SCO NDA Offers Little Information, Much Risk
On May 14, SCO VP Chris Sontag offered to show evidence of SCO's infringement claims against Linux, under a non-disclosure agreement, to an independent panel of experts. SCO has released the text of the agreement, and we include it below.
Dan Ravicher, an attorney who specializes in free software and open-source issues at the firm of Patterson, Belknap, Webb & Tyler, said in an interview there are three key problems with the NDA. First, Ravicher said, "SCO can pick and choose among all its evidence" to show only the parts that back up the company's claims. "They're agreeing to let you see the half of the picture that they want you to see", he added.
Second, the NDA does not exclude information that the recipient obtained in ways other than from SCO. If SCO showed a patent or other public document to someone bound by the NDA, that person would not be allowed to discuss it even if he or she had been previously aware of it, Ravicher said. "The definition of confidential information is much larger than I've seen in any other agreement", Ravicher said. "It covers a lot of stuff that wouldn't be, by a textbook definition, confidential."
Finally, the NDA requires any dispute to be settled in the state of Utah, which could be "pretty onerous" for people outside the state. "They could sue me and make me go to Utah to prove I didn't disclose confidential information", Ravicher said.
Ravicher's interview does not constitute legal advice, and anyone considering signing an NDA should consult with his or her own legal counsel.
"If someone wants to enter this despite all those bad parts, it's a free country", Ravicher said. "I'm not saying someone should or should not do this, but these are things that you should be aware of."
Chris DiBona, the former Slashdot editor and Damage Studios co-founder who Linus Torvalds suggested for the panel, said he does not think anyone actively involved in kernel development or planning to contribute to free software projects should sign the NDA. But he said he wants to find out if other software experts would be interested in participating. The following are the qualifications this person should have:
Can sign an NDA with SCO without endangering existing open-source projects, including BSD, Linux, other kernels or other projects.
Experience with a large scale software project in C, with some low level systems work.
No business connection to SCO or any company involved in a legal case with SCO.
No direct connection to SCO as a licensee.
Not bound by an existing NDA that would prohibit him or her from expressing his or her opinion on this matter.
Have the time to do the work involved.
If you meet these qualifications and are interested in participating, you can contact [Linux Journal], and we will put you in touch with the right person at SCO.
[Linux Journal] publisher Phil Hughes has instructed Linux Journal staff not to accept the NDA because of concerns that it may interfere with the publication's normal work, which can involve reading and publishing Linux kernel code.
The following text is the version of the NDA we received from SCO on Wednesday, June 4, 2003:
Confidentiality and Nondisclosure Agreement
This Confidentiality and Nondisclosure Agreement is dated
June ____, 2003 and is by and between the following Parties:
SCO: The SCO Group, Inc.
355 South 520 West
Lindon, Utah 84042
RECIPIENT: ______________________________
______________________________
______________________________
WHEREAS, The SCO Group, Inc. ("SCO") possesses certain
Confidential Information, including source code and other
proprietary information, and
WHEREAS, RECIPIENT desires to review the Confidential
Information, and thereafter to generally summarize portions of
the Confidential Information without revealing the confidential
source code itself, or its design methods and concepts, or
specific comparisons of code;
NOW THEREFORE, IN CONSIDERATION of the mutual promises and
agreements made herein, and other good and valuable
consideration,
THE PARTIES agree as follows:
1. Disclosure of Confidential Information. RECIPIENT
desires that SCO disclose to RECIPIENT certain Confidential
Information relating to SCO's Unixware and SCOsource businesses
and certain statements SCO has made publicly regarding SCO's
property relative to the Linux operating system. RECIPIENT
acknowledges that it will receive access only to a portion of
information relevant to these issues.
2. Purpose. RECIPIENT warrants that the Confidential
Information disclosed by SCO to RECIPIENT shall only be used for
the purposes of (a) evaluating SCO's public statements regarding
its UNIX source code and attendant rights and the ways in which
those UNIX rights affect one or more distributions of Linux, and
(b) evaluating whether RECIPIENT's or other's use of Linux
violates any of SCO's UNIX-related source code or other rights.
Following RECIPIENT's review of the Confidential Information, it
may publicly offer its general opinion on and a general, brief
summary of the Confidential Information it has seen. However,
RECIPIENT shall not divulge details or specifics as to any
Confidential Information with respect to specific source code,
files, derivative works, modifications or design methods and
concepts it has seen, nor shall it divulge any third party
information it has seen, either in source code, products,
contracts or in other third party Confidential Information.
3. Definition of Confidential Information. " Confidential
Information" means any and all data, technology, research,
inventions, intellectual property, trade secrets, know how,
computer programs, source code, file names, file trees or
extensions, works of authorship, products, processes, methods,
customer names, plans, forecasts, prices, business information,
financial information, and other information shown or relayed by
SCO to RECIPIENT on _______________________ [date].
4. Protections. RECIPIENT shall not disclose or transfer
any Confidential Information to any other person or entity.
RECIPIENT shall not use Confidential Information except for the
purpose and by the methods described in Paragraph 2. RECIPIENT
shall use its best efforts to ensure against any disclosure,
transfer or use of Confidential Information not specifically
authorized by SCO in writing.
5. Employees. Access to Confidential Information by
RECIPIENT's employees shall be limited by RECIPIENT to employees
having a specific need to know. RECIPIENT shall be responsible
for its employees and their compliance with this Agreement.
6. No License. SCO is not obligated to grant to RECIPIENT
any license or right under any patent, trade secret, copyright,
trademark or other intellectual property right of SCO.
7. No Obligation to Disclose. SCO has no obligation under
this Agreement to disclose to RECIPIENT any Confidential
Information which SCO elects to withhold.
8. Injunctive Relief. It is understood and agreed that
damages are an inadequate remedy in the event of a breach or
intended or threatened breach by RECIPIENT of this Agreement and
that any such breach by RECIPIENT will cause SCO irreparable
injury and damage; accordingly, RECIPIENT agrees that SCO shall
be entitled, without waiving any additional rights or remedies
(including monetary damages) otherwise available to SCO at law,
or in equity, or by statute, to preliminary and permanent
injunctive relief in the event of a breach or intended or
threatened breach by RECIPIENT.
9. Severability. In case any one or more of the
provisions contained herein shall, for any reason, be held to be
invalid, illegal, or unenforceable in any respect, such
invalidity, illegality or unenforceability shall not affect any
other provisions of this Agreement, and this Agreement shall be
construed and enforced as if such invalid, illegal or
unenforceable provision(s) had never been contained herein,
provided that such invalid, illegal or unenforceable provision(s)
shall first be curtailed, limited or eliminated to the extent
necessary to remove such invalidity, illegality or
unenforceability with respect to the applicable law as it shall
then be applied.
10. Final Agreement. This Agreement constitutes the final,
complete and exclusive agreement between SCO and RECIPIENT
concerning the subject matter of this Agreement and supersedes
all prior agreements, understandings, negotiations and
discussions, written or oral, between SCO and RECIPIENT with
respect thereto. Any modification, recission or amendment of
this Agreement shall not be effective unless made in a writing
executed by SCO and RECIPIENT.
11. Waiver. Any waiver of, or promise not to enforce, any
right under this Agreement shall not be enforceable unless
evidenced by a writing signed by the Party making said waiver or
promise.
12. Construction. The headings in this Agreement are for
the purpose of convenience only and shall not limit, enlarge, or
affect any of the covenants, terms, conditions or provisions of
this Agreement. This Agreement represents the wording selected
by the Parties to define their agreement and no rule of strict
construction shall apply against either Party.
13. Governing Law, Jurisdiction and Attorney's Fees. This
Agreement shall be governed and enforced in accordance with the
laws of the state of Utah, without regard to its conflict of laws
principles, and RECIPIENT hereby consents to the exclusive
jurisdiction and venue in courts (whether federal or state) in
the state of Utah. RECIPIENT waives all defenses of lack of
personal jurisdiction and forum non conveniens. In any action to
enforce any right or remedy under this Agreement or to interpret
any provision of this Agreement, the prevailing party will be
entitled to recover its reasonable attorney's fees, costs and
other expenses.
14. Authorization. The persons signing below represent
that they are authorized to execute this Agreement for and on
behalf of the Party for whom they are signing and to bind said
Party to the terms of this Agreement.
AGREED TO AND ACCEPTED BY:
("RECIPIENT")
Authorized Signature:
Name (print):
Title:
The SCO Group, Inc. ("SCO")
Authorized Signature:
Name (print):
Title:
Don Marti is Editor in Chief of Linux Journal.
email: dmarti@ssc.com
