Legal

Just discovered a great article Kiss of Death – Contract Provisions Entrepreneurs Should Avoid at All Costs about dealing with Big Companies from InfoChackie.

The mysterious Uncle Saul as he calls himself has a wealth of tips about dealing with what he calls BDC’s (Big Dumb Companies) or as I like to call them Kim Jong-Il.

Big companies can be extremely tempting to deal with. They’ve got lots of money, they validate your business idea and you know it sounds great to brag about signing a deal with company X.

However as Uncle Saul says beware. Big companies are often run by all kinds of internal politics and have bureaucracy’s you couldn’t imagine. I have personally seen many small companies die because they either were desperate to sign a deal with a Big company or actually did and then got screwed.

That said, if you manage it right. Keep the control on your side and know when to cut your losses there are lots of opportunities for the smart entrepreneur. Uncle Saul describes in detail the contract negotiation part, which really is the single most critical part of dealing with these kinds of companies.

By now you have no doubt heard about the issue with Google’s Chrome End User License Agreement (or EULA).

The original clause of concern was:

1.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services. By submitting, posting or displaying the content, you give Google a perpetual, irrevocable, worldwide, royalty-free and non-exclusive licence to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content that you submit, post or display on or through the Services. This licence is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

In theory this pretty much gave Google rights to anything you do through your browser. In practice as it is a non negotiated contract of adhesion this clause probably wouldn’t hold up in court anyway. (If they used Agree2 it would though)

Anyway Google changed it to:

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.

Ars Technica has the full story on the change with this choice quote from Google’s Senior Product Counsel (read lawyer) for google Chrome:

Google’s Rebecca Ward, Senior Product Counsel for Google Chrome, now tells Ars Technica that the company tries to reuse these licenses as much as possible, “in order to keep things simple for our users.” Ward admits that sometimes “this means that the legal terms for a specific product may include terms that don’t apply well to the use of that product” and says that Google is “working quickly to remove language from Section 11 of the current Google Chrome terms of service. This change will apply retroactively to all users who have downloaded Google Chrome.”

This to me is why you really should not leave these to lawyers. Lawyers will almost always copy and paste rather than look at the real needs of your service, situation or offering. This is as she says exactly what She did. Without at any point thinking that this does not in any way make sense for a browser.

Too many people (such as Rafe) hold lawyers up on such a pedestal that they forget that it is them the owners, product managers or what have you that really understand the product. I am not saying don’t use lawyers, just check it over and refuse anything that doesn’t make sense. Also tell them your concerns and needs with the agreement before hand.

I’m sitting at the OAuth Summit held at Yahoo in Santa Clara. We’ve had a brief discussion about the IPR policy negotiation process that has been going on in the background between a few core OAuth people and legal departments in various large companies (most notably Yahoo, Google and Microsoft).

Briefly the IPR policy allows employees at large companies to collaborate on the standard while promising to not sue anyone who uses their companies Intellectual Property through use of the standard. So basically Yahoo can’t come sue anyone using OAuth for using some patented algorithm they submitted to OAuth.

The IPR policy is important and good work. That said the current second revision of this is essentially a secret document that will be presented signed, sealed and delivered to us b-list members of the community in a week or twos time.

The community created the OAuth Non-Assertion Covenant and Author’s Contribution License which all the original OAuth spec signers have signed with the exception of Yahoo.

Eran told us today that apparently Yahoo stalled the process in their legal department as they needed a more detailed agreement. This is fine and great feedback, however these comments should somehow be made public so we the community also can follow it and make comments.

I realize that most developers don’t want to follow this, however it is important that it is transparent and googlable. I suggest a OAuth-legal group, the same way OpenID does or a continuation of the existing IPR License on Agree2 which does offer comments, versioning and a full transparent audit trail.

One comment I was given was that we should let lawyers talk with lawyers. I have to call bullshit on that. These kinds of things are way too important to be left in the hand of lawyers without any kind of external oversight.

Gabe has been doing a great job representing us (the OAuth community), however there are lots of people with opinion on this who would like to follow it and voice occasional opinions. Those of us who are building businesses around OAuth based services need to feel comfortable that we aren’t going to be screwed by some indecipherable legalese in the future. More important if there are disputes in the future the negotiation trail is key for solving them.

The final comment I heard is that large companies like Yahoo and Microsoft don’t want to make it public that they are negotiating this. I’m sorry that is even greater bullshit, thats pre-cluetrain, pre internet thought.

Get with the program. Yahoo has more to loose by not using OAuth than us in the OAuth community have to loose by them not joining us. I’m sorry if thats the way it’s done, I don’t care. This is not the world of industrial age negotiation in smoke filled private lounges. You guys are all internet companies for god sake.

OAuth is about open transparent simple standards for creating a infrastructure thats open to all of us and not just Google, Yahoo and Microsoft. Any negotiations behind it should be too.

Update July 2nd, 2008 Here is the latest version of the OAuth Non-Assertion Covenant and Author’s Contribution License For OAuth Specification 1.0

Rafe Needleman wrote a review of Agree2 today: Agree2 creates binding legal documents that won’t hold up in court

I am proud of his comments about the technical aspects of the site, however the title about the legal documents that not hold up in court I find problematic. That said, I am really glad Rafe brought this up. There are plenty of myths and misunderstandings about this.

Technically, I have no beef with the service. I think it’s pretty cool, actually. But although I’m not a lawyer and even though I hate trying to decipher legal agreements when I need to, the service’s tacit encouragement to create my own non-lawyer-approved agreements scares the bejeezus out of me. Sure, I could write an agreement between me and someone I’m hiring to re-wire my house. And if the contractor I’m working with were new, he or she might even sign it. But it would still, probably, be a crappy agreement. A court might agree that the electronic edits and signatures were binding, but that doesn’t mean the agreement would be legally sound. Certainly it wouldn’t be complete.

I object to the title

Saying that Agree2 agreements don’t hold up in court is like saying agreements written in Microsoft Word, don’t hold up in court.

Agree2 is a media and a framework for you to write agreements. We take care of all phases of the contract from drafting, versioning, inviting and legal binding acceptance from the parties. We provide evidence as Rafe points out in a very easy to use manner and allow you to come back and find your contracts in the same place 2 years later.

We hope to foster a community of people to share contract templates. People have already been doing this for many years, informally emailing word documents around.

Due to California law, we can not take an active part in analyzing the contract text. However we try to provide as many tools as possible for this to be easy for you and your advisors to do.

The OAuth standards group recently used Agree2 to create their OAuth Non-Assertion Covenant and Author’s Contribution License. This has been signed by amongst others Digg, Twitter, Google and AOL. I am sure Google’s legal department would not allow them to use Agree2, if they found a problem with it.

Contracts are not between your lawyers, they are between the parties

A common misunderstanding about contracts is that they have to be scary legal documents written by lawyers.

First of all a contract is not the document itself. It is the concept of an agreement the two parties have. The written contract is a handy document that writes down the terms of the agreement in such a way that there aren’t misunderstandings of each parties duties.

We perform contracts everyday. Many of them through our actions like ordering a meal in a restaurant others written like signing a credit card slip or accepting a user agreement.

Generally speaking it is a good idea to write contracts into a document to avoid disputes in the future. This is the whole reason behind writing a contract down. Avoiding disputes. If a dispute should happen in the future this document is used by a dispute resolution institution such as arbitrators or courts.

Opaque legalese is all about fear and power

When I have had to sign long contracts in the past, I can be pretty certain that the person giving me the contract doesn’t understand it one bit. They expect that I don’t understand it either. These contracts still serve their purpose, by keeping us both too frightened to cause a dispute.

That said disputes still happen, and they happen mostly because there is some disagreement between the parties about what The Party of the First Part or some such legalese foolishness actually means. (See more)

Courts are used to standard legalese terms, that is true. There are complex hidden meanings between these. However they are also perfectly able to understand plain English. More importantly if you write your contract in Plain English yourself you are probably less likely to end up in court in the first place, because you and the other party both understand your duties under the contract.

Lawyers are needed for many things

There are definitely cases where you want to bring in lawyers. I think it’s definitely a good idea for large complex contracts. Please do NOT write up a term sheet for a large investment yourself. However in most cases it is a good idea to write the meat of the contract yourself and then have a lawyer go over it. You can then use this a private (or public) template within Agree2 and have the best of both worlds.

However it doesn’t make any sense whatsoever to have pay $400ph for a lawyer to go over a contract worth $500 to you. If you are doing this repeatedly have him go over your template.

Many contracts that should be documented end up being agreed over a phone or in a brief email instead to avoid the hassle of form documents and lawyers. Agree2 gives you a much better option than either.

We are planning a feature in the future where you can give lawyers access to review your contracts and templates.

Government requirements

Most contracts can and should be simple. There are however a few types of contracts where complexity is mandated by law. In particular apartment leases and employment contracts, where just about every state/country have specific legal requirements.

More reading

I have written extensively on this before Contracts are relationships with strings attached, Pragmatic Contract Law for entrepreneurs and Understanding and Preparing for Jurisdictions

Wikipedia on Contracts is also a great resource. Finally talk to your lawyer. Also remember that I am not a lawyer myself.

FireEagle is Yahoo’s great new location web service which was recently launched into beta.

This review will not cover the API. A great little intro for this can be found in Interfacing a Rails App to Fire Eagle by Kamal.

I have previously written tutorial on writing OAuth Clients in Ruby or Turning your Rails site into an OAuth Provider. So I won’t go over any code here.

This is strictly about the user interface of FireEagle OAuth implementation. The FireEagle team Tom, Seth and Rabble have done an excellent job thinking about the UI and how it affects the security and privacy.

Which is great as most of the rest of us involved in OAuth have been worrying more about standards and implementations than usability. In reality Usability is one of those very important things that the security world tends to forget. So let’s learn from FireEagle’s example.