[conspire] More about real-world legal conflict

Rick Moen rick at linuxmafia.com
Fri Dec 23 11:02:54 PST 2005

[A friend was having me review a draft outline of a piece about 
non-disclosure agreements.  This is an excerpt from some of my comments.]

This is good as far as it goes, but it's a bit more black and white than
I think the world really is.

In fact, spending some time around corporate lawyers caused me to have
an epiphany, one day:  Businesses violate each others' (and
individuals') legal rights all the time -- not because they intend to,
but because it just happens.  A lot of the work of a corporate counsel
involves helping the company pick the lesser evil, apply balm to burned
fingers, and apologise -- and in other cases bully some people;
threaten, buy off, or stonewall/outbluff third parties.

Let me tell you a story:  I was the unofficial software-licensing effort
at a company we'll call Venture Capital Linux, Inc.  VCL published
two variant forms of the Red Hat Linux distribution, including one that
was specialised for NAS clusters.  Like most medium-sized
companies, VCL suffered endemic communications and coordination
screw-ups between groups.  The Engineering department did cooperative
work under NDA with Truth Software of Palo Alto, backup specialists, and 
Network Fiascos of Emeryville, both of which firms provided VCL as
confidential proprietary code some of their enhancements to the
third-party GPLed ndmp network-backup utility -- intending it as
strictly internal experimental code.  But then, the Professional
Services department grabbed that code off the internal CVS, made a
binary i386 RPM, and bundled it into the downloadable NAS distribution 
on the exterior public ftp site.

A few months later, a polite query arrived at VCL Technical Support from
a coder at Mountain View NAS, politely asking to be furnished matching
source for our ndmp code under the provisions of GPLv2.  I asked
Professional Services, whose VP said "Oh shit!" and referred me to
Enginsering.  Engineering's VP said "Oh shit!" and referred me to Jim,
the corporate counsel.  I sent Jim what I had.

By the time I arrived at Jim's office, he already had sussed it all out
and had the matter covered -- but I was curious, and needed to have it
spelled out for me:

Me:  "But aren't we obligated to give the Mountain View guy what he
      asked for?"
Jim:  "Yes."
Me:  "But we're not going to do that?"
Jim:  "No."
Me:  "Isn't that a copyright infringement against the upstream ndmp authors?"
Jim:  "Yes."
Me:  "So, why aren't we going to give him the code?"
Jim:  "Because that would be breach of contract with our business
      partners, Truth Software and Network Fiascos, which would have 
      severe and expensive consequences for us."
Me:  "Oh.  What are we telling the Mountain View guy?"
Jim:  "That the modified ndmp was released by mistake, that it's now been
      withdrawn, and that we regret any inconvenience."
Me:  "What if he sues?"
Jim:  "He can't.  He doesn't have standing."
Me:  "Oh, right.  What if the upstream coders sue?"  
Jim:  "In the first place, not likely, since they aren't even aware of
      this situation, and since they haven't been offended, and since
      the infringement has already been remedied.  In the second place,
      without registering their copyrights with the Library of Congress,
      which they haven't done, they could sue only to enjoin further
      infringement, not for damages -- and there is no more infringement
      at this point.  Even if they had registered, their recoverable 
      damages would be keyed to the extent of their commercial loss, 
      of which they've suffered none at all."
Me:  "So, basically, since we have to choose one tort or another, we pick
     the one that's pretty much harmless."
Jim:  "Right."
Me:  "OK, makes sense.  Do I need to reply to the Mountain View guy?"
Jim:  "No.  Legal is sending out that nice, short letter today.  Leave
      it to us."

The point is that this sort of thing happens all the time.  Firms step
on each others' toes, through screw-ups or because smaller interests and
concerns got in the way of larger ones; the end-result is some sort of
accomodation:  Either someone's merely annoyed but not enough to act, or
that firm gets a favour or payment or apology, or in extreme cases the
firm is annoyed and self-righteous enough to sue for some form of remedy
-- but not very often.  The public isn't aware of 99% of this, because
the parties simply don't publicise it.

_NDAs_ get violated all the time, too.  How many reviews or "previews"
of prerelease software have you read?  Only a tiny fraction of those were 
authorised.  The reviewers didn't get sued, because the firms didn't
think that would work out as to cost/benefit.  And the authors don't
even, realisitically, get blacklisted.  The world just moves on.

Thus, your "Avoid breaching the NDA" would be better if it were qualifed
and put in perspective:  Avoid breaching the NDA, or else what,
_really_?  Are all breaches equal?  What happens if you end up violating
the NDA despite your intention to the contrary, either by accident or
because it was the lesser of two evils?

If someone does sue you for breach of contract (i.e., the NDA), then
what determine whether they're likely to prevail, and what they're
likely to get?

More information about the conspire mailing list