By Brandon Basso
Selling a product or service to the U.S. government can be very nuanced and intimidating. But, if the seller is well prepared for the sale then the process is smooth and painless. The mechanism for the sale is the contract, and the verbiage in the contract is what makes the process painless or difficult. Ultimately, executing a well thought out contract is the key to successfully selling to the government. For the sake of relevancy, this blog will explain the basics of negotiating and executing a government contract for the sale of an encryptor to prevent cyber-attacks.
First, negotiating a government contract is a lengthy process. Moreover, if a government contract involves the sale of a cyber product, then the seller is responsible for protecting all of the Intellectual property (IP) that is embedded into the product. For instance, when executing the sale of an encryptor (cyber product), a government contractor (seller) will attach a ‘certificate of limited rights’ which restricts a buyer’s rights of the technical data and software embedded in the encryptor. Ultimately, software ownership rights must be protected so that buyers do not have access to the seller’s software and other proprietary information that serves as the blueprint for building the encryptor.
Furthermore, the contractual language for selling an encryptor should ensure that there is no warranty attached to the item, and that there is no software license granted to the buyer under any patent application. Government contracts will usually disclaim any warranty, express or implied, for merchantability or for a particular purpose. Additionally, the contractual language should not grant the buyer any copyright or proprietary information.
An important section within government contracts is the Export Control Section. This section attempts to shield a buyer from exporting any product to a rogue foreign national or entity who may use the product for harmful purposes. Therefore, a government contract must have proper ‘Export Control’ language so that classified (Type 1) encryptors do not end up with unauthorized foreign nationals. Further, in export compliance sections of contracts, the Export Control Act serves as a mechanism to prevent buyers from exporting the product to rogue actors. Moreover, the seller must ensure that there is no verbiage in the contract that allows the buyer to be indemnified by the seller if the buyer violates export compliant regulations.
At times, the buyer will attempt to shield itself from liability by forcing a seller to mark any export controlled information so that the buyer knows what product is export controlled and what is not. For example, if a seller intends to disclose, provide, or release export-controlled articles, services, or technical data to the buyer, then the buyer will make the seller: (a) provide written notice to the buyer of such intended disclosure; (b) mark any such information with an obvious restrictive legend to such effect; and (c) indemnify the buyer for any export-control violations caused by the seller’s failure to notify or to mark such information. Placing such verbiage in an export control section holds a seller liable for marking the product with necessary information that protects a buyer.
For example, Export compliance sections within government contracts state the following:
“U.S. export law as contained in the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulation (EAR) is applicable to any controlled technical data provided under this Agreement. Any such controlled technical data is not to be placed in the public domain, exported from the U. S., or given to any foreign person in the U.S., without the prior, specific written authorization of the Discloser and the U.S. Department of State or the U.S. Department of Commerce as applicable. A Foreign Person is any individual who is not a U.S. citizen or lawful permanent resident in possession of an Immigration and Naturalization Service I-551 “Alien Registration”.”
As previously mentioned, highly classified cyber products, such as classified encryptors, are labeled ‘Type 1’. Usually, the National Security Agency (NSA) needs to regulate sellers and their ability to sell type 1 encryptors because of the highly sensitive software embedded in the product. If a government contract involves the sale of a Type 1 encryptor then the ‘type 1’ needs to be expressed in the contract. Further, the International Traffic in Arms Regulations or the Export Administration Regulations serves as mechanisms for protecting the unauthorized sale or use of Type-1 encryptors. For example, the contract will express that, “The Type 1 Goods are regulated by the International Traffic in Arms Regulations issued by the U.S. Department of State and the Non-Type 1 Goods are regulated either by the International Traffic in Arms Regulations, or the Export Administration Regulations issued by the U.S. Department of Commerce.”
Ultimately, the buyer must expressly agree to comply with the applicable Export Regulations. Furthermore, the seller will implement standard boilerplate language that protects the seller and makes the buyer indemnify and hold the Seller harmless for all claims, demands, damages, costs, fines, penalties, attorneys’ fees, and other expenses arising from buyer’s failure to comply with this clause. As expected, the Seller shall make no representation or warranty that a buyer may freely import the Goods into any foreign country.
In addition to export compliance, another important section to government contracts is the Intellectual Property section. For instance, when the contract is for the sale of an encryptor with embedded software, the seller must enforce an IP section to protect all of the seller’s software that is in the encryptor. The seller will attempt to prevent IP infringement by adding the following verbiage: “Seller warrants that the work performed or delivered under this Agreement does not infringe or otherwise violate the intellectual property rights of any third party in the United States or any foreign country.”
Although the seller does not like to indemnify a buyer, the buyer will do its due diligence and ask the seller to defend, indemnify, and hold buyer harmless against any claims, damages, losses, costs, and expenses, including reasonable attorney’s fees, arising out of any action by a third party that is based upon a claim that the work performed or delivered under the contract infringes or otherwise violates the intellectual property rights of any person or entity. If a third party claim causes a disruption to buyer’s use of the products or services, then the seller will make the buyer whole by either: (1) replacing the product(s) or service(s) without additional change, with a compatible, functionally equivalent and non-infringing product or service; (2) modify the product(s) or service(s) at its own cost to avoid the infringement; or (3) obtain a license at its own cost for buyer to continue use of the product(s) or service(s) and pay for any additional fee required for such use.
In an attempt to establish IP ownership rights and limit the buyer’s use IP, the seller will add further verbiage that states: “Buyer has a non-exclusive, royalty-free right during the term of this Contract to use, reproduce, modify, practice and prepare derivative works of any IP solely as necessary for Buyer to perform its obligations under the Contract.” Further, seller will express that all IP conceived, developed, or first reduced to practice by, for, or with Seller, either alone or with others, in performance of the contract shall be the exclusive property of Seller. Usually, the buyer will try to have an unlimited, irrevocable, paid-up, royalty-free right to the IP. Yet, this use is too infringing on a seller’s IP and thus is not usually allowed in a government contract where a seller is providing IP secrets in the contract.
Another mechanism that protects the seller’s proprietary information is a non disclosure agreement (NDA). The seller and buyer will sign an NDA to prevent the unwarranted disclosure of any intellectual property or proprietary data that the buyer is exposed to while contracting with the seller. The first important section in an NDA is one that disclaims any license granted to a buyer. For example, Proprietary Information received by the buyer under a contract shall remain the property of the seller. The buyer does not receive any right or license, express or implied, under any patents, copyrights, trade secrets, or the like of the seller under the contract except the limited rights to use the Proprietary Information to carry out the Purpose during the term of the contract.
For instance, the following instruction illustrates standard boilerplate verbiage for how a seller disclaims a warranty. The seller will ensure that all proprietary Information is provided “as is” without representation or warranty of any kind whether express or implied. Then, the buyer will agree that the seller shall have no liability whatsoever for any damages, losses or expenses to the buyer or any of its directors, officers, employees, or representatives resulting from the receipt and/or use of the Proprietary Information by the buyer or any of its directors, officers, employees, or representatives in accordance with the terms of this Agreement.
As expected, in the event of a lawsuit, a contract must express the state-law that will govern the adjudication and where the adjudication will take place. Usually, this section is called ‘Governing Law and Venue’. Moreover, boilerplate language in this section will express how both parties (seller and buyer) agree to a specific state law to govern the legal proceedings. For example, many contracts have New York law govern the adjudication. For instance, language in this section will express that ‘each party recognize that this Agreement shall be governed by and constructed in accordance with the laws of the State of New York and without regard to its conflict of law rules.’
Further, in an attempt to remedy the conflict, the contract will express that all claims or disputes arising under the contract shall be resolved through good faith negotiations between authorized representatives of each Party. Moreover, in the event that such negotiations do not lead to a written settlement signed by a duly authorized representative of each Party, then either Party may elect to resolve the matter through the state or federal courts. Usually, the venue for any action brought under or relating to contract shall exclusively be in a state or federal court of competent jurisdiction in the State of New York. The Parties will therefore irrevocably waive any right to challenge such venue on the basis of forum. Additionally, in an attempt to avoid litigation costs, the parties will waive any and all rights they may have to a trial by jury in any action arising out of or relating to the contract.
On the other hand, parties may acknowledge that due to the unique nature of the Proprietary Information, any actual or threatened breach of the contract may cause irreparable injury to the seller, for which a remedy at law may be inadequate. Therefore, the seller will likely be entitled to seek equitable or injunctive relief, in addition to other remedies to which it may be entitled at law or equity. In any action for equitable relief, the Parties will agree to waive any requirement for the posting of a bond or security.
Ultimately, the aforementioned sections are the most important sections in a government contract. Thus, if a seller contains sections regarding export compliance, intellectual property, non-disclosure, governing law & venue, and remedies then the seller has completed the foundational steps to successfully executing a contract for the sale of a cyber product or service. Therefore, successful execution of the contract will lead to a smooth negotiation process for the ultimate sale of the product or service.
Student Bio: Brandon Basso is an Alumni Liaison on the Journal of High Technology Law. He is currently a 3L at Suffolk Law, and possesses a B.A. in Government from Georgetown University.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.