Landmark ASBCA Decision Means Government Can be Bound to Commercial Computer Software Licenses It Hasn’t Even Seen

The FAR generally favors the Government clients’ entitlement to data and software rights in federal procurements. This has commonly—and understandably—led to disgruntled contractors who didn’t realize what they were truly giving up when they opted to use their own software in performance of contracts without including regulation-compliant markings and protections.

But recently—thanks to a first-of-its-kind decision by the ASBCA—it seems the tide may have turned in favor of protecting these contractor-inventors from the standard Government windfall in its data rights acquisitions.  Let’s take a closer look.

The ASBCA decision in CiyaSoft Corp., ASBCA Nos. 59913 (June 27, 2018),  involved the commercial software license for the commercially-available “bidirectional” machine translation software developed independently by the CiyaSoft Corporation. The DoD acquired a set-number of copies of this software through a FAR Part 12 commercial items contract, which (although unknown to DoD) included a single-user licensing agreement which also required DoD to protect and secure the software.

In contravention of the licensing agreement, however, DoD installed one copy of the software on multiple government computer systems. Based on this unauthorized installation under the terms of the attached licensing agreement, CiyaSoft asserted six contract breaches, because DoD: (1) installed one copy of the software on more than one computer; (2) used the software for over a year; (3) failed to provide a list of activations or registered users; (4) let non-authorized personnel use the software; (5) failed to prevent unauthorized copying and distribution of the software; and (6) failed to provide a point of contact throughout the contract.

In response, DoD argued that the licensing agreement was not part of the contract, and as such, “any violation of the licensing agreement cannot constitute a breach of contract.” In support, DoD claimed that the CO had never seen the licensing agreement or discussed its terms with CiyaSoft; that the contract was silent regarding any licensing agreement terms and was never amended to include the licensing agreement.

The ASBCA’s decision addressed three issues: (1) whether the Board had jurisdiction to consider all six of these alleged breaches; (2) whether the government can be “bound by a software licensing agreement, the terms of which it is not made fully aware of until after the contract is awarded and it receives the software”; and, if so, (3) whether the government violated the licensing agreement’s terms.

In determining jurisdiction under the first issue, the Board only dismissed one ground—alleged breach by DoD’s use exceeding one year—since CiyaSoft had not provided adequate notice of that claim to the CO—as required by 41 U.S.C. § 7103(a) to appeal a CO’s decision.

In its decision on issue two, ASBCA held, “[w]e also hold the government can be bound by the terms of a commercial software license it has neither negotiated nor seen prior to the receipt of the software, so long as the terms are consistent with those customarily provided by the vendor to other purchasers and do not otherwise violate federal law.” It then explained that the plain language of the contract had referenced the licensing agreement—stating that the acquisition was “for 20 single use licenses.” ASBCA then cited FAR 12.212, explaining: “It is the policy of the government, when licensing commercial software to accept the licensing terms customarily provided by the vendor to other purchasers, as long as the license is consistent with federal law and otherwise satisfies the government’s needs.”

Based on this policy and the fact that courts have already held shrinkwrap licenses valid and enforceable, ASBCA found that “the contract included the licensing agreement appellant shipped with its software.” Further, according to ASBCA, DoD had not requested an opportunity to review the referenced license prior to award, had not objected to the license upon its receipt, and did not include in the contract the standard Commercial Computer Software License clause from FAR 52.227-19 or any specific DoD rights to use the software (as required by FAR 27.405-3).

ASBCA also explained that the failure to read a contract does not permit avoidance of its terms and asserted, “it does not matter that the contracting officer had no actual knowledge of the terms of the licensing agreement,” because “circumstances support finding the contracting officer had a duty to inquire as to its terms, which he failed to do.”

And based on its finding that the license was included in the contract, ASBCA then raised and addressed two additional issues and found: first, that the software at issue met the definition of “commercial software” under FAR 2.101; and second, that the license agreement did not materially differ from CiyaSoft’s standard license agreement.

Finally, ASBCA ruled on the third issue, whether DoD breached the contract. ASBCA found that DoD had breached the contract on two grounds and dismissed the remaining grounds. It concluded:

[T[he government has breached the contract by violating the terms of the license agreement in two respects: it permitted the installation of a single copy of the software onto more than one computer and it failed to provide appellant with a list of the registered users.

As such, ASBCA remanded the appeal to the parties for resolution of damages. And in a follow-up appeal last month in Ciyasoft Corp., ASBCA No. 59913 (Mar. 1, 2019), ASBCA denied DoD’s motion for reconsideration on the matter.

For many federal contractors, the decision in CiyaSoft represents a welcomed—long-time coming—limitation to the broad and primarily unrestricted license typically granted to Government clients under the FAR. Before this decision, the Government was often permitted to use and share data and software acquired through federal procurements however it pleased, especially where the contractor was not aware of the ability (or procedure) to limit and restrict such rights.

But, in light of this holding, in may not be quite so easy in the future to pull the wool over the unsuspecting contractors’ eyes—especially where the contractor has a solid, standard license agreement in place. It seems the Government may just have to learn to play by the same data rights rules that apply to the general public.

It is, however, important to remember that there were several fact specific issues in this decision. As such, the applicability of this holding and the validity of just any old license agreement are still highly contingent on the circumstances of the acquisition, including the parties’ history of negotiations, the language of the contract, and the nature of product being supplied, to name a few.