SCO NDA Offers Little Information, Much Risk
On May 14, SCO VP Chris Sontag offered to show evidence of SCO's infringement claims against Linux, under a non-disclosure agreement, to an independent panel of experts. SCO has released the text of the agreement, and we include it below.
Dan Ravicher, an attorney who specializes in free software and open-source issues at the firm of Patterson, Belknap, Webb & Tyler, said in an interview there are three key problems with the NDA. First, Ravicher said, "SCO can pick and choose among all its evidence" to show only the parts that back up the company's claims. "They're agreeing to let you see the half of the picture that they want you to see", he added.
Second, the NDA does not exclude information that the recipient obtained in ways other than from SCO. If SCO showed a patent or other public document to someone bound by the NDA, that person would not be allowed to discuss it even if he or she had been previously aware of it, Ravicher said. "The definition of confidential information is much larger than I've seen in any other agreement", Ravicher said. "It covers a lot of stuff that wouldn't be, by a textbook definition, confidential."
Finally, the NDA requires any dispute to be settled in the state of Utah, which could be "pretty onerous" for people outside the state. "They could sue me and make me go to Utah to prove I didn't disclose confidential information", Ravicher said.
Ravicher's interview does not constitute legal advice, and anyone considering signing an NDA should consult with his or her own legal counsel.
"If someone wants to enter this despite all those bad parts, it's a free country", Ravicher said. "I'm not saying someone should or should not do this, but these are things that you should be aware of."
Chris DiBona, the former Slashdot editor and Damage Studios co-founder who Linus Torvalds suggested for the panel, said he does not think anyone actively involved in kernel development or planning to contribute to free software projects should sign the NDA. But he said he wants to find out if other software experts would be interested in participating. The following are the qualifications this person should have:
Can sign an NDA with SCO without endangering existing open-source projects, including BSD, Linux, other kernels or other projects.
Experience with a large scale software project in C, with some low level systems work.
No business connection to SCO or any company involved in a legal case with SCO.
No direct connection to SCO as a licensee.
Not bound by an existing NDA that would prohibit him or her from expressing his or her opinion on this matter.
Have the time to do the work involved.
If you meet these qualifications and are interested in participating, you can contact [Linux Journal], and we will put you in touch with the right person at SCO.
[Linux Journal] publisher Phil Hughes has instructed Linux Journal staff not to accept the NDA because of concerns that it may interfere with the publication's normal work, which can involve reading and publishing Linux kernel code.
The following text is the version of the NDA we received from SCO on Wednesday, June 4, 2003:
Confidentiality and Nondisclosure Agreement This Confidentiality and Nondisclosure Agreement is dated June ____, 2003 and is by and between the following Parties: SCO: The SCO Group, Inc. 355 South 520 West Lindon, Utah 84042 RECIPIENT: ______________________________ ______________________________ ______________________________ WHEREAS, The SCO Group, Inc. ("SCO") possesses certain Confidential Information, including source code and other proprietary information, and WHEREAS, RECIPIENT desires to review the Confidential Information, and thereafter to generally summarize portions of the Confidential Information without revealing the confidential source code itself, or its design methods and concepts, or specific comparisons of code; NOW THEREFORE, IN CONSIDERATION of the mutual promises and agreements made herein, and other good and valuable consideration, THE PARTIES agree as follows: 1. Disclosure of Confidential Information. RECIPIENT desires that SCO disclose to RECIPIENT certain Confidential Information relating to SCO's Unixware and SCOsource businesses and certain statements SCO has made publicly regarding SCO's property relative to the Linux operating system. RECIPIENT acknowledges that it will receive access only to a portion of information relevant to these issues. 2. Purpose. RECIPIENT warrants that the Confidential Information disclosed by SCO to RECIPIENT shall only be used for the purposes of (a) evaluating SCO's public statements regarding its UNIX source code and attendant rights and the ways in which those UNIX rights affect one or more distributions of Linux, and (b) evaluating whether RECIPIENT's or other's use of Linux violates any of SCO's UNIX-related source code or other rights. Following RECIPIENT's review of the Confidential Information, it may publicly offer its general opinion on and a general, brief summary of the Confidential Information it has seen. However, RECIPIENT shall not divulge details or specifics as to any Confidential Information with respect to specific source code, files, derivative works, modifications or design methods and concepts it has seen, nor shall it divulge any third party information it has seen, either in source code, products, contracts or in other third party Confidential Information. 3. Definition of Confidential Information. " Confidential Information" means any and all data, technology, research, inventions, intellectual property, trade secrets, know how, computer programs, source code, file names, file trees or extensions, works of authorship, products, processes, methods, customer names, plans, forecasts, prices, business information, financial information, and other information shown or relayed by SCO to RECIPIENT on _______________________ [date]. 4. Protections. RECIPIENT shall not disclose or transfer any Confidential Information to any other person or entity. RECIPIENT shall not use Confidential Information except for the purpose and by the methods described in Paragraph 2. RECIPIENT shall use its best efforts to ensure against any disclosure, transfer or use of Confidential Information not specifically authorized by SCO in writing. 5. Employees. Access to Confidential Information by RECIPIENT's employees shall be limited by RECIPIENT to employees having a specific need to know. RECIPIENT shall be responsible for its employees and their compliance with this Agreement. 6. No License. SCO is not obligated to grant to RECIPIENT any license or right under any patent, trade secret, copyright, trademark or other intellectual property right of SCO. 7. No Obligation to Disclose. SCO has no obligation under this Agreement to disclose to RECIPIENT any Confidential Information which SCO elects to withhold. 8. Injunctive Relief. It is understood and agreed that damages are an inadequate remedy in the event of a breach or intended or threatened breach by RECIPIENT of this Agreement and that any such breach by RECIPIENT will cause SCO irreparable injury and damage; accordingly, RECIPIENT agrees that SCO shall be entitled, without waiving any additional rights or remedies (including monetary damages) otherwise available to SCO at law, or in equity, or by statute, to preliminary and permanent injunctive relief in the event of a breach or intended or threatened breach by RECIPIENT. 9. Severability. In case any one or more of the provisions contained herein shall, for any reason, be held to be invalid, illegal, or unenforceable in any respect, such invalidity, illegality or unenforceability shall not affect any other provisions of this Agreement, and this Agreement shall be construed and enforced as if such invalid, illegal or unenforceable provision(s) had never been contained herein, provided that such invalid, illegal or unenforceable provision(s) shall first be curtailed, limited or eliminated to the extent necessary to remove such invalidity, illegality or unenforceability with respect to the applicable law as it shall then be applied. 10. Final Agreement. This Agreement constitutes the final, complete and exclusive agreement between SCO and RECIPIENT concerning the subject matter of this Agreement and supersedes all prior agreements, understandings, negotiations and discussions, written or oral, between SCO and RECIPIENT with respect thereto. Any modification, recission or amendment of this Agreement shall not be effective unless made in a writing executed by SCO and RECIPIENT. 11. Waiver. Any waiver of, or promise not to enforce, any right under this Agreement shall not be enforceable unless evidenced by a writing signed by the Party making said waiver or promise. 12. Construction. The headings in this Agreement are for the purpose of convenience only and shall not limit, enlarge, or affect any of the covenants, terms, conditions or provisions of this Agreement. This Agreement represents the wording selected by the Parties to define their agreement and no rule of strict construction shall apply against either Party. 13. Governing Law, Jurisdiction and Attorney's Fees. This Agreement shall be governed and enforced in accordance with the laws of the state of Utah, without regard to its conflict of laws principles, and RECIPIENT hereby consents to the exclusive jurisdiction and venue in courts (whether federal or state) in the state of Utah. RECIPIENT waives all defenses of lack of personal jurisdiction and forum non conveniens. In any action to enforce any right or remedy under this Agreement or to interpret any provision of this Agreement, the prevailing party will be entitled to recover its reasonable attorney's fees, costs and other expenses. 14. Authorization. The persons signing below represent that they are authorized to execute this Agreement for and on behalf of the Party for whom they are signing and to bind said Party to the terms of this Agreement. AGREED TO AND ACCEPTED BY: ("RECIPIENT") Authorized Signature: Name (print): Title: The SCO Group, Inc. ("SCO") Authorized Signature: Name (print): Title:
Don Marti is Editor in Chief of Linux Journal.