View Thread > Cyberlaw and the Global Economy 2003 > Lawful Intercept Drafting Exercise > Renegotiations needed!
You are an associate in-house counsel for an IP-based network equipment manufacturer ("Vendor") that is exploring the introduction of lawful intercept technologies as part of its offerings to its customers. The counsel to a prospective large customer ("Buyer") has asked your company, Vendor, to agree to the following language as part of a master purchase agreement. The deal is very important to your CEO. If your company is able to close this deal successfully and quickly, the CEO will be able to announce the deal to analysts at a critical moment for the company in terms of securing a very favorable financing arrangement from some large banks. Buyer is a global company, headquartered in New York, as is your company. The governing law of the contract is New York.
"Vendor warrants, represents and guarantees that all of the products it sells to Buyer under this Purchase Agreement shall be compliant with any and all applicable lawful intercept laws whether in existence now or in the future. To the extent Vendor breaches this section, and any of its products are found to be non-compliant with a lawful intercept law, Vendor shall immediately cause the relevant product to conform to those laws. In addition, Vendor shall indemnify, defend and hold harmless Buyer for all fines, penalties, damages, or claims sustained by Buyer arising out of Vendor's non-compliance with the terms of this section. Vendor shall dispatch an on-site technician to any of Buyer's sites which are unable to meet the technical requirements contained in an interception order issued by an authorized government agency or regulatory agency or regulatory body and shall use best efforts to fix the problem, including repairing or replacing the defective products."
Please draft a memo to your company's Executive Vice President and General Counsel as to how your company should respond to this proposed contractual language. (Make reference, as needed, to the readings for this week's class 4.2. If you can't find a fact that you need to rely upon in the readings, please make it up and state your stipulation(s) in the text of the memo). As usual, the GC needs your memo pronto, so you only have a few days to come up with this memo to her (she's generously given you the weekend, but she needs the memo on Monday by 5:00 p.m.). If you miss the deadline, or you'll foul up the negotiations. She's a busy woman, so please stay within the prescribed word limit (250 - 1000 words).
Re: Agreement with Buyer
The proposed clause is extremely favorable to Buyer since it allocates the whole risk for future problems regarding legal intercepts (“LI”) on Vendor. It is very difficult to evaluate what the possible consequences for Vendor will be, both with respect to possible financial liability, as well as with respect to the resources we will have to allocate in order to remedy any future problems. My suggestion is that we reformulate the language in the clause so that both parties know what standards the products have to comply with, and that we limit our undertakings to such standards. We should also limit our guarantees to hold Buyer harmless and to provide on-site technicians to situations which lies within the realm of our control.
2. Compliance with all Applicable Lawful Intercept Laws
The proposed clause is extremely broad, considering the fact that the products will be sold in multiple jurisdictions. We do not know what duties different jurisdictions will impose on the products, neither now, nor in the future. Furthermore, it is impossible for us to be certain that the products comply with all applicable laws since we do not know what sort of technical systems the products will be used in. Use of a product in a private intranet, for example, might not be required to meet the same requirements as the use of the same product in a public telecommunications network.
Buyer might argue that one way to fulfill our obligations under the clause’s present wording is to make sure that the products comply with the most rigorous standard. However, not even this will guarantee products’ compliance with all applicable laws. Some laws might set a limit on how broad an intercept may be, thus making the products too rigorous; and what is the most rigorous law today might not be so tomorrow. Finally the technical standards in various parts of the world differ, which makes it necessary to adjust each product according to the standards of the location where the product will be used.
With the above in mind, we should try to convince Buyer that it is in both parties’ interests to have the agreement clearly define what laws and/or requirements the respective version of each product will have to satisfy. The advantage for Buyer is that it will not run the risk of triggering any provisions that might impose greater obligations – and thus higher costs – on companies that have products that can meet such requirements. Buyer is also better situated than we are to determine what laws are applicable to the intended use of the products in question, and what requirements such laws set out.
The default contractual stipulation should thus be that we guarantee that the products comply with current U.S. LI-laws (which they indirectly have to do anyway, according to Section 1005 of CALEA). We can also guarantee that we, upon notice from Buyer and given a reasonable period of time to make the necessary updates, can issue new versions of the products in response to new or changed requirements. New versions can be guaranteed to comply with the requirements that have been notified. How much Buyer should pay for each new version must be negotiated between the parties.
An alternative to this solution (considering the importance of the agreement) could be that we originally guarantee compliance with the requirements of the laws of the jurisdictions in which Buyer initially intends to install the products. Naturally this is more expensive to us, but we would still obtain the future clarity and certainty that is so important to us.
Also with respect to the indemnification of Buyer it is vital that we know exactly what requirements our products have to comply with. As stated above, any new requirements should therefore be notified by Buyer, and we should guarantee indemnification only if the products fail to comply with the requirements so notified.
Furthermore, it is not reasonable that we accept full liability toward any and all third parties. The guarantee we issue should be limited to direct costs related to the failure to comply with notified requirements, nothing else. We should not accept liability that might arise from the mere use of the products, such as liability to a customer because her name was unintentionally handed over to the authorities by Buyer. Buyer is better situated than we are to make sure that unnecessary information is not disclosed, and should therefore accept responsibility for such events.
4. Dispatch of On-Site Technician
With respect to our guarantee to dispatch an on-site technician, we should make sure that we undertake this only when our products fail to comply with the notified requirements. Mere changes in requirements should not force us to send out a technician, nor should the failure of Buyer to state the correct requirements for our products.
This is a minor issue, however, and can be dealt with accordingly in the negotiations with Buyer.
5. Alternative Solution: Sale of Services Instead of Sale of Products
An alternative to the above amendments could be for us to sell LI-services to Buyer instead of selling only the products. This would make it possible for us to have full control over what sort of systems our products are serving, as well as what laws are applicable to such systems. We would thus be in a position to independently determine what requirements our services/products must satisfy, and we would take responsibility for all interaction with relevant authorities. Since we would have control of the whole chain of events with respect to LI, it would be possible for us to accept full liability. Naturally, this would mean that the rest of the agreement would have to be renegotiated somewhat, but it is nevertheless a possible solution.
A well-organized, thorough response. Here are a few thoughts for reflection:
· Limiting indemnification to exclude third-party considerations.
· Good catch on possible actions (negligence / intentional) by Buyer’s personnel that could lead to possible liability, and nice discussion of risk allocation / control in this context.
· Good note that the jurisdictional reach of the proposed language is extremely broad.
· Good point that we don’t know the systems into which our product will be incorporated – a key item for determining our potential liability and ability to comply with lawful intercept and the provisions of the contract.
· Nice qualification that designing a very “open” product regarding intercepts is not the lowest-common-denominator solution; it’s more than a simple open-closed continuum in terms of lawful intercept statutes.
· Consider competitive market pressures. Buyer may be able to extract these terms from other vendors.
· You suggest tailoring the contractual language to specify which laws / requirements to which each version of the product must conform. How does this help if Buyer seeks to enter an unforeseen market? How far in the future should this be negotiated? Or should one simply provide that some cases will be handled via future negotiations / deals?
· How would one define “direct costs” or direct liability regarding indemnification? This is obviously a significant challenge given system interdependency.
· Do we want to be in the LI business? Providing capabilities insulates vendor somewhat from direct involvement (and hence risk) in the process. Also, it’s not clear that Vendor has the competencies necessary to succeed in this regard. This also may make Vendor a telecommunications service provider under some statutory schemes – imposing additional requirements, costs, and risks. The services concept is a creative thought, but it entails fairly high risks in terms of Vendor's core competency, potential risk as an entity to whom LI statutes could apply, and potential for new (and more experience) competitors in the services market.
· Consider attempting to assess the actual risks to Vendor under Buyer’s proposed language in the 3 jurisdictions we examined (US, UK, Germany). This could help quantify (or at least qualify) the risks Vendor faces and the consequent need to adjust terms and / or price.
· It’s not clear that delimiting the standards to which the product needs to comply is a “win-win” situation for both Buyer and Vendor. From Buyer’s perspective, a global warranty is great at shifting risk. Limits might decrease the price Buyer faces, but a risk-averse Buyer prefers the broad warranty. Hence, might be better to approach this as a negotiation: Vendor needs greater specificity in order to be able to deliver at a reasonable price.
· You correctly mention CALEA Section 1005 – the memo could focus more on the fact that compliance by our product is required in the US, so a warranty here costs us nothing.
· Think also about how the guarantee to issue new compliant versions – but at a negotiated cost – would work. This might reassure Buyer that we’ll provide compliant product, but the lack of price framework makes this difficult.