringing and substantiallyequivalent in function; or (C) refund to Licensee the un-usedportionof the Subscription Services fee, if any, paid to Licensorfor the Subscription Software giving rise to the infringementclaim, and discontinue Licensee’s use of such SubscriptionSoftware.THISSECTIONSETSFORTHLICENSOR’SEXCLUSIVEOBLIGATION AND LIABILITY WITH RESPECT TOINFRINGEMENTOFINTELLECTUALPROPERTYRIGHTS.

(b) Bodily Injury, Death and TangiblePropertyDamage.Bothpartieswillprobablywant theotherparty to indemnify and hold them harmless from any bodilyinjury, death or property damage proximately caused by theother party. These are damages that are typically covered byinsurance,butthiscontractualclausedoesnotusuallycontainany deductibles or coverage limits of the type seen ininsurancepolicies.Asnotedearlier,“propertydamage”isoftenlimited to “tangible property” to avoid claims for loss ofintangibledata(whichispersonalproperty).Thedatabackupprocedures are usually relied upon as the best protectionagainst data loss, which most software vendors typicallydisclaim. (c) Data Breach, Confidentiality. If thevendor fails to follow good data and software securitypracticesandcustomerdataislosttoadatabreachorawillfulbreachoftheconfidentialityprotections,theseclaimsareoftensubjecttoanindemnity.

57

Encryption Tip: The risk of data breach and loss ofconfidential information (particularlyPII, or “personallyidentifiableinformation”)canbereducedthroughtheuseof encryption. It’s best to encrypt data duringtransmission (in transit)andat rest (instorage).And, ifyou are the customer using a cloud computing vendor,try to manage the encryption keys yourself. Cloudcomputingvendorsprefernothavingaccesstocustomerdata, and key management is usually available as anoption under their security plan. Using encryption andtight key management practices can greatly reduce thelikelihood of a data breach by narrowing the scope ofthosewhohavepracticalaccesstosuchinformation.InsuranceTip: Thirdparty claims fordatabreachandprivacy violations are regularly excluded from coverageby General Liability, E&O and Directors & OfficersLiabilityPolicies.Thecostofadatabreach investigationcanbelarge.Inonerecentinvestigation,outsidesecurityforensicexpertscharged$150,000forabout3-4weeksofemergency consulting services (at $400 per hour). Tocover this risk, be sure there is an “Internet Liability”policy in place ($1M seems typical). This covers cyber-liability(thirdpartyclaimsthatarisefromdoingbusinessdigitally) and privacy liability (claims for data breachdisclosingpersonally identifiable information(PII).Yourcontractwithavendorshouldrequirenamingyourclientas an additional insured and include a waiver ofsubrogation (to be reflected on the Certificate ofInsurance(COI)givenyou).Waiverofsubrogationmeansthe insurance company can’t come after you if thecoveredlosswasyourfault.Thiswaivermustoccurpriortotheactualloss,soit’sapre-contractchecklistitemyou

58

need to complete. Note: I’ve actually seen a fake COIprovidedbyavendorononeoccasion,soyoumightcalltheinsurancebrokerandverifytheexistenceofcoverageif the certificate did not originate directly from thebroker.

(d) General Indemnity. Some modelagreementswillattempttoimposeageneralindemnityonthevendor for “any breach of this Agreement.” Those generalindemnities should be vigorously resisted by counsel for thevendor.Thebestargumentissimplythatthepricereflectsthelimited liabilityandallocationof risk in themodeldocument.Resistance to this type of clause is particularly important ifthere is an exception to the limitation of liability clause forindemnifiedclaims(seebelow).2. Coordination of Indemnities with Limitation ofLiabilities. The parties will want to negotiate overcoordinationof thevarious indemnitieswith the limitationofliability clause. When a customer is represented, the lawyerwill want to negotiate an exception from the vendor’slimitationof liabilityclause for these typesofclaims(“ExceptforindemnifiedclaimsdescribedinSection__,theLicensorisnotliablefordirectdamagesexceedingthepricepaid,norforany indirect, incidental, special or consequentialdamages….[etc.]”

O. Assignments&TransfersofContracts.1. “NoAssignment”Clauses.UCITASection503,Va.Code59.1-505.3,providesthatarestrictionontransferringaparty’scontractualinterestisgenerallyenforceable.Inamass-markettransaction,thetransferrestrictionmustbeconspicuous.Note:

59

“mass-market” means retail level (i.e., primarily consumer)licenses of off-the-shelf products. This means you shouldupdateallyourstandardlicensestomakeany“noassignment”clausesCONSPICUOUS.2. Absent anAgreement. In the absence of a provisionrestricting assignment, a party may generally transfer itscontractualinterestunlessthetransfer:

(a)is prohibited by other law (e.g., this could be a bigexception since courts have held that IP law prohibitstransferring a non-exclusive copyright or patent license;see also 17 U.S.C. Section 107, prohibiting unauthorizedsoftwarerentals);(b)wouldmateriallyimpairtheotherparty’sinterests,by:

• changingtheotherparty’sduty(e.g.,assigningacompany-wide support and maintenanceagreementfroma20mancompanytoAT&T);

• increasing the burden or risk imposed on theotherparty(e.g.,assigningasourcecodelicensetoacompanylocatedinIraq);

• impairing the other party’s property (e.g.,assigninganenterprise-wide licensegrantedtoa20mancompanytoAT&T);

• impairingtheotherparty’slikelihoodofgettingreturnperformance(e.g.,assigningacontracttoa company that isn’t likely to pay the licensefees).

P. Electronic Regulation of Access, Use and

Repossession.

60

1. OnlineAccess Contracts: Uponmaterial breach of anaccess contract, or if the agreement soprovides, a partymaydiscontinue all contractual rights of access of the party inbreach[UCITASection814;Va.Code59.1-508.14].An“accesscontractmeansacontracttoobtainbyelectronicmeansaccessto, or information from, an information processing system ofanother person….” UCITA Section 102(a)(1); Va. Code 59.1-501.2.Therighttocutoffaccessdoesnotallowthelicensortoretake prior transfers of software or information alreadydelivered to the user, but merely to stop future access andperformance[Id.,Comment3].2. ElectronicUsageRestrictions.UCITASection605,Va.Code 59.1-506.5, governs automatic passive restraints onsoftware usage (sometimes known as software keys andhardwaredongles).UCITA takes a tolerant viewof automaticpassiverestraintsandallowsthemifthe:

• Agreementauthorizesit,or• Restraint prevents use which is inconsistent with the

agreement,or• Restraint prevents use after expiration of the stated

durationoftheagreement,or• Restraint prevents use after a stated number of times

specifiedintheagreementor• Restraint is not a time-out or usage counter, but

otherwise prevents use after contract termination andlicensor gives reasonable advance warning beforeactivation (thisappears tobeacatch-allprovisionandistheonlyonethatrequiresadvancenotice).

61

Don’t Block Access to User Data: Automaticrestraints may not be used if they affirmativelyprevent the licensee from accessing its owninformation through its own means (other than bycontinueduseofthelicensedprogram).Note:Virginia’sversion of UCITA deletes the preceding italicizedwording. Va. Code Section 59.1-506.5 (as amended2/19/01).

Passivev.Active.UCITASection605,Va.CodeSection59.1-506.5, authorizes passive restraints to enforcecontracttermsintheabsenceofabreach.Ananaloginthephysicalworldwouldbeatimingdevicethatlimitsa Laundromat dryer to 30 minutes use if only a 30minutedurationwaspurchased[Offic.Comment2].Example: if licenseepurchasesa30 concurrentuser license, a passive restraint that preventsusage beyond the 30 user limit is permitted.However,arestrainttriggeredwhenthelicenseetriestoadda31stuserthataffirmativelydeletestheentireauthorizedcopyandpreventsanyuse(including the original 30 users) is consideredoverreaching and is not a permissible “passive”restraint.Example: at the end of a one-year license, apassive restraint may cause the program tobecome inoperableandmayerase theprogram.No prior notice is required for such automatictermination, because the license expiredaccordingtoitsownterms(therewasnobreachinvolvedandthelicenseauthorizinganyfurther

62

use expired).Remembernot to erase theuser’sdatafiles.

Upgrade Replacements: When a vendor distributesnewversionsof an existingproduct, it is permissiblefor the new version to disable the old version as anincident to upgrading the user, if the agreement soprovidesforsuchreplacements.Va.CodeSection59.1-506.5(e).

Example: The following license provisions identify theexistenceoftheLicenseFilecontainingusagelimitingcodeandthencontractuallylinksthescopeofthelicensetotheLicenseFileandtheLicenseFeepaid:

“LicenseFile. LicenseFilemeansa componentof theSoftwarethatenablesoneormoreothercomponentsoftheSoftwareandmayalsospecifythe locationoftheDesignatedWorkstationandtheLicensee.TheLicenseFilealsospecifiescertainlimitationsonthe use of the enabled components of the Software and thepurposesfor,andextentto,whichtheenabledcomponentsoftheSoftwaremaybeused.CertaincomponentsoftheSoftwaremaybe licensed hereunder without a License File. For referencepurposes,thecomponentsoftheSoftwareenabledbyaparticularLicense File correlate to Licensor part numbers as may bereflectedontheLicenseFileorononeormoreOrderForms.

Grant of License and Limitations. In consideration of theLicenseFeeand subject to the terms, conditionsand limitationsset forth in this Agreement and the limitations set forth in theLicense File and anyOrder Form, Licensor grants to Licensee anonexclusivelicensetouseasingleinstanceofthecomponentsoftheSoftwarespecifiedintheLicenseFileand/ortheOrderFormfor which the License Fee has been paid solely for Licensee’sbusiness operations on a single Designated Workstation at thelocation specified in the License File or Order Form. TheSoftwareislicensedtoLicensee,notsold.”

63

Note: theuseofpassiverestraintsdoesnotauthorizetheuseof restraints to enforce remedies in theeventofnonpaymentorotherbreachofacontract.Passiverestraintsmaybeusedtopreventusebeyondexpirationornon-renewalofalicense,butmay not be used to terminate usage of a license that iscancelled for breach, but has not otherwise naturally expiredaccording to its terms,absent thebreach (seeElectronicSelf-Helpbelow).3. Self-HelpRepossessiononCancellationforBreach.

(a) Physical Repossession. Unless software orlicensed information has been commingled with otherinformation, a licensor generally has a right tophysical self-help under Section 815(b), Va. Code 59.1-508.15(b), wherelicensed software or content can be physically recoveredwithoutbreachofthepeaceordamagetoproperty.

Observation: This appears calculated to permitrepossession of computer hardware with licensedsoftware installed; stated conversely, a vendor is notprecluded from physically repossessing hardwaremerelybecauseitalsocontainsthevendor’ssoftware.(b) Electronic Repossession. The rules for

electronic self-help aremuch less accommodating to vendorsthanphysicalrepossession.Absentanagreement,theuseofelectronicself-helpuponbreachofcontractisprohibited.

• Mass Market Licenses: Electronic self-help iscompletely prohibited in mass-market transactionsregardless of what the agreement provides. Mass-markettransactionsinclude:(a)consumertransactions,

64

and (b) end-user retail licenses (other than sitelicenses) of commercial off-the-shelf software orcontent publicly available on substantially similarterms, butexcluding access contracts (e.g.,web sites),andcontractstodistributeorpubliclyperform/displaycopyrightedworks.

• Contractual Requirements: Even when permitted by

agreement,itsuseinabreachofcontractsituation(e.g.,to “pull the plug” when the licensee doesn’t pay forcustomsoftware) isseverelyregulatedbySection816;Va. Code 59.1-508.16. The licensee must “manifestassent” separately to a contract provision authorizingelectronic self-help (see Section 816 for completedetails). It is not enough to manifest assent to thecontractasawholecontainingsuchaprovision.Beforeresorting toelectronic self-help, the licensormustgive15 days advance notice to the licensee’s designatedrepresentative in detail (Note: Virginia’s UCITArequires 45 days, so check local law for possiblevariations on notice requirements; see Va. CodeSection 59.1-508.16). Failure to comply with thenotice requirements, among other exceptions, canexpose the vendor to liability for consequentialdamages.Id.atsubsection(e).BottomLine: It’s a very risky to “pull theplug”onanoperational systemunless you carefully consider all oftherulesunderVa.Code59.1-508.16.Itisbettertouseanannualorotherperiodic license termwithperiodicsoftwarekeysthatmustbeissuedtocontinueusingthesoftware(uponpriorpayment).

65

• Public Policy Limitations: the licensor may still notresorttoelectronicself-helpif ithasreasontoknowitwill result in substantial injury or harm to the publichealth or safety or harm to the public interestsubstantiallyaffectingthirdpersonsnotinvolvedinthedispute.Thelitanyofexceptionsispotentiallysobroadthat it substantially restricts circumstances whereelectronicself-helpmaybeused.

• Invoking Public Policy Protections: If a licensee

receiving notice of an intention to exercise electronicself-helprepliesingoodfaithwithitsownnoticetothelicensor that anyof thedamagesdescribedabovemayoccur,orifthelicensorotherwisehasreasontoknowofsuchpotentialdamages,thenthelicensorwillbeliablefor any consequential damages caused by its use ofself-help. This is so even if the agreement excludesliabilityforconsequentialdamages.

• It is thereforealmostneveradvisable touseelectronic

self-help in a breach of contract situation, especially ifthelicenseecanmakeacolorableclaimthatitwillharminnocent third parties. The Courts will look to seewhether you acted reasonably and in a balancedmanner…

66

AllThingsinModeration

67

Q. “Entire Agreement” Clause. This clause

specifies what documents and communications form part ofthe Agreement. Product descriptions (by version number),pricing schedules and Statements of Work (SOW) fordevelopmentprojectsareoften included.Proposaldocumentsareoftenexcludedonthetheorythatthemorespecificexhibitscoverthoseissues.BoilerplatecontainedinstandardPurchaseOrders and the like are also typically excluded. If a contractincorporatesbyreferenceexternaldocumentsviaanhttp:link,but sure you read the document and determinewhether thevendor should have the ability tomodify the document (e.g.,online acceptable use policy or perhaps a privacy policy)withoutthecustomer’sexpressagreement.

Example: “Entire Agreement. This Agreement (together withany information from the Order Forms and License Filesnecessary to identify the Software that is the subject of thisAgreement or further specific restrictions applicable to suchSoftware) constitutes the complete and exclusive agreementbetween the parties and supersedes all prior orcontemporaneousagreementsorrepresentations,writtenororal,concerningthesubjectmatterofthisAgreement.ThisAgreementmaynotbemodifiedoramendedexceptinawritingsignedbyaduly authorized representative of each party. No other act,document,usageorcustomshallbedeemedtoamendormodifythis Agreement. It is expressly agreed that the terms of thisAgreement and any Order Form issued by Licensor shallsupersede the terms inanyPurchaseOrderorotherpurchasingdocumentsubmittedbyLicensee;andthetermsofanyLicenseePurchase Order or other purchasing document are expresslyrejected.CertaincomponentsoftheSoftwaremayalsobesubjectto a paper or electronic license agreement delivered by or onbehalfofLicensorconcurrentlyherewith,thetermsofwhichshallbesupplementalheretototheextentnotinconsistentherewith.Ifa copy of this Agreement in a language other than English is

68

includedwith the Software orDocumentation, it is included forconvenienceandtheEnglishlanguageversionofthisAgreementshallcontrol.”

“This Agreement incorporates by reference the Privacy Policycontainedatthefollowinglink:(httplinkhere).TheLicensormayfrom time to time revise the Privacy Policy and Licensee’scontinueduseoftheSoftwareafterLicensorpostswrittennoticeof the revised Privacy Policy shall constitute Licensee’sacceptanceofthoseterms.”

III. IMPORTANT ISSUES FOR INTERNATIONAL

TRANSACTIONS

A. IP Protection. In some markets it can beextremely difficult, if not impossible, to monitor themanufacturing and distribution of your product when thirdparty distributors are involved. In those cases, considerdistributing only executable files manufactured by you andwhichareprotectedbylicensekeysand/ordongles.

B. Governing Law & Forum Clauses. On theWorld Wide Web and in software transactions involvingmultiple states or countries, the choice of law and forumprovisions may become the most important clause in thecontract.Thisisbecauseafavorablelaw/forummayinhibitthebringingoflegalactioninthefirstinstance.1. Governing Law. UCITA Section 109, Va. Code 59.1-501.9, allows the parties in their agreement to specifyapplicable law, even if it is in a neutral forum that has norelationship to the transaction. In cyberspace transactionswherephysicallocationsareoftenirrelevantornotknowable,“[p]arties may appropriately wish to select a neutral forum

69

because neither is familiar with the law of the other’sjurisdiction.Insuchacase,thechosenState’slawmayhavenorelationshipatalltothetransaction.”[OfficialComment2(a)].Theagreement tospecifyapplicable law is limitedbygeneralconceptsofunconscionability.Id.

UndertheModelUCITA,iftheagreementdoesnotspecifyapplicable law, then: (a) in B2B and B2Cweb-site or similarelectronic access environments, UCITA assumes thetransaction is governedby the licensor’shome state law (i.e.,itsprimaryplaceofbusiness, rather thanwhere theserver islocated), while (b) in transactions involving distribution oftangiblesoftwareproductsinB2Ccontext,thelicensee’shomelaw is deemed to apply, and (c) in all other cases (e.g.,distributionoftangiblesoftwareproductsinB2Bmarket),thelaw of the jurisdiction having the “most significantrelationship” will apply. Under Virginia’s UCITA, “In theabsence of an enforceable agreement on choice of law, thecontract is governed by the law of Virginia.” Va. Code 59.1-501.9(b).

Observation: This preserves the traditional rulegoverningconsumermailorderbusinesses,butspares“pure play” web-sites and online access providers(business or consumer) from having to comply withthe law of every conceivable jurisdiction fromwhichtheirsitescouldbeaccessed[Comment3].Anti-UCITA Legislation Overriding Choice of Law:At least four states (Iowa, N.C., W.Va. and VT) havepassed legislation that overrides a choice of lawprovision that would select UCITA (Maryland orVirginia law). These statutes require that the

70

agreementbe interpretedpursuanttotheirownlawsif theparty againstwhomenforcement is sought is aresident of, or has its principal place of business in,oneofthosefourstates.

2. GoverningForum. UCITASection110,Va.Code59.1-501.10, allows the parties’ agreement to specify an exclusiveforum for resolving disputes, but this selection must bespecifiedintheagreementasexclusiveandtheselectedforummust not be unreasonable or unjust. Under Va. Code 59.1-501.10(b), an exclusive forum selection clause in a mass-markettransactionmustalsobeconspicuous.

OfficialComments: “Choiceof forumagreements aregenerally enforceable…Agreed choices of forum areimportantinelectroniccommerce.Courtdecisionsonjurisdiction in the Internet demonstrate theuncertaintyaboutwhenmerelydoingbusinessontheInternet exposes a party to jurisdiction in all Statesand all countries.” Comment 2-3, citing, CarnivalCruise Lines, Inc. v. Shute, 111 S.Ct. 1522(1991)(upholding choice of forum clause in CruiseShip ticket form). Choice of a forum at a party’slocationisordinarilyreasonable[Comment3].

Examples:

Governing Law. This Agreement shall be interpreted andenforced in accordance with the laws of the Commonwealth ofVirginia,USA,withoutregardtochoiceoflawprinciples.

Governing Forum. The parties irrevocably agree that: (a) anyaction arising out of or concerning the subject matter of thisAgreement shall be initiated and maintained in a court of

71

competent jurisdiction located in Fairfax County, Virginia, USA(the “Forum”) and (b) each party irrevocably consents toexclusive personal jurisdiction in such Forum and waives anydefensebasedonlackofpersonaljurisdiction,orimproperforumorvenue.

StickingPoint?Ifnegotiationsgetboggeddownoverthe choice of forum, consider a reciprocal provisionthat requires the party filing a claim to do so in therespondent’s home jurisdiction. Choice of law issuesmaysometimesberesolvedbyhavingU.S.lawgovernIPrightsandcontractualissues,whilehavingtheotherparty’s local law govern labor and employment lawissues,ifthatisthelocationforon-sitework.

3. Arbitration Provisions. You may want to consideraddinganarbitrationprovision for resolvinganydisputes, oratleastthosedisputesnotrequiringinjunctiverelief:

Jurisdiction and Arbitration. The parties irrevocably agreethat,exceptforcertaininjunctivereliefauthorizedunderSection___,alldisputes,claimsorcontroversiesarisingoutoforrelatingtothisAgreementthatarenotresolvedbytheparties’goodfaithattempt tonegotiatearesolutionshallbesubmittedto finalandbinding arbitration before JAMS/Endispute, or its successor, inFairfax County, Virginia, USA, pursuant to the United StatesArbitration Act, 9 U.S.C. Sec. 1 et seq. The arbitration will beconductedinaccordancewiththeprovisionsofJAMS/Endispute’sStreamlined Arbitration Rules and Procedures in effect at thetime of filing of the demand for arbitration. The parties willcooperate with JAMS/Endispute and each other in selecting asingle arbitrator who shall be a former judge or justice withsubstantial experiences in resolving business disputes withparticular experience in resolving disputes involving computersoftware. The costs of arbitrationwill be shared equally by theparties. The provisions of this Section may be enforced by anycourt of competent jurisdiction. The arbitrator shall not be

72

empoweredtoawarddamagesinexcessof,orinconsistentwith,theliabilitylimitationscontainedinthisAgreement;however,theprevailingpartyshallbeentitledtoanawardofallcosts,feesandexpenses,includingexpertwitnessfeesandattorney’sfees,tobepaidbythepartyagainstwhomenforcementisordered.

4. Export Restrictions. United States law regulates thetransfer of technology to certain countries and persons. Thefollowingclausecanhelpyoucomplywiththelaw:

“Export Restrictions. Licensee agrees to comply fully with allrelevant export laws and regulations of the United States (the“ExportLaws”)toassurethatneithertheSoftwarenoranydirectproduct thereof are (I) exported, directly or indirectly, inviolationofExportLaws;or (ii)are intended tobeused foranypurposes prohibited by the Export Laws. Without limiting theforegoingLicenseewillnotexportorre-exporttheSoftware: (i)toanycountrytowhichtheU.S.hasembargoedorrestrictedtheexportofgoodsorservices,whichcurrently include,butarenotlimitedtoCuba,Iran,Iraq,Libya,NorthKorea,SudanandSyria,orto any national of any such country, wherever located, whointends to transmit or transport the Software back to suchcountry;(ii)toanyenduserwhoLicenseeknowsorhasreasontoknow will utilize the Software in the design, development orproductionofnuclear,chemicalorbiologicalweapons;or(iii)toanyend-userwhohasbeenprohibitedfromparticipating inU.S.export transactions by any federal agency of the U.S.government.”

5. ForeignCorruptPracticesAct. U.S. lawprohibitsthedirect or indirect payment of money or anything of value toforeignofficials,politicalpartiesorcandidatesforofficeforthepurposeofinfluencinganyofficialactorinducinganomissioninviolationof theofficial’s lawfulduty,whenmade toobtain,retainordirectbusinesstoanyperson.Internationallicensingagreements typically include a warranty and indemnityprovisionregardingeachparty’scompliancewiththeFCPA.

73

“Thebeatingswillstopwhenmoraleimproves.”

74

PARTTWO:SOFTWARESUPPORTAGREEMENTSOngoing support services are central to a software vendor'sabilitytodelivertotalcustomersolutions.Withoutsupport,thevendor limits itself to marketing products on a hit-and-runbasis.Byprovidingeffectivesupport,thevendorcanbecomeavaluedlong-termstrategicpartnertohelpthecustomerrunitsbusiness"better, faster,cheaper"andmoreprofitably.Marketresearchshowsthatcustomersoverwhelminglywantvendorstohelpsolveproblems,notpushproducts.AstheMillenniumBugillustrated,somesoftwareapplicationswritteninthe1970sarestillbeingusedtoday.Afteronlyfiveyears, a typical corporate user will spend more on softwaresupportthanontheoriginallicensefee.6Because theuseful life of softwaremay continue for years oreven decades, it is important for customers to addresssoftware support issues at the inception of the licensingrelationship.Thisisespeciallytrueforusersofmission-criticalenterpriselevelapplications.Failure to address software support issues in advance in awrittencontractcanleadtosomecostly“lessonslearned”foracustomer, both from the technical performance perspectiveand from a budgetary standpoint. These issues can quicklybecomepoliticaland“legal”innature.

6 The cost of support for enterprise class software is about 15-20 percent of the original one-time license fee, per year. This does not include consulting fees to implement the software or to port customizations to new releases of base software released under a support policy.

75

TheBoardofEducation

76

A. SoftwareSupportAgreementsUnderUCITA.The Uniform Computer Information Transactions Act("UCITA")hasbeenenactedinVirginia(effectiveJuly1,2001,asamended)andMaryland(effectiveOctober1,2000).Itwasintroduced,butnotpassed,inArizona,theDistrictofColumbia,Illinois,Maine,NewHampshire,NewJersey,OregonandTexas.UCITA Section 612 (Va. Code 59.1-506.12) deals with"Correction and Support Contracts," commonly known assoftwaresupportandmaintenanceagreements.Theseadd-onagreements should be distinguished from remedial workneeded to correct a breach of warranty on the originalsoftware deliverable, and software repairs under a limitedremedyto"repairorreplace"defects.UCITA also distinguishes between maintenance contracts toprovidebugfixesforexistingsoftwarealreadydelivered,andacontract to provide updates and new versions to software inthefuture.Theprogressionofthesethemesmaybedepictedasfollows:ConsideredWarrantyWork:

• Correctivework to cure a breach on original softwaredelivery;

• Repair and replacementwork under a limited remedy

onoriginalsoftware;

77

ConsideredSupportWork:

• Add-on contract to provide bug fixes to originaldeliveredsoftware;

• Add-on contract to provide updates or new versions

addingnewfunctionality.No Implied Contractual Right to Improvements: UCITASection307(Va.Code59.1-503.7)makesclearthat,unlessthelicensingcontractspecifiesotherwise:"[a]partyisnotentitledto any rights in new versions of, or improvements ormodifications to, informationmade by the other party." Thismeansthattherighttoreceiveaspecificupgrade(e.g.,Version4.0) and the right to receive unspecified future upgrades"when and if available" must be explicitly included in thecontract,sinceUCITAwillnotimplytheserights.Observation: Unless the contract provides otherwise, amaintenance agreement to provide bug fixes to the originaldeliverable:

• Does not imply a right to receive updates and newversionsaddingfunctionality;

• Does not imply anything more than a "reasonable"responsetime,and

• Doesnotimplythattheremedialeffortswillnecessarily"correct performance problems" [UCITA Section 612;Va.Code59.1-506.12].

No ImpliedRight toAlphaorBetaVersions: A contractualright to receive updates means updates the vendor makes"generally available" to users (i.e., a "GA Release") [UCITA

78

Section 307; Va. Code 59.1-503.7]. This means a licenseeentitled to receive updates or new versions under a supportplan is not automatically entitled to participate in limitedrelease alpha or beta versions of the software. Licensorsshouldmakethisexplicittobesafe:Example: "'Support' means . . . generally availableReleases and related Documentation for the Softwarelicensed to Customer if and when such items aregenerally released. Support does not include pre-production releases of Software, such as alpha or betareleases."

Beta Versions Do Not Create Express Warranties. UCITASection 402 ("Express Warranties") indicates that anydescription,sample,modelordemonstrationofafinalproduct,which ismade part of the basis of the bargain can create anexpresswarranty. Va. Code 59.1-504.2.However, the authorsofUCITArecognizethatbetaversionsdonotcreatewarrantiesbecause theyareordinarilyunderstoodnot tobeproducts in"final"form[Section402,Comment5].No Implied Right to Training: Finally, there is no impliedrighttoreceivetrainingorinstructionalsupportservicesfromthevendor[UCITASection612(b);Va.Code59.1-506.12(b)].For these reasons, it is important for customers subject toUCITA(andprobably those inother jurisdictions thatmaybelooking toUCITA for guidance) to spell out fairlyprecisely intheagreementthetypeofsupporttheyexpect.Specifically,thepartiesshouldindicateinthecontractwhetherthereisarighttoreceive:

79

• Bug fixes to the originally delivered software (4.x to4.y)

• Specificfunctionalupgradestobereleasedinthefuture(x.0toy.0)

• Future unspecified upgrades "if and when available"(basicsupport)

• Alpha or Beta test versions (so-called LimitedAvailabilityreleases)

• TrainingorinstructionalsupportservicesWatch Post-Signing Reassurances. Licensors need to becareful about giving customers post-contract reassurancesconcerningupdatesandsupportservices thatmaybeatoddswith the agreement and their pricing model. UCITAcommentarystates:"Iflanguageisusedaftertheclosingofthedeal (as when the licensee on taking delivery asks for andreceivesanadditionalassurance),theassurancemaybecomeamodification of the contract. An agreedmodification requiresno consideration to be binding." [UCITA Section 303(a);Section402,Comment2;Va.Code59.1-503.3].CodeChangesCanZapWarranties.Ifthelicenseemodifiesasoftwareprogram, thiswill invalidateall expressand impliedperformance-basedwarrantiesregardingthemodifiedversion.Amodificationoccurs if the licenseeaddscode,modifiescodeor deletes code from the program. A modification does notoccur if the licenseesimplyusesexistingprogram features toconfiguresoftwareormakenormaluseaToolkit toassembleprograms from pre-existing components. No invalidationoccursifthepartiesareengagedinjointdevelopmentandoneparty modifies the other's program as part of its authorizedscope of work [UCITA Section 407; Comments 1-2; Va. Code59.1-504.7].

80

B. UnderstandingDifferentTypesofSoftwareSupportTransactions.Understanding the issues raised by software supportagreements requires one first to determine whether thetransactioninvolves:

• Commercialoff-the-shelfsoftware;• Coresoftwarethatrequirescustomizationbeforeitcan

beusedbyalicensee,or• Customsoftwaredevelopedfromscratch.

It also helps to understand whether support for custom orcustomizedprogramsisbeingprovidedbytheoriginallicensororbyanindependentconsultant. 1. Packaged Off-the-Shelf Software. Directlicensing of off-the-shelf software products by the licensor toan end-user licensee is the simplest business model forsupport.Forthesepurposes,"off-the-shelf"meanstheproductismarketedasastockitemandcanbeinstalledandusedwithlittleornocustomization.SeeSOP97-2'sdefinition.For these transactions, licensors will generally want to"commoditize" their licensing and support practices, whileshifting out-of-scope requests into its consulting practice.Standardizationreduces transactioncostsandproducesmorepredictabledemandsonacustomersupportgroup.Thismakesthelicensor'sbusinessmodelmorescalableandprofitable.A licensor achieves this through the use of standardizedagreements.The timeandexpenseofnegotiating agreements

81

canbe furtherminimizedbyusing click-wrapor shrink-wraplicensing mechanisms. Likewise, the licensor may use onlineregistrationforsupportasawayto"commoditize"itssupportofferings and minimize negotiation of terms. With morecustomer support implemented through self-help web sites7and electronic communications, the licensor is better able toservecustomersatallhourswhileregulatingdemandsonlivesupportresources.Support for off-the-shelf software is usually priced as apercentageoftheoriginalupfrontlicensefeeforthesoftware.Anannualsupportfeeof15-20percentofthethencurrent"listprice" for the software is not uncommon. The licensee maywanttoincludeapriceprotectionclause:PriceProtectionClause:"Foraperiodofthree(3)yearsfrom theEffectiveDate, the increaseof the SupportFeefor current Software programs for each subsequentSupport Term shall not be more than five (5) percentplus the Consumer Price Index reported for theimmediatelyprecedingSupportTerm."

Some channel reseller agreements allocate responsibility forfirst line customer support (a.k.a., "first point of contact" or 7 Product support web sites are likely to involve an online "access contract" or "a contract to obtain by electronic means access to, or information from, an information processing system of another person...." [UCITA Section 102(a)(1); Va. Code 59.1-501.2(a)(1)]. Upon material breach of an online access contract, or if the agreement so provides, a party may discontinue all contractual rights of access of the party in breach [UCITA Section 814; Va. Code 59.1-508.14]. The right to cut off access does not allow the licensor to retake prior transfers of software or information already delivered to the user, but merely to stop future access and performance [Id., Comment 3].

82

"FPOC") to the reseller or to a third party customer serviceorganization. FPOC typically involves fielding and answeringsimplesupportquestionsandforwardingunresolvedissuestosecond line technical personnel. This removes the licensor'stechnical support people from the front lines of customerrelations and allows them to focus more on technical levelproblemresolution.The agreement should distinguish between responsibility forfirstlinesupportandhigherlevelsofsupport,especiallywhenthirdpartysoftwareisbeingdistributedinobjectcodeform:Example:"IfABCservesastheinitialpointofcontactonSupport services with respect to Third Party Software,then ABC will perform such services in a reasonablemanner but without warranting the outcome, it beingacknowledged that ABC may not have control over theresolutionofissuesforThirdPartySoftware."

2. PackagedCoreSoftwarewithCustomizations.Quite often, large enterprise level software programs requireextensivecustomizationandimplementationservicesbeforealicenseecanobtainbeneficialuse.Forsomecomplexsoftware,customization and implementation services may cost 10-15times more than the underlying license fee for the coresoftware.(a) Core Software or Customized Software? Whensoftwareiscustomizedforaspecificlicensee,itisimportanttodistinguishbetweensupport for theunmodifiedbaseproductand support for customizations created specifically for that

83

licensee.Quiteoften,whenupdatesornewversionsofthebaseproduct are released, theyarenotbackward compatiblewiththecustomizations.Example: "The Support Fee does not include servicesrequested as a result of, or with respect to, causes whichLicensor cannot reproduce on unmodified versions of theSoftware.Ifandwhenavailable,theseserviceswillbebilledtoCustomeratLicensor'sthencurrentrates.ExceptasexpresslystatedinaseparateConsultingAgreementbetweentheparties,Customer is responsible for the migration of data and anycustomized versions of Software to new standard releases orversionsoftheSoftwareissuedasSupport."Thismeansupdatestothebaseproductareuselessunlessthelicensee is also willing to pay a consultant to port thecustomizations to the new base product. A licenseecontemplating the cost of support for customized coresoftwareshouldthereforebudgetnotonlythecostofreceivingperiodicupdatesundertheannualmaintenanceplanfromthelicensor (typically costing about 20 percent of the originallicense fee per year), but also the cost and time required toportanyrequiredcustomizationstothenewbaseprogram.(b) Customizations by Licensor or Consultant? Therearealsoimportantcontrolissuesatstakewhencustomizationsareprovidedbyanindependentconsultingorganizationratherthan the licensor or the licensee. Many licensors maintainconsulting alliance programs in which customizations areperformed by independent consultants that have a technicalalliance relationshipwith the licensor. An alliance consultant

84

may have access to source code,8 educational resources andtechnicalsupportfromthelicensor'sdevelopmentteam.Alliancemembers are generally not "partners"with licensorsin a legal sense. This means the licensor is probably notresponsible for the consultant's performance, althoughproblemswith implementation often result in finger-pointingbetween the licensor, the consultant and the licensee'stechnical staff. It is therefore important for licensees tounderstand how these consulting alliances generally work atthecontractuallevel.Forexample,aconsultingalliancemembermayhavetherighttomodifythesourcecodeorat leastcreatecustominterfacesbetweenthelicensedprogramandothersoftware,suchasthelicensee'slegacysystemsorthirdpartyproducts.Theallianceagreement with the licensor often prohibits the consultantfrom delivering the customized source code to the licensee.Dependingontheallianceagreement,theconsultantmayownitscustomizationsandmay(ormaynot)berequiredtodeliverreferencecopiesofthecustomizationstothelicensor.Withonlymachine-readableobject code inhand, the licenseewillbe inapositionof long termrelianceon the consultant'stechnical availability and willingness to provide support atreasonable prices. If the consultant retains control over thecustomizations, but is unable to provide adequate support tothe licensee, this could harm both the licensee and thelicensor's reputation in the marketplace. It's therefore 8 The "source code" is the human-readable version of the software that is needed to modify and perform ongoing maintenance and support work on the software.

85

importanttounderstandtherelationshipbetweenthelicensorand any consultant in order to evaluate potential issues inlong-termsupportcontracts.Query: If the consultant fails to cooperate or goes out ofbusiness, what options does licensee have to obtain supportelsewhere?From the licensee's perspective, it would be ideal for thelicensee to try to obtain ownership of the customizations(which would include source code). This would reduce thelicensee'sdependenceontheconsultant.Obtaining ownership may also help the licensee defend itscompetitive position if the licensee is worried thatcustomizations it paid for could be re-usedby the consultanton projects for "free riding" competitors of the licensee. Alicensee may sometimes be able to secure ownership,especiallyifitisalargeaccountwithanITdepartmentcapableof implementing complex software and if disclosure of tradesecretsinthesourcecodebylicenseeisnotaseriousrisk.Theseownershiprightsareusuallydifficulttosecureinmanycases, however. The licensor will generally want to retaincontroloveritsIPrights,whichwouldincludecustomizationsand other derivative works. This is especially true if thecustomizationsmightbeusedasaframeworkortemplateforan entire industry segment. The consultant alsowill want toretainownershipofcustomizationstolockthecustomerintoalong-termsole-sourcesupportarrangementand to re-use thecustomizationsonotherprojects.

86

From the licensor's perspective, the ownership issue is oftenaddressed in either the Alliance Agreement or any separateSourceCodeLicensebetween the licensor and the consultingalliancemember.Thus,a licenseeshouldexplorewhetherthelicensorortheconsultantownsanycustomizationsundertheiragreement. Otherwise, if licensee attempts to negotiateownership of customizations with the consultant, it may bebarkingupthewrongtree.As an alternative to ownership, a licensee could attempt toobtainasourcecodelicenseforanycustomizationsspecifictothat licensee. However, the licensor may block this effortbecauseofconcernoveritstradesecretsinthesourcecode.Another way for the licensee to reduce dependence on theconsultant is for the licensee tomakesure the licensoreitherretains ownership of customizations or receives the sourcecodefromtheconsultantandtherighttomodifyandsupportthe customizations. This may allow the licensor's consultingshoptoprovidesupportiftheconsultantprovesuncooperativeortooexpensive.Source CodeEscrows: If none of these alternatives succeeds,the licensee may require that the source code forcustomizations be deposited into a "Source Code Escrow"account,withthecodereleasediftheconsultantgoesbankruptorfailstoprovideongoingsupportservices.The licensee should also determinewhether the licensor hasits own consulting group that can develop customizations.Licensorconsultingshopswilloftenhaveaverycloseworkingrelationshipwiththelicensor'sdevelopmentteamandbemorefamiliarwithproducttechnicalcapabilities.Althoughin-house

87

shopsaresometimesperceivedascostingmore, theirgreaterefficiencymaymorethanoffsetthenominallyhigherrates.Theeliminationofpotentialfinger-pointingbetweenlicensorsandconsultantsmayalsojustifyusinglicensorconsultingshops. 3. SupportforCustomDevelopedSoftware.Support for custom software is typically the final stage in along process of designing, developing, testing, implementingand supporting a software system. It is important tounderstand the development cycle, since later stage supportproblems may simply reflect design flaws, coding errors ormanagementproblemsatearlierstagesoftheproject.(a) Project Staffing Issues. It is important for bothparties' technical people to get to know each other prior toawarding the contract. Sometimes, bringing in an outsidedeveloperintrudesontheturfof in-housetechnicalpeopleorothercontractorswhocanundermineaproject'ssuccess.Thecustomer will want to review the resumes of contractorpersonnel to be assigned to the project and to assess theirtechnical ability and experience with similar systems. Eachparty should specify a Project Coordinator and the keytechnical people. The agreement should include a non-solicitation clause tomaintainworkforce stability and shouldprovide some level of reassurance regarding staffing stabilityand commitments, replacement/approval procedures,adherence toworkplace safety, security and substance abusepolicies.

LearningCurves.Havingtoreplaceprojectmanagersorkeytechnicalpersonnelduringaprojectcanhavea

88

devastating effect on progress, quality of work andsubsequent ability to diagnose and correct defectsduringsupport.Developerswhoquitmayhavegotteninovertheirheadstechnically,sotheirdeparturemaysignal problemswith the project. Replacing key staffmayentail a steep learning curve for thenewpeoplebefore they become productive. If the contactorremoves staff without customer's consent, thecontractmayrequireatransitioninstructionalperiodanddenyorlimitcustomer'sobligationtopayfortheorientation time. The customer may also restrictreassignmentofcontractorpersonneltoprojectswithkeycompetitorsforaspecifiedperiodoftime.

(b) How Good Software Design Affects Support. Manysupportproblemscanbetracedbacktotheparties' failuretoallocate sufficient time and resources to identify thecustomer's requirements andprepare functional anddetailedtechnical designs (including interfaces between all systems)priortoactualcoding.A robust design phase allows you to unhitch design fromdevelopmentandisthefoundationforsuccessfuldevelopmentand debugging phases. Having a good design and clean,documentedinterfacesbetweensoftwareprogramsalsohelpsdemarcatelinesofresponsibilitybetweenanyco-developmentteams and reduces finger-pointing. Good design can beimperativeforsupportpersonnellaterattemptingtolocatethecauseofadefectandcorrectit.Structuring Tip: Consider breaking the project intoseparate phases: requirements analysis, functionaldesign, technical description, coding & testing,

89

implementation, training, support. Each phase must becompleted, reviewed, accepted and paid for before thenext phase commences. This discipline can be enforcedbyusingaBasicOrderingAgreement(BOA)underwhichindividualTaskOrdersareissuedforeachprojectphase.Thecontractor'sneedtoproveitselfoneachTaskOrderbeforeanotheroneisissuedimposesdisciplineandtendsto keep contractors on their good behavior. The TaskOrder approach may also help the contractor if theagreementcompartmentalizescontractor'sliabilitytotheamountpaidundereachTaskOrder.

(c) How Testing and Acceptance Effect Support. It isimportantnot toput a softwareprogram intoproductiveuseuntil it has been vigorously tested and accepted. Licenseesshould try to resist efforts to characterize bugs identifiedduringacceptancetestingassomethingthatwillbe"takencareofasasupportissue."Itisimportanttohaveawrittentestingand acceptance procedure to establish a clear line betweenwarrantyworkandfollow-onsupportservices.Acceptancetestingshouldbeconductedpursuanttoawrittentestplanthatisderivedfromthedesigndocuments.Eachunitof code should be individually tested for functionality andreliability.Thesystemshouldthenbetestedtoseewhethertheunitsfunctiontogetherasanintegratedsystemandwithothersystems.Asnoted,efficientdebuggingusuallydependsonhowwellthesystemwas designed from the outset, because a good designallows developers to isolate, identify and fix bugs quickly(sometimeswithinafewminutes).Itisexasperatingandtimeconsuming for support personnel to try to support a poorly

90

designedordocumentedsystem.Thisiswhyarobustdesignisso important to the development of a functional and reliablesystemthatcanbesupportedeffectivelyatreasonablecost.There are two basic approaches to drafting an acceptanceclause:Contractor version: "The Software shall be deemedaccepted if Customer does not notify Contractor of anymaterial defects during the Test Period or, if CustomermakesbeneficialuseoftheSoftware,itshallconclusivelybe deemed accepted and any outstanding punch listitems shall be covered to the extent provided underSection__("Warranties")."Customer version: "The Software shall be accepted asconforming to the requirements of this Agreement onlywhen Customer issues its written certification ofacceptance.IfContractorfailswithinthirty(30)calendardays to correct punch list items or the Softwareotherwise fails to comply with the requirements of theTestPlanwithinthedesignatedtime,Customermay:(a)reject the Software in its entirety and recover amountspaid hereunder; (b) issue a "partial acceptance" of theSoftware, with an equitable adjustment in the price toaccount for suchdeficiency; (c) conditionally accept theSoftware,whilereservingitsrighttorevokeacceptanceiftimely correction is not forthcoming, or (d) pursuewhatever other remedies are available under thisAgreement."

(d) How Confidentiality Restrictions Affect Support.Humanreadablesourcecode,whichisrequiredtofixbugsand

91

support software, constitutes a closely guarded trade secret.Evenifthelicenseeobtainsasourcecodelicensetoprovideitsownsupport,aconfidentialityclausemayrestrictaccesstothecode to licensee's own employees. A licensee that does nothave a robust IT department may want to loosen thatrestriction so itsoutside consultants canalsoprovideneededsupport.Thelicensorwillimposeproceduralcontrolsgivingitthe right to approve or disapprove those consultants and arequirement that any consultant obtaining access to sourcecode first execute a confidentiality agreement in a formsuppliedbythelicensor.C. OtherKeySoftwareSupportIssues. 1. What is an "Error" in the Software? It isimportanttounderstandthedefinitionofan"error"thatgivesrisetothedutytoprovidecorrectiveservice:Licensee Version: "Error" means any failure of theSoftwaretoperformitsintendedfunctionasdescribedinitsrelateddocumentationoranysignificantinaccuracyinitsrelateddocumentation.Licensor Version: "Error" means any reproduciblefailureof the standard,unmodifiedSoftware toperformsubstantiallyaccordingtoitsrelateddocumentation.Forthese purposes, "documentation" means the officialonlinehelpfilesorwritteninstructionmanualssuppliedby Licensor regarding the use of the Software.DocumentationdoesnotincludeanyFAQs,specificationsforanycustomdevelopmentorintegrationservices,anysales or marketing literature or any documentation forThirdPartySoftware.

92

2. KnowtheTypesofSoftwareReleases.The following example (below) may be helpful for licensorscharginganannualsupportfeethatincludesallfuturereleasesoftheSoftware.IfthecontractincludesMaintenanceReleasesin the annual support price, but charges extra for moresubstantiveupgradestothesoftwareaddingnewfunctionality(Minor and Major Releases), then the parties may want tonegotiate over the bracketed phrase, which could give onepartygreatercontroloverthatissue:

"Maintenance Release" means a set of the Software [reasonably][designated by Licensor] containing bug-fixes to existingfunctionality."Minor Release" means a set of the Software [reasonably][designated by Licensor as] containing some new Softwarefunctionalityandbug-fixes."Major Release" means a set of the Software [reasonably][designatedbyLicensoras]containingsubstantialrestructuringandmajornewfunctionalitytotheSoftware.

Another classification approach employs a more superficialnamingconventionwithinLicensor'scontrol.Notethatnoneofthe definitions specify whether functional changes areincluded:

"SoftwareRelease"meansareleaseofSoftware that isdesignatedbyLicensorinitssolediscretionbyachangeinthedigit(s)totheleftofthedecimalpointintheSoftwareversionnumber[(x).x.x].

93

"VersionRelease"meansareleaseofaSoftwarethatisdesignatedbyLicensorinitssolediscretionbyachangeinthetenthsdigitintheSoftwareversionnumber[x.(x).x]."Update"meansareleaseofSoftwarethatisdesignatedbyLicensorin its sole discretion by a change in the digit(s) to the right of thetenthsdigitintheSoftwareversionnumber[x.x.(x)]."Upgrade"means Updates, Version Releases, or Software ReleasesthatLicensormakesgenerallycommerciallyavailable.

3. UnderstandtheDifferentLevelsofSupport.It is important to understand that software supportresponsibilities, like a layered cake, can be split off andassigned to different divisions or companies. This ability toparse out support obligations can be especially important inreseller relationships. The following example identifiesdifferent levels of support that can be allocated between anowner of software and a reseller or an independent serviceorganization.Inthisexample,theresellermayalsobelicensingitsownsoftwaretoend-users.Example:"MaintenanceandSupportshallconsistofFirstPointofContact,FirstLineSupport,SecondLineSupportandThirdLineSupport,definedasfollows:

First Point of Contact ("FPOC") means responding to End Usersupportcallsinthefollowingmanner:(i)theEndUserencountersasupport issue and reports this issue to Reseller; (ii) the case isregistered and logged into Reseller's support system; (iii) Resellerwill assess the case and identify which Party's products areresponsibleforthesupportissue;(iv)ifitisaProductsupportissue,Resellerwill transfer the issue to Owner alongwith any necessarycustomer information and the case logwill be updatedwith statusassignedtoOwnerintheResellersupportsystemandtheEndUser

94

will be informed of the transfer by Reseller; and (v) if it is not aProductsupportissue,ResellerwillprovideFLS.FirstLineSupport("FLS")meanstheprovisionofassistancetoend-users with regard to the supported products via telephone, fax,electronicmailorotherwise,including(i)identificationofthesourceor cause of the support issue experienced by the end user (ii)whenever at its reach, directly provide a solution to the supportissue received including fixed object and patch distribution, and, ifapplicable, (ii) escalation of the support issue to the Second LineSupport.Second Line Support ("SLS" the provision of assistance viatelephone, fax, electronic mail or otherwise with respect to thesupported products, including (i) receiving and processing supportissuesrelatingtothesupportedproductsasidentifiedandescalatedby the FLS, (ii) characterizing and analyzing support issues, (iii)registryadministration-andwheneverpossible-resolutionofcalls,(iv)clarificationoffunctionsandfeaturesofthesupportedproducts,(v) clarification of the end user documentation for the supportedproducts, and (vi) guidance in the operation of the supportedproducts.ThirdLineSupport("TLS")meansthefollowupactivitiesrelatedtosupport issues concerning the supported products as escalated bythe SLS and which entail but are not limited to (i) further anddetailedindepthanalysisofthesaidsupportissuesleadingtoa)welldocumentedandaccuratedescriptionof the support issueat stake,b) replication of the said support issue on a reasonably acceptabletest systemc)documented case resolutionpath, (ii) deploymentofefforts till thecase is resolvedeitherbymeansofaworkaroundortheinterventionofproductengineering."

4. ServiceHoursofSupport.If the licensor's support group is located several time zonesaway from the licensee's business operations, then it isimportanttospecifyinthecontractwhichlocaltimeappliesto

95

anynormalhoursofsupport.Forglobaloperations,itmayalsobeimportanttospecifywhatlanguageappliestosupport.5. ClassificationofSupportCalls.Support calls or "Cases" are usually classified according totheir level of severity, as measured by the impact of thereported problem on the licensee's business operations. It isimportant to knowwhichpartyhas thepower to classify thesupportcall.Thelicensorwillgenerallywantthediscretiontoclassifyoratleast verify the error, while the licensee will want either toclassifytheerrororatleasttoapplyanobjectivestandard(thisobjectivestandardmayneedtobereflectedinthedefinitionof"Error"). Below is a fairly evenly weighted classificationapproach that attempts to balance each party's interests(bracketedlanguagereflectssomeofthephrasesthatmightbenegotiated):Example: "Licensor will [assign qualified, experiencedtechnicalstaffand]makeits[best][reasonable]efforttocorrect Errors that Licensee identifies, classifies andreports to Licensor [and that Licensor substantiates].LicensormayreclassifyErrorsif it[reasonably]believesthat Licensee's classification is incorrect and cansubstantiate same to Licensee's [reasonable]satisfaction."

6. SomeTypicalSupportCaseClassifications:"Case Category 10"means that Licensee's live system is at a halt and isunable to process data through the Software as a result of a catastrophic

96

eventinthesystemdatabaseorSoftware,oramajorapplicationfailureinacriticalprocessingperiod."CaseCategory20"meansaproblemintheSoftwarewhichcausesseriousdisruption of amajor business function andwhich cannot be temporarilysolvedbyaworkaround."CaseCategory30"meansanyofthefollowing:(i)anon-criticalproblemin the Softwarewhere the Licensee is able to continue to run the systemand/orapplicationoraworkaroundisavailable;(ii)areportedproblemintheSoftwarethatdoesnotqualifyasaCaseCategory10or20."CaseCategory40"means all questions and requests for informationontheUseorimplementationoftheSoftware.7. TheImportanceofDefining"ResponseTimes."Licensors will naturally be expected to respond to SupportCases according to their severity. Licensors will want tomeasuretheir"responsetime"fromthetimeittakesLicensorto begin diagnosis and error correction activities. Licenseesmay attempt (usually unsuccessfully) to measure responsetimetowhenthebugisfixed:

"Case"meansanincidentrelatedtotheoperationoftheSoftwareasloggedwithinLicensor'ssupportsystem."ResponseTime"meanstheelapsedtimebetweenthereceiptofaCase and the target time within which Licensor begins Support asverifiedbyaverbalorwrittenconfirmationtotheLicensee.SupportisavailableduringServiceHourswiththefollowingResponseTimes:(i) Case Category 10: one (1) hour; (ii) Case Category 20: two (2)hours;(iii)CaseCategory30:four(4)hours;and(iv)CaseCategory40:eight(8)hours.

8. Using Escalation Procedures to Attract NeededAttention.

97

Customers of large software installations or mission criticalsystemssometimesnegotiateescalationprocedures.Thesecanhelpelevateastalledsupportproblemtoahigherlevelwithinthe vendor organization until it is resolved. Although theseproceduresinthemselvesdonotguaranteetheoutcome,theydoensure that individualsateach level feelpoliticalpressurefromabovetoperform."Escalation Procedure. If Licensee believes that Licensor is notsatisfactorily performing its support obligations as specified in thisAgreement, Licensee shallhave the rightbutnot theobligation to contactthe followingpersonnel listedbelowonatimeframetobedeterminedbyLicenseeinitssolediscretion("EscalationContacts"):

• Level1Contact:SecondLineSupportpersonnel

• Level2Contact:ThirdLineSupportpersonnel

• Level3Contact:LicensorProjectManager

• Level4Contact:DirectorofDevelopment

• Level5Contact:VicePresidentofDevelopment

• Level6Contact:PresidentofLicensor

• Level7Contact:PresidentofLicensor'sParentCompanyIfCustomerisunabletocontactaparticularpersonlistedabove,Customermaycontactotherpersonnelonsuchlistimmediatelyatitssolediscretion.[TheEscalationContactswillmakebestefforts totakeallsteps(includingwithout limitation assigning additional personnel or labor, expertise,equipment,materialsorotherresources,asrequired)thatarenecessarytohavethereportedproblemaddressedassetforthherein.]"

98

9. Certain Licensee Responsibilities. Mostsoftware licensors will include provisions in their supportpolicytoensurethatitdoesnottakeresponsibilityforSupportCases that arise from the licensee's own failure to observegoodoperationalpractices.Thesamplebelowreflects"lessonslearned"byonelicensor:

"Responsibilities of Licensee. Licensor's provision of Support toLicenseeissubjecttothefollowing:(a) Licensee shall provide Licensor with necessary access toLicensee's personnel and equipment during Service Hours. Thisaccess includes theability todial-in to theequipmentonwhich theSoftware isoperatingandmayalso includetheability toobtainthesame access to the equipment as those of Licensee's employeeshavingthehighestprivilegeorclearancelevel.(b) Licensee shall adopt and utilize all updates, releases andenhancements offered to Licensee previously and adhere to theSupportservicepolicystatements thatmightbereleased fromtimetotime.(c) Licenseeshallprovidesupervision,controlandmanagementofthe Use of the Software. In addition, Licensee shall implementproceduresfortheprotectionofinformationandtheimplementationof backup facilities in the event of errors or malfunction of theSoftwareorequipment.(d) Licensee shall document and promptly report all detectederrors or malfunctions of the Software to Licensor. Licensee shalltakeallstepsnecessarytocarryoutproceduresfortherectificationof errors or malfunctions within a reasonable time after suchprocedureshavebeenreceivedfromLicensor.(e) Licenseeshallmaintaina currentbackupcopyofallprogramsand data and any programs or data that may be affected by theSoftwareordataprovidedhereunder.

99

(f) Licensee shall properly train its personnel in the Use andapplicationoftheSoftware.(g) Licensee shall obtain access, to the World Wide Web at itsexpense,inordertoaccessLicensor'sGlobalSupportWeb-site.(h) Except to the extent expressly governed by a separateconsulting agreement with Licensor, Licensee or its authorizeddesigneeisresponsibleforthemigrationofdataandanycustomizedversions of Software to new standard releases or versions of theSoftware issuedasSupport.LicenseewillobserveallReleaseNotesandproductcommunicationsissuedbyLicensor.(i) If Licensor serves as the first point of contact on Supportservices with respect to Third Party Software, then Licensor willperform such services in a reasonable manner but withoutwarranting the outcome, it being acknowledged that Licensormaynot have control over the resolution of issues for Third PartySoftware."

10. Service Level Credits. Service Level Credits are anadministrativemechanismandcompensationmethod(thinkofliquidated damages) for relatively minor performanceproblems. Service Levels could be focused on response timesfor support calls (different response times depending on themagnitude of the glitch) or system availability metrics foronlineapplications(e.g.,99.5%uptimecommitment,exceptforschedulemaintenanceorforcemajeure).Note: be careful how “force majeure” is defined, as abroaddefinitioncaneffectivelygutanSLAprovision.Thevendor will try to include a broad array of possibleproblems, such as disruption of third partytelecommunications, third party software issues (whichcouldmeanoperating systems,database softwareanda

100

myriad of other layers), labor disputes (key workersleaving?)andothermatters.

If the Licensor fails to meet the Service Level commitments,then customer usually receives a "Service Level Credit" as alimitedremedy.Usually,theservicelevelcreditsareappliedtothe amount otherwise due from the Licensee (e.g., 5%, 10%,20%ofthemonthlyinvoiceamount).SometimesServiceLevelCredits are subject to a maximum credit limit for any oneSupport Case or for any specific month or other specifiedperiod.If the Service Levels are not met for, say, any 2 consecutivemonths, or 3 months in any 5 month period, the agreementmight provide a right for the customer to terminate forconvenienceandtherighttorecoverarefundofanypre-paidfees (pro-rated from the terminationdate through the endofthatTerm).Thisapproachavoidshavingtodeclarethevendorin breach, and gives the customer an easy exit from therelationship.11. MinimumPeriodofSupport. It isusuallyhelpful forboth parties if the Licensor specifies theminimum period ofsupport for products that are discontinued. A commonapproachistoofferongoingsupportforoneortwoyearsafterproductdiscontinuation:Example: "Licensor shall continue to offer Support forSoftwareforaperiodoftwo(2)yearsafterdiscontinuingaversionofSoftwarefromLicensor'spricelist."

101

D. HowRevenueRecognitionRulesCanAffectSupportContracts.Bothpartiesshouldunderstandhowfinancialaccountingrulesgoverning recognition of revenue for software-relatedtransactionsaffectthestructureandtimingofsoftwarelicenseand support agreements. In some cases, these revenuerecognitionrulesstronglyshapethelicensor'sbusinessmodelandthestructureofitsagreements.Practice Tip: Paying attention to the mechanics ofbooking revenue can help licensees obtain period-enddiscounts from software companies trying to meetrevenue targets. It can also help licensor attorneysunderstand the importance of maintaining goodcontracting, shipping and account receivable collectionpractices.

1. License Fee Revenue Recognition. A licensor maygenerallyrecognizeaone-timesoftwarelicensefeeasrevenuewhen the contract has been signed, the product has beenshipped, the fee is fixed or determinable and the invoice hasbeen issued, provided collection of the money is probablewithinanormalpaymentcycle(e.g.,net30-60days).

• Close the Contract: to help recognize license revenueandhaveit"stick"onaudit,manylicensorsprefertousestandardagreementstoevidencethetransaction.Whensigned license agreements are generally used by aparticularlicensor,theymustbesignedbybothpartiesto be effective (even if a purchase order has beenobtained).Thismeans licensors shouldhaveanofficeravailable to execute agreements prior to the close of

102

eachaccountingperiod.Ifthelicensordoesnotusuallyobtain signed license agreements (e.g., in a click-wraplicensing scenario), then the transaction can beevidencedbyanon-cancelablepurchaseorderfromthelicensee or, in the case of online sales, the transactioncanbeevidencedbyanonlineacceptanceoftheorder.Remember: failure to close the sale contractually willdelayrevenuerecognitioneveniftheproductisshippedandpaymentisreceived.

• SetthePrice: torecognizetherevenue, thepricemust

be fixed or determinable at the outset. Grantingextended payment terms beyond 3 to 6 months candefeat this requirement, since the technologicalobsolescence of software over relatively short periodscanincreasethechanceofhavingtograntconcessions.Extendingpaymentson10+percentof the feebeyond12monthscanleadtoapresumptionthatthewholefeeis not fixed and determinable at the outset and candelayrevenuerecognitionuntilpaymentsarereceived.A history of granting concessions to collect extendedpayments likewise can defeat immediate recognition.Ideally,thelicensorwillwantthefeepaidwithin30-60daysofdeliverytorecognizethelicensefeeupfront.

• A/RFactoring:sellingtheaccountreceivabletoathird

partyfinancialinstitution,evenonanon-recoursebasis(inwhichpaymentriskisshiftedtothebank),generallydoes not help the licensor recognize revenue on anextended payment license, since the "fixed ordeterminable"requirement isdeterminedattheoutsetof the license transaction. While credit risk is

103

eliminated,theriskoftechnologicalobsolescencecouldstillrequirefutureconcessions.

• Cancellation Privileges: substantive cancellation

privileges, such as the contractual requirement forboard approval to an agreement, candelay revenuerecognition. However, short term return policies(e.g., "30daymoneybackguarantees")generallydonot interfere with revenue recognition of the price(minusareasonablereserveforreturns).

• Deliver the Product: the software product must be

delivered to the licensee before the licensor canrecognize the license fee revenue. If shipment is bycommon carrier, shipping the product "FOB ShipmentPoint"satisfiesthisrequirementatthetimetheproductis put into the hands of the carrier. "FOB DestinationPoint," however, can delay the delivery time until theproduct is actually received by the licensee. It isimportant for licensors to document the time ofshipment by keeping shipping receipts on hand. Forsoftware delivered electronically, the delivery timeoccurswhenthesoftwarecanbedownloadedorwhenlicense keys to amaster copy are issued. So if it's toolate for a Fedex shipment, consider delivering thesoftwareelectronically.

• License Keys: the routine use of temporary license

keys to enforce payment terms will not delayrevenue recognition, provided the basic criteria areotherwisemet. However, if temporary keys are notroutinely use, their presence in a transaction mayindicate there's a serious payment risk on that

104

particular transaction and delay recognition of therevenue.

• AcceptanceProcedures: whensoftwaredeliveriesare

subjecttoformalacceptanceproceduresbythelicensee,thiscandelaytherevenuerecognitionifacceptanceisasubstantive step, rather than a perfunctory matter.Postponing the license fee payment until acceptanceindicates that the acceptance event is substantive andcan delay revenue recognition. Conversely, including a"deemed acceptance" clause upon the passage of timesuggestsitisperfunctory.Note:atemporary"trybeforeyou buy" arrangementwill probably delay recognitionoftherevenueuntilthetrialperiodisover.

• RemembertoGetPaid:ahistoryofnon-paymentbya

particular customer may defeat the "probability ofpayment" requirement for revenue recognition.Customerswithacleanpaymenthistorycangetbetterdeals from software vendors because there is lessqualitative concern over recognizing revenue on thesale. Likewise, a vendor with a poor track record ofcollecting accounts receivables at face valuemay havedifficultypersuading its accountants that thenextdealshouldberecognizedwhentherecognitioncriteriahaveotherwisebeenmet.Attorneyscalledintohelpcleanupold A/R on the books should realize that theymay behelping the company improve its ability to recognizerevenueondealscomingthroughthesalespipeline.

2. Post-ContractSupportRevenueRecognition.

105

Support versus Specified Upgrade Rights: Post-ContractSupport (commonly known as support and maintenanceservices) should be distinguished from a contractual right toreceive a specified upgrade in the future that will addfunctionality or enhance performance of the software. Forexample,ifanagreementlicensingVersion3.0grantslicenseethe right, at no additional cost, to receive Version 4.0 "whenand if it becomes available," a portion of the revenue on theoriginallicensefeewillneedtobedeferreduntilthatupgradeis delivered.Note: licensormaybe able to counteract this byincludingan"entireagreement"clauseandastatementthatallupgradesareatthe"solediscretion"oflicensor.UCITAWarning: As noted earlier, licensors need to becareful about giving customers post-contractreassurances concerning updates and support servicesthatmaybeatoddswiththeagreementandtheirpricingmodel. UCITA commentary states: "If language is usedafter the closing of the deal (as when the licensee ontaking delivery asks for and receives an additionalassurance),theassurancemaybecomeamodificationofthe contract. An agreed modification requires noconsideration to be binding." [UCITA Section 303(a);Section402,Comment2].

Post-Contract Support: generally relates to unspecifiedupgrades thatare tobeprovided "whenand if available"andongoingerrorcorrectionservices.Forexample,ifthecontractpromises to deliver to the licensee all upgrades to a licensedproduct generally releasedduring thenextyear "whenand ifavailable" (and none have actually been specified yet), thenthisisconsideredpost-contractsupportratherthanarighttoaspecifiedupgrade.

106

The value of support should generally be recognized ratablyover the support period, using a straight-line method. Indeterminingthisvalue,theactualpricedesignatedforsupportmayormaynot reflect its truevalue for revenue recognitionpurposes.Accountantswilloftenlookattherenewalratetobecharged upon commencement of the second year as a bettermeasure of how much of the total up front price should beallocatedtosupportforyearone.Coordinating Warranty & Support: if a one year supportperiod commences after completion of, say, a six monthwarranty period, then a fair portion of the total fee will berecognized over 18 months comprised of (a) an implied 6monthsupportterm,followedby(b)anexpresssupporttermof12months.Thelicensorwillthereforehaveanincentivetomove directly into product support upon inception of thelicenseagreement.

WatchtheGapBetweenLicense,Support&Hosting:It ispossible that softwaremaybe licensed fromonevendor, supported by a different vendor and hostedonline by a third vendor. This can create a gap inresponsibility,whereeachvendorblamestheotherforperformance problems. A slow system, for example,could be the fault of the software vendor (poorarchitecture or coding), the support vendor(inadequate knowledge of system design) or thehostingprovider(insufficientallocationofmemoryorbandwidth) or the customer’s slow connection. It istherefore important to designate one vendor asprimarilyresponsiblefor“system”performanceandto

107

beresponsible for coordinating the technicalworkofothervendors.PARTTHREE:OPENSOURCESOFTWARE

I. WhatisOpenSourceSoftware?Open Source is a development method for software thatharnesses the power of distributed peer review andtransparencyofprocess.Thepromiseofopensourceisbetterquality, higher reliability, more flexibility, lower cost, and anend to predatory vendor lock-in. [Quoted from the OpenSourceInitiativeathttp://opensource.org].Itisestimatedthat80-90percentofnewlydevelopedsoftwareapplications are comprised ofOSS.Despite itsmany benefits,OpenSourceSoftware(OSS) isnotrisk-free.Assecurityflawsare discovered and reported in online OSS developer sites,hackers have been known to exploit those vulnerabilitieswithin 3 days on average. Yetmany companies usingOSS donotkeepinventoriesofOSSusageandthusdonot implementsecuritypatchesinatimelymanner:Aside: In March, 2017, the Department of HomelandSecuritynotifiedEquifaxofasecurityflawintheApacheStrutsopensourcesoftware.ButEquifaxdidnothaveagood inventory of OSS in use that would allow it toimplement a security patch. Hackers exploited thevulnerability and stole personal information on 145millionAmericans.

108

Even ifacompanydoes inventory itsOSSusage, it isunlikelythat they implement security patches as quickly as hackersmove to exploit the vulnerability. Some hackers have evenstolen the log-in credentials of OSS project leaders and haveuploaded OSS code with built-in security flaws into an OSSprojectthatcanlaterbeexploited.There are also legal risks that depend on the specific OSSlicense governing a project. Under more aggressive OSSlicenses, the creationanddistributionof aderivativeworkofthe OSS could obligate the company to publish sourcematerials for its proprietary programs that are based on orutilizetheOSS.Aside: Va. Code59.1-504.10 indicates that there are noimplied warranties of non-infringement, non-interference,ormerchantability for“free”(opensource)softwareforwhichthelicensordoesnotintendtomakeaprofit from its distribution and does not generally seekcommercialgain formaking,modifyingorredistributingcopies.

Because there aremany varieties of OSS licenses, the lawyermustreviewthespecificOSSlicensegoverninganOSSworkinthecontextoftheclient’sintendeduseoftheOSS.Thisinvolvesa case-by-case analysis inmany cases. Ideally, this should bedone in the context of the client company’s Open SourceSoftwarePolicy,wheretheissuesareconsideredinadvance.II. OpenSourceSoftwarePoliciesThepurposeofanOpenSourceSoftwarePolicy(the“Policy”)is to provide guidelines and procedures that client Company

109

employees (typically in-house software developers andcontractors)shouldfollowbeforeusing,orallowinganoutsidesoftware vendor to use, Open Source software in any (a)Company internal production systems or (b) any Companyproductorwebservicesuppliedtocustomersormadepubliclyavailable.

• Pre-approval is not required for Company staff toconductaninternaltechnicalevaluationofOSSpriortoactualdevelopmentuse.

• TheapprovalprocessmaybeexpeditedforOSSlicensedundercertain“Permissive”(Academic)OSS licenses,asdescribedbelow.

• For OSS works governed by “CopyLeft” or “viral” OSSlicenses, as described below, permissionwill likely bedenied unless it is certain the OSS would never bemodified or combined with other software andredistributed(includingviawebapplications).

CompanyemployeeswhoareconsideringtheuseofOSSmustsubmit a Request for Approval to theOSSReviewBoard andobtainwritten approval prior to using,modifying, combiningorlinkingOSSwithothercodeorlibraries,ordistributingOSSderivative works as part of Company products or web siteservices.III. DefinitionstoKnowOneof thechallengesofevaluatingOSS licenses is the lackofuniformityindefinitionsandthelegalconceptstheyexpress.Itisessential toreviewthedefinitionscontained inaparticularOSS license in order to understand what obligation the user

110

may have to publish otherwise proprietary code with whichOSSmaybetechnicallyassociatedindifferentways:Open Source Software (“OSS”) is software freely available insource code form for anyone to use, copy, modify anddistributewithout payment of a license fee or royalty.OSS isnotpublicdomainsoftware.Instead,itiscopyrightedsoftware.ItsuseisgovernedbyaparticularOSSlicenseselectedbytheoriginalauthor,whohastherighttocontroldownstreamusesof the work as a condition of granting the license. As eachcontributormakes improvements under certain kinds of OSSlicenses they, too, must grant downstream users the samelicenserightstothelatestderivativework.DerivativeWorkis“aworkbasedon”theOSSworkthatwouldrequirepermissionofthecopyrightowner(otherthananexactcopy).Thiswouldinclude“copy[ing]fromoradapt[ing]allorpartofthework.”ADerivativeWorkthereforeincludes(a)OSScodethatismodifiedatthecodelevel,or(b)OSScodethatistranslatedoradapted intoanotherwork,or (c) thecombinedworkthatresults fromincorporatingOSScode(e.g., includingsnippets)intoothercode.Additionalpointstoconsider:

• SomeOSS licensesdefineDerivativeWork (ora “workbasedon”theoriginal)atthe file level,sothatcopyingOSScodeintoanotherworkonly“taints”theotherworkwithinthatsamefile.OtherOSSlicenseswouldtainttheentire work, even including software whose onlytechnical connection is that it staticallyordynamicallylinkedtothefilecontainingOSS.

Distributeorconveygenerallymeansanykindofpropagationofaworkthatenablesotherpartiestomakeorreceivecopies.

111

Generally, mere interaction of server software with usersthrough a computer network is not a distribution orconveyanceofacopy.

• Exception: The GNU Affero GPL provides that “if youmodify the Program, your modified version mustprominentlyofferallusers interactingwith itremotelythrough a computer network… an opportunity toreceivetheCorrespondingSource….”

SourceCode generallymeans “thepreferred form formakingmodifications, including but not limited to software sourcecode,documentationsource,andconfiguration files.” (ApacheLicensev.2.0).OSSlicensesthatcarryanobligationtopublish“corresponding”sourcecodeforaderivativeworkmayemployan expansive definition of Corresponding Source: “all thesourcecodeneededtogenerate,installandruntheobjectcodeandtomodifythework,includingassociatedscripts,interfacedefinition files, shared libraries and dynamically linkedsubprograms that the work is specifically designed torequire….” (GNU GPL v3.0) (emphasis added). Through thisexpansive definition, the GNU GPL v3.0 broadens the sourcecodedeliveryobligationtoencompassothersoftwarethatmayonlylinktoorinteractwithit.IV. Identifying the Governing Open Source License &RelevantIssuesAuthors have discretion to choose from over seventy (70)“OpenSourceInitiativeApproved”OSSlicenses(overall,morethan1,400varietiesof licenseshavebeenreported).TheOSSfiles for a particular workwill identify the exact OSS licensethat governs it. The 70 major OSS license documents are

112

published at the Open Source Initiative website(http://opensource.org). Some authors publish OSS undermorethanoneopensourceand/orcommerciallicensetoofferdifferentdevelopmentandsupportpathsfortheirwork.A. OSSLicenseClassificationOSSlicensesfallwithinthreegeneralcategoriesorclasses:• Class A: Academic or “Permissive” Licenses: OSScode governed by Academic Licenses (Class A) are usuallydeemed safe for Company use, modification and distributionwithproprietaryproductsandonstandardcommercial termsof Company’s choosing. Among the more popular Class Alicensesare:

• BSDLicense(v.2,3);• MITLicense;• ApacheLicense(v.2);• MicrosoftPublicLicense(MS-PL).

ClassAlicensesallowaCompanytodecidehowtolicenseanyderivative work of the OSS on an outbound basis of itschoosing; that is, Company may license its customersexecutablesonlyanditneednotpublishanysourcecodetothederivativeworkoftheOSSoranyofitsproprietarycode.TheCompanydoeshavenoticeandattribution responsibilitiesondistributedderivativeworksofOSS,asnotedfurtherbelow.

• Class B: File-Based Licenses: Under these licenses,OSS obligations to publish source code to distributedderivativeworksareimposedonlyattheFileLevelanddonot

113

taintothercodethatlinkstoorinteractswiththemodifiedOSSfile.ClassBlicensesinclude:

• GNULibraryorLesserGeneralPublicLicense(“LGPL”);

• MozillaPublicLicense(Version2);• CommonDevelopmentandDistributionLicense

(Version1);• MicrosoftReciprocalLicense(“MS-RL”).

TheGNULGPLpermitsdistributionofaCombinedWork thatcontains a separate Application that interfaces to an OSSLibrary.ThelicenseeisobligedtopublishsourcecodeonlytotheOSSLibrary(andnottotheCombinedWorkcontainingtheseparateApplication).TheMozilla PL (v2) simply limits the source code disclosurerequirement to the original Covered Software (the OSS) andany Modifications to it at the file level (code changes orcopyingOSScodeintoothersoftwareatthefilelevel).• ClassC:CopyleftLicenses(ProhibitedatCompany):Under CopyLeft licenses, the use of OSS code to create adistributed derivative work not only requires publication ofsourcecodetothemodifiedfiles,buttotheentire“derivativework” or “combined work” which includes code with whichOSS code is compiled and (according to the FSF) any othersoftwaretowhichOSSlinks,eitherstaticallyordynamically.

OSSprovidedunderaClassClicenserisks“virallytainting”other proprietary applicationswith obligations to disclosethesourcecodetotheproprietaryornon-OSSprograms. It

114

could also conflict with third party licenses, including otheropen source licenses to other components with which itinteroperates.ClassClicensesinclude:

• GNUGeneralPublicLicense(GPL,Version2and3);

• EclipsePublicLicense(Version1)(possiblyviral,depending on what the undefined term“derivativework”encompasses);

ThereisadebatewhethertheClassC“CopyLeft”licensestherecross-contaminate applications/plug-ins and Javascripts thatare “interpreted” source code relied on by other applications(theoutcomeapparentlydependsonafairlyobscuretechnicalanalysis).Becauseoftheserisks,OSSunderaClassC(CopyLeftorviral)licenseisnotpermittedatmostcompaniesunlessitiscertainthe OSS would not be modified or combined with othersoftwareandredistributed(includingviawebapps).

115

Introducing“ClassC”OpenSourceSoftwareIntoYourCode

BaseCanbeaTickingTimeBomb

116

ThefollowingdiscussionfocusesonadditionalissuesthatwouldberelevantinconsideringClassA(Permissive)andB(File-Based)licenses.B. DistributionofDerivativeWorksIf it is determined that theCompanywill create a “derivativework” (or some other defined work that invokes the OSSlicense obligations) then it becomes necessary to determinewhethertheresultingworkwillonlybeusedinternallybytheCompany,or instead,willbedistributedor conveyed to thirdparties.Distributionorconveyanceofacopyofsoftwareistypicallyanobvious event, occurring either by physical delivery ofsoftwaremedia or direct download of a copy. Software-as-a-Service or cloud-based remote applications accessed via theinternetmight (at least arguably)be considered “distributed”to the extent that software plug-ins and client-side softwareare downloaded to client workstations as part of using theservice.

Aside: In Class C licenses (which are generallydisfavored at the Company), it is noteworthy that“distribution” may include web or network access topure server-side functionality under the GNU AfferoGeneralPublicLicenseclause.

Itisthe“distribution”or“conveyanceofacopy”ofaderivativeworkoftheOSSthatinvokestheobligationstoprovidenoticeand attribution under Class A licenses, and in addition, topublishsourcecodeunderClassB(atthefilelevel).

117

C. NoticeandAttributionResponsibilitiesIf the Company were to distribute a derivative work of OSSunderaClassB (orC)OSS license, thegoverningOSS licensewill provide instructions on the notice and attributionrequirements for that derivative work, along with directionsfor publishing the required source code. Attribution(recognition afforded the author of the derivative) is animportantpartoftherewardstructureoftheOSSmodel.D. SoftwareWarrantyandSupportConsiderationsWhen comparing OSS to commercial software, consider thatmuch OSS is provided “as is” without warranties andindemnities typically found in commercial software licenses(e.g., warranties of non-infringement, performance, support,etc.,areusually lacking).Thegeneralabsenceof IP indemnityrights inmany OSS licenses poses a greater risk if infringingcontenthasbeencontributedbyanupstreamcoder.Regardingthe absence of software support, in some cases, anindependent software support organizationmay address thisriskbyofferingcommercialgradesupportforOSSforastatedfee.E. TheOSSProjectSponsorOn occasion, a Company may want to sponsor a new OSSproject on a publicOSS repository (e.g., on GitHub.com). OSSprojects must have a Company sponsor. The sponsor is theindividual who first requests to use the applicable OSS, orother individual that may be specified by the Review Board.TheOSSsponsorwillberesponsiblefor:

118

• Managing any external support from the OSS

community or support vendor, and for tracking andapplyingupdatesandsecuritypatches;

• ApprovingandregisteringmodificationstoOSSthroughCompany’ssourcecodecontrolsystem;

• Notifying theReviewBoardwhen theOSS isno longersuitableornolongerused(endoflife);

• CoordinatinganyapprovedOSScommunityinteractionanddistributionofsourcecodewithrespecttotheOSS.

• Ensuring that individual developers at the Companywho make contributions to OSS projects approved bythe Company receive proper attribution andrecognition,asanticipatedintheOSSlicense.

F. RecordKeepingandCodeManagement

The Company source code control system should hold code,documentation, revisions and revision logs for all such OSS.When OSS components are used only in binary form, thelicense, source code and build tools needed to recreate thatbinary must, if available, also be archived in the Companysource control system.These elementsmust alsobe archivedforeachnewreleaseoftheapplicableOSS.Because many OSS applications are dependent upon olderversionsoflibrariesorotherOSScomponents,anarchivecopyof all previously approved versions must remain in theCompany source control system. OSS repositories within theCompany source control system should be backed upperiodically. When any approved OSS is no longer used or

119

needed,copiesoftheOSSshouldberemovedfromallcompanycomputers,exceptforarchivalcopies.Company software developers should search for OSS in theCompanysource control systembefore seeking toobtainOSSfrom an external source. OSS components in the Companysourcecontrolsystemhavealreadybeenevaluatedandcanbeapprovedmorequickly.MostCompaniesuseautomated tools to scan source code forOSS dependencies before compiling and deploying softwareinto production. These scans can also help identify older orriskierOSScodethatmightbecontainedinanapplication.ItisimportantthatCompaniesmaintainaninventoryofOSSinuseso that security patches can be implemented quickly (seediscussion of Equifax data breach, above). Some of thesescanningtoolscanautomaticallyproduceOSSinventories.G. Compliancewith OSS Licenses -- If OSS is approvedfor a specific project, the termsof theOSS license agreementmust be followed. This may require compliance with noticeand attribution (author recognition) requirements,distributionofsourcecodebutonlyformodifiedfiles(ClassBlicenses)andothertermsofuse.Notably, if a distribution requirement is triggered, ittypicallyrequiresonlythatsourcecodebedistributedtothe immediate end-users of your software and notpublishedtotheworldatlarge.

SinceOSSlicensetermsvary,theLegalDepartmentshouldbecontactedifthereareanyquestionsregardingaparticularOSSlicense. Source code for anything beyond the immediately

120

modified OSS file should never be released without LegalDepartmentreviewandapproval.H. EmployeeCommunication,EducationandTraining.Companies should implement communication, education andtraining for development, IT, procurement, legal, andexecutivesregardingthegeneraluseofOSS,howtominimizeunduerisksassociatedwithuseofOSS,thetermsoftheirOSSPolicyandotherpertinenttopics.I. SoftwareProvidedbyVendors--Thirdpartyvendorsengaged to develop software for a Company, or licensingsoftware to a Company, should also provide representations,warranties, and indemnifications stating that the developedsoftwaredoesnotcontainanyOSS,unlessotherwiseapprovedby the Company in the contract. If OSS is included, then thewarranty should state that none of the OSS is governed by alicense that would require the Company to distribute sourcecode to any software in the Company’s computingenvironment. Some Companies are now requiring softwarevendors to include a “Software Bill of Materials” (SBoM)identifying all OSS contained in the software. This helps thecustomermaintainitsinventoryofOSS.Note: A real danger exists with third party softwarelicensedinexecutableformthatcontainsOSScontainingsecurity flaws. For example, software containing OSSundertheApache2.0licensemaybedistributedsolelyinexecutable form,yetmaycontainanunpatchedsecurityvulnerabilitythatcanbeexploitedbyhackers.

J. Patent Considerations -- Some OSS licenses containpatent licenses or patent non-assertion covenants. For

121

organizations that hold patents and modify OSS into a workthat is covered by their own patent, the patent provisions oftheOSSlicensemaybeconstruedasgrantingpatentrightsondistributedOSS to downstreamusers on a royalty free basis.See,e.g.,theApachelicense(v.2)andtheGNUGPLv.3.Thisisariskthatshouldbecarefullyconsideredbypatentholders.K. Audits -- Company may perform periodic audits todetermine compliance with this Policy. These audits, whichmay include code scanning, will determine if this Policy ismeeting business objectives and whether Company isconformingtothetermsofthisPolicy.L. Potential Traps in Dealing with Open Source

Software(OSS)Somesoftwaredevelopmentcompaniespublishtheirsoftwareunder an aggressive Copyleft license and also under acommerciallicense.WhenusersoftheOSSversiongettrippedup by failing to distribute source code to associatedapplications (whichmay be proprietary to the Company) thevendorthenoffersto“cure”theproblembylicensingthemthecommercialversionforalicensingfee.Othercleversoftwarecompanieshaverealizedthat ifyouputOSS onto a cloud computing platform and put a pretty face(user interface) on it, it is indistinguishable from commercialsoftware and, therefore, users can be charged commercialsubscriptionpricesforwhatamountstofreeOSSsoftware.Vendors realize that most users do not bother to read theonline Terms of Service or other license agreement, which

122

wouldcontainthestandardOSSpublicnoticesandalertthemtothepresenceoffreeOSS.Users are accustomed to paying commercial rates and arefocusedonthebenefitsreceivedfromusingthesoftware.Thatis the usual analysiswhen justifying a corporate budget line-itemforsoftwareacquisition.ButintheOSSworld,focusingon“benefits received” is the wrong analytical model. Many OSSprogramsdelivertremendousbenefit,buttheyarefreeforthetaking.Whypayforit?Instead,pricingshouldfocusonwhat,exactly,doesthevendorcontribute that goes beyond the functionality of the OSScomponents?The business model of shrouding free open-source softwarebehindaprettywebinterfaceandchargingcommercialratesisacleverslight-of-handthatoff-loadsdevelopmentandsupportcostsontotheopen-sourcecommunitywhilereapingwindfallprofits from unsuspecting customers who apply incorrectpricingmodelsandassumptions.EQILOGUE: Thirty years ago, I described “computer law”simplyas “theworkdonebya lawyerwhohandleswhateverproblems land on his desk” often scrambling to help clientscapture opportunities or manage risk. This often involvedrelatively “mundane and ancient areas of law that have beendustedoff,uncorkedanddrainedbythepracticaldemandsofthe computer industry. In many cases, those demands haveforcednewconceptsintooldbottlesthataresimplytoosmalltocontain them….”The lawhasexpandedrapidly in30yearstryingtokeeppacewiththecomputerindustry.Iwonderwhatitwilllooklike30yearsfromnow?

123

“IfImustspendtimeinthisbottle,thefirstthingthatI’d

liketodo,iskillallthelawyers.”