The year 2013 was continued the trend of the increasing importance of legal issues for the FOSS community. FOSS projects continues to increase from 900,000 in 2012 to 1,000,000 in 2013 according to Black Duck Software. Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?p=721 my selection of the top ten issues for 2013 are as follows:
1. Android Patent Litigation. The litigation surrounding the Android operating system has continued around the world but a new front has opened in a suit recently filed by the Rockstar Consortium against Google, Samsung, ZTE, Pantec, Asus, LG Electronics, HTC and Huawei http://readwrite.com/2013/11/04/whats-at-stake-for-google-android-in-lawsuit-against-rockstar-consortium#awesm=~oqgbvEMRUOzuPC . The Rockstar Consortium consists of Apple, Microsoft, Blackberry, Ericsson and Sony . Unlike the litigation between Apple Computer and Samsung, this lawsuit goes after basic features of Android and could have a much broader impact on the Android market. The litigation between Apple Computer, Inc. and Samsung continues with cases pending throughout the world. As I mentioned in last year’s blog, a decision in Silicon Valley awarded Apple $1.05 billion in damages for Samsung’s violation of its patents. The judge reduced the damages, but the parties were granted new trial and the jury in the fall resolved the dispute over damages by awarding Apple $290 million. According to eWeek, Apple has been awarded $930 million across all of its suits http://www.eweek.com/mobile/slideshows /apple-vs.-samsung-patent-litigation-why-there-is-no-end-in-sight.html (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision). The litigation will clearly continue.
2. License Compliance: Standard of Care: On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the “complete corresponding source code” of the software http://www.ifross.org/publikation/lg-hamburg-az-308-o-1013. Fantec objected that it had been assured by its Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable. The court rejected these excuses. The court required Fantec to pay a contractual penalty based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2. The distributor of GPLv2 software is responsible for compliance with the terms of the license and cannot delegate such responsible http://lawandlifesiliconvalley.com/blog/?p=750. Even the most sophisticated companies can have problems with the compliance as demonstrated by Samsung’s problems with the inadvertent release of the native Linux driver for Microsoft’s exFAT file-system http://lawandlifesiliconvalley.com/blog/?p=776.
3. Rise of Forks in Major Programs: One of the major advantages of open source software is the flexibility for companies to modify the software and even develop a completely different version of the product, so called “forking”. Although forks have occurred in the past, they are frequently temporary departures which are reintegrated into the original product. However in 2013, we witnessed a well-financed fork in a major product, MySQL software: Intel Capital led a consortium of investors in a $20 million round of financing for SkySQL (which is now managing the MariaDB version of MySQL). Google announced that it would migrate all of its MySQL software to the MariaDB version of the software. MySQL software is widely used and the effect of this fork is difficult to predict. Although not strictly a “fork”, the Android operating system continues to have challenges due to its fragmentation. These problems may be exacerbated by proprietary extensions such as the CyanogenMod which is a customized, aftermarket firmware distribution for several Android devices. The CyanogenMod is designed to increase performance and reliability over Android-based ROMs released by other vendors and carriers. Cyanogen has recently received a $23 million financing led by Andreessen Horowitz.
4. Enforcement of the FOSS Licenses: Although FOSS is widely used and GPLv2 is the most widely used license, the GPLv2 has rarely been the subject of litigation, particularly in the United States. Until 2013, this litigation has been brought primarily by non-profit entities on behalf of small companies and individuals. However, this year two lawsuits were brought by commercial companies to enforce the GPLv2 against other commercial companies: Continuent v. Tekelec and. Ximpleware v. Trilogy. As FOSS is more widely used, it is natural that it could become part of disputes between companies. The question is whether these suits indicate a trend or whether they are simply unusual situations. In addition, if the suits go to trial, they could provide guidance on the interpretation of the GPLv2.
5. GitHub Adopts a License Selection Policy. As I noted last year, one disturbing trend was the posting of “FOSS” modules without licenses. This problem was particularly acute on GitHub. However, Simon Phipps of OSI worked with GitHub and this year GitHub stated that “sharing your code isn’t everything… it’s also important to tell people how they can use that code” and that “choosing an open source license can be confusing” https://github.com/blog/1530-choosing-an-open-source-license. GitHub created www.choosealicense.com, a website to assist developers to select a license. Although I disagree with some of the statements in the choosealicense.com site, it is an important change to GitHub’s policy (I am particularly concerned about the inclusion of “No license” as an option similar to a traditional license).
6. Good News in the Patent Wars: Patent Settlement on VP8. Although much ink has been spilled over patent suits filed against open source projects, we rarely get to announce good news. This year, we have such an opportunity: Google settled patent threats from MPEG LA, LLC about Google’s use of the open source VP8 codec. The dispute arose in 2011 when Google announced that support in Google Chrome for the widely used H.264 codec would be dropped. Google would promote the VP8 codec as open source. Google had acquired this codec as part of the purchase of On24 Technologies in 2010. MPEG LA had been threatening On24 Technologies for a long time and, thus, the settlement is a surprise (although the announcement of a Department of Justice antitrust investigation into MPEG LA over its call for a patent pool for VP8 may have encouraged the settlement).
7. FOSS Enters Government Use. The use of FOSS by governments and government participation in FOSS projects would seem to be a natural fit, but has frequently run into problems in implementation. One example of a great success is the OpenStack cloud software project which began as a joint venture between NASA and Rackspace. The OpenStack project is now managed by an independent foundation and is one of the fastest growing open source projects, with over 290 supporting companies and 13,000 individual members. However, open source adoption by governments is very uneven. Germany has been particularly active in 2013: in January, Jimmy Schulz, a member of Parliament and chairman of the Interoperability, Standards and Free Software Project Group, stated that current law prohibits governments from being part of the development process in FOSS projects because they cannot give away services; he recommended that the law be changed to permit such participation. More recently in December, the new governing coalition agreed that public administrations should give priority to open source in their public procurement and commit the coalition to support open source at a European level. Munich also implemented its transition to open source IT in October and November https://joinup.ec.europa.eu/elibrary/case/limux-it-evolution-open-source-success-story-never. However, the UK, despite early commitments to open source, has not effectively implemented those strategies https://joinup.ec.europa.eu/elibrary/case/uk-public-open-source-falls-short-promise. In France, Jacques Marzin, the French state CIO, confirmed that government is working to implement the Open Source Guidelines approved last year by Prime Minister Jean-Marc Ayrault (these guidelines promote the use of free software and open source in French ministries). The situation in the US remains complex with FOSS being widely used but actions by some departments making such its use more difficult. The Department of Defense’s (“DoD”) release of the DoD Open Systems Architecture Contract Guidebook for Program Managers, v.1.1 in June demonstrates the complexity of the landscape for FOSS. On the one hand, this DoD publication acknowledges the “strong relationship between Open Source Software and Open Architecture” and, consistent with DoD’s Better Buying Power 2.0 Initiative, encourages the managers of DoD’s major systems to explore the use of FOSS; on the other hand the Guidebook cautions that certain FOSS licenses “may be problematic for the Government.” Recently, Lockheed donated the source code of the Distributed Data Framework (part of the Distributed Common Ground System) to the Codice Foundation, a nonprofit supporting government open-source projects; this donation makes the code available to all government agencies and their commercial partners. In addition, Representative Issa introduced the Federal Information Technology Acquisition Reform Act to encourage the use of FOSS and required that regulations be revised to ensure: “The standards and guidelines shall include those necessary to enable effective adoption of open source software.” Finally, the National Defense Authorization Act for Fiscal Year 2014 (“FY 2014 NDAA”) includes two sections that should ultimately work to encourage the use of FOSS. Specifically, Section 935 of the FY 2014 NDAA, titled “Additional Requirements Relating to the Software Licenses of the Department of Defense” provides that the Chief Information Officer of the DoD shall update the plan for the inventory of selected software licenses of the DoD required under section 937 of NDAA for FY 2013, to include a plan for the inventory of all software licenses of the DoD for which a military department spends more than $5 million annually on any individual title. With respect to Cloud Computing, Section 938 of the FY 2014 NDAA, titled “Supervision of the Acquisition of Cloud Computing Capabilities” provides requirements for reviewing, developing, modifying and approving the requirements for cloud computing solutions for data analysis and storage by the Armed Forces and Defense Agencies. Section 938 also includes requirements for reviewing, developing and implementing plans for the competitive acquisition of cloud computing systems, including developing plans to ensure that the cloud systems are interoperable and universally accessible and usable through attribute-based access controls, and plans to ensure the integration of cloud systems with enterprise-wide plans of the Armed Forces and the DoD for the Joint Information Environment and the Defense Intelligence Information Environment.
8. Contribution Agreements and Projects. The management of contributions to FOSS projects continues to be important. The Eclipse Foundation revised their contribution process by implementing new, simpler Contributor License Agreements (CLAs) for all contributors at Eclipse. The CLA is much shorter than CLAs for other projects, limiting the agreement to stating that the contributions will be provided under the license(s) for the project to which they’re making a contribution. They automated their process to accept contributions via git and Gerrit as well as automating their workflow. The importance of the terms of contribution agreements was also important in 2012 in the context of the departure of Nikos Mavrogiannopoulos from the GnuTLS project http://lawandlifesiliconvalley.com/blog/?p=721. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail http://lawandlifesiliconvalley.com/blog/?p=664. I am in favor of making the contribution process more simple, but the process should be clear. I have some concern that the Eclipse CLA goes too far in simplifying the CLA, for example by not including standard provisions from Article 2 of the Uniform Commercial Code (all of the old favorites, such as waiver of consequential damages and disclaimer of implied warranties).
9. Rise of Open Source Collaborations. Open source collaborations continued to grow. Two of the major new collaborations were the Allseen Alliance (the Alliance is based on the AllJoyn open source project which develops software which “can communicate over various transport layers, such as Wi-Fi, power line or Ethernet, regardless of manufacturer or operating system and without the need for Internet access”) and Open DayLight (software “to accelerate adoption of Software-Defined Networking and Network Functions Virtualization”). Both of these projects chose to become members of the Linux Foundation Collaborative Projects rather than developing their own independent organization. This option can be very attractive because it reduces the cost of starting the project. The OpenStack Foundation continues to grow at a rapid rate, increasing the number of companies involved from 150 to 290 and individual members from 6,000 to over 13,000 in early 2014 (as a matter of transparency, I represent the Foundation).
10. Commercial Companies Increase Support FOSS. Commercial companies have realized that the support of FOSS projects is an important strategy. IBM announced that it will invest an additional $1 billion in Linux and other open source technologies to support its Power System servers. As noted above, Intel invested $20M in SkySQL to develop MariaDB software, a fork of MySQL. Netflix is providing its cloud tools as FOSS, named Netflix OSS, to other cloud service providers. Netflix had developed many tools to fill in the gaps in Amazon Web Services (for example, the Chaos Monkey software for testing web application resiliency) and is now making them available as FOSS to other cloud providers. The adoption of the Netflix FOSS tools by other cloud providers could lead to such cloud providers being able to provide more scalable public clouds; such public clouds might even become an alternative to Amazon Web Services. Netflix also established the Netflix OSS Cloud Prize: the prize is $200,000 across ten prizes to reward developers for assisting in developing Netflix’s cloud platform. EMC and VMware took another approach: they spun out its Cloud Foundry software (a FOSS project) to form Pivotal, a new company with 500 employees; General Electric, then, invested $105 million in Pivotal. IBM also announced that they would collaborate with Pivotal in developing its technology.
Nick Woodman, the founder of GoPro, gave a great keynote about the value of “ignorance” for startups. He made the point during a keynote at the recent NVCA lunch in Silicon Valley (we hosted the NVCA Board meeting at our office). He said that GoPro benefited from ignorance twice:
1. He started the company to provide motion capture for the surfing market (he wanted to capture his own surfing experiences) without realizing the small size of the surfing market. However, based on his experience at a car racing school, he recognized that he would be able to expand the market for GoPro cameras to other sports. He moved the camera from his wrist to a mount on the top of the car: this “mount” enabled him to expand to many other sports, such as cycling and skiing.
2. He was approached by foreign distributors early in the company’s history at a conference, but he did not know that “standard payment terms” for international sales were sixty days after delivery: he told them that they would need to pay in advance (he suggested that they get terms from VISA). He was able to expand internationally without raising the significant capital needed to fund the “payment gap”.
Although “ignorance” is an odd virtue to promote for startups, I think that these lessons can be better characterized as the importance of doing what you know (and are passionate about) and don’t be constrained by “standard practices” if they don’t fit your business model.
He finished by describing how GoPro has concluded that content was key to their success: the content created by their customers (GoPro customers post over 6,000 videos on YouTube every day). They want to create a positive feedback loop for their customers so they use the cameras (and other services) more. Consequently, GoPro now measure their success by metrics for “content” companies, such as customer engagement (Nick noted that GoPro has a better “brand audience rate of engagement” than Universal Pictures). A very inspiring speech and great videos!
The Open Source Summit in Hong Kong last week demonstrates the power of the open source methodology and the OpenStack community. The Summit was the first OpenStack Foundation conference outside of the United States and attracted over 3,000 attendees from over 50 countries (significantly more than the Summit in Portland). OpenStack has grown dramatically with over 12,000 individual members in over 130 countries. The software has been deployed in over 200 cities. http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/openstack-keynote-featuring-concur-digitalfilm-tree-shutterstock.The keynotes were great, but Danny Sabbah, IBM CTO and General Manager for Next Generation Platform, was particularly fascinating: he described the shift in computing as the most massive transformation of the industry that he has seen in his career which started in 1974. The cloud has the power to change both how we compute and what we compute. This change will transform the Internet into a “compute engine”. As context, he noted the following trends: the size of the “digital universe” will increase by 50 times between 2010 and 2020, with over 40 zettabytes of data; the number of smart phones will increase by over 20 times to 10 billion by 2016 and the active users of Facebook will increase by 10 times to over 1 billion by 2013. http://www.openstack.org/summit/openstack-summit-hong-kong-2013/session-videos/presentation/ibm-keynote-managing-the-next-era-of-computing-with-an-open-cloud-architecture. OpenStack, with its open architecture and collaborative development methodology, can play a central role in this transformation.
The 2013 Best Buddies ride was great this year: cool with beautiful clouds along the route. In fact, for miles of the race, we seemed to be riding on a sea of clouds (see picture) http://s1287.photobucket.com/user/markradcliffe1/library/#/user/markradcliffe1/library/Best%20Buddies%202013?sort=2&page=1&_suid=137990416679707113558577941615. I was also joined in the 100K race by two of my DLA partners from Australia (they even brought their own bikes). We had other DLA lawyers riding in the other distances.
After the ride, the party at the Hearst estate was inspiring and fun. The party included several Best Buddies who talked about their lives. One of the most moving moments of the party was when Lisa Smith “sang” by “signing” the song “Hallelujah” (the performance was caught by Mitch Tuchman, one of my companions on the ride) http://www.youtube.com/watch?v=X46ucppjzLI.
The main show was by Don Felder (formerly of Eagles) who gave a great performance http://www.zimbio.com/photos/Don+Felder/Tuesday+Children+Hosts+Evening+Light+Gala/x395NR2z773, even including Hotel California.
The Best Buddies program creates opportunities for one-to-one friendships, integrated employment and leadership development for people with intellectual and developmental disabilities http://bestbuddieschallenge.org/hc/. This year was the tenth anniversary of the California ride: I and DLA participated with Team SVB (Silicon Valley Bank) which had a record fund raising, nearly $700,000. This contribution was part of a $4.5 million raised for this great cause. If you are interested, you should join the ride and, even better, join Team SVB.
The management of FOSS continues to evolve. Many companies have focused on managing their internal resources and repositories. However the rise of GitHub and other online repositories increases the complexity of this management. Samsung recently had this experience native Linux driver for Microsoft’s exFAT file-system which was accidently posted on GitHub. http://www.phoronix.com/scan.php?page=news_item&px=MTQxNzg. Samsung has corrected the problem and released the code under GPLv2. Ibrahim Haddad of Samsung made a wise strategic choice to work with the Software Conservancy’s GPL Compliance Project for Linux Developers to ensure that they maintained good relations with the community.
The Software Conversancy stated that “the Conservancy worked collaboratively with Ibrahim Haddad, the Group Leader for Open Source at Samsung Research America, and fellow community leaders, throughout the process after this code first appeared on GitHub. Conservancy’s primary goal, as always, was to assist and advise toward the best possible resolution to the matter that complied fully with the GPL. Conservancy is delighted that the correct outcome has been reached: a legitimate, full release from Samsung of all relevant source code under the terms of Linux’s license, the GPL, version 2. Conservancy has worked on many difficult compliance matters for many of its member projects (including BusyBox and Samba, in addition to our GPL Compliance Project for Linux Developers). Conservancy thus particularly appreciates Samsung’s celerity, responsiveness, and correct action on this matter.” http://sfconservancy.org/news/2013/aug/16/exfat-samsung/.
This issue may actually be more serious for startup companies, because they tend to use GitHub on a more ad hoc basis. Recently we worked with a startup company that inadvertently posted source code of some of its internal programs on GitHub.
We are continuing to see significant interest in FOSS management by venture investors and acquiring companies. These experiences emphasize the importance of developing and implementing a FOSS management program and including GitHub in the program.
I had a great ride last week, training for the Best Buddies ride in September: I will ride 100K down the California coast, ending at the Hearst Castle. The ride to San Gregorio on the Pacific Ocean was great with cool weather (although a bit foggy on the coast). I was able to go early and missed the traffic. For pictures from the ride, see http://s1287.photobucket.com/user/markradcliffe1/library/Cycling.
On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the “complete corresponding source code” of the software http://www.ifross.org/publikation/lg-hamburg-az-308-o-1013.
The decision is one of the first to deal with this obligation to provide source code but the facts limit its value. For example, the damages are based on the breach of a prior cease and desist declaration between Welte and Fantec in which Fantec agreed not to violate the GPLv2. However, it does provide important guidance on how to manage FOSS compliance and the limits of delegation of these obligations.
Fantec, a European company, distributed a media player with a Linux-based firmware inside. Like many companies, Fantec used software from third parties. The firmware of the media player included the iptables software which is licensed under the GPLv2. Fantec provided a version of the source code of the firmware for download that they had received from their Chinese manufacturer. Harald Welte is one of the authors of the iptables software and has brought suit a number of times to enforce the GPLv2 for this software. Ironically, Welte had settled a prior violation by Fantec with respect to this firmware. As a result Fantec signed a cease-and-desist-declaration in 2010 and Fantec was contractually obliged to refrain from further GPLv2 violations (and otherwise to pay a contractual penalty).
The software available for download for the Fantec product was reviewed during a “Hacking for Compliance Workshop” in Berlin organized in 2012 by Free Software Foundation Europe. The hackers discovered that the source code provided by Fantec did not include the source code for the iptables software and that the source code for some other components did not match the versions used to compile the binary code of the firmware.
In 2012, the plaintiff gave Fantec notice of another GPLv2 violation and admonished Fantec to cease the infringement and to pay the contractual penalty and the out-of-court costs for legal prosecution. Fantec objected that it had been assured by his Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable.
Welte raised two arguments: first, Fantec provided source code that was incomplete and, second, that the source code was not the correct versions. The court affirmed a violation of the GPLv2 license conditions because the iptables code was not contained within the source code provided by Fantec. However, the court did not rule on the second argument that the source code was not up to date. Consequently, the decision does not provide significant guidance on the definition of the term “complete corresponding source code”.
The court required Fantec to pay a contractual penalty in the amount of € 5.100 based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2 (this award is standard under German law and is based on Section 97a (1), 31, 69c no. 3 and 4 of the German Copyright Act which awards costs for a justified warning by a party which is so cautioned). The court affirmed the culpability of Fantec’s violation by classifying the violation as negligent: the seller of firmware may not rely on suppliers´ statements about compliance. The distributor of GPLv2 software must carry out the assessment or commission experts to make the assessment even if they incurred additional costs. The failure to comply with the GPLv2 may not be defended such failure due to additional costs.
The decision is not surprising given existing German cases regarding the GPLv2. However, the case re-emphasizes the need for each company to have its own FOSS compliance process. Companies cannot simply rely on the statements of third parties. Each company should ensure that they have the formal process for handling the use of FOSS by their own employees and third parties. This process should include:
1. Policy for the use of FOSS (“FOSS Use Policy”)
2. Request and approval process for use of FOSS by employees
3. Approval and audit process for the use of FOSS from third parties, both through third-party products and acquisitions by the company
4. Auditing process for compliance with the FOSS Use Policy.
Given the rapidity of product development and the extensive use of third-party software in most products, a FOSS Use Policy must focus on managing relationships with third-party suppliers. A company must ensure that they have a clear set of standards for third-party providers for FOSS compliance. These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy. The Free Software Foundation Europe has useful recommendations on complying with GPLv2 obligations http://fsfe.org/activities/ftf/useful-tips-for-vendors.en.html.
Many companies will decide that they need to automate the process by using the software to scan third-party code and manage the process. And companies may also wish to use the Software Packet Data Exchange framework to help communicate the FOSS in a particular product http://spdx.org/.
Companies should adopt a formal FOSS use policy which should be integrated into the software development process. Companies should also be prepared to respond promptly to any assertions of violation of FOSS licenses and swiftly correct the problem.
I would like to thank my colleagues in Germany, Thomas Jansen and Hannes Meyle for assisting me on this post.
The year 2012 had many important FOSS legal developments which reflects the continued increase in FOSS use. During a recent webinar with Black Duck, we noted that FOSS projects have increased from 600,000 in 2010 to 900,000 by December 2012. In addition, a Dr. Dobbs’ survey in the third quarter of 2012 stated that more than 90% of developers are using FOSS in two of the most rapidly growing areas, cloud computing and mobile computing.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?p=664 my selection of the top ten issues for 2012 are as follows:
1. Android Patent Litigation. The litigation surrounding the Android operating system has continued around the world. Although some of the cases have settled, the litigation has continued to result in multiple decisions in different countries. One of the most important decisions occurred in Silicon Valley: on August 24, 2012, the jury awarded Apple Computer, Inc. (“Apple”) $1.05 billion in damages for Samsung’s violation of its patents. The decision is particularly interesting because the lawsuit involved four design patents and three utility patents (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision). Many intellectual property lawyers have been skeptical about the value of design patents, particularly in comparison to utility patents. This decision will undoubtedly cause a re-assessment of the value of design patents. However, more recently, in the same case, the judge refused to grant Apple a permanent injunction against the distribution of the Samsung products found to be infringing. This decision will be appealed and we will not know the final answer for some time. The multiple cases will undoubtedly continue next year.
2. Protection of APIs: Oracle v. Google. A separate but related case also involved the Android operating system. Oracle sued Google for the alleged infringement of Oracle’s copyrights in the Java software (which it had acquired from Sun Microsystems, Inc.) and certain Oracle patents. Oracle alleged that Google’s Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The results of the dispute were complicated because the judge first had the jury make a decision about copyright infringement but reserved for himself the decision about whether the application programming interfaces (“APIs”) were copyrightable. Thus, in early May, the jury found that Google had infringed the copyrights in Oracle’s APIs (although they deadlocked on whether the copying was “fair use”). However, at the end of May, Judge Alsup issued a decision finding that the Java APIs were not protectable under copyright law. The decision is one of the first on this issue. The critical part of the decision stated:
So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API. It does not matter that the declaration or method header lines are identical.
Under the rules of Java, they must be identical to declare a method specifying the same functionality — even when the implementation is different. When there is only one way to express an idea or function, then everyone is free to do so and no one can monopolize that expression. And, while the Android method and class names could have been different from the names of their counterparts in Java and still have worked, copyright protection never extends to names or short phrases as a matter of law.
Although the decision is carefully limited to the facts of the Oracle case, it strongly suggests that judges will provide more limited protection to computer software under copyright law: This order does not hold that Java API packages are free for all to use without license. It does not hold that the structure, sequence, and organization of all computer programs may be stolen. Rather, it holds on the specific facts of this case, the particular elements replicated by Google were free for all to use under the Copyright Act. (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision).
If it is upheld, the decision has important implications for the scope of FOSS licenses: the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques using APIs may limit the scope of these licenses.
3. EU Copyright Law Does Not Protect Computer Language and Functions. The SAS Institute, Inc. (“SAS”) v. World Programming, Limited (“WPL”) decision in the European Court of Justice involved the scope of copyright protection for computer programs and has important implications for FOSS and the scope of “derivative works” under copyright law http://curia.europa.eu/jcms/upload/docs/application/pdf/2012-05/cp120053en.pdf. The case addresses issues similar to the Oracle v. Google case described above (in fact, Judge Alsup asked for a briefing from the parties in the Google case after the SAS decision was announced).
The case involved the copying of the scripts and certain functions of the SAS analytical software. The SAS software enables users to write and run their own application programs in order to adapt the SAS software to work with their data. These “application programs” are called “scripts” and are written in a language which is peculiar to the SAS software. WPL recognized that a market existed for alternative software capable of executing application programs written in the SAS language. WPL produced the ‘World Programming System’, designed to emulate the SAS components as closely as possible in that, with a few minor exceptions, it attempted to ensure that the same inputs would produce the same outputs. This approach would enable users of the SAS software to run the “scripts” which they have developed for use with the SAS software on the ‘World Programming System’.
The court found that such functions and programming language were not protected under the EU Directive on Protection of Computer Programs:
Article 1(2) of Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs must be interpreted as meaning that neither the functionality of a computer program nor the programming language and the format of data files used in a computer program in order to exploit certain of its functions constitute a form of expression of that program and, as such, are not protected by copyright in computer programs for the purposes of that directive.
Similar to the Google decision, this decision has important implications for the scope of FOSS licenses. As I noted above, the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques may limit the scope of these licenses.
4. Expansion of Open Source Initiative. The Open Source Initiative (“OSI”) has decided to broaden its base by expanding its role as an advocacy organization. The OSI has reached started membership programs for individuals and affiliated organizations (as a matter of transparency, I am outside general counsel to the OSI on a pro bono basis). OSI describes this change as follows: “The OSI is moving its governance from a model of volunteer and self-appointed directors to one driven by members. Our high-level objectives in doing so are to provide a broad meeting place for everyone who shares an interest in open source software, with the continuing aim of strengthening the OSI so that it can more effectively fulfill its goals over the long term.” The Affiliate Program has successfully signed up over twenty open source organizations include among others the Linux Foundation, Mozilla Foundation, Debian and OW2.
5. Unlicensed FOSS. One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. As I mentioned in my earlier post, http://lawandlifesiliconvalley.com/blog/?p=708, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on the analysis of hundreds of software programs and the response to software without a clear license is almost always “rip it out”. In addition, as I discuss in more detail in the post, this approach could also subject the developer to liability under the Uniform Commercial Code (an admittedly low probability).
6. Qualification of FOSS under the Trade Agreement Act. Talend, a licensor of open source enterprise software, has recently received a ruling from the U.S. Customs Service corroborating that its software complies with the Trade Agreements Act of 1979 (19 USC 2511 et seq.) (“TAA”). FOSS adoption by the US Federal government must comply with many regulations, some of which can be difficult given the nature of modern software development. The details of the approval are found in my earlier post http://lawandlifesiliconvalley.com/blog/?p=697.
7. Contributor Agreements Redux. Recently, the issues of contribution agreements arose in the departure of Nikos Mavrogiannopoulos from the GnuTLS project http://lwn.net/SubscriberLink/529522/854aed3fb6398b79. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail http://lawandlifesiliconvalley.com/blog/?p=664. GnuTLS is “a secure communications library implementing the SSL,TLS and DTLS protocols”. The project was commenced in 2000 under the GNU project. As is true of all GNU projects, the copyrights in the contributions are assigned to the Free Software Foundation (“FSF”). When Nikos left, Richard Stallman reminded him that he could fork the project, but that the FSF would retain ownership of copyright in the project code. The LWN article concludes that the basis for copyright assignment “seems to be weak”. I disagree with this conclusion and Bradley Kuhn makes some very cogent arguments in the comment sections. Copyright assignment does provide the manager of the FOSS project (in this case, FSF) with significant advantages in enforcement as well as changing the license of a project. Without an assignment, a licensee can raise several potential defenses (such as a license from an alleged joint copyright owner) whose strength is uncertain. In addition, any change in the project license would require the approval of each contributor to the project. However, copyright assignments also mean that the community needs to be comfortable that the project strategy of the project manager is aligned with the community. However, as FOSS projects continue for a longer period, this alignment may be more difficult to determine in advance. And this approach also poses practical problems for the FOSS project manager: the project manager needs to be very disciplined about getting the written assignments from all contributors. Such assignments may be difficult to obtain from developers employed by a corporation because corporations are reluctant to assign intellectual property rights. This dispute emphasizes the importance of FOSS projects and their contributors carefully considering the needs of the project when deciding on how to obtain the necessary rights in contributions. Project Harmony provides information and proposed agreements to assist FOSS projects to make these decisions http://harmonyagreements.org/. Once determined, the method of implementation of a contribution agreement is important: the Eclipse Foundation also provides an excellent summary of their approach to due diligence issues relating to accepting contributions http://www.eclipse.org/legal/EclipseLegalProcessPoster.pdf.
8. Rise of Open Source Collaborations. Open source collaborations have become an increasingly important strategy for companies to address major software development problems. This trend is best illustrated this year by the creation of the OpenStack Foundation (“Foundation”). The Foundation takes over the OpenStack project from a Rackspace who had managed project for several years (as a matter of transparency, I represent the Foundation). OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter. The Foundation is run by a board of twenty four members, with eight members representing individuals, eight members representing Gold Members and eight members representing Platinum Members. The Foundation has over 150 corporate members and more than 6,000 individual members http://www.openstack.org/. In a second example, Deutsche Bank announced in September the formation of the Lodestone Foundation to coordinate the development of IT solutions for capital market companies http://lodestonefoundation.com/. The OpenStack Foundation and the Lodestone Foundation join the many foundations who manage open source collaborations for combinations of corporations which include, among others, the Linux Foundation, Genivi Alliance and Eclipse Foundation.
9. UK Government Adopts Open Standard Principles. The UK government adopted Open Standards Principles in government IT procurement through a Cabinet Report http://www.cabinetoffice.gov.uk/resource-library/open-standards-consultation-documents. The report adopted Open Standards to encourage “software interoperability, data and document formats in government IT specifications.” One of the goals of the adoption of the Open Standard Principles was to ensure that FOSS and proprietary software could compete on an equal level. One important requirement of UK Open Standard Principles is that the patent rights for the standards must be available on a royalty free basis: “rights essential to implementation of the standard, and for interfacing with other implementations which have adopted that same standard, are licensed on a royalty free basis that is compatible with both open source and proprietary licensed solutions. These rights should be irrevocable unless there is a breach of licence conditions.” Government remains a significant potential market for FOSS companies but their procurement procedures continue to hinder such adoption (see discussion of Talend’s success with the Trade Agreement Act above).
10. More Standardized Process on FOSS Compliance by Large Companies. In my practice, I have seen an acceleration of an existing trend: many large companies are much more focused on FOSS compliance and are developing standardized procedures to ensure compliance. I work with many small companies entering into commercial relationships with large companies as well as large companies entering into commercial relationships and purchasing smaller companies. Although some technology companies have developed and implemented such procedures for commercial relationships for several years, such processes have recently become much more widespread and sophisticated. They range from elaborate contractual provisions relating to remedies to special procedures for “remediation” through removal of certain modules and developing functionally compatible software. Although a limited number of technology companies have also implemented a separate due diligence process for FOSS compliance in acquisitions for several years, these practices are also spreading more widely to both technology companies and non-technology companies. Acquiring companies are even willing to change the form of a transaction to avoid potential FOSS compliance problems: recently, I worked with a company that shifted an acquisition from a merger to a sale of assets primarily based on FOSS compliance concerns. This development emphasizes the need for small companies to have a structured approach to the management of the use of FOSS and to be able to demonstrate such management to both potential commercial partners and potential acquirers.
One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. Ironically, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on hundreds of FOSS analysis and the response to software without a clear license is almost always “rip it out”.
One other consequence not mentioned by Simon is that the failure to include a license also means the developer (and distributor) have potential liability in the United States under Article II of the Uniform Commercial Code (“UCC”). Article II of the UCC provides that if certain warranties are not “disclaimed” then the distributor (“seller” in UCC language) automatically gives those warranties. These warranties are disclaimed in all FOSS licenses, generally in capital letters and are the source of the provisions using obscure terms such as “merchantability” and “fitness for a particular purpose”. The developer would be liable for these warranties: merchantability (the product is of average quality in the trade), fit for a particular purpose (if the developer or distributor knows of the use by the licensee, then the software will be fit for such purpose) and indemnity (an indemnity for intellectual property infringement such as copyrights and patents). And if such warranties are breached the developer would be liable for “consequential damages” which includes lost profits. While it is unlikely that such suit would be brought, the potential liability for the developer will continue.
Talend, a licensor of open source enterprise software, has recently received a ruling from the U.S. Customs Service corroborating that its software complies with the Trade Agreements Act 0f 1979 (19 USC 2511 et seq.) (“TAA”). Open source software adoption by the US Federal government must comply with many regulations, some of which can be difficult given the nature of modern software development. And these rules are frequently used as a barrier, or a bar, to the use of FOSS in federal government procurement. One of these issues is the ability of the FOSS company to certify compliance with the TAA which requires a product to be manufactured or “substantially transformed” in the United States or a “designated country”. A “designated country” is one of a handful of countries with which the U.S. has a trade agreement on government procurement or a similar arrangement. However FOSS frequently contains routines or other components whose origin is not sufficiently certain to “certify” compliance with these requirements, or if certain, the origin is a non-designated country such as India or China (as a matter of transparency, my partner, Fern Lavallee, represented Talend in the approval process).
Like many companies, Talend has a substantial part of the source code of some of its products written in the People’s Republic of China. However, virtually all other aspects and steps in the “manufacture” of its software – and particularly the complex activities fundamental to manufacturing the software - are performed in the United States or the “designated countries” of France or Germany. The letter goes into significant detail about the process of designing, developing and testing the Talend software. Talend successfully argued that the steps performed in the US, France and Germany constituted the “substantial transformation” of the source code into the “product”, i.e., the machine-readable object code software product, in a designated country for federal government procurement purposes sufficient to certify TAA compliance. The U.S. Customs Service agreed in its advisory letter.
This decision is timely because U.S. Department of Defense (DoD) is currently revising the “DoD Open Systems Architecture, Contract Guidebook for Program Managers” which was issued in draft in December, 2011. This Contract Guide is specifically intended to be used by DoD Program Managers who are incorporating Open System Architecture principles into National Security Systems. The new version is currently expected to be released by the end of this calendar year. A copy of the decision can be obained from Talend at http://www.talend.com/about-us/press/us-customs-and-border-protection-decision-boosts-open-source-software-for-government