Newsletter

Five Lessons to Prevent Government Abuse of Commercial Software Licenses

June 2024

When the U.S. Government licenses commercial software, it generally does so under the same terms as any other commercial software licensee, unless the terms of that license are inconsistent with federal law or do not otherwise meet the Government’s needs. These deviations from a software licensor’s standard form often introduce challenges unique to the Government marketplace, particularly with respect to monitoring for, detecting, and addressing unlicensed uses by Government end users.

Several recent cases highlight these challenges. This article discusses some of the lessons learned from recent commercial licenses gone awry and offers advice on how software licensors may try to avoid these same pitfalls when licensing software to the Government in the future.

Lesson 1: Get It in Writing (Signed by the Contracting Officer)

It is a bedrock principle of Government contract law that only the contracting officer has the power to bind the Government. Thus, a software licensor should not rely upon click-wrap or browse-wrap licenses (which are accepted by end users who almost certainly are not contracting officers) when licensing software to the Government.

But what happens when the parties fail to ensure that a written version of the software license is incorporated into the contract? That was the scenario the contractor faced in Appeals of CiyaSoft Corp., Nos. 59519, 59913 (ASBCA June 27, 2018). In CiyaSoft, the Army awarded a contract to purchase 20 “single user ... software licenses” of CiyaTran machine translation software. To accommodate what it perceived as unique needs for use of its software in a deployed environment, CiyaSoft modified the version of the software it sent to the Army to permit use on personal computers that may lack reliable internet access. Specifically, as an alternative to its standard online activation process, CiyaSoft provided a unique activation code for each of the 20 software CDs that the Army received. To track usage, CiyaSoft also required that the Army “provide CiyaSoft Corporation with a list of activations, along with name or initials or computer name or other information to uniquely identify each activation for those activations that do not go through normal registration.”

CiyaSoft modified its standard End-User License Agreement (EULA) to reflect this atypical arrangement and provided copies of the revised EULA to the Army in three different forms: in long-form in the shipping box, in shrink-wrap short-form with each CD, and in click-wrap short form. The EULA was not, however, expressly incorporated into the contract.

Shortly after delivery, CiyaSoft began to suspect that the Army had exceeded its allotted 20 licenses based on peculiar activity surrounding the activation codes and, ultimately, filed a claim for breach of contract. The Army countered that there could be no breach because the license was not part of the contract.

The Armed Services Board of Contract Appeals (ASBCA) sided with CiyaSoft. According to the ASBCA, even though the license was not incorporated into the contract, the contract’s reference to “single user ... software licenses” was sufficient to place the Government on inquiry notice of the license. Since the Government never asked to review the license and voiced no objection when it received the license in various forms with the CDs, they were bound by its terms so long as those terms were consistent with federal law and satisfied the Government’s needs.

Although CiyaSoft prevailed on its own facts, software providers should not assume that their standard licenses will bind the Government if they are not made part of the contract. Likewise, relying on license forms that work in the commercial space, such as shrink-wrap or click-wrap licenses, is unwise when licensing to the Government. The most prudent and recommended approach is to take the additional step of incorporating the commercial software license into the contract – particularly where the Government’s license differs from the licensor’s standard commercial license.

Lesson 2: Clearly Articulate License Restrictions as Conditions, Not Covenants

Bitmanagement Software GmbH v. United States, 989 F.3d 938 (Fed Cir. 2021), illustrates many of the lessons discussed in this article. Preeminent among them is the importance of drafting license restrictions clearly and – when possible – framing them as conditions rather than covenants.

Bitmanagement arises out of a dispute between a German software company and the U.S. Navy over three-dimensional graphics software (BS Contact Geo) that the Navy deployed across its entire network even though it had acquired just over 100 licenses. Because the Navy acquired its licenses through a reseller, there was no express agreement between Bitmanagement and the Navy. Nevertheless, at the Navy’s request, Bitmanagement modified the Navy’s BS Contact Geo software installers to enable a floating license scheme whereby the Navy’s licenses would be centrally managed by license-tracking software that would only allow simultaneous use of no more than the authorized number of copies. The Navy, however, failed to fully implement the tracking software, meaning the BS Contact Geo software was simultaneously available to all of its hundreds of thousands of users. Bitmanagement sued for copyright infringement under 28 U.S.C. § 1498(b). The Navy defended that it had an implied license to deploy the software enterprise-wide and therefore was not liable.

The Federal Circuit agreed that an implied license existed between the Navy and Bitmanagement that permitted enterprise-wide deployment of BS Contact Geo, but only on the condition that the Navy implement license tracking software. By failing to satisfy this condition, the Navy vitiated its license, rendering it liable for copyright infringement.

Following the lesson of CiyaSoft that licenses are best in writing, Bitmanagement counsels for clearly-drafted license restrictions. Further, these restrictions should be written as conditions, rather than covenants. License restrictions written as conditions preserve the ability to sue for copyright infringement, in addition to breach of contract, affording the licensor alternative (and sometimes more effective) remedies.

As a side note, it is also worth mentioning here that licensors must diligently register their copyrights, or they will lose the opportunity to pursue an otherwise valid infringement claim. See HEALTHeSTATE, LLC v. United States, No. 18-34 (Fed. Cl. Dec. 15, 2023) (granting summary judgment for the Government on a copyright infringement claim because the contractor’s copyright registrations were invalid).

Lesson 3: You Can’t Trust, So You Must Verify

Covered in-depth in Wiley’s December 6 Client Alert, 4DD Holdings, LLC v. United States, No. 15-945 (Fed. Cl., Nov. 30, 2023), emphasizes the importance of monitoring the Government’s software usage to ensure its compliance with the terms of its license. In 4DD, the U.S. Department of Defense (DOD) acquired a specified number of licenses to 4DD’s Tetra Healthcare Federator Software (TETRA) subject to a EULA that prohibited the Government from making additional copies of its software. DOD, however, required that 4DD deactivate its “phone home” functionality, which would ordinarily have allowed 4DD to monitor a licensee’s use of its software. As a result, 4DD was placed in the unenviable position of blindly trusting that DOD was adhering to the terms of its EULA and using only the number of licenses for which it paid.

It turned out that DOD failed to fulfill its obligations under the EULA and exceeded the scope of its license. Although DOD set up a portal to track its usage of its TETRA licenses, it did not diligently use the portal; rather, according to the contracting officer’s representative, DOD “just stupidly assumed” that it was in compliance. Indeed, the contracting officer’s representative conceded that the tracking portal “easily gets out of whack.” DOD compounded its mistake by deleting its unauthorized copies – and, along with them, evidence of its license violations – when it discovered its error.

It is imperative that licensors have a mechanism to track their licensees’ use of their software. Licensing to the Government, however, poses challenges in this regard, whether by virtue of the austere environment in which the software is to be used (as in CiyaSoft), the technical capabilities of the Government’s license tracking software (as in Bitmanagement), or the Government’s unique security needs (as was apparently the case in 4DD). Whatever mechanism the parties agree to, however, it must be incorporated into the contract (remember Lesson 1!), and the licensor must proactively utilize it and act promptly on any breaches.

Lesson 4: Limit Uncertainty in Remedy by Contractually Agreeing on the Measure for Damages

CiyaSoft, Bitmanagement, and 4DD also provide insight into the challenges that tribunals can face in ascertaining the damages associated with license violations. The quantum phase of CiyaSoft is apparently still pending before the ASBCA, despite entitlement having been resolved nearly six years ago.

In Bitmanagement, the Federal Circuit rejected Bitmanagement’s argument that it was entitled to recover the cost of a seat license for each installation by the Navy in excess of the licenses it had purchased. Instead, the case was remanded to the U.S. Court of Federal Claims to assess damages based on the Navy’s actual excess usage (rather than its excess copying) through a hypothetical negotiation approach. But with direct evidence of actual usage hard to come by, Bitmanagement was forced to rely upon circumstantial evidence and ultimately recovered only a fraction of what it originally sought. The damages award is currently on appeal to the Federal Circuit.

The Court of Federal Claims also employed the hypothetical negotiation approach in 4DD. Using the factors outlined in Georgia-Pacific Corp. v. U.S. Plywood Corp., 318 F. Supp. 1116 (S.D.N.Y. 1970), the Court of Federal Claims approximated a non-backup license fee of $305.22 per license, as well as a 20% “convenience fee” associated with the provision of backup copies of TETRA.

The broad spectrum of outcomes that the hypothetical negotiation approach can produce may make licensors uneasy. The Federal Circuit itself has characterized the hypothetical negotiation as involving “an element of approximation and uncertainty.” Software providers should therefore consider ways to address contractually the appropriate compensation for license violations. For example, setting a price for additional copies in the license itself, even if not dispositive, will inform any hypothetical negotiation analysis. By coupling such terms with a robust compliance tracking mechanism, a software provider can reduce the “approximation and uncertainty” that otherwise plagues damages calculations.

Lesson 5: Make Sure Your Contract Allows You to Pursue Remedies for License Violations

A licensor’s options for where it can vindicate its rights in the event of a license violation by the Government may be limited by the way in which the Government acquires its license. Rather than licensing directly to the Government, many companies choose instead to offer their software through resellers – often those who hold Federal Supply Schedule (FSS) contracts. Avue Techs. Corp. v. Sec’y of Health and Hum. Servs., 96 F. 4th 1340 (Fed. Cir. 2024), which we discussed in a previous Client Alert, provides insight into some of the potential risks to the software developer when operating through a reseller.

In particular, when Avue Technologies Corporation discovered that the U.S. Food and Drug Administration (FDA) appeared to be in violation of Avue’s software master subscription agreement (MSA) (a form of EULA), Avue submitted a Contract Disputes Act (CDA) claim to the FDA’s contracting officer. The FDA contracting officer responded that FDA’s contract was with Avue’s reseller and that Avue therefore could not pursue a CDA claim. Avue appealed to the Civilian Board of Contract Appeals (CBCA), without sponsorship by its reseller.

The CBCA dismissed Avue’s claim for lack of jurisdiction, holding that the MSA alone did not constitute a procurement contract under the Contract Disputes Act (CDA). The Federal Circuit vacated the dismissal and remanded to the CBCA, reiterating that “a party need only allege, non-frivolously, that it has a contract with the federal government” in order to establish a Board’s jurisdiction over a CDA claim. The CBCA erred in requiring Avue to prove the existence of a procurement contract before the case proceeded to the merits. The Federal Circuit did not, however, address whether Avue’s MSA was, by itself, a “procurement contract” under the CDA – that issue remains for resolution by the CBCA.

Avue reinforces the importance of knowing what avenues for relief are available based on licensing structure. While it is possible that the CBCA will ultimately conclude that Avue is party to a procurement contract, a more straightforward approach is to ensure both that the license is incorporated into the procurement contract (as we suggest in reflection upon CiyaSoft and Bitmanagement) and that the reseller is obligated to sponsor licensor claims. Software licensors can also consider Tucker Act breach of contract actions at the Court of Federal Claims, as well as copyright infringement claims under 28 U.S.C. § 1498(b) (as in Bitmanagement and 4DD). Ultimately, when the government violates its license, the options that a licensor has to vindicate its rights are dictated by its contract structure and strategy. Therefore, licensors should take care in drafting, and periodically reviewing, their agreements to ensure they are allowing themselves flexibility in selecting the most advantageous forum should a dispute arise.

***

As the Government continues to examine ways in which it can harness new and innovative technologies provided by the private sector, it is likely to run afoul of its software licenses with ever-increasing frequency. Just as the Federal Acquisition Regulation and its various supplements have evolved over the years to incorporate predetermined remedies for specified, frequently occurring failures, so too should software licenses plan for similar contingencies.

Tony Iorio, a Wiley 2024 Summer Associate, contributed to this article.

Read Time: 11 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek