On February 10, 2010 the Linux Foundation and the Open Source Initiative will host a Strategic Planning Session for lawyers active in support of adoption of free and open source software. As we begin a new year and a new decade, we invite you to join us to consider what legal issues we anticipate may arise and what foundations we might be able to lay to support continued unimpeded development and deployment of free and open source software.
The purpose of the meeting is to collectively look forward and to consider new issues, new venues, and new technologies.
What do you foresee as the challenges that the community will face in 2010 and beyond?
The session will include panel discussions and updates, but the entire day will be more of a conversation than a lecture. We want you to come prepared to participate! Some of the topics that have been suggested already include: education of the community on patent matters; the Risk Grid and the Linking Project underway at FSFE; lessons learned from the license proliferation discussion and other comet-like issue phenomena in the open source ecosystem; how FOSS and commercial interests will co-exist and change each other in the longer term; and updates on FOSSBazaar and the SFLC activities. We are seeking your suggestions for topics to discuss in the registration process and we hope that you will be thoughtful in your response. We also hope to have several seminars by engineers on certain technical issues which are important to legal analysis.
Date: February 10, 2010
Time: 8:30 a.m. to 5 p.m.
Location: DLA Piper LLP, 2000 University Avenue, East Palo Alto, California 94303-2214
Costs: There will be a cover charge of $30 to cover catering costs for this event but there will be no conference fee.
Registration: http://events.linuxfoundation.org/component/registrationpro/?func=details&did=29
Please register early as space is limited. For more information please contact: Karen F. Copenhaver (kfc@choate.com) or Mark Radcliffe (mark.radcliffe@dlapiper.com)
As the use of free and open source software (“FOSS”) has become more ubiquitous, legal issues relating to FOSS have become more common and important. This year has seen a mix of new and old issues. Even more so than 2008, this year has seen an increase in the importance of the top ten legal issues http://lawandlifesiliconvalley.com/blog/?s=top+10+2008&x=40&y=6. My list of the top ten FOSS legal developments for 2009 follow:
1. MySQL Delays Sun/Oracle Merger. The European Commission (“EC”) delayed the closing of the Sun/Oracle merger because of concerns about the future of the MySQL database software. MySQL software is the most widely used open source database. The use of FOSS in the European Union is much higher than in the United States and the EC is very concerned about a potential reduction in competition in the database market. The EC concerns seem to fundamentally misunderstand the nature of FOSS and the ability of the community to continue the development of the software even without ownership of the copyright in the particular software. This approach has been widely criticized http://www.economist.com/businessfinance/displaystory.cfm?story_id=14861553. In mid December, Oracle offered ten commitments with respect to MySQL software. http://www.marketwire.com/press-release/Oracle-Corporation-NASDAQ-ORCL-1090000.html. The EC will make its decision next year.
2. First Lawsuit by a Commercial FOSS Vendor. Artifex uses a “dual licensing” model (providing the software under both the General Public License (”GPL”) and a commercial license) for its MuPDF rendering engine: the company filed suit against Palm for alleged copyright infringement because Palm allegedly violated the GPL (in the interests of transparency, I have worked for Palm in the past, but I am not involved in this matter) http://lawandlifesiliconvalley.com/blog/?p=376. This complaint may signal the beginning of a trend by commercial open source companies with “dual licensing” models because the success of that model depends on the difference in the scope of rights available under an open source license and a commercial license (as well as the value of the additional protections, performance warranties, support and indemnification available under the commercial license).
3. Microsoft Discovers Violation of GPL and Contributes to Linux. Microsoft Corporation continues its engagement with the FOSS community by its prompt acknowledgement and correction of its failure to comply with the GPL in its distribution of the Windows 7 USB/DVD Download Tool http://lawandlifesiliconvalley.com/blog/?p=306. In addition, Microsoft provided three drivers to Linux under GPLv2 http://lawandlifesiliconvalley.com/blog/?p=276.
4. Standard for Injunctive Relief for License Breach Is Set High. Last year, the Court of Appeals for the Federal Circuit (”CAFC”) overturned the District Court decision in Jacobsen v. Katzner and strongly supported the right of FOSS licensors to obtain copyright remedies for breach of FOSS licenses. This result was critical for FOSS licensors because copyright remedies include injunctive relief (an order by the court to the licensee to obey the license) and statutory damages of up to $150,000 for each infringed work. http://lawandlifesiliconvalley.com/blog/?p=64. The CAFC decision was so clearly in favor of Jacobsen that most lawyers thought the District Court would grant an injunction to Jacobsen upon remand. Instead, the District Court refused to grant an injunction on the basis that Jacobsen had made no showing that he had actually suffered any potential harms and that Jacobsen had “failed to proffer any evidence of any specific and actual harm suffered as a result of the alleged copyright infringement” http://lawandlifesiliconvalley.com/blog/?p=141. This decision is disappointing for FOSS licensors and hopefully other courts will not impose such a high standard for injunctive relief.
5. SCO Attack on Linux Rises From the Dead. In August, the Ninth Circuit Court of Appeals reversed the summary judgment granted Novell in its litigation over the ownership of the copyright in Unix software. The ownership of the copyrights in the Unix software is essential for SCO to prosecute cases for copyright infringement against Linux. Thus, if SCO does not own the copyright in Unix, it cannot sue third parties claiming that the distribution of Linux infringes its copyright of Unix. The original contract between SCO and Novell relating to Unix does not transfer the ownership of copyrights in Unix to SCO, but a Second Amendment provides for a “conditional” assignment. The District Court had found that the conditions of the assignment had not been met and the assignment had not become effective. The Ninth Circuit decided that the facts were not sufficiently clear to grant summary judgment and asked the District Court to try the case. This decision is likely to have little practical effect. First, the decision does not grant ownership of the copyrights to SCO, but simply provides SCO the ability to litigate the issue rather than losing on summary judgment. Given that the judge has expressed his opinion that the copyright was not transferred by Novell under the “high” standard imposed by a summary judgment (a “summary” procedure setting a high standard of proof on the moving party, Novell), it seems unlikely that he will change his decision under the lower standard of proof which applies in a lawsuit. Second, the continued prosecution of the case will be very expensive and SCO is in bankruptcy. SCO would need to find additional financing to continue the case.
6. Enforcement of GPL for Busybox Continues. The Software Freedom Law Center has continued to enforce the GPLv2 on behalf of some of the owners of the copyright in Busybox software. Most recently, the SFLC filed suit against fourteen major companies, including Samsung, Best Buy and Westinghouse http://www.softwarefreedom.org/news/2009/dec/14/busybox-gpl-lawsuit/. The suits are based on violations of the GPLv2 in a variety of consumer electronic products, such as DVD players and televisions. However, Bruce Perens, one of the authors of the Busybox software, announced that he did not approve of the litigation http://perens.com/blog/2009/12/15/23. He raised the question of the rights of one of the authors of FOSS in such litigation. This issue would depend on whether the software would be considered a “joint work” or “compilation” under copyright law http://www.copyright.gov/title17/92chap1.html#101. As is the case frequently in software and copyright, these standard copyright categories are difficult to apply to software. A traditional example of a “joint work” would be a film because the work is the result of contributions by numerous authors to create a single work. A traditional example of a “compilation” would be a magazine which is the combination of independent copyrighted works from many authors. This issue remains unresolved.
7. GPL Found to be Indirectly Enforceable in France. In case of first impression in France, the Court of Appeals in Paris has issued a holding, as part of a larger dispute over the delivery of software, that states that the terms of the General Public License were breached (and thus the GPL is enforceable under French law). The basis for the decision was that the defendant, Edu4, had deleted two copyright notices in the VNC software and replaced them with its own copyright notice and had deleted the GNU GPL license language. The case is also unusual because it involved a suit by a licensee, AFPA, against a distributor, Edu4, claiming breach based on violation of the terms of the GPL by the distributor http://lawandlifesiliconvalley.com/blog/?p=285.
8. ALI Adoption of Software Contract Principles. The American Law Institute (“ALI”) approved the Principles of the Law of Software Contracts (the “Principles”) on May 19, 2009. ALI is a very prestigious legal organization and the Principles have the potential to be very influential on courts. As I have discussed in this blog, the Principles continue to have significant flaws. The Principles were meant to clarify the ambiguity created by conflicting legal decisions and the application of multiple laws to software licenses. Despite the stated goal of summarizing the case law and recommending best practices, the Reporters have included many new concepts which impose consumer type protections on both consumer and business software licenses. Although the Reporters have tried to exclude the applications of some of the Principles to FOSS, these modifications are not clearly successful in implementing this exclusion http://lawandlifesiliconvalley.com/blog/?m=200906.
9. Microsoft Sues TomTom for Patent Infringement. Microsoft Corporation sued TomTom for patent infringement for its GPS device which includes Linux. Although a number of commentators assumed that the suit was the first salvo in the long awaited patent assault on Linux by Microsoft, I was (and am) skeptical and thought that these concerns are premature. The claims relating to Linux, such as those covering FAT, are based on features common to many operating systems and would be likely to be subject to challenge under the new higher standards for patents set by the Supreme Court. Moreover, the case settled quickly, suggesting that it was not the beginning of a Microsoft assault against Linux http://lawandlifesiliconvalley.com/blog/?p=214.
10. New GCC Runtime Exception. The FSF announced new runtime exceptions (“GCC Exceptions”) for their popular GCC programs as part of its shift of the GCC programs from GPLv2 to GPLv3. http://www.fsf.org/licensing/licenses/gcc-exception.html. The exception is similar in purpose to the existing GCC exception for GPLv2 but is based on section 7 of the GPLv3 which permits a limited (and carefully defined) number of “additional permissions.” The GCC Exceptions are necessary because the GCC program when it compiles another program may combine portions of certain GCC program header files and runtime libraries with the compiled program. Without the GCC Exception, the compiled program would be required to be licensed under GPLv3 (just as without the prior exception, the use of GCC programs licensed under GPLv2 for compilation would have required the compiled program to be distributed under GPLv2) . The GCC Exception permits the use of the GCC program to compile programs which are then licensed “under terms of your choice”, including proprietary licenses. However, the new GCC Exception has added a limitation to its scope which was not present in GPLv2 version of the exception by limiting the use of non-GPL Compatible programs in the compilation process: “A Compilation Process is “Eligible” if it is done using GCC, alone or with other GPL-compatible software, or if it is done without using any work based on GCC. For example, using non-GPL-compatible Software to optimize any GCC intermediate representations would not qualify as an Eligible Compilation Process”. This limitation was included because the GCC programs are moving to a “plug in” architecture and the FSF wanted to avoid permitting plug ins that “called out to proprietary software to transform the compiled code—effectively creating proprietary extensions to GCC and defeating the purpose of the GPL”.
I am sure that this trend will continue in 2010, so stay tuned!
In the first lawsuit by a commercial open source vendor, Artifex, which uses a “dual licensing” model (providing the software under both the General Public License (”GPL”) and a commercial license) for its MuPDF rendering engine, has filed suit against Palm for alleged copyright infringement (in the interests of transparency, I have worked for Palm in the past, but I am not involved in this matter). Artifex alleges that Palm has violated its rights by using MuPDF in the Palm Pre but failing to comply with the GPL or, in the alternative, take a commercial license. The complaint has very few details so it is difficult to determine how the GPL was violated.
This complaint may signal the beginning of a trend by commercial open source companies with ”dual licensing” models: the success of that model, which is used by most commercial open source companies, depends on the difference in the scope of rights available under an open source license and a commercial license as well as the value of the additional protections (performance warranties, support and indemnification) available under the commercial license. Thus, one important component of this strategy is to ensure that the open source version of their software is used within the scope of the open source license. However, litigation has been uncommon in the open source community in the US until recently and we will see if the trend towards more litigation continues next year.
The NY Times published an article about open source yesterday which was very disappointing. The article perpetuated many of the myths and misperceptions about open source. http://www.nytimes.com/2009/11/30/technology/business-computing/30open.html?_r=2&hpw=&pagewanted=all The first misperception is found in the title: “Open Source as a Model for Business is Elusive”. Open source is not a “business model.” It is a development methodology which supports multiple business models as I have discussed in an earlier post. http://lawandlifesiliconvalley.com/blog/?p=147 The article starts from two false premises: (1) open source software is released free of charge to the world and is maintained by volunteers and (2) the revenue for open source companies comes solely from “support” deals. These assumptions are very dated. For the last five years, much of the most useful open source software has been created by commercial companies who develop most of the software using their own employees, such as SugarCRM and Zimbra. Similarly, most open source companies use a combination of license or subscription revenue as well as revenue from support services. For example, MySQL received revenues from licensing of a commercial edition its software as well as “support” revenues.
The most disappointing quote was the following: “Whether open source firms are practical as long-term businesses, however, is murkier.” The problem is that the long term business strategy of most software companies is “murky” due to the rise of less expensive “open source” alternatives and cloud computing. The fact that several open source companies were sold at very substantial multiples to their revenues suggests that large software companies view them as valuable. Moreover comparing the profitability of open source businesses with the traditional enterprise software model fails to take into account the tectonic changes which the traditional software business model is undergoing. In fact, the traditional enterprise software model has proven not to be a “long term business” for many proprietary companies. You need only consider the demise of Siebel Systems and PeopleSoft. Open source software is one of the major driving forces in these changes. For example, the Linux operating system is the most serious competitor to Microsoft’s operating system business. The fact that it is supported by IBM, Intel and other large companies is a further testament to its competitiveness and value. Although the Linux code may be contributed by corporate employees, the Linux operating system is continues to be distributed at no charge under the GPL: it is truly an “open source” program. Moreover, Linux users do not care whether the contributors are corporate employees or individual “volunteers”. And Linux has succeeded where proprietary operating systems from major companies, such as IBM’s OS2 failed.
The final part of the article continues the unfortunate pattern: it suggests that the sale of open source companies to larger traditional software companies is a failure of the “open source business model.” It is not. This conclusion fails to consider that more than 90% of venture backed software companies in the past three years have been acquired rather than gone public, whether they used an open source or a proprietary development methodology. These acquisitions prove little about the viability of the ”open source business model” or open source software companies. In fact, they suggest that sophisticated companies are willing to pay a substantial premium for such companies.
It is not often that the Department of Defense provides an industry with a marketing hook. However, I can’t think of a better description of the memorandum issued by on October 16 by David Wennergren, Deputy CIO of the Department of Defense. The memorandum is entitled “Clarifying Guidance Regarding Open Source Software” (“OSS”). http://www.defenselink.mil/cio-nii/sites/oss/2009OSS.pdf and provides one of the best (and most cogent) summaries of reasons to adopt open source software. This summary is all the more persuasive because it comes from one of the most conservative IT cultures on the planet. I have included the relevant part of the memo below:
There are positive aspects of OSS that should be considered when conducting market research on software for DoD use, such as:
(i) The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team.
(ii) The unrestricted ability to modify software source code enables the Department to respond more rapidly to changing situations, missions, and future threats.
(iii) Reliance on a particular software developer or vendor due to proprietary restrictions may be reduced by the use of OSS, which can be operated and maintained by multiple vendors, thus reducing barriers to entry and exit.
(iv) Open source licenses do not restrict who can use the software or the fields of endeavor in which the software can be used. Therefore, OSS provides a net-centric licensing model that enables rapid provisioning of both known and unanticipated users.
(v) Since OSS typically does not have a per-seat licensing cost, it can provide a cost advantage in situations where many copies of the software may be required, and can mitigate risk of cost growth due to licensing in situations where the total number of users may not be known in advance.
(vi) By sharing the responsibility for maintenance of OSS with other users, the Department can benefit by reducing the total cost of ownership for software, particularly compared with software for which the Department has sole responsibility for maintenance (e.g., GOTS).
(vii) OSS is particularly suitable for rapid prototyping and experimentation, where the ability to “test drive” the software with minimal costs and administrative delays can be important.
Open source companies should quote this memorandum in all of their marketing material. It has the virtue of being both correct and persuasive.
On Friday, Microsoft acknowledged that the code for the Windows 7 USB/DVD Download Tool improperly included GPLv2 licensed code and they did not comply with GPLv2. Like the GPLv2 licensed code found in the Linksys operating system, the software had been written by a consultant. Peter Galli’s blog was very frank:
we are now able to confirm this (inclusion of improperly licensed GPL v2 code) was indeed the case, although it was not intentional on our part. While we had contracted with a third party to create the tool, we share responsibility as we did not catch it as part of our code review process. We have furthermore conducted a review of other code provided through the Microsoft Store and this was the only incident of this sort we could find.
They will be making the source code of the relevant software available under the GPLv2 next week. They also acknowledged that they will be taking steps to avoid this problem in the future. The open source community should welcome Microsoft’s frank and appropriate response. A recent post on the FSF Europe email list noted that app stores are becoming a major source of violations and companies who host them need to consider how best to deal with the liklihood of these type of problems.
This problem illustrates the critical nature of an open source (I would now say “third party software use policy” because so much proprietary code is also available for download) use policy. Yet Gartner noted last year that 69% of companies surveyed do not have a formal policy for evaluating and cataloguing OSS use.See my earlier post, http://lawandlifesiliconvalley.com/blog/?p=107. These use policies need to cover not just internal development but all sources of code which includes code from third parties, consultants and M&A transactions.
Mindtouch recently named the Most Influential People in Open Source in their blog http://www.mindtouch.com/blog/2009/10/27/most-influential-people-in-open-source/. I think that it is a measure of the health of the industry that it is difficult to identify those people and it is always difficult to choose only five people. Mindtouch deserves the thanks of the industry for the survey and creating an excellent list (in the interest of full disclosure, I was named in the Honorable Mentions category, so how can I disagree?).
However, I think that they should consider splitting the list into a business and technical list since they serve very different roles in the industry. Congratulations to those honored!
A recent article by the Register incorrectly stated that Karen Copenhaver and I thought that the GPLv2 was “legally unsound” in a recent Black Duck webinar. (you can listen to the webinar if you want to check for yourself http://www.blackducksoftware.com/files/legal-webinar-series.html). The article has been changed by the author (apparently some unreviewed editing caused the problem) to read: “Two prominent IP lawyers have warned that the all-pervasive General Public License version 2 (GPLv2) contains legally ambiguous wording that may be problematic for licensees.” (thanks to Austin Modine for his prompt attention to the issue and willingness to make the clarifying change). http://www.theregister.co.uk/2009/10/15/black_duck_gpl_web_conference_copenhaver_radcliffe/print.htmlhttp://www.blackducksoftware.com/files/legal-webinar-series.htmlThis statement reflects our views. As I have noted on the Register site and other places, neither Karen nor I view the GPLv2 as “legally unsound”. In fact, I (and I am sure Karen) have advised companies to adopt the GPLv2 in appropriate situations. And the GPLv2 has been found to be enforceable in all of the cases in which it has been involved.
However, the GPLv2 has provisions whose interpretation is uncertain, many of which stem from the poor fit of copyright law to software. Any seminar that discusses the interpretation of the GPLv2 will, by its nature, focus on these uncertainties. Nonetheless, the GPLv2 has proved a very successful choice for many FOSS projects and many FOSS communities have developed a common understanding of the meaning of the GPLv2. And such understandings can have a legal effect in the US through the doctrine of “usages of the trade” under Section 1-303 of Article II of the Uniform Commercial Code. Moreover, many non FOSS licenses refer to “derivative works” despite the ambiguity of it meaning in the context of software. The GPLv2 has been instrumental in the success of the FOSS movement and needs to be recognized for that central role.
The GPLv3 and APGLv3 have the advantage of an additional 15 years of experience about the challenges in software licensing and a three year period of drafting by hundreds of lawyers. I believe that these licenses will be more clear because of those advantages. Moreover, the advent of cloud computing means that to meet the expectations of most FOSS communities about the availability of source code of modifications, they need to consider resetting the trigger for FOSS obligations (such as making source code available) from distribution to “making available” (the so called “network use” provision) as was done in APGLv3. The GPLv 2 remains a significant option for many FOSS projects and is always on the list of licenses that I discuss with my clients.
In case of first impression in France, the Court of Appeals in Paris has issued a holding, as part of a larger dispute over the delivery of software, that supports the assumption that the General Public License is enforceable. http://fsffrance.org/news/arret-ca-paris-16.09.2009.pdf. The case also suggests a new basis for licensees to allege breach of contract for commercial licenses: the failure of the licensor to comply with the open source licenses for modules included in the commercial product.The case involved a claim for rescission under Civil Code Article 1184 that permits rescission of a contract and the award of damages, or specific enforcement, if the other party does not perform its contractual obligations.
The case originated when Edu4 won an RFP issued by AFPA for a system to run adult educational programs. The RFP required the use of VNC software. Edu4 provided the software, which was licensed under the General Public License (GPL).
The GPL requires that the company distributing the licensed software provide either the source code of the software or a written offer to provide the source code. Edu4 promised to provide the source code to AFPA, but failed to do so. Edu4 also removed two copyright notices in the VNC software and substituted its own notices; deleted the text of the GPL; and failed to properly indicate that VNC software had been integrated in the deliverables. In addition, Edu4 deleted user features that AFPA alleged created the risk of an intrusion of privacy.
AFPA subsequently argued that the contract had been breached, and ceased its performance. Edu4 claimed wrongful termination and was awarded damages by the lower court. On appeal, the Paris Court overturned the lower court decision, finding that Edu4 breached its contractual obligations by delivering a product that 1) created a risk to user privacy because modifications by Edu4 allowed other users or remote users to assume control over all the workstations and 2) did not comply with the GNU GPL because Edu4 had deleted two copyright notices in the VNC software and replaced them with its own copyright notice and had deleted the GNU GPL license language.
The case is also unusual because it involved a suit by a licensee, AFPA, against a distributor, Edu4, claiming breach based on violation of the terms of the GPL by the distributor. Other suits to enforce the GPL of which I am aware have been brought by the owner of the copyright (or its agent) in the GPL licensed product to enforce the GPL. I want to thank my partner in Paris, Carol Umhoefer, for assisting me in understanding the significance of this case.
This decision is important for two reasons:
1. For the first time, the GPL was found, indirectly, enforceable under French law.
2. It reminds us that licensees of the code can also sue to enforce the rights resulting from the GPL
3. It may also suggest a new basis for licensees to charge breach of the commercial license agreement: the licensor has failed to comply with the terms of open source licenses to software included in the product under the commercial license agreement
When Microsoft contributed drivers to Linux to GPLv2, my reaction (and the general reaction in the community) was that “hell had frozen over” and to bring out the skates http://www.microsoft.com/presspass/features/2009/Jul09/07-20LinuxQA.mspx. Several recent reports suggest that these contributions were not voluntary and Microsoft had included GPLv2 licensed code in these drivers http://linux-network-plumber.blogspot.com/2009/07/congratulations-microsoft.html (Steve Hemminger of Vyatta) and http://www.kroah.com/log/linux/microsoft-linux-hyper-v-drivers.html (Greg Kroah-Hartman of Novell).
I view this contribution as valuable even if legal concerns drove it. I think that Microsoft acted as a responsible member of the community which is the behavior that we want to encourage. They could have simply rewritten the code to remove the open source components. I am under no illusion that Microsoft has suddenly turned into a complete supporter of open source (and for clarity, neither I nor my law firm represents them). However, Microsoft’s engagement with the open source community is going to be a gradual one and will have fits and starts. Microsoft is still fundamentally based on a proprietary model and has that mind set. They can change and should be encouraged to change. I hope that these revelations will not result in an attack on Microsoft for not being “truly” committed to the open source community. We should, instead, encourage them to continue to be involved.
This situation is a warning to companies that they need to have an open source policy and a process for managing their work with the open source software. See my earlier post, http://lawandlifesiliconvalley.com/blog/?p=107.
In fact, I think that the Microsoft press announcement bears further scrutiny, In addition to the announcement of the contribution, Sam Ramji mentions several ways in which Microsoft is implementing open source in their business strategy. This increased use of open source by Microsoft should be encouraged.