Since yesterday I have been thinking about NDAs. Yesterday I wrote the entry below about Monad and Pooja wrote hers, and I have been thinking.

The reason is this – MVPs before being awarded the title have to sign an NDA that says that certain information that Microsoft may reveal to them may not be publicly disclosed. The NDA is one in good spirit where employee of Microsoft who are part of product teams and doing such other core work may freely interact with MVPs about future products and ideas that are still being tested and such. A lot of MVPs actually give direct feed back to the product teams which reflect on the products that you see tomorrow.

The MVP program by its very nature is an award program and the winner of the title doesn’t directly commit anything to Microsoft. So a lot of the feed back from MVPs is neutral and critical in a very constructive sort of way, because MVPs really love their technology.

The problem with the NDA is simply that of late most MVPs (at least in the India circuit) don’t have a clear way of saying what is under NDA. We actually get to hear SO much about so many things happening that we are really not sure. So breaches of the NDA do happen simply one did not know that an item is under the NDA.

One thing that we were told of is that when in doubt – check with your MVP lead. That happens, but sometimes that is not very feasible. Sometimes you don’t even think of checking about something. Which is when another ‘rule of thumb’ was proposed at the India advocates day, 2004. At IAD it seemed ‘common-sense’ that what ever we can find on the web already is simply not under NDA – if we know something and it is not on the web yet (duh?) then it is under NDA.

This makes things a little tricky. Like when writing about Monad, I realize that a lot of information is actually available on the web – admittedly in bits and pieces, but still there. Now that I have access to the stuff as part of the beta program, can I write about it or not? We had a discussion last night with the India MVP lead and the ex India MVP lead and some of the Bangalore MVPs and to my surprise I was hearing that none of the stuff from the beta place could actually be disclosed. Also the above ‘rule of thumb’ stands corrected to ‘anything found on the Microsoft site is not under NDA’. !

Now that has some obvious contradictions – how for example do I know that I am talking about confidential information when the information is publicly available in some form? If there is a document that marks it as confidential but I do not have access to the document, does that make me in violation of the NDA? If I do have access to the confidential document, then what happens to conclusions I can draw from public information that is not explicitly stated elsewhere (though deducible) but is present in the document?

Some of this got me thinking today morning at the hacker Knight Lightning’s trial a decade back. Knight Lightning was brought to trial by the US secret service for stealing a confidential AT&T technical document that was estimated at 70k dollars or more (forgive my fading memory). The document was the centre of the debate there and in some sense was treated by the prosecution as being too sensitive to show even during the trial. The then newly formed Electronic Frontier Foundation under John Perry Barlow and Mitch Kapor came to Knight Lightning’s aid in the defense. It turned out that the document hardly discussed technical details of a sensitive nature. The cost of the document was a grossly over exaggerated figure, piled up as sheer administrative over head costs (things like the cost of the computer system used to typeset the document were added as the cost of the document). And as a final blow to the case it turned out that AT&T was actually selling documents of a similar but more technically detailed nature for hobbyists and enthusiasts to use (for about 13 dollars?) – which neither the prosecutors nor Knight Lightning knew about.

The issue about information being confidential while still being available in some form publicly is a very tricky one.

My own first exposure to the term ‘NDA’ was when I heard the recording of a speech by Richard M Stallman (founder of the Free Software Foundation) at Slovenia. RMS was talking about how an NDA imposed by Xerox for the printer driver software hurt the guys at MIT who were trying to fix a faulty laser printer that kept getting jammed. Stallman’s message was that NDAs “do have victims”. He did make several valid points and after listening to RMS several times I was sensitized to the issue of NDAs. So admittedly when I signed my first NDA with the company where I work, I did so after reading the document over several times and did it with shaky hands.

The issue about writing about Moand itself is a simple one – I had dropped a mail to the one of the contacts on the Monad team and I got prompt response. A few clarifications are left, but it seems to me that everything is in good faith now. In the case of Monad itself it is not an issue, especially when most of the folk at MS are so approachable and prompt when it comes to an relevant issue. The MVP crowd and the people around the MVP program are also were receptive and quick to respond about any queries.

However the general issue about NDAs itself is a relevant and could because serious issues really quickly, if communication between parties is not as transparent as in cases like mine.

Add to that I heard this rather recently – you cant reveal that you are under NDA? What? There is a lot I don’t understand. The thing about systems programming is that opinions are fact clearly distinguish each other – at least they are only a compilation away. Matters like this….