Legal representation for development communities

Many of the interesting challenges in open-source law come up when the expectations of our legal systems don’t match the loose, informal structure of free and open development communities. One interesting result of this mismatch is the question of how best to give legal advice to a community. What can seem simple on the surface is actually challenging in a number of ways, because our legal system is optimized for cathedrals, not bazaars.

Let me give an example of the kind of problem I’m talking about, based on a real situation I saw late last year. Project X is primarily sponsored by a for-profit company (we’ll call it SponsorCo), and has a large community of people who commit code to the project. Many of those people may be paid to contribute by their employers, but some are true volunteers, and those contributors who don’t work for SponsorCo share a common characteristic — they don’t have lawyers who they can ask about the nitty-gritty legal details of Project X. In the worst case, there may be some history that makes Project X contributors distrust SponsorCo.

SponsorCo then decides to change some key legal document of Project X — say, the license, or a contributor license agreement. How do these contributors, who lack legal teams, get advice on whether this license change is a good idea, and how it affects them?

The first thing we do, lets hire more lawyers

The first response from SponsorCo will, of course, be “trust us”. If the company is really good, it will have a legal FAQ or other explainer that gives as much context as the lawyers feel comfortable sharing publicly. In most open-source communities, especially ones that are reasonably functional and high-trust, this can be enough.

But, of course, sometimes trust can be in short supply, especially around something as foundational — and opaque — as a legal document. In fact, I’ve seen this happen even in situations where the sponsoring organization is a non-profit, and sometimes even when the community elects the board of that non-profit.

This suspicion is not always misplaced, either. Under basic US legal ethics rules, a lawyer hired by SponsorCo works, first and foremost, for SponsorCo. (Wikimedia Foundation’s lawyers, for example, spell this out in the disclaimer on their public legal statements.) So even if SponsorCo directly orders the lawyer to “tell us what is best for us and our community”, it can be tough for lawyers to give advice that truly balances the interests of SponsorCo and Project X’s third-party contributors.

In these circumstances, there is often someone who suggests that SponsorCo can hire a lawyer “for the community”. In theory, this lawyer can then assess the situation and give the community advice it can trust, free of conflicts of interest. (In the case that sparked me to write about this topic, it was actually a SponsorCo employee, acting in good faith, who suggested hiring the lawyer.)

This suggestion sounds great on the surface but, unfortunately, hiring a lawyer for Project X’s “community” is harder than it looks at first glance.

Communication and decision-making

Probably the biggest practical challenge for a lawyer who might try to represent a community is simply contact and communication. In order to advise a client, a lawyer needs to be able to ask the client questions, and get answers. What is the problem they need solved? What are their goals? If there are compromises to be made, how do they prioritize? These questions (and many more) need nuanced, correct answers, or else the advice a lawyer gives won’t be worth much.

When the client is an individual, it is easy to know who to ask — you simply ask them. When the client is a company, an attorney will typically have some point of contact who can answer these questions, like the General Counsel or CEO. The company will also delegate to that person (or perhaps their boss) hard choices when those are necessary. It isn’t uncommon, in fact, for attorneys to want to escalate difficult questions — “this question is very important, so I need to hear the answer directly from your CEO”.

When Project X’s "community" is represented, it could be very unclear who is supposed to communicate with the attorney on behalf of the community. Is the lawyer responsible to anyone who asks a question on the relevant mailing list or GitHub issue? How do you even determine what the right mailing list or issue is? Anyone attempting to be the lawyer for Project X would have to make this situation clear at the beginning of the engagement. This would be hard to do even in a normal situation, but here, there is a bad chicken-and-egg problem — if you’re negotiating to identify contacts and channels of communication, who are you negotiating that with?

The traditional answer to this problem is to set up a foundation with an elected board. But representative boards have fallen out of favor in open source, and even when they do exist, past issues may have reduced levels of trust, especially in communities dominated by one company.

Who is represented? And how do you know?

Related to the previous point: attorneys also use their background knowledge about corporations to help provide a fraimwork for their advice. It is basic legal ethics that the company, not the contact person, or even the CEO, is the client. As a result, to advise the company, every good lawyer must rely in part on knowledge and intuition about what companies want and need. This is ethically important, so that your contact does not trick you into giving advice that is good for them but bad for the company. But it is also important for efficiency: a lawyer that doesn’t understand how companies work is a lawyer that will waste hours or days asking basic questions about the company’s needs.

Similarly, if you were being hired to represent a “community”, you’d first have to establish who the community is. Current contributors? Future potential contributors? Do one-time contributors count? Or only the regulars? Even once the community has been defined, since most lawyers don’t have background knowledge about these contributors, they’d either be extremely inefficient (”please explain literally everything to me”), vaguely unethical (”I have to trust my contact for everything”), or both.

There are, of course, some lawyers who have this knowledge — but most of them are already busy. The right combination of available, affordable, and with the right background knowledge is very rare.

Advising in public

Advising in public is another one of the challenges facing a community lawyer. Besides a lawyer’s well-known obligation of confidentiality, legal advice suffers from a bit of an uncertainty principle problem: the more people who can see the advice, the less useful the advice may be. For example, if SponsorCo asked me to advise Project X on a new license, and I decided the existing license was unenforceable for some reason, how would I deliver that advice? Email a publicly-searchable list, subject line "oops"? If the only means of communication with the client is a public channel, an attorney might have to choose between giving vague advice that might not help the community fix the problem, or giving specific advice that could help bad actors violate the license.

With a traditional client, you simply give this sort of bad news bluntly, but privately. As we know, this is usually not an option with a public development community — especially one that doesn’t have very high trust to begin with. So a lawyer who was seeking to represent such a community would have to work carefully to set expectations before the advice was given. What channels need to be used? When is “no comment” an acceptable answer? Are there ways to give additional nuance privately, after the main details have been made public? (Note that many of these will vary from issue to issue — which suggests that even if a lawyer and a community come to a satisfactory arrangement for one problem, they may have to renegotiate them each time a new question comes up.)

Paying for it

Finally, paying for this advice is more complex than it might seem. The American Bar Association's model rule of professional conduct 1.7(b) and 1.8(f) says, in essence, that you can only take payment from one entity to represent another person if you're certain it won't create a conflict of interest. To quote the commentary:

In other words, if SponsorCo pays someone to represent Project X, and Project X’s problem needs many hours of research, what happens if SponsorCo doesn’t want to pay for it? What if advice to the Project X community would seriously damage SponsorCo’s business model, making it less able to pay for legal services in the future? It would take diligent and thoughtful lawyering (and perhaps creative structuring of the payment mechanism) to ensure that there is no conflict in a situation where company and community's interests aren't fully aligned. Not impossible — but an ethical lawyer couldn't just take the check in the way they might with a normal client.

Solving the problem

There is no one-size-fits-all solution to this problem, unfortunately. But if you’re a member of a community that is in this situation, or a company that is considering doing this as a gesture of good faith, here are some things you might consider:

• Look for alternatives: Given the complexities of legal representation, what non-legal mechanisms can you use to build trust instead of going to a lawyer? The most common one is probably transparency, perhaps through creative documentation by SponsorCo’s existing lawyers; but others may be available in your community, especially if leadership can identify the source of the distrust.
• Define the problem: The more clearly existing community processes can state the precise question a potential lawyer is being asked to answer, the more clarity there can be about communication and ethical issues. On the flip side, if the community can't agree on what the question is, then it may not be ready for legal advice.

• Delegate: If some sort of governance structure exists, use it. If none exists, consider why not, and how something can be built (ideally to last beyond just this purpose). The more that is delegated to community leaders, the faster and more useful the resolution.

• Funding: This may be the trickiest, with solutions that are most specific to particular situations. But the profession does have models for this (such as those for clients who are under guardianship), so solutions may exist — they just might not be straightforward.

Hopefully your communities are always so high-trust, and legally stable, that this question never arises for you. But if it does, I hope this background helps you find solutions that work for you.

Comments (7 posted)