Don't Send An Engineer To Do A Lawyer's Job

Video in TIB AV-Portal: Don't Send An Engineer To Do A Lawyer's Job

Formal Metadata

Title
Don't Send An Engineer To Do A Lawyer's Job
Subtitle
A beginners guide to community legal engagement
Title of Series
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English
Production Year
2017

Content Metadata

Subject Area
Abstract
A thread on an open source project mailing list offers seven lessons on how toengage an open source community over legal issues. A thread on an Apache mailing list (Now safely in the past) provides a greatillustration of what not to do when your employer's interests seem to needengagement in an open source community. Instead of asking a suitably-trainedlawyer to directly engage, the company asked an engineer to engage when theywanted special terms for a contribution. They went on to propose custom terms,a custom CLA and even implied that they wanted private bilateral negotiations.This session runs through the thread and draws seven lessons for approachingan open source community with your legal issues.
Loading...
Presentation of a group Standard deviation Email Thread (computing) Open source Multiplication sign Direction (geometry) Electronic mailing list Set (mathematics) Staff (military) Stack (abstract data type) Inclusion map Message passing Mathematics Process (computing) Term (mathematics) Representation (politics) Software testing Data conversion Computer-assisted translation Bounded variation Address space
Context awareness Thread (computing) Open source State of matter Code Multiplication sign System administrator Source code Sheaf (mathematics) Set (mathematics) Field (computer science) Software bug Power (physics) Revision control Mathematics Term (mathematics) Core dump Computer-assisted translation Email Information Software developer Moment (mathematics) Projective plane Expert system Planning Line (geometry) Message passing Film editing Integrated development environment Software Personal digital assistant Quicksort
Point (geometry) Email Computer file Code Correspondence (mathematics) Multiplication sign Decision theory Electronic mailing list Plastikkarte Line (geometry) Number Sign (mathematics) Mathematics Process (computing) Integrated development environment Data conversion Whiteboard Error message
Point (geometry) Group action Open source Length Multiplication sign Set (mathematics) Field (computer science) Element (mathematics) Goodness of fit Mathematics Data conversion Computer-assisted translation Proxy server Time zone Email Dependent and independent variables Information Consistency Software developer Projective plane Expert system Electronic mailing list Multilateration Process (computing) Software Integrated development environment Personal digital assistant Statement (computer science) Right angle Pattern language Quicksort Object (grammar) Game theory Service-oriented architecture Spacetime
right our last speaker
thank you very much well thank you for staying to the end of the afternoon I appreciate that so I've got to talk for you that I'm testing on you to find out whether this is the way that I'm going to spend all my conferences for the coming year and the the talk is called don't send an engineer to do a lawyer's job it this was inspired by a thread on the Apache legal mailing list in 2015 and in this thread somebody came onto the mailing list with a request on behalf of their come their company and to my eyes at least this thread embodied every single thing that an experienced lawyer who was coming into free and open source communities for the first time should absolutely not do and so I've I've read through it and I've rift on that theme and put together for you a set of lessons really that are drawn from my experiences of watching repeated encounters with communities by legal staff and by the the engineers who are supported by that legal stuff it's not intended as a criticism of the company and so I've not named the company that's involved there is one person in the room who already knows who that company is which is Fontana down here because he made a critical comment during the conversation so I've I've told you I've warned him that he's in the in the presentation and he's sworn to secrecy over who who the company actually is I've got to give disclaimers so other approaches are possible may include nuts I'm not a lawyer and could not plausibly play one on television there is another problem with this presentation which is I couldn't come up with it conceivably with any pretty pictures to put up so there are instead gratuitous cat pictures during the presentation are introduced here this is this is poppy our cat and this is a failure and they they'll pop up during the presentation just to make it less boring so the background to the talk in this thread on Apache legal a representative of a very well-known company that was already active in the Apache community showed up and asked for some variations to some of Apaches standard terms now if you're at all involved in the Apache Software Foundation you all know that showing up and asking for variations two terms is not a great way to make yourself popular so this company had sent one of their Apache member staff somebody was an Apache dogma email address to make sure that they had as much stature as possible in the conversation it turned out once we dug into it that the changes they want you to make related to patent rights and the writer of the thread is apparently a member of the open-source team at the company and appears strongly appears to be following directions from legal counsel but the legal counsel involved never shows up on the thread and we never find out who that person is it's also likely that this is not an example of their previous behavior or of their later behavior but one of the messages in the thread indicates a new general counsel had recently been appointed at the company and it looks extremely likely that this whole move was at the direction of that new general counsel who had just come in from an extremely notoriously toxic corporation that will also remain unnamed and clearly had limited experience of dealing with communities of any kind least of all open-source communities so that's that's the background for you so
in the initial email the engineer brought in a league of agreement for Apache to consider changing their their software grant agreement they want you to put a new project into the Apache Incubator and evidently the they downloaded the standard SGA and the legal counsel had read through it and said these terms aren't quite right please could you go get Apache to change them for us and they had drafted a completely new version of the SGA and attached to the email that the initial email in the thread there was this new SGA and we'll say more about that in a moment so I would like to suggest to you that any community has got legal documents has got those legal documents to create a set of freedoms and to create an environment of certainty for the people who are contributing to the project and those legal agreements create that certainty and they are usually a consensus activity and so for you to come in and suggest that you want to change them is to you for you to come in and challenge the environment of certainty that the developers are currently enjoying and that's the reason you will get rejected it's not because they hate you or because they dislike your corporation it's because they've already done this and you weren't there and now you're coming in and trying to open the old issue again and so they will typically put you away if you try and do that if you do find a bug in an agreement well that's great but raise it sometime when it's not urgent raise it when when people are going to be happier about talking about it okay click this is exciting I have a failure back again so the next
thing they did was they attach the document and the document didn't have a red line so there was no there was no no information say what they had changed in the document there was also no narrative about the changes explaining what changes have been made and there was also no justification for the changes now as you know open-source communities are really not excited about being given very large dumps of fait accompli work and being asked in to merge them in with the source code and the same applies to legal documents that environment of consensus uncertainty should not be modified by a completely new version that appears from the ether and consequently I would say that combining a large dump of change and a lack of rationale is probably the very best recipe to make yourself unpopular in a community and unfortunately this person did both just as a side note that this whole phrase here's a special agreement we need you to sign which normally goes along with an NDA or something is another really great way to get yourself out of favor in a community now to explain why that is open-source community is a multilateral environment there are many parties involved and they have multilaterally reached agreements and that that multilateral state is actually what creates the freedom and as soon as you enter into that multilateral environment and start creating one-to-one bilateral relationships you undermine the whole community's freedom and you do that for two reasons first of all you create contexts where everywhere some people are not permitted to participate and secondly you create an instrument of power for the party creating agreement because they can threaten to modify it or to withdraw it at any time as a sanction for behavior that isn't required so any kind of agreement that is bilateral being imposed within a community which is multilateral is automatically going to be considered bad whether it's an NDA whether it is some kind of a software licensing grant whether it is a patent license anything bilateral is going to be rejected and it's a really bad idea to bring it into the community the only who came in also indicated that really this wasn't his thing and he came in with lots of cut and paste sections that had clearly come from an internal email and one imagines that he received an email with little little bars around his saying you can make this bit public and so he cuts and pastes and sticks it in the message and sends it off to Apache and while it's inevitable that there will be people in your company who you need to bring to consensus before you can act with the community it's really a bad idea to send into the community to negotiate a powerless proxy and that applies to code contributions as well as it applies to engagements over administration or over legal agreements if your company has been thinking of having an open-source department that will have all the people who face the open-source community and what they will do is submit code on behalf of the real developers who live in secret in a plan in a backroom that's not going to work and you know that's not going to work well it doesn't work for legal agreements either you really have got to send in an empowered expert to go make the negotiations and so there's quite a few people in this room who are that sort of empowered X were people like Fontana down here he comes into public discussions and represents his employer and does it in a very thoughtful and integrated way in the community well that's how you do it you send a lawyer you don't send an engineer unless that engineer happens to be Roy fielding in which case there's no problem ok cat picture so the the
correspondence it begins to get frustrated by being told well you don't know what you're doing do you and begins to suggest that maybe what should happen is they should get their people to talk to our people and so he actually asks at one point to have their attorney speak to your attorney now there are actually legal advisors at Apache who are helping the board with legal decisions but it's not normal for you to ask to speak to them as the first activity you should probably come into the community and talk to the legal discuss mailing list and have your open conversation because you're trying to affect this multilateral environment and immediately trying to go into a bilateral negotiation is a sign of distrust and a sign of disrespect if Apache says to you our lawyer would like to talk to you about this that's fair enough but for you to show up and ask for a one-on-one with Apaches lawyer is again not going to make you any friends so that kind of persisted for a little while in the conversation and then the the writer began to get more frustrated and tried to dis to encourage Apache to create a special process this is an urgent code contribution it's got to be made really fast we need to fix this solution here let's resolve it this way now Apache has got well-worn processes for making decisions if you go into the Apache legal mailing list you'll find there are a number of people there who will say to you that there's no rush that they've got to make decisions slowly and it's not a matter of the process being slow and broken it's slow by design it's it's working when it's slow it's broken when it's fast and so it was a big error I think to do this and as indeed one of the correspondents on the mailing list said is they their new way was simply a way of avoiding the people with the most experience who were going to spot the defects and that was I probably actually what the company wanted was to avoid the people who really knew what was going on so now they begin to play the the wounded card we're just trying to make a con why are you making this so hard for us we're just trying to make a contribution and this was the point at which one community member who to remain nameless was pointed out that there's a substantial change that had been made in the unread line document was to remove a grant a patent grant to future patents filed by the company on the code they were contributing and it seemed likely that this company had decided they wanted to remain free to file patents on ideas that were embodied in the code and then potentially pursue the of the Apache community for them later and that did lead to a momentous point where this person who pointed this point out was said to be an extremely clever person by Kim jong-il ski who was the president of Apache at the time something that I believe you have a back you have a gold badge or something I don't know that has that on so they were they were trying to hide things and it's it's not always easy to hide things from communities so
they they they try their last-ditch attempt but unfortunately the president of Apache said no and said that the changes may look beefed be framed as making a clarification to the SGA but actually those clarifications are of primary benefit to your company now I think to everybody of all of us who have been reading the mailing list this was exactly what was going to happen from the very first post I don't think anyone was in any doubt that the request was going to be declined but then the next
thing that happened after that was well it turned out they were very comfortable
we the SJ after all and within 12 hours of being told no you can't do this they said well well to hell with it will sign it anyway and so if you want to round out your your miss experience with the community a great way to do it is when you lose is to show that you had just been playing a corporate game all along that will make sure the next time you make a request for a change no one gives you the slightest time of day so to summarize for you what did they do wrong well first of all they sent a non-expert unempowered proxy secondly they tried to act bilaterally in the environment which is inherently multilateral thirdly they tried to circumvent the well one accepted consensus the consensus which creates the freedom that the community enjoys for developing software fourthly they condescended to the community at one point they said that no one here is an expert let's get our lawyers together and I think exactly it was actually Roy fielding that popped up around that point and said you know I've a good idea what's going on here they tried to change the license and if there's ever one thing to tell your council it is you can't do that you know you're used to doing commercial negotiations and those are where two companies are trying to broker a non-combat zone between their two competing objectives and you change the license agreements in that world this is not that world that license is not a bilateral peace treaty between two warring companies this is a multilateral statement of rights by a collaborative community and you never change it as possibly hard to change most license agreements that are have been in use for any length of time they sixthly tried to dump an unexplained set of changes and seventh and worst they tried to conceal their true self interest and I think that those are probably the seven lessons that you should give to your council to explain how to deal with an open-source community so what should they have done well they should have found an empowered and qualified person who was not acting as a proxy but was acting in their main job they should have understood Apaches process and followed that process and been told by Apache when the process needed changing rather than suggesting the process needed changing for them they should have made the changes if they thought the SJ was wrong they should have made the changes before they had a problem rather than tried to make changes in response to their perceived problem they should have made sure they did all of their talking in community spaces so that everybody can participate from the community community spaces don't need to be public apache has private mailing lists that are members only when things shouldn't be made public to the general public but Apache generally is not happy about you trying to have one-on-one conversations with people to circumvent the community and don't try and go lawyer to lawyer with open source communities until the community invites you to do it you'll know if you get it right because at the end of the process your lawyer will be told either that the cleverest person in the room or they'll be told that they should apply for membership of the community or they will generally be consulted over future activities they'll be treated as a community member and the truth is that that lawyers are the members that we need in our communities you know we've got plenty of developers and and we've got plenty of users but actually it's really good to adopt a lawyer too so that you can get that expert opinion without having to pay for it and so that is everything that I was going to say to you and a gratuitous cat thanks you for your time and I would be very happy to entertain questions or two because they understand what they tried to remove so when you donate software to the Apache Software Foundation they ask you to sign a contributor agreement and that contributor agreement doesn't actually transfer the copyright to Apache but he does give Apache all of the rights that are implicated in the Apache License one of those things includes an unlimited license to the patents and the reason that they asked for unlimited license to the patterns is to inoculate the Apache Software Foundation and its members and its software users from any possible patent action in the future what this company was trying to do was to remove that compulsion to provide a patent license to the Apache Software Foundation presumably because they quite fancied the idea of filing some patents later in attacking the members now it is true to say that the apache license itself also has a patent retaliation clause in it this is beyond the scope of discussing this afternoon but that wasn't what they were trying to circumvent here they were trying to circumvent something actually more fundamental they were trying to avoid giving any rights whatsoever to future patterns why were they trying to join Apache if they wanted that particular sort of change when I just pick a different license or go elsewhere they did they just fail to understand or was there something more subtle to it I think I said that that is a fine question so the company involved is is heavily involved in other projects at Apache and this was another project that they were adding to their portfolio and I have a very strong suspicion the situation arose because a new general council had come in and they hadn't had a general counsel before that and they had been working on the advice of external counsel I believe and I think the general counsel came in and said you know you're running this ship you're running here is terrible it's going to sink you've got to start paying attention and this was the first case after the GC had come in I think it was probably a consequence of that the company involved was a consistent contributor at Apache and it continues to be a consistent contributor and as you saw at the end of the process they worked out that they weren't going to get away with it this time anyway it was probably something of a learning experience for the general counsel I just want to just want to make a comment that my heart goes out to the poor engineer because I what I suspect actually might have been happening was the general counsel was let me go tell them I'm going to go in the list and do it and the engineer was like no wait a minute no at least you know make some attempt at the conversation so I you may have more information from the experience to know that or not know it I was just reading them but everything I've said is all derived from making unwarranted assumptions about these medications on the medic nurse I did actually write to the people involved on the mailing list and ask them if they wanted to explain what was really going on and they didn't reply to my emails for some reason any other questions awesome Thank You Simon okay [Applause]
Loading...
Feedback

Timings

  453 ms - page object

Version

AV-Portal 3.21.3 (19e43a18c8aa08bcbdf3e35b975c18acb737c630)
hidden