IP Protection
Companies typically have two major categories of commercial IP to protect.
That which belongs to the company and that which belongs to others.
- Competition Sensitive - For items that are to be kept from partners or locations to
prevent their exposure to competitors. This category may also be a signal to Marketing
that the information, while shared widely with employees must not be shared publicly.
- Confidential - Information that is strictly for consumption by select employee personnel
– such as those within specific departments.
- Internal Only - Information that is to be exposed only to employees of the organization,
excluding partners and contractors.
- Copyright - Information that has been declared copyright by the company.
Government Security
It is understood that many government regulations prohibit the general
access to systems containing classified data and usually require totally disconnected IT
implementations – with an “air” gap. Nevertheless, the solution can represent government
security classifications and the security level credentials of users for those situations in
which some levels of government security are permitted in a system.
The basic principles are the same as for other Libraries, with the exception that there are
rarely exceptions. Generally, people must have the proper security level (and perhaps other
requirements) to see information in a particular government security category.
United States Security Classification
Original classification is the initial determination that information requires
protection. Only US Government officials to whom this authority has been delegated in
writing and who have been trained in classification requirements have the authority for
original classification. Original classification authorities issue security classification
guides that others use in making derivative classification decisions. Most government
employees and contractors make derivative classification decisions.
Derivative classification is the act of classifying a specific item of information or
material on the basis of an original classification decision already made by an authorized
original classification authority. The source of authority for derivative classification
ordinarily consists of a previously classified document or a classification guide issued
by an original classification authority. For example, defense contractors make derivative
classification decisions based on the Contract Security Classification Specification that
is issued with each classified contract. If a contractor develops an unsolicited proposal
or originates information not in the performance of a classified contract, the following
rules apply. If the information was previously identified as classified, it should be
classified derivatively. If the information was not previously classified, but the
contractor believes the information may be or should be classified, the contractor should
protect the information as though classified at the appropriate level and submit it to the
agency that has an interest for a classification determination. In such a case, the
material should be marked CLASSIFICATION DETERMINATION PENDING. Protect as though
classified (TOP SECRET or CONFIDENTIAL).
The full text of Executive Order 12958 is available at DSS website at
www.dss.mil/seclib/index.htm. Classification guidelines for defense contractors are in
Chapter 4 of the National Industrial Security Program Operating Manual. Full text of the
NISPOM is available on the Defense Security Service Internet site at
www.dss.mil/seclib/index.htm.
The application provides access filters enabling the program user’s Security
Classification Guide setup appropriate for Confidential, Secret, and Top Secret.
The application requires the appropriate connections on controlled data according to the
Security Classification Guide. The application should not allow unintentional mis-marking
of controlled data. The controlled data will always be marked at the highest
classification of the responsible parent data.
The application requires Distribution Statements and Destruction Notices according to the
appropriate Program/Contract for the context object.
National Industrial Security
The National Industrial Security Program is the responsibility of the Department of
Defense (DOD). The Department of State (DOS) and the DOD, through a 1961 Memorandum of
Understanding, agreed to have Defense Security Service (DSS) administer the NISP on behalf
of the DOS.
- Industrial Security - That portion of information security concerned with the
protection of classified information in the custody of US industry.
- Confidential - The classification level applied to information, the unauthorized
disclosure of which reasonable could be expected to cause damage to the national
security that the original classification authority is able to identify or describe.
- Secret - The classification level applied to information, the unauthorized
disclosure of which reasonably could be expected to cause serious damage to the
national security that the original classification authority is able to identify or
describe.
- Top Secret - The classification level applied to information, the unauthorized
disclosure of which reasonable could be expected to cause exceptionally grave damage
to the national security that the original classification authority is able to
identify or describe.
Data Rights
Data means recorded information, regardless of form or the media on which it may be
recorded. The term includes technical data and computer software. The term does not include
information incidental to contract administration, such as financial, administrative, cost or
pricing, or management information.
Unlimited Rights
Unlimited rights mean the rights of the Government to use, disclose, reproduce, prepare
derivative works, distribute copies to the public, and perform publicly and display
publicly, in any manner and for any purpose, and to have or permit others to do so.
Limited Rights
Limited rights means the rights of the Government in limited rights data as set forth in
a Limited Rights Notice.
Limited Rights Data
Limited rights data means data, other than computer software, that embodies trade secrets
or are commercial or financial and confidential or privileged, to the extent that such
data pertain to items, components, or processes developed at private expense, including
minor modifications. (Agencies may, however, adopt the following alternate definition:
Limited rights data means data (other than computer software) developed at private expense
that embodies trade secrets or are commercial or financial and confidential or privileged.
Restricted Rights
Restricted rights means the rights of the Government in restricted computer software as
set forth in a Restricted Rights Notice.
Restricted Computer Software
Restricted computer software means computer software developed at private expense and
that is a trade secret, is commercial or financial and confidential or privileged, or is
copyrighted computer software, including minor modifications of the computer software.
Commercial Computer Software
(a) When contracting other than from GSA's Multiple Award Schedule contracts for the
acquisition of commercial computer software, no specific contract clause prescribed in
this subpart need be used, but the contract shall specifically address the Government’s
rights to use, disclose, modify, distribute, and reproduce the software. Commercial
Computer Software License, may be used when there is any confusion as to whether the
Government’s needs are satisfied or whether a customary commercial license is consistent
with Federal law.
(b) If the contract incorporates, makes reference to, or uses a vendor’s standard
commercial lease, license, or purchase agreement, the contracting officer shall ensure
that the agreement is consistent with paragraph (a)(1) of this subsection. The contracting
officer should exercise caution in accepting a vendor’s terms and conditions, since they
may be directed to commercial sales and may not be appropriate for Government contracts.
Any inconsistencies in a vendor’s standard commercial agreement shall be addressed in the
contract and the contract terms shall take precedence over the vendor’s standard
commercial agreement.
Copyright
(a) Data first produced in the performance of a contract.
(1) Generally, the contractor must obtain permission of the contracting officer prior to
asserting rights in any copyrighted work containing data first produced in the performance
of a contract. However, contractors are normally authorized, without prior approval of the
contracting officer, to assert copyright in technical or scientific articles based on or
containing such data that is published in academic, technical or professional journals,
symposia proceedings and similar works.
(2) The contractor must make a written request for permission to assert its copyright in
works containing data first produced under the contract. In its request, the contractor
should identify the data involved or furnish copies of the data for which permission is
requested, as well as a statement as to the intended publication or dissemination media or
other purpose for which the permission is requested. Generally, a contracting officer
should grant the contractor’s request when copyright protection will enhance the
appropriate dissemination or use of the data unless the
- (i) Data consist of a report that represents the official views of the agency or
that the agency is required by statute to prepare.
- (ii) Data are intended primarily for internal use by the Government.
- (iii) Data are of the type that the agency itself distributes to the public under an
agency program.
- (iv) Government determines that limitation on distribution of the data is in the
national interest.
- (v) Government determines that the data should be disseminated without
restriction.
(3) Alternate IV of the clause at 52.227-14 provides a substitute paragraph (c)(1)
granting permission for contractors to assert copyright in any data first produced in the
performance of the contract without the need for any further requests. Except for
contracts for management or operation of Government facilities and contracts and
subcontracts in support of programs being conducted at those facilities or where
international agreements require otherwise, Alternate IV shall be used in all contracts
for basic or applied research to be performed solely by colleges and universities.
Alternate IV shall not be used in contracts with colleges and universities if a purpose of
the contract is for development of computer software for distribution to the public
(including use in solicitations) by or on behalf of the Government. In addition, Alternate
IV may be used in other contracts if an agency determines that it is not necessary for a
contractor to request further permission to assert copyright in data first produced in
performance of the contract. The contracting officer may exclude any data, or items or
categories of data, from the provisions of Alternate IV by expressly so providing in the
contract or by adding a paragraph (d)(4) to the clause, consistent with 27.404-4(b).
(4) Pursuant to paragraph (c)(1) of the clause at 52.227-14, the contractor grants the
Government a paid-up nonexclusive, irrevocable, worldwide license to reproduce, prepare
derivative works, distribute to the public, perform publicly and display publicly by or on
behalf of the Government, for all data (other than computer software) first produced in
the performance of a contract. For computer software, the scope of the Government license
includes all of the above rights except the right to distribute to the public. Agencies
may also obtain a license of different scope if the contracting officer determines, after
consulting with legal counsel, such a license will substantially enhance the dissemination
of any data first produced under the contract or if such a license is required to comply
with international agreements. If an agency obtains a different license, the contractor
shall clearly state the scope of that license in a conspicuous place on the medium on
which the data is recorded. For example, if the data is delivered as a report, the terms
of the license shall be stated on the cover, or first page, of the report.
(5) The clause requires the contractor to affix the applicable copyright notices of 17
U.S.C. 401 or 402, and acknowledgment of Government sponsorship, (including the contract
number) to data when it asserts copyright in data. Failure to do so could result in such
data being treated as unlimited rights data (see 27.404-5(b)).
(b) Data not first produced in the performance of a contract.
(1) Contractors shall not deliver any data that is not first produced under the contract
without either
- (i) Acquiring for or granting to the Government a copyright license for the
data
- (ii) Obtaining permission from the contracting officer to do otherwise.
(2) The copyright license the Government acquires for such data will normally be of the
same scope as discussed in paragraph (a)(4) of this subsection, and is set forth in
paragraph (c)(2) of the clause at 52.227-14. However, agencies may obtain a license of
different scope if the agency determines, after consultation with its legal counsel, that
such different license will not be inconsistent with the purpose of acquiring the data. If
a license of a different scope is acquired, it must be so stated in the contract and
clearly set forth in a conspicuous place on the data when delivered to the Government. If
the contractor delivers computer software not first produced under the contract, the
contractor shall grant the Government the license set forth in paragraph (g)(4) of
Alternate III if included in the clause at 52.227-14, or a license agreed to in a
collateral agreement made part of the contract.
Special Works
(a) Special Works, is for use in contracts (or may be made applicable to portions
thereof) that are primarily for the production or compilation of data (other than limited
rights data or restricted computer software) for the Governments own use, or when there is
a specific need to limit distribution and use of the data or to obtain indemnity for
liabilities that may arise out of the content, performance, or disclosure of the data.
(b) The contract may specify the purposes and conditions (including time limitations)
under which the data may be used, released, or reproduced other than for contract
performance. Contracts for the production of audiovisual works, sound recordings may
include limitations in connection with talent releases, music exceptions, and the like
that are consistent with the purposes for which the works are acquired.
(c) Paragraph (c)(1)(ii) of the clause, which enables the Government to obtain assignment
of copyright in any data first produced in the performance of the contract, may be deleted
if the contracting officer determines that such assignment is not needed to further the
objectives of the contract.
(d) Paragraph (e) of the clause, which requires the contractor to indemnify the
Government against any liability incurred as the result of any violation of trade secrets,
copyrights, right of privacy or publicity, or any libelous or other unlawful matter
arising out of or contained in any production or compilation of data that are subject to
the clause, may be deleted or limited in scope where the contracting officer determines
that, because of the nature of the particular data involved, such liability will not
arise.
(e) When the audiovisual or other special works are produced to accomplish a public
purpose other than acquisition for the Government’s own use (such as for production and
distribution to the public of the works by other than a Federal agency) agencies are
authorized to modify the clause for use in contracts, with rights in data provisions that
meet agency mission needs yet protect free speech and freedom of expression, as well as
the artistic license of the creator of the work.
Existing Works
Existing Works, is for use in contracts exclusively for the acquisition (without
modification) of existing works such as, motion pictures, television recordings, and other
audiovisual works; sound recordings; musical, dramatic, and literary works; pantomimes and
choreographic works; pictorial, graphic, and sculptural works; and works of a similar
nature. The contract may set forth limitations consistent with the purposes for which the
works covered by the contract are being acquired. Examples of these limitations are means
of exhibition or transmission, time, type of audience, and geographical location. However,
if the contract requires that works of the type indicated in this paragraph are to be
modified through editing, translation, or addition of subject matter (rather than
purchased in existing form).
The above information is referenced in part from Policy Statement 27.400 by the XXXXX
|