View Thread > Cyberlaw and the Global Economy 2003 > Lawful Intercept Drafting Exercise > Memo on LI Agreement
You are an associate in-house counsel for an IP-based network equipment manufacturer ("Vendor") that is exploring the introduction of lawful intercept technologies as part of its offerings to its customers. The counsel to a prospective large customer ("Buyer") has asked your company, Vendor, to agree to the following language as part of a master purchase agreement. The deal is very important to your CEO. If your company is able to close this deal successfully and quickly, the CEO will be able to announce the deal to analysts at a critical moment for the company in terms of securing a very favorable financing arrangement from some large banks. Buyer is a global company, headquartered in New York, as is your company. The governing law of the contract is New York.
"Vendor warrants, represents and guarantees that all of the products it sells to Buyer under this Purchase Agreement shall be compliant with any and all applicable lawful intercept laws whether in existence now or in the future. To the extent Vendor breaches this section, and any of its products are found to be non-compliant with a lawful intercept law, Vendor shall immediately cause the relevant product to conform to those laws. In addition, Vendor shall indemnify, defend and hold harmless Buyer for all fines, penalties, damages, or claims sustained by Buyer arising out of Vendor's non-compliance with the terms of this section. Vendor shall dispatch an on-site technician to any of Buyer's sites which are unable to meet the technical requirements contained in an interception order issued by an authorized government agency or regulatory agency or regulatory body and shall use best efforts to fix the problem, including repairing or replacing the defective products."
Please draft a memo to your company's Executive Vice President and General Counsel as to how your company should respond to this proposed contractual language. (Make reference, as needed, to the readings for this week's class 4.2. If you can't find a fact that you need to rely upon in the readings, please make it up and state your stipulation(s) in the text of the memo). As usual, the GC needs your memo pronto, so you only have a few days to come up with this memo to her (she's generously given you the weekend, but she needs the memo on Monday by 5:00 p.m.). If you miss the deadline, or you'll foul up the negotiations. She's a busy woman, so please stay within the prescribed word limit (250 - 1000 words).
Dear Executive Vice-President/General Counsel:
With financing negotiations on the horizon, Vendor may find itself in the position to announce two exciting, related developments. First, Vendor’s introduction of a lawful intercept (LI) product line awaits final corporate approval. Second, to jumpstart this new product offering, Vendor could very well secure a deal to fully furnish Buyer with network equipment from the LI line.
Buyer, a global firm, sells eSuite, a downloadable Internet communications suite that includes email, instant messaging, Voice over Internet Protocol and video web conferencing. While very interested in using Vendor to manufacture the hardware for the latest version of eSuite, Buyer also wants us to guarantee that all of the products we sell in the transaction will comply with current and future LI laws. Additionally, Buyer requests that Vendor conform any products that are found to be non-compliant with an LI law and that Vendor “indemnify, defend and hold harmless Buyer for all fines, penalties, damages, or claims sustained by Buyer arising out of Vendor's non-compliance. Vendor shall dispatch an on-site technician to any of Buyer's sites which are unable to meet the technical requirements contained in an interception order issued by an authorized government agency or regulatory agency or regulatory body and shall use best efforts to fix the problem, including repairing or replacing the defective products."
Evaluation of the contractual terms requires an analysis of the legal, technical and social landscapes surrounding LI. To begin with, the LI legal regime effectively guides the technical and social features. Within the U.S., the Electronic Communications Privacy Act (ECPA) governs the obligations placed on purveyors of “information services” and the Communications Assistance for Law Enforcement Act (CALEA) regulates “telecommunication carriers” for the interception of both content and addressing information. The ECPA regulates the interception of Internet services, such as high speed internet access, email and web hosting services, which must:
“furnish the application forthwith all information, facilities and technical assistance necessary to accomplish the interception unobtrusively and with a minimum of interference with the services that such service provider . . . is according the person whose communications are to be intercepted.” 18 U.S.C. 2518(4).
As information services often offered by Internet service providers, eSuite’s communication components must apparently comply with the vague standards of the ECPA. Moreover, the ECPA lacks a detailed reimbursement scheme for the additional costs associated with compliance.
While the ECPA appears to have regulatory control over eSuite’s services, some analysts maintain that VoIP falls under CALEA, which specifies “rigorous, costly and specific intercept obligations” on “telecommunications carriers,” or providers of communication services traditionally provided by telephone companies. These obligations include the ability to isolate, and deliver separately, various components of a communication, as well as the capability to handle a set of simultaneous orders. Additionally, the telecommunications carrier must meet the CALEA requirements by an affirmative act instead of intercepting communications continuously. CALEA also places capability obligations on the equipment manufacturers. Still, the standards for compliance remain vague, even though CALEA supports industry and governmental cooperation in the development of specifications. If adopted, these standards would afford telecommunications carriers safe harbor protections. Otherwise, courts may impose civil penalties up to $10,000 per day on both carriers and manufacturers, as well as order manufacturing modifications.
As global companies, Buyer and Vendor must also comply with foreign laws, further complicating the deal. Rather than stipulating specific standards, the Council of Europe Convention on Cybercrime (which includes the U.S.) establishes mutual assistance among countries to help them enforce their own laws. In addition, neither national nor international standards setting bodies have formulated a uniform architecture for LI compliance.
Buyer’s proposed agreement will sandwich Vendor between the public laws of governmental agencies and the private agreements among corporate entities. For example, the agreement would place Vendor at the risk of not complying to an LI law that otherwise affects only service providers. The LI laws, in turn, place significant pressure on Vendor to meet a diversity of technical requirements across many forums that adopt vague directives.
The LI laws also affect the social landscape that often defines such statutes as overbroad, unnecessary and infringing on privacy rights. These views could impact the public perception, or the brand of Vendor, if the new LI product line and the agreement materialize.
Still, if Vendor can comply with the technical requirements of the agreement, I would recommend further negotiations. Specifically, Vendor should remove promises to comply with future LI laws, yet agree to the other provisions. Doing so would establish Vendor as a serious player in the LI field and would attract additional business from ISPs. Moreover, Vendor would need to comply with the LI laws in any case to continue doing business in the IP product market.
From a marketing standpoint, Vendor can publicize their products as balancing the needs of companies and requirements of government. As the middleman, then, Vendor eliminates the image of overbroad activities by governmental systems, such as carnivore.
Further, just as the laws of one nation may influence the laws of other nations, an agreement with one company may influence future corporate agreements, whereby manufacturers guarantee compliance. This may drive incentives to establish standards, with Vendor as an active participant.
1. I agree that Vendor's position is difficult because of the variety of regimes in different countries. The provision of the contract shifts this burden towards the seller.
2. In addition to this point, I would say that if it is possible to evaluate roughly the cost of present and future compliance (in a given period, say 2 years) then it's OK for the seller to sign the contract as it is, but ask for a higher price. If it is not possible to calculate the cost now, the vendor can still guarantee compliance but ask for addtional consideration everytime there is something new to be done. Thus, this provision should be combined with a procedure for figuring out the price; like a joint committee of seller's and buyer's representatives. It is also important to determine the timeframe for this procedure (like a notification requirement etc.).
3. Without exhausting the above options (they might not work for various resons) I would not strike the part about the future laws. My prediction is that the laws are going to get harder anyway (b/c of global political situation) so there is a market for such monitor-and-comply services.
4. Apart from that, it is important (as JJ wrote) to protect the interest of the Seller, should buyer be held responsible for non-compliance. That's the issue of the buyer acting with due care in settlements and other transactions with third parties, b/c under this contract they have influence on the interest of the seller.