
Beware the IP non-assert clause in AWS cloud service agreement - kalu
http://www.iam-media.com/blog/Detail.aspx?g=16404f83-82a0-4a0f-bc79-38ba53ceaf2d
======
wtbob
I'm not a lawyer, but my take on the clause is simple: one can't sue Amazon
for IP related _to the service AWS is providing_. E.g., I couldn't use S3, but
then try to hit Amazon with a file-like key-value-store patent. I think I'd
still be free to hit Amazon with a web-based online-shopping patent though,
since I'm not buying _that_ service from them.

Edit: argh, I wish HN would accept underscores for italics.

~~~
the8472
What if your IP is the copyright on some open source software and amazon is
violating the licence? The clause would prevent you from enforcing the licence
if you find out through using AWS that they violate it.

~~~
antsar
Question for legal-minded readers: can this be worked around by having someone
else, a non-AWS-user, enforce the license/copyright on one's behalf? Or
perhaps simply terminating use of AWS and proceeding to _then_ enforce the
claim?

~~~
danlindley
"During and after the Term, you will not assert, _nor will you authorize,
assist, or encourage any third party_ to assert, against us ... any patent
infringement or other intellectual property infringement claim regarding any
Service Offerings you have used"

It would appear that you cannot have someone else enforce this on your behalf.

------
ritchiem
Seems the court decided Appistry Inc's patent was invalid. So we'll have to
wait for another test case to see how enforceable this is.
[https://docs.justia.com/cases/federal/district-
courts/washin...](https://docs.justia.com/cases/federal/district-
courts/washington/wawdce/2:2015cv00311/211327/213)

------
devnonymous
While the warning appears to be well intentioned and the paranoia
understandable to me, I didn't quite understand this bit:

    
    
      > Lastly, it’s well known that AWS utilises and hosts a wide range of open
      > source code which could include viral OSS licences that might further
      > extend the reach of the IP non-assert in unforeseen and unpredictable ways.
    

Could someone who understood explain this ? Is that last bit just FUD ? If it
is, then is the entire article FUD ?

~~~
acdha
The entire article is FUD – the license is rather clear in indicating that as
a condition of using AWS you promise not to bring IP lawsuits against Amazon,
the duration bit is only too long if you don't read that clause all the way to
the end, etc.

This is easily explained by the attribution:

“Bart Eppenauer, former chief patent counsel at Microsoft and now managing
partner of law firm Shook Hardy & Bacon’s Seattle office”

A quick search leads to [http://www.shb.com/news/2013/11/shook-to-open-
seattle-office...](http://www.shb.com/news/2013/11/shook-to-open-seattle-
office-with-former-microsof) which suggests that their Seattle office was
founded to expand their IP practice:

“Eppenauer has served as chief patent counsel at Microsoft Corp. in Redmond,
Wash., since 2003. In that role, he led the Patent Group in the Legal and
Corporate Affairs Department, where he developed Microsoft’s patent portfolio
of over 35,000 issued patents worldwide and managed a team of more than 100
patent professionals offering patent counseling and product development
support across all of Microsoft’s business and research divisions. With
extensive experience in complex, multilateral IP transactions and license
agreements, Eppenauer has also worked closely with government and judicial
officials, academics, and industry leaders worldwide on IP policy issues, in
addition to participating in the recent passage of major U.S. patent reform
legislation.”

So we have an attorney leaving a company with a track record of aggressive IP
enforcement to open an IP-focused office for a law firm which does things like
send people to chair conferences on monetizing IP ([http://cf-
conferences.com/conferences/ip-strategy-seattle-20...](http://cf-
conferences.com/conferences/ip-strategy-seattle-2015/overview)) telling
businesses that he's deeply concerned about their ability to hire people like
them to bring expensive IP lawsuits.

~~~
DannyBee
"The entire article is FUD – the license is rather clear in indicating that as
a condition of using AWS you promise not to bring IP lawsuits against Amazon,
the duration bit is only too long if you don't read that clause all the way to
the end, etc."

It really isn't FUD, actually, despite the attribution.

First, You promise not to bring IP lawsuits against Amazon or it's customers,
actually. Second, in fact, yes, if Amazon uses your open source (in some way
that is a violation of the license), and you use AWS, you can't sue them.

Which is what the parent asked, and in fact, the clause specifically
prohibits.

(Whether I like these clauses or not is another matter).

~~~
acdha
The reason I disagree with your interpretation is due to the end of the
sentence: “regarding any Service Offerings you have used”. The agreement
currently has these definitions:

    
    
        “Service Offerings” means the Services (including associated APIs), the AWS Content, the AWS Marks, the AWS Site, and any other product or service provided by us under this Agreement. Service Offerings do not include Third Party Content.
    
        “Service” means each of the web services made available by us or our affiliates, including those web services described in the Service Terms.
    

I'm definitely not a fan of the broad wording which Amazon uses but I would
find it hard to believe that any company large enough to consider bringing a
legitimate IP suit against Amazon would have trouble finding a lawyer who can
come up with an argument that e.g. the open-source project which they're suing
over is not part of the web services Amazon's agreement covers but rather just
a component which Amazon chose, along with many other people, to use to build
that service.

~~~
DannyBee
You can make this argument, for sure. You will almost certainly lose ;) I've
seen cases where wording similar to this has been used. It was found to cover
the pieces that provide the services, exactly because it is worthless as a
protection otherwise. (If I can get an injunction against you stopping you
from running a critical piece of your service , you won't be able to provide
the service)

~~~
acdha
A lot of this would depend on the exact nature of the dispute. If this
hypothetical open-source project was, say, an XML parser it'd be hard to claim
that it was integral to AWS rather than an interchangeable component any more
than, say, Intel hosting a microsite on S3 would give Amazon the rights to all
of their processor IP. On the other hand, an AWS deployment tool or compute
optimizer developed in a private beta that'd be a much harder case since
Amazon could quite reasonably argue a privileged business relationship.

Right now we have one case which hasn't been settled and which apparently did
involve a business partner. I think we'd need n > 1 or at least a final ruling
before making the kind of sweeping claims presented originally.

------
leereeves
"you will not assert...against us or any of our... _customers_ "

Is that Amazon customers or just AWS customers? Either way, that's a lot of
people.

~~~
jessaustin
IANAL... I wonder if random AMZ customers could use this clause in a case
without AMZ's cooperation?

~~~
mmastrac
It looks like the intent is to protect AMZN's customers from IP lawsuits
related to their use of the service offerings.

So if you were sued for using VMs or S3 storage by a third-party who had used
AWS, you could invoke that clause.

~~~
jessaustin
That's the intent, but is the language specific enough to limit its
application to that?

------
josephagoss

      > It’s likely that thousands of Amazon customers don’t
      > realise they are giving away their valuable intellectual
      > property rights just for the privilege of using AWS; but
      > realise they should.
    

Does this mean that AWS is allowed to use the IP of any customer hosting their
system on AWS?

I've built an application on AWS but would not have if this meant handing over
all my IP to Amazon.

I must be misunderstanding the issue as I doubt any company or person would
use AWS if it meant giving up their entire IP.

Can someone please explain what I am missing here?

~~~
ubernostrum
What you're missing is that this is a FUD article.

AWS' terms basically come down to "if you use AWS, you lose the right to
patent-troll AWS". The article is trying to spin it as "OH NOES NOW YOU GET
TEH VIRAL FROM THE EEEEEEEEEEVIL GPL", though I have no idea on what theory
they would base a claim that agreeing not to assert against Amazon and its
contractors/vendors would somehow constitute GPL'ing your own code.

~~~
balls187
The part I'd like more clairification on, is the claim that by using AWS you
cannot assert IP claims against any AWS _customer_.

That seems exceedingly broad.

As to the FUD:

Conflict of interest. Former Patent Chief at MSFT putting an article out on
Legal Issues for the #1 Cloud Provider, and MSFT Competitor, Amazon.

Wonder how much MSFT stock the Author is holding?

~~~
Guvante
It is specific to AWS services. It protects you from going after ABC company
who is using an AWS service (that you also use) that infringes on your IP.

In other words if Amazon stole something and you use it, you can't go after
another client of Amazon's for using that service.

If however they also infringed on you, you could, as you aren't going after
them for using the service.

(Note that IANAL so my understanding my be incorrect)

------
vacri
So, a bit more information here: [http://www.geekwire.com/2015/amazon-fights-
patent-suit-using...](http://www.geekwire.com/2015/amazon-fights-patent-suit-
using-little-noticed-clause-in-standard-aws-customer-agreement/)

An interesting point is that Appistry continued to use AWS services after
learning about the clause. This led the Missouri judge to allow transfer of
the case to Seattle (AWS hometown), basically doing a "you can't have your
cake and eat it, too".

------
bryanrasmussen
"First is the duration – the provision seems to apply even after a customer
stops using AWS. " from what I remember in U.S contract law a permanent
contracts are frowned on if they don't give some sort of way of terminating
the contract?

~~~
iolothebard
Agreed, but it doesn't mean you don't have to end up fighting with Amazon in
court.

------
thoman23

      > I can safely say that I have never seen such a broad IP non-assert provision in a standard form contract.  
    

What about Facebook's React license?

[https://github.com/facebook/react/blob/master/PATENTS](https://github.com/facebook/react/blob/master/PATENTS)

[https://news.ycombinator.com/item?id=8985541](https://news.ycombinator.com/item?id=8985541)

[https://news.ycombinator.com/item?id=9111849](https://news.ycombinator.com/item?id=9111849)

~~~
vetrom
I believe 'standard form contract' was carefully chosen to qualify his
statement, so it could sound general, but be exactingly specific.

On that note, is there such a thing as a standard contract for web-based
service agreements?

------
Lawtonfogle
The simple fix is to make the right to patent infringement assertions one that
you cannot sign away so that any contract that includes it is void (at least
for that section). Which makes me think it won't ever happen.

------
sirwitti
I don't know about the US, but in Europe it's quite possible that these
clauses would be ruled invalid.

~~~
pascalmemories
Even if you ware a lawyer (you don't specify but give what is essentially an,
entirely reasonable, opinion on a point of law), that would normally be
decided upon during the course of litigation. So, anyone would still be faced
with substantial legal costs, even if the ruling was that one particular term
was unenforceable.

There is a big difference between how the law works in theory and how it works
in practice. Especially is one side is Amazon and has, to all intents and
purposes, unlimited cash to drag out expensive litigation. Many large
companies win like this in practice when, in theory, they have no merit to
their case.

~~~
bryanrasmussen
In most of the EU the loser in a case is instructed to pay the court costs of
the winner.

~~~
antsar
What about the indirect costs of being involved in such litigation? For
example, missed deals/profit due to one's reduced capacity to work while
entangled in a legal mess.

------
nickpsecurity
Why do they call it the cloud? Because your exclusive I.P. just up and floats
away one day.

Stay out of the cloud. Invest in cost-efficient IT. Avoid so many issues. I
predicted this specific one years back. I'm surprised I haven't heard more of
it among cloud vendors.

~~~
balls187
Let's play a game.

How long will it take you to get:

3 webservers 2 databases

Across 2 data centers.

Starting with nothing but a credit card, (and an email address).

~~~
ceejayoz
You could probably have it up on Hetzner or OVH in a couple hours. Lots of
dedicated server hosts with more than one DC, and many give you your server in
an hour or two.

~~~
balls187
For colo, or dedicated/managed hardware?

~~~
ceejayoz
I'm going off the goalposts in your original question.

~~~
balls187
Outside of performance, how are hosted dedicated servers different than hosted
VPS?

Are you trading one cloud provider's feature set for another?

You still outsourcing via PaaS, and not actually investing in IT.

~~~
nickpsecurity
Physical isolation, control of whole environment, and more
security/reliability/predictability when these are leveraged properly. You
also have less legal risk if the FBI decides to kick in that colo's doors as
they have in the past and seize shared servers just because one client was on
it. I doubt the quantitative risk of this is high but I like risks not
existing where possible.

And you're never investing in IT if you are doing IaaS or PaaS: you're just
paying a third party for a temporary good. Colocation is investing in IT
because you own the equipment and what's in it. The other parts are their
problem with them having a financial incentive (eg competitiveness) to improve
them over time.

Cloud can shut down _tomorrow_ and what do you get out of that? If it's my PC
with my data, I can get it back from them somehow and people trying to stop
that might face criminal charges. A VPS service shutting down means my system
probably ceases to exist unless they have specific provisions for the
situation that work during bankruptcy. You might know of them since you
clearly study the cloud offerings more. I don't so I stay in a low-risk
situation.

~~~
balls187
So you don't want to use AWS because the risk Amazon will shut it down
tomorrow?

~~~
nickpsecurity
I like how you ignored the most important stuff (first sentence) and a
peripheral risk with precedent (second sentence) to focus on the lowest
concern I had. Plus, that concern applies to more than Amazon: many vendors
out there. Nice troll tactic, though.

~~~
balls187
You raised the point. I just called attention to it.

Also, ad hominem.

~~~
nickpsecurity
To just that. What of the main points of dedicated vs VPS?

Physical separation from other users defeats virtualization attack surface and
many, covert channels immediately. Control down to hardware layer lets you do
neat improvements to performance (eg custom drivers), maintenance (eg
transactional kernels), and security (eg CheriBSD on FPGA-based CHERI
processor). I also pointed out you can get more predictable with the
implication of using a RTOS or other deterministic software + hardware combos.
Heck, might even send in AS/400's, NonStop's, and/or OpenVMS clusters on cheap
Alpha/Itanium servers to get uptime you haven't seen in cloud world: 17+ years
for one OpenVMS cluster.

Those are the strongest points that cloud can't touch at all so far. The
cloud-style research on making something comparable with strong correctness
arguments is in infancy and almost all academic R&D. Which implies things
about what they're using now... Of course, the outages and papers at DEFCON
etc already told us that, didn't they?

------
mcherm
Wow... that's interesting.

I'll summarize my take. First of all, take the article with a grain of salt.
Possible issues brought up by Bart Eppenauer are being raised by the former
chief counsel of Microsoft, a direct competitor to AWS (Azure). And the linked
article has a somewhat alarmist phrasing.

That being said, there appears to be something real here. This contract is one
that applies to thousands of businesses -- cloud computing is taking both
small business and big business by storm, and AWS has the majority of the
business in this area. The clause itself reads like this (retrieved today from
[http://aws.amazon.com/agreement/](http://aws.amazon.com/agreement/) ):

    
    
      During and after the Term, you will not assert, nor will
      you authorize, assist, or encourage any third party to
      assert, against us or any of our affiliates, customers,
      vendors, business partners, or licensors, any patent
      infringement or other intellectual property infringement
      claim regarding any Service Offerings you have used.
    

Now, I am not a lawyer, so my interpretation could be wrong; even if I WERE a
lawyer I would be saying that nothing was certain at least until a court had
ruled on a case that depended on this clause. But it appears that this clause
is very broad in time (from now onwards), in scope (covers patents as well as
"all IP") and in targets (against Amazon OR most anyone else like their
customers or business partners). The clause is restricted ONLY by the
statement that it applies to a claim about "Service Offerings you have used".

Now, my impression would be that this means you can't sue Amazon (or their
partners/customers/etc) over IP violations _BY THE AWS PRODUCT ITSELF_. In
other word, if you use AWS you can't then later sue Amazon or their customers
saying that AWS itself violates your patent on using a computer remotely (or
whatever ridiculous patent you may hold). With this interpretation it is an
extremely reasonable provision and should not concern any company involved in
normal business.

Furthermore, the one case where Amazon has asserted this clause (against
Appistry)[1] fit this model. Appistry sued Amazon saying that Amazon violated
its patent; Amazon countered that Appistry was using AWS and with this clause
had agreed not to sue. That case is still underway.

So my evaluation is that this is _probably_ an OK clause. But it certainly
skirts the line and you ought to have your lawyer look it over. After that,
you will probably ignore what your lawyer says and sign it anyway because
Amazon is the giant of cloud computing and you don't have a whole lot of
choice.

[1] - [http://www.geekwire.com/2015/amazon-fights-patent-suit-
using...](http://www.geekwire.com/2015/amazon-fights-patent-suit-using-little-
noticed-clause-in-standard-aws-customer-agreement/)

~~~
DannyBee
"Now, my impression would be that this means you can't sue Amazon (or their
partners/customers/etc) over IP violations BY THE AWS PRODUCT ITSELF. In other
word, if you use AWS you can't then later sue Amazon or their customers saying
that AWS itself violates your patent on using a computer remotely (or whatever
ridiculous patent you may hold). With this interpretation it is an extremely
reasonable provision and should not concern any company involved in normal
business."

The amount of bad armchair lawyering here is saddening :)

Why do people need to go on impressions?

The agreement "govern(s) your access to and use of the Service Offerings (as
defined below)". Hey, looks like they define Service Offerings, below.

So rather than guess or have an impression as to what it means, why don't we
look at the definition of service offerings, a _defined term in the contract_.

    
    
      “Service Offerings” means the Services (including associated APIs),
      the AWS Content, the AWS Marks, the AWS Site, and any other product
      or service provided by us under this Agreement.
      Service Offerings do not include Third Party Content.
    
      “Service” means each of the web services made available by us
       or our affiliates, including those web services described in the Service Terms.
    

So there you go, no need to guess or have an impression of what it covers.
_That is what it covers when it means service offerings_.

As for it's okayness -- i'm actually generally in favor of these kinds of
clauses. However, this one is a bit too broad. I hope you aren't an open
source project who uses AWS, and who AWS uses to provide services in some
fashion. Because if you are, congrats, Amazon can do what they want with your
software and you can't stop them (ie violate the GPL, whatever).

------
tempodox
What on earth does it even mean?

