From: spdx-legal-bounces@... [mailto:spdx-legal-bounces@...] On Behalf Of Wheeler, David A
Sent: Thursday, March 15, 2012 4:33 PM
Subject: Add license entry/entries for U.S. Government Works to SPDX
I propose adding SPDX entries for U.S. Government Works. I talked with a few people about this on March 7, and they seemed positive about the general idea (I realize the complications are always in the details).
So here is my specific proposal, based on that earlier discussion. In particular, I suggest adding at *least* US-GOVERNMENT-WORK to SPDX, and I think itd be best to also add US-GOVERNMENT-WORK-FOREIGN-COPYRIGHT and US-GOVERNMENT-WORK-NO-FOREIGN-COPYRIGHT (which are like standard riders). Background & the proposal itself are below.
First, heres some background. The U.S. federal government spends a large amount of money each year to develop and modify software. Most of this is done through contractors, but a non-negligible amount of software development (including changes) is done by U.S. federal government employees as part of their official duties. Some examples of this kind of OSS include expect (a common utility program thats probably in every Linux distribution repository), VistA (not Windows, but the software that supports day-to-day operations at local Department of Veterans Affairs health care facilities), and significant portions of security-enhanced Linux (as used in Red Hat Enterprise Linux and Fedora, among others). This isnt hypothetical; this happens NOW.
But this kind of software is under a different legal regime than other software, leading to a need for a different SPDX identifier. Under U.S. law, Copyright protection under this title is not available for any work of the United States Government (17 USC § 105), and A work of the United States Government is a work prepared by an officer or employee of the United States Government as part of that persons official duties. (17 USC § 101). Typically no license text is distributed with the code itself. But there *is* a need to indicate that some software is in this particular situation.
So I propose that SPDX add at least the name US-GOVERNMENT-WORK (or similar), to indicate software that is a U.S. federal government work as defined under U.S. law. In this case, its an *absence* of copyright (at least in the US), not its presence, but it is still valuable to indicate its license status. For the license text, I recommend simply quoting U.S. law; its clearly authoritative within the US, and its the US federal governments own work. So I suggest that the license text be as follows:
This software, or portions of it, are a U.S. government work.
Copyright protection under this title is not available for any work of the United States Government. (17 USC § 105)
A work of the United States Government is a work prepared by an officer or employee of the United States Government as part of that persons official duties. (17 USC § 101)
There are two challenges I see; let me try to address them.
First, there isnt an official standard header text that indicates this circumstance either. This is part of the larger problem that very often the government and public have lots of rights, but cannot determine that they do. See [CENDI GUESSING] below which bewails this. My hope is that SPDX could help solve this; if there is an easy, standardized way to notate legal circumstance, its more likely to be notated. That said, [CENDI FAQ 2008] section 3.1.8 gives header text that was developed and recommended by a team of US government lawyers, and its used directly by [CENDI GUESSING] among others. Thus, I suggest using that as the standard header text that people should look for. Later on you might allow some alternative wording as well, but theyd only be in addition to this. Heres that standard header text:
This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights may apply.
The second challenge is hinted at by the text above. Although the U.S. government cannot copyright a U.S. government work in the U.S., it CAN assert copyrights in foreign countries if it chooses to do so. See [CENDI FAQ 2008] #3.1.7, which says, Copyright is sometimes asserted by U.S. Government agencies outside the United States. Most of the time the U.S. government does NOT assert copyright outside the US, but there is usually NO WAY for a recipient to determine if this is the case or not. So really have 3 cases:
1. US government has asserted copyright outside the US.
2. US government asserts that it will NOT assert copyright outside the US.
3. No evidence has been found for any particular assertion either way (the common case).
Yes, thats a mess in many cases. But SPDX can help us, by giving us a clear way to describe which case applies to some given software. These fine license distinctions are exactly like the riders that apply to many licenses like the GPL (e.g., GPL with classpath exception). So the SPDX rider mechanism can be easily used to handle this distinction.
With that, I propose three SPDX license names:
1. US-GOVERNMENT-WORK-FOREIGN-COPYRIGHT: US government work per 17 USC § 105, foreign copyright asserted. I know of no standard header text for this, but theres an obvious derivative: This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights apply.
2. US-GOVERNMENT-WORK-NO-FOREIGN-COPYRIGHT: US government work per 17 USC § 105, with assertion by the US government that they will not assert any foreign copyright. Again, theres no standard header text, but theres an obvious derivative: This is a work of the U.S. Government and is not subject to copyright protection in the United States. Foreign copyrights do not apply.
3. US-GOVERNMENT-WORK: US government work per 17 USC § 105, but no evidence has been identified for either of the more specific assertions above. Again, this is the common case. Use the header text I already listed above. This category could be refined still further, e.g., a subcategory meaning no one knows and another meaning the organization hasnt decided either way. But I dont think its important to refine this further, as the difference is basically irrelevant to recipients; no matter what, recipients have to hunt for more information if it matters, including contacting the US government if they can.
In practice, people treat US-GOVERNMENT-WORK as Ive defined above exactly like US-GOVERNMENT-WORK-NO-FOREIGN-COPYRIGHT. That is sloppy but it is not my fault! At the least, a recipient who has this marking knows that they certainly *can* do a lot of things in the US, and that there are potential issues outside the US. For example, someone could receive software marked US-GOVERNMENT-WORK, do Google searches and other analysis to see if theres a foreign copyright assertion, and if not, record that they believe the license is actually . US-GOVERNMENT-WORK-NO-FOREIGN-COPYRIGHT (along with the rationale). This would make the SPDX names quite useful; it would give an analyst a place to start, as well as indicating what kind of analysis may need to be done.
SPDX cannot solve all the weirdness of US law
nor does it need to. Simply making it clear what is known
and in some cases, what is not
is very valuable.
We also had a discussion about the term (copyright) public domain. I understand why the SPDX developers want their terms to be more precise
I think that makes sense. So Id suggest that SPDX work on creating precise definitions for things like US-GOVERNMENT-WORK-NO-FOREIGN-COPYRIGHT and CC0, and people (SPDX or others) can define broad categories like permissive or copyright public domain or strongly protective. Then, SPDXs specific licenses can be examined to see which ones meet the definitions of broader categories. But that means that SPDX has to include, in its list, enough common specific definitions so that this crosswalk can be useful.
In any case, its important that SPDX have a way to notate these cases, so this is a proposal to make it happen.
For more information, see:
[17 USC § 105]
Copyright protection under this title is not available for any work of the
United States Government, but the United States Government is not precluded
from receiving and holding copyrights transferred to it by assignment, bequest,
[17 USC § 101]
A work of the United States Government is a work prepared by an officer or
employee of the United States Government as part of that persons official duties.
CENDI. DONT KEEP THE PUBLIC GUESSING: BEST PRACTICES IN NOTICE OF COPYRIGHT AND TERMS & CONDITIONS OF USE FOR GOVERNMENT WEB SITE CONTENT
[CENDI FAQ Software]
CENDI. Frequently Asked Questions about Copyright and Computer Software: Issues Affecting the U.S. Government with Special Emphasis on Open Source Software, revised Oct 1, 2010, http://www.cendi.gov/publications/09-1FAQ_OpenSourceSoftware_FINAL_110109.pdf
[CENDI FAQ 2008]
CENDI. Frequently Asked Questions About Copyright Issues Affecting the U.S. Government. CENDI/2008-1. October 8, 2008 http://www.cendi.gov/publications/04-8copyright.html
In particular, see its section 3.
[DoD OSS FAQ]
DoD Open Source Software (OSS) FAQ
CENDI is an interagency working group of senior scientific and technical information (STI) managers from 12 U.S. federal agencies; they provide a lot of cross-US-government guidelines in these kinds of matters. CENDI has a number of related publications, see: http://www.cendi.gov/publications/