View Thread > Cyberlaw and the Global Economy 2003 > Lawful Intercept Drafting Exercise > Proposed contract clause with Buyer: Analysis and Recommendations
You are an associate in-house counsel for an IP-based network equipment manufacturer ("Vendor") that is exploring the introduction of lawful intercept technologies as part of its offerings to its customers. The counsel to a prospective large customer ("Buyer") has asked your company, Vendor, to agree to the following language as part of a master purchase agreement. The deal is very important to your CEO. If your company is able to close this deal successfully and quickly, the CEO will be able to announce the deal to analysts at a critical moment for the company in terms of securing a very favorable financing arrangement from some large banks. Buyer is a global company, headquartered in New York, as is your company. The governing law of the contract is New York.
"Vendor warrants, represents and guarantees that all of the products it sells to Buyer under this Purchase Agreement shall be compliant with any and all applicable lawful intercept laws whether in existence now or in the future. To the extent Vendor breaches this section, and any of its products are found to be non-compliant with a lawful intercept law, Vendor shall immediately cause the relevant product to conform to those laws. In addition, Vendor shall indemnify, defend and hold harmless Buyer for all fines, penalties, damages, or claims sustained by Buyer arising out of Vendor's non-compliance with the terms of this section. Vendor shall dispatch an on-site technician to any of Buyer's sites which are unable to meet the technical requirements contained in an interception order issued by an authorized government agency or regulatory agency or regulatory body and shall use best efforts to fix the problem, including repairing or replacing the defective products."
Please draft a memo to your company's Executive Vice President and General Counsel as to how your company should respond to this proposed contractual language. (Make reference, as needed, to the readings for this week's class 4.2. If you can't find a fact that you need to rely upon in the readings, please make it up and state your stipulation(s) in the text of the memo). As usual, the GC needs your memo pronto, so you only have a few days to come up with this memo to her (she's generously given you the weekend, but she needs the memo on Monday by 5:00 p.m.). If you miss the deadline, or you'll foul up the negotiations. She's a busy woman, so please stay within the prescribed word limit (250 - 1000 words).
TO: Executive Vice President and General Council
From: H. Zhu
Re: Proposed contract clause with Buyer: Analysis and Recommendations
The proposed contract clause with the Buyer should NOT be accepted and we ought to seek a complete revision in the upcoming negotiation. Below, I provide my analysis that supports this conclusion, based on which, I give my recommendations.
1. Clause Analysis
In the cause of the proposed contract, the Buyer demands that our products are compliant with lawful interception (LI) laws and we are responsible for any damages caused by non-compliance. Specifically, the demand has two parts:
1) The Demand: we warrant that our products are compliant with existing and future LI laws anywhere in the world
2) Remedies for breach of contract – we are responsible for
• making product compliant immediately
• fines, penalties, damages due to non-compliance
• sending technicians on site to repair or replace non-compliant products
The Demand puts us under diverse, uncertain, and perpetual risks related to LI laws. Our legal analysis on existing LI laws in US, Germany, and UK indicates that these laws differ significantly in several aspects:
1) The Who – scope of coverage, e.g., whether information service providers are subject to compliance and what size threshold should be used
2) The What – scope of intercepted content, e.g., conversation content, identifying information such as call destination and call duration.
3) The How – process of becoming compliant and procedures of carrying out LI orders.
Keeping track of these diverse requirements alone will consume considerable amount of efforts. Given the debate over privacy concerns and battle between service provider industry and the legislature, there are great uncertainties in how LI laws will evolve. Even worse, the clause also includes any future LI laws, which makes us perpetually liable. The burden of this diverse, uncertain, and perpetual liability is too high for us to carry.
The demanded remedies are equally onerous. Becoming compliant can be technologically challenging and time consuming. If we pay their fines due to non-compliance, they would have no incentives whatsoever to exercise due diligence in their daily operations, a well known moral hazard problem and the only solution to which is to make the Buyer responsible. In addition, any equipment from other manufacturers on the Buyer’s enormous networks may cause non-compliance; the remedy unfairly suggests that we are responsible for non-compliance caused by equipment from a third party. As suggested in the third remedy, extending product warranty that traditionally covers the physical conditions to the ever changing social and legal needs will inflict prohibitively high cost on us.
Under current LI laws, we as a manufacturer are not responsible for LI compliance. By using this clause, the Buyer shifts all its liability to us. This is unfair and inefficient. I recommend reject the clause and renegotiate with them with the following alternatives:
1) Build to Buyer’s order and Buyer is responsible for compliance
As a worldwide service provider, the Buyer is intimately familiar with local LI regulations. It can specify the requirements when ordering products from us; we will implement the requirements with reasonable charges. It is the Buyer’s responsibility to be LI compliant when it specifies the requirements and conducting it daily operations. The Buyer is the claimant of any benefits of providing LI compliant services. Modern economic theory shows that this is an efficient solution to moral hazard problem in this principal-agency setting.
To simplify ordering process, we provide extensibility and flexibility in our products to accommodate various LI needs. Specifically, we offer a wide range of functional components for the Buyer to pick and choose. Our warranty is expressed in terms of functionality and capability, not in terms of any LI requirement. Any special requirements shall be negotiated and can only take effect via a separate contract.
2) Customer Service Effort
We provide self-serving downloadable firmware upgrade and component patches with capabilities to meet general LI requirements. Again, limited warranty is specified in terms of capability. With this particular Buyer, we can add clauses that govern post sales services, including but not limited to, a training program for Buy’s engineers to learn how to configure and extend our products, a referral program that helps the Buyer find competent third party vendors of LI compliant components, and case by case consulting services to solve particular technical problems.
With this, I hope you have a successful negotiation and we win the business of the Buyer with minimal risk down the road. Please let me know if you have any questions.
You make several good points. I absolutely agree that the scope and duration of our compliance warranty should be limited, but I disagree as to the extent you recommend for two reasons: 1) there is a possibility that LI laws would hold our company responsible for some non-compliance and 2) from a business standpoint, disclaiming all liability and service for non-compliance would make our product less attractive to the buyer compared to that of potential competitors.
As a manufacturer of "telecommunications transmission equipment," there is a good chance CALEA could be read to pertain to our company, in which case we would be required to make available such "features or modifications necessary to permit" our customers to achieve compliance "on a reasonably timely basis and at a reasonable charge." (Section 1005(a) and 1005(b)). Since we couldn't therefore place the costs and burdens of compliance entirely on the buyer, I would recommend a solution that would be narrower than what the buyer proposes, but at least in accordance with CALEA.
Also, in the event we were able to disclaim all liability and service for non-compliance, the buyer would be more wary of taking on our product, as one of the main reasons it is purchasing equipment from us is in order to comply with LI laws. All it would take is another competitor assuming a bit of liability to make the buyer go elsewhere. I would probably again look to CALEA's requirements and add a provision for low-cost service and reasonable modification only for our products which were deemed non-compliant - this would edge out the competition while still keeping our liability narrow enough to handle.