The year 2012 had many important FOSS legal developments which reflects the continued increase in FOSS use. During a recent webinar with Black Duck, we noted that FOSS projects have increased from 600,000 in 2010 to 900,000 by December 2012. In addition, a Dr. Dobbs’ survey in the third quarter of 2012 stated that more than 90% of developers are using FOSS in two of the most rapidly growing areas, cloud computing and mobile computing.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?p=664 my selection of the top ten issues for 2012 are as follows:
1. Android Patent Litigation. The litigation surrounding the Android operating system has continued around the world. Although some of the cases have settled, the litigation has continued to result in multiple decisions in different countries. One of the most important decisions occurred in Silicon Valley: on August 24, 2012, the jury awarded Apple Computer, Inc. (“Apple”) $1.05 billion in damages for Samsung’s violation of its patents. The decision is particularly interesting because the lawsuit involved four design patents and three utility patents (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision). Many intellectual property lawyers have been skeptical about the value of design patents, particularly in comparison to utility patents. This decision will undoubtedly cause a re-assessment of the value of design patents. However, more recently, in the same case, the judge refused to grant Apple a permanent injunction against the distribution of the Samsung products found to be infringing. This decision will be appealed and we will not know the final answer for some time. The multiple cases will undoubtedly continue next year.
2. Protection of APIs: Oracle v. Google. A separate but related case also involved the Android operating system. Oracle sued Google for the alleged infringement of Oracle’s copyrights in the Java software (which it had acquired from Sun Microsystems, Inc.) and certain Oracle patents. Oracle alleged that Google’s Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The results of the dispute were complicated because the judge first had the jury make a decision about copyright infringement but reserved for himself the decision about whether the application programming interfaces (“APIs”) were copyrightable. Thus, in early May, the jury found that Google had infringed the copyrights in Oracle’s APIs (although they deadlocked on whether the copying was “fair use”). However, at the end of May, Judge Alsup issued a decision finding that the Java APIs were not protectable under copyright law. The decision is one of the first on this issue. The critical part of the decision stated:
So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API. It does not matter that the declaration or method header lines are identical.
Under the rules of Java, they must be identical to declare a method specifying the same functionality — even when the implementation is different. When there is only one way to express an idea or function, then everyone is free to do so and no one can monopolize that expression. And, while the Android method and class names could have been different from the names of their counterparts in Java and still have worked, copyright protection never extends to names or short phrases as a matter of law.
Although the decision is carefully limited to the facts of the Oracle case, it strongly suggests that judges will provide more limited protection to computer software under copyright law: This order does not hold that Java API packages are free for all to use without license. It does not hold that the structure, sequence, and organization of all computer programs may be stolen. Rather, it holds on the specific facts of this case, the particular elements replicated by Google were free for all to use under the Copyright Act. (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision).
If it is upheld, the decision has important implications for the scope of FOSS licenses: the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques using APIs may limit the scope of these licenses.
3. EU Copyright Law Does Not Protect Computer Language and Functions. The SAS Institute, Inc. (“SAS”) v. World Programming, Limited (“WPL”) decision in the European Court of Justice involved the scope of copyright protection for computer programs and has important implications for FOSS and the scope of “derivative works” under copyright law http://curia.europa.eu/jcms/upload/docs/application/pdf/2012-05/cp120053en.pdf. The case addresses issues similar to the Oracle v. Google case described above (in fact, Judge Alsup asked for a briefing from the parties in the Google case after the SAS decision was announced).
The case involved the copying of the scripts and certain functions of the SAS analytical software. The SAS software enables users to write and run their own application programs in order to adapt the SAS software to work with their data. These “application programs” are called “scripts” and are written in a language which is peculiar to the SAS software. WPL recognized that a market existed for alternative software capable of executing application programs written in the SAS language. WPL produced the ‘World Programming System’, designed to emulate the SAS components as closely as possible in that, with a few minor exceptions, it attempted to ensure that the same inputs would produce the same outputs. This approach would enable users of the SAS software to run the “scripts” which they have developed for use with the SAS software on the ‘World Programming System’.
The court found that such functions and programming language were not protected under the EU Directive on Protection of Computer Programs:
Article 1(2) of Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs must be interpreted as meaning that neither the functionality of a computer program nor the programming language and the format of data files used in a computer program in order to exploit certain of its functions constitute a form of expression of that program and, as such, are not protected by copyright in computer programs for the purposes of that directive.
Similar to the Google decision, this decision has important implications for the scope of FOSS licenses. As I noted above, the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques may limit the scope of these licenses.
4. Expansion of Open Source Initiative. The Open Source Initiative (“OSI”) has decided to broaden its base by expanding its role as an advocacy organization. The OSI has reached started membership programs for individuals and affiliated organizations (as a matter of transparency, I am outside general counsel to the OSI on a pro bono basis). OSI describes this change as follows: “The OSI is moving its governance from a model of volunteer and self-appointed directors to one driven by members. Our high-level objectives in doing so are to provide a broad meeting place for everyone who shares an interest in open source software, with the continuing aim of strengthening the OSI so that it can more effectively fulfill its goals over the long term.” The Affiliate Program has successfully signed up over twenty open source organizations include among others the Linux Foundation, Mozilla Foundation, Debian and OW2.
5. Unlicensed FOSS. One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. As I mentioned in my earlier post, http://lawandlifesiliconvalley.com/blog/?p=708, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on the analysis of hundreds of software programs and the response to software without a clear license is almost always “rip it out”. In addition, as I discuss in more detail in the post, this approach could also subject the developer to liability under the Uniform Commercial Code (an admittedly low probability).
6. Qualification of FOSS under the Trade Agreement Act. Talend, a licensor of open source enterprise software, has recently received a ruling from the U.S. Customs Service corroborating that its software complies with the Trade Agreements Act of 1979 (19 USC 2511 et seq.) (“TAA”). FOSS adoption by the US Federal government must comply with many regulations, some of which can be difficult given the nature of modern software development. The details of the approval are found in my earlier post http://lawandlifesiliconvalley.com/blog/?p=697.
7. Contributor Agreements Redux. Recently, the issues of contribution agreements arose in the departure of Nikos Mavrogiannopoulos from the GnuTLS project http://lwn.net/SubscriberLink/529522/854aed3fb6398b79. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail http://lawandlifesiliconvalley.com/blog/?p=664. GnuTLS is “a secure communications library implementing the SSL,TLS and DTLS protocols”. The project was commenced in 2000 under the GNU project. As is true of all GNU projects, the copyrights in the contributions are assigned to the Free Software Foundation (“FSF”). When Nikos left, Richard Stallman reminded him that he could fork the project, but that the FSF would retain ownership of copyright in the project code. The LWN article concludes that the basis for copyright assignment “seems to be weak”. I disagree with this conclusion and Bradley Kuhn makes some very cogent arguments in the comment sections. Copyright assignment does provide the manager of the FOSS project (in this case, FSF) with significant advantages in enforcement as well as changing the license of a project. Without an assignment, a licensee can raise several potential defenses (such as a license from an alleged joint copyright owner) whose strength is uncertain. In addition, any change in the project license would require the approval of each contributor to the project. However, copyright assignments also mean that the community needs to be comfortable that the project strategy of the project manager is aligned with the community. However, as FOSS projects continue for a longer period, this alignment may be more difficult to determine in advance. And this approach also poses practical problems for the FOSS project manager: the project manager needs to be very disciplined about getting the written assignments from all contributors. Such assignments may be difficult to obtain from developers employed by a corporation because corporations are reluctant to assign intellectual property rights. This dispute emphasizes the importance of FOSS projects and their contributors carefully considering the needs of the project when deciding on how to obtain the necessary rights in contributions. Project Harmony provides information and proposed agreements to assist FOSS projects to make these decisions http://harmonyagreements.org/. Once determined, the method of implementation of a contribution agreement is important: the Eclipse Foundation also provides an excellent summary of their approach to due diligence issues relating to accepting contributions http://www.eclipse.org/legal/EclipseLegalProcessPoster.pdf.
8. Rise of Open Source Collaborations. Open source collaborations have become an increasingly important strategy for companies to address major software development problems. This trend is best illustrated this year by the creation of the OpenStack Foundation (“Foundation”). The Foundation takes over the OpenStack project from a Rackspace who had managed project for several years (as a matter of transparency, I represent the Foundation). OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter. The Foundation is run by a board of twenty four members, with eight members representing individuals, eight members representing Gold Members and eight members representing Platinum Members. The Foundation has over 150 corporate members and more than 6,000 individual members http://www.openstack.org/. In a second example, Deutsche Bank announced in September the formation of the Lodestone Foundation to coordinate the development of IT solutions for capital market companies http://lodestonefoundation.com/. The OpenStack Foundation and the Lodestone Foundation join the many foundations who manage open source collaborations for combinations of corporations which include, among others, the Linux Foundation, Genivi Alliance and Eclipse Foundation.
9. UK Government Adopts Open Standard Principles. The UK government adopted Open Standards Principles in government IT procurement through a Cabinet Report http://www.cabinetoffice.gov.uk/resource-library/open-standards-consultation-documents. The report adopted Open Standards to encourage “software interoperability, data and document formats in government IT specifications.” One of the goals of the adoption of the Open Standard Principles was to ensure that FOSS and proprietary software could compete on an equal level. One important requirement of UK Open Standard Principles is that the patent rights for the standards must be available on a royalty free basis: “rights essential to implementation of the standard, and for interfacing with other implementations which have adopted that same standard, are licensed on a royalty free basis that is compatible with both open source and proprietary licensed solutions. These rights should be irrevocable unless there is a breach of licence conditions.” Government remains a significant potential market for FOSS companies but their procurement procedures continue to hinder such adoption (see discussion of Talend’s success with the Trade Agreement Act above).
10. More Standardized Process on FOSS Compliance by Large Companies. In my practice, I have seen an acceleration of an existing trend: many large companies are much more focused on FOSS compliance and are developing standardized procedures to ensure compliance. I work with many small companies entering into commercial relationships with large companies as well as large companies entering into commercial relationships and purchasing smaller companies. Although some technology companies have developed and implemented such procedures for commercial relationships for several years, such processes have recently become much more widespread and sophisticated. They range from elaborate contractual provisions relating to remedies to special procedures for “remediation” through removal of certain modules and developing functionally compatible software. Although a limited number of technology companies have also implemented a separate due diligence process for FOSS compliance in acquisitions for several years, these practices are also spreading more widely to both technology companies and non-technology companies. Acquiring companies are even willing to change the form of a transaction to avoid potential FOSS compliance problems: recently, I worked with a company that shifted an acquisition from a merger to a sale of assets primarily based on FOSS compliance concerns. This development emphasizes the need for small companies to have a structured approach to the management of the use of FOSS and to be able to demonstrate such management to both potential commercial partners and potential acquirers.
One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. Ironically, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on hundreds of FOSS analysis and the response to software without a clear license is almost always “rip it out”.
One other consequence not mentioned by Simon is that the failure to include a license also means the developer (and distributor) have potential liability in the United States under Article II of the Uniform Commercial Code (“UCC”). Article II of the UCC provides that if certain warranties are not “disclaimed” then the distributor (“seller” in UCC language) automatically gives those warranties. These warranties are disclaimed in all FOSS licenses, generally in capital letters and are the source of the provisions using obscure terms such as “merchantability” and “fitness for a particular purpose”. The developer would be liable for these warranties: merchantability (the product is of average quality in the trade), fit for a particular purpose (if the developer or distributor knows of the use by the licensee, then the software will be fit for such purpose) and indemnity (an indemnity for intellectual property infringement such as copyrights and patents). And if such warranties are breached the developer would be liable for “consequential damages” which includes lost profits. While it is unlikely that such suit would be brought, the potential liability for the developer will continue.
Talend, a licensor of open source enterprise software, has recently received a ruling from the U.S. Customs Service corroborating that its software complies with the Trade Agreements Act 0f 1979 (19 USC 2511 et seq.) (“TAA”). Open source software adoption by the US Federal government must comply with many regulations, some of which can be difficult given the nature of modern software development. And these rules are frequently used as a barrier, or a bar, to the use of FOSS in federal government procurement. One of these issues is the ability of the FOSS company to certify compliance with the TAA which requires a product to be manufactured or “substantially transformed” in the United States or a “designated country”. A “designated country” is one of a handful of countries with which the U.S. has a trade agreement on government procurement or a similar arrangement. However FOSS frequently contains routines or other components whose origin is not sufficiently certain to “certify” compliance with these requirements, or if certain, the origin is a non-designated country such as India or China (as a matter of transparency, my partner, Fern Lavallee, represented Talend in the approval process).
Like many companies, Talend has a substantial part of the source code of some of its products written in the People’s Republic of China. However, virtually all other aspects and steps in the “manufacture” of its software – and particularly the complex activities fundamental to manufacturing the software - are performed in the United States or the “designated countries” of France or Germany. The letter goes into significant detail about the process of designing, developing and testing the Talend software. Talend successfully argued that the steps performed in the US, France and Germany constituted the “substantial transformation” of the source code into the “product”, i.e., the machine-readable object code software product, in a designated country for federal government procurement purposes sufficient to certify TAA compliance. The U.S. Customs Service agreed in its advisory letter.
This decision is timely because U.S. Department of Defense (DoD) is currently revising the “DoD Open Systems Architecture, Contract Guidebook for Program Managers” which was issued in draft in December, 2011. This Contract Guide is specifically intended to be used by DoD Program Managers who are incorporating Open System Architecture principles into National Security Systems. The new version is currently expected to be released by the end of this calendar year. A copy of the decision can be obained from Talend at http://www.talend.com/about-us/press/us-customs-and-border-protection-decision-boosts-open-source-software-for-government
The Thanksgiving holiday has given me the opportunity to consider the critical new role of collaboration in innovation. This role was emphasized to me during a single day, November 17, in Silicon Valley. In the morning, I attended the Cloud Computer Expo and speaker after speaker, from Cisco to HP, discussed how OpenStack software was critical to their success in cloud computing and was transforming cloud computing industry. OpenStack software to enable cloud computing is being developed under the management of the OpenStack Foundation in a collaboration of over 150 companies. The OpenStack project was started by NASA and Rackspace, but was recently reorganized as a foundation to take over the funding and management of the project www.openstack.org (as a matter of transparency, I represent the OpenStack Foundation). I think that such collaborations will be increasingly critical for the future because many business problems are too complicated to be effectively solved by a single company. For example, the auto industry has joined with the consumer electronics industry to form a collaboration for entertainment systems in automobiles, the Genivi Alliance http://www.genivi.org/.
At the end of the day, I attended the Sierrra Ventures CIO Summit cocktail party (yet another good reason to have Sierra Ventures as an investor) and Jed York of the 49ers was discussing the role of technology in the new Santa Clara stadium (it sounds like it will be spectacular). Yet he also focused on the need to encourage collaboration with the Silicon Valley community to take advantage of the possibilities presented by the technology infrastructure of the new stadium.
From cloud computing to sports, collaboration has become central to business success in the 21st century.
The Wall Street Journal recently noted the increasing importance of the corporate venture capitalists in the innovation ecosystem. http://blogs.wsj.com/venturecapital/2012/10/31/corporate-vcs-here-to-stay-this-time-study-says/tab/print/.
They base their conclusion on a recent BCG report which describes the change in corporate venture capital. http://www.bcg.com/media/PressReleaseDetails.aspx?id=tcm:12-120570. I have seen three of the four cycles in the BCG report and I agree that this cycle is different because of the critical role of innovation in large companies. Innovation has become essential for large corporations and corporate venture is a significant tool to manage innovation. As the BCG report notes in conclusion: “Considering the benefits that venture investing offers when best practices are employed, the real question is whether corporations can afford not to join the game.”
The BCG report focuses on the return of corporate venture capital, but another critical trend is the rise of Chief Innovation Officers (such as Debby Hopkins at CitiBank and Marie Quintero-Johnson of Coca Cola). These executives coordinate their company’s innovation strategy using tools from corporate venture to internal piloting, internal research and development, collaborations and mergers and acquisitions. The role of the Chief Innovation Officer was described in a very perceptive analysis by James Mawson in the September 2012 edition of Global Corporate Venturing www.globalcorporateventuring.com.
Last year, 2011, was one of the most active years in legal developments in FOSS. This activity reflects the increase in FOSS use: Laura Wurster of Gartner, noted in the Harvard Business Review blog that open source has hit a “strategic tipping point” this year with companies increasingly focused on using “open source” software for competitive rather than cost reasons http://lawandlifesiliconvalley.com/blog/?p=619.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?s=top+10+2008&x=40&y=6, my selection of the top ten issues for 2011 are as follows:
1. Android Patent Litigation. One of the most widely reported legal developments in FOSS has been the patent wars surrounding the Android operating system. Over 40 patent cases are pending between a wide variety of parties, including Motorola Mobility, Inc., HTC, Samsung Electronics, Inc. and Apple Computer, Inc. This year saw several decisions in these suits. In Australia, Apple won a trial court decision which enjoined the distribution of Samsung’s Android tablets based on a claim that the Samsung tablet violated Apple’s design patents. However, after a series of appeals, Australia’s High Court overturned the injunction and Samsung can now distribute its tablets. Apple was more successful in Germany where it was successful in obtaining an injunction based on Apple’s design patents which prevents the distribution of Samsung’s Galaxy Tab 10.1 (however, Samsung has released a revised version named the Galaxy Tab 10.1N). Apple was not successful in obtaining an injunction against distribution of Samsung’s Galaxy Tab in the United States, although the judge stated that Apple’s design patents might be infringed. More recently, on December 19, the ITC ruled that HTC’s Android phones violated two claims of an Apple utility patent and issued an “exclusion order” for HTC Android phones which would take effect on April 19, 2012. HTC has announced that it will provide a workaround. Google has been handicapped by its lack of patents to assert in defense of Android (it started with only 600 patents, but is aggressively buying new patents and has agreed to purchase Motorola Mobility, Inc., primarily for its patent portfolio).
2. Oracle v. Google. A separate but related case is Oracle’s suit against Google for the alleged infringement of Oracle’s copyrights in the Java software (which it acquired from Sun Microsystems, Inc.) and certain Oracle patents by Android. Oracle is asserting that the Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The decision on this claim could have a significant impact well beyond this case: most software lawyers have viewed APIs (and their specifications) as either having no copyright protection or very limited copyright protection. These views govern the interpretation of both FOSS and proprietary licenses. The court described APIs as follows:
Conceptually, an API is what allows software programs to communicate with one another. It is a set of definitions governing how the services of a particular program can be called upon, including what types of input the program must be given and what kind of output will be returned. APIs make it possible for programs (and programmers) to use the services of a given program without knowing how the service is performed. APIs also insulate programs from one another, making it possible to change the way a given program performs a service without disrupting other programs that use the service.
If Oracle prevails and the court finds that APIs are copyrightable, lawyers will need to rethink how they interpret both FOSS and proprietary licenses. The issue could be particularly important in determining whether interactions between software programs licensed under GPLv2 or GPLv3 create, respectively, “derivative works” or a “modified version” and, thus, impose the license terms of GPLv2 or GPLv3 on the software modules with which they interact. The first significant decision in the case rejected Google’s attempt to eliminate the claims through summary judgment (Google won only on a single minor point). http://www.scribd.com/doc/65143317/Oracle-v-Google-Denial-of-Google-s-Summary-Judgment-Motion. However, this decision is not surprising because summary judgment is generally used for settled issues of law; the copyright issues in this case are on the cutting edge of the law.
3. Perfect 10 v. Google. Although this case was not strictly about open source software, it established a critical principle for remedies for copyright infringement. These remedies also apply to enforcement of copyright licenses in certain situations. For decades prior to this decision, the presumption was that the remedy for copyright infringement was always “injunctive relief”. Injunctive relief means that a court orders an “infringer” to comply with the terms of the license. The Perfect 10 decision in the Ninth Circuit Court of Appeals made clear that “injunctive relief” is no longer a remedy which is always available for copyright infringement. Instead, the court stated that : We therefore conclude that the propriety of injunctive relief in cases arising under the Copyright Act must be evaluated on a case-by-case basis in accord with traditional equitable principles and without the aid of presumptions or a “thumb on the scale” in favor of issuing such relief.
Injunctive relief is an unusual remedy for breach of license agreements, because under Anglo Saxon law, the standard remedy for breach of contract is monetary payment. However, a remedy of monetary damages has little value for breach of open source licenses because the open source software is generally distributed at no cost. The Perfect 10 decision undercuts the value of the Jacobsen decision to the open source community. In Jacobsen, the Court of Appeals of the Federal Circuit decision found that injunctive relief was available for open source licenses if the relevant obligations were drafted to make them a “restriction” on the scope of the license rather than just a contractual obligation (a “covenant”) http://lawandlifesiliconvalley.com/blog/?p=65. However, the other standard copyright law remedies such as attorneys fees, actual damages and, potentially, statutory damages remain available. However, injunctive relief, the most valuable of remedies, may be more difficult to obtain to enforce open source licenses.
4. Publication of Software Package Data Exchange (“SPDX”) Specification. The management of open source software in the supply chain has been a continuing problem. However, the open source community has been working to find a solution to this problem. The work has been guided by the SPDX Group (the SPDX Group is a working group of the Linux Foundation and is associated with FOSSBazaar) which has developed the SPDX specification as a standard format for describing the components, licenses and copyrights associated with a software package. For example, SPDX Group has identified seven versions of the General Public License version 2, the most commonly used open source license. If widely adopted, SPDX will be critical to effectively manage open source software as it becomes more widely used in the supply chain. As noted in the Harvard Business Review blog by Gartner Group, the ubiquity of the use of open source software has not been matched by effective management of its use http://blogs.hbr.org/cs/2011/03/open_source_software_hits_a_st.html.
5. Revision of Mozilla Public License. The Mozilla Public License is one of the most popular open source licenses. After eighteen months of work, Mozilla has announced a new version. The Mozilla Public License version 2 (“MPLv2”) is a much simpler, shorter and more usable license. The new license has adopted approaches (and sometimes the terms themselves) from other open source licenses: the patent license provision was adopted from the Apache license and the termination provision from the General Public License version 3. In addition, Mozilla has made the MPLv2 compatible with the Apache license. And MPLv2 has also included a provision to make the license “compatible” with other licenses. For example, MPLv2 permits distribution of code under the MPLv2 with other modules licensed under GPL variants (GPLv2, GPLv3, APGL and LPGL) if such modules are part of a “Larger Work” (unless the notice in the software states that the software is “Incompatible with Secondary Licenses”). However, these differences mean that the transition to the MPLv2 for existing projects will require careful thought.
6. Cybits Decision in Germany. This decision makes clear that companies cannot alter the terms of software licensed under GPLv2. AVM is a manufacturer of FRITZ!Box router, a digital subscriber line DSL terminal, which uses the Linux Kernel as a part of their production firmware (which is licensed under GPLv2). Cybits, a software producer, distributes the Internet filtering software “Surf-Sitter DSL”, which is intended to protect children. The Surf-Sitter application downloads FRITZ!Box software to the user’s computer, modifies it and then reinstalls it back on the FRITZ!Box.
AVM claimed that Cybits did not have the right to modify the part of the FRITZ!Box firmware which was licensed under GPLv2. The court rejected AVM´s claims that Cybits should not be permitted to alter the firmware of AVM and denied that Cybits had infringed AVM´s copyright by distributing Surf-Sitter. The court found that the firmware is a collective work, which contains modules licensed under GPLv2. Cybits or any third party may modify the GPLv2 licensed software. Thus, AVM is not able to control any modifications to the GPL licensed components of the FRITZ!Box firmware.
7. Project Harmony Publishes Standardized Contributor Agreements. Many commentators have complained about the problems raised by the number of licenses approved as “open source”, a problem frequently referred to as “license proliferation”. Yet a similar problem is lurking in the development of open source software: the contribution agreements which govern the rights provided by contributors to a project. Project Harmony was a community effort to resolve this problem in advance by developing a set of standard agreements which can be adopted by open source projects http://www.harmonyagreements.org/about.html.
Many open source projects use the “license” for the project as a contribution agreement, but a variety of separate open source contribution agreements have developed over time, from the Apache Contributor Agreement to the Joomla Contributor Agreement http://community.joomla.org/images/JCA_General_Draft.pdf. Although many open source projects can use their standard open source license (i.e. GPLv2 for Linux or Mozilla Public License for the Mozilla browser) as the “contribution agreement”, this approach “locks in” the open source project to that license. If the open source project wishes to change the license (such as the change of OpenOffice project from GPLv2 to Apache), this approach would require that each contributor agree to the change. A good example of the potential for problems with this approach is the Open Street Map Project (“OSM Project”). The OSM Project has been struggling with shifting from a Creative Commons license to a more appropriate Open Database License http://wiki.openstreetmap.org/wiki/Open_Data_License_FAQ. After three years, the transition is still not complete. Finally, the OSM Foundation has given up on obtaining agreement from the remaining contributors and will probably delete contributions from contributors that have not agreed to shift to the new license http://en.wikipedia.org/wiki/Open_street_map#Licensing. In addition, open source licenses do not deal with a number of other issues which should be addressed by contribution agreements, such as contributions by minors and changes of license. Project Harmony also makes it easier for corporations to contribute to open source projects by avoiding the complexities of managing the differing terms of these new contribution agreements. The Project Harmony standard contribution agreements permit projects to make a choice between a license or assignment approach and, then, select among several options to change licenses in the future (without obtaining permission from each contributor.
8. Dispute over Koha Trademark. The importance of the protection of trademarks to open source projects was illustrated by the recent dispute over the Koha trademark between Horowhenua Library Trust (“HLT”) and a commercial company, PTFS, http://koha-community.org/update-2/. HLT manages the Koha open source project. PTFS filed for trademark protection for Koha in New Zealand after it had acquired a company which used the trademark and the trademark was, then, registered by the New Zealand government. Upon registration of the Koha trademark, HLT complained and appealed for help. Subsequently, PTFS agreed not to enforce the trademark and even to transfer the trademark to HLT http://patentbuff.com/2011/11/koha-alls-well-that-ends-well_28.html?spref=tw.
9. The Meaning of Open Source. The power of the community to police the misuse of “open” was demonstrated by Nokia’s attempt to claim that the Symbian mobile operating system was “open” for business http://www.groklaw.net/article.php?story=20110402143136766. However, the Symbian license is not consistent with the Open Source Definition. The copyright license in the Symbian license is as follows:
Subject to the terms and conditions of this Agreement, Nokia hereby grants to You a personal, non-exclusive, non-transferable, irrevocable (except as set forth in Clause 7.1 and 7.2 below), royalty-free and worldwide license under Copyrights licensable by Nokia to: i) reproduce and modify Source Code Components; ii) reproduce Binary Components and Documentation; iii) use and reproduce Utility Software, and iv) publicly display, distribute and make available (a) the Source Code Components to third parties that have acquired a valid source code license from Nokia; and (b) Utility Software, Binary Components and Source Code Components in binary form to third parties, (c) Documentation in unmodified form in all cases i)-iv) solely as part of the Symbian Platform or for use with the Symbian Platform, under the terms and conditions of this Agreement.
The agreement requires a separate license for source code from Nokia and limits the use to the “Symbian Platform.” Nokia was forced to “correct” their original statement to “open for business” rather open source http://symbian.nokia.com/blog/2011/04/04/not-open-source-just-open-for-business.
10. Open Hardware License. The open hardware movement received a boost when CERN published an Open Hardware License (“CERN OHL”). The CERN OHL is drafted as a documentation license which is careful to distinguish between documentation and software (which is not licensed under the CERN OHL) http://www.ohwr.org/documents/88. The license is “copyleft” and, thus, similar to GPLv2 because it requires that all modifications be made available under the terms of the CERN OHL. However, the license to patents, particularly important for hardware products, is ambiguous. This license is likely to the first of a number of open hardware licenses, but, hopefully, the open hardware movement will keep the number low and avoid “license proliferation” which has been such a problem for open source software.
The recent Intellectual Property Business Congress in San Francisco was very interesting and demonstrated the increasing importance of intellectual property of business http://www.ipbusinesscongress.com/2011. The speakers ranged from Judge Rader (Chief Judge of the Court of Appeals of the Federal Circuit) to Ruud Peters (Chief Innovation Officers of Philips NV). Many speakers emphasized the critical nature of intellectual property in developing products because most new products are the result of collaboration among many parties. The rise of the need for collaboration in developing products ranges across all industries, from smartphones to automobiles.
Smartphones are a dramatic example of collaboration: the bill of materials for the iPhone shows that Apple only provides the operating system for the device. Android represents another step in this evolution where even the operating system is provided by a third party. The disruptive nature of these new reality is demonstrated by the dramatic fall of Nokia’s market share in smartphones (I discussed these issues in more detail in my presentation on the new rules of innovation at the IBF Corporate Venture and Innovation conference in February http://www.docstoc.com/docs/83629007/Managing-Innovation-for-Global-Entrepeneurs-and-Large-Companies).
At the conference, Frank MacKenzie, IP Counsel from Ford Global Technologies, stated directly that intellectual property at Ford has a much higher profile. He described how the automobile industry has changed dramatically recently because of the integration of a much greater amount of third party technology into new cars; he mentioned Sync and Mytouch as technologies which Ford has licensed from third parties. Even in the traditional automobile business, he noted that intellectual property is very important: he described how the sale of Volvo was initially viewed as the transfer of “hard” assets and a brand, but it became clear during the negotiations that intellectual property relating to the car manufacturing was a critical element of the deal for the buyer.
The most interesting presentation was by Ruud Peters, the Chief Innovation Officer of Philips NV, who described that evolution of the integration of intellectual property into business at Philips over the last twelve years. At the beginning, intellectual property was viewed as a “defensive” asset, but intellectual property is now a key part of all business strategies developed at Philips. His summary of the new attitude was: “Business strategy without an IP strategy is not a business strategy”.
The use of the Android operating system continues to grow. Gartner recently reported that Android had become the leading operating smartphone operating system in the world in the first quarter of 2011. http://www.computerworld.com/s/article/9216848/Gartner_Android_and_Apple_win_big_globally_in_Q1. Android grew from 9.6% to 36% of the market in the last year. Its lead over smartphones running Symbian is now almost 10 million units per quarter. During the first quarter of 2011, manufacturers distributed 36.3 million smartphones running Android while only 27.6 million smartphones running Symbian were distributed.
Yet Android continues to be a very complicated product from a licensing point of view http://lawandlifesiliconvalley.com/blog/?p=635. Peter Vescuso of Black Duck and I worked to provide a summary of the issues in managing licenses in software development based on the Android operating system http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495469387 . I have included a more detailed legal perspective http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495473435.
The recent Android Builder’s Summit in San Francisco demonstrated the breadth of products using Android and the dynamic nature of the operating system. In her keynote, Christy Wyatt of Motorola described the challenges of managing the launch of 700 products based on Android in countries around the world. She was followed by Mark Charlebois (Director of Open Source Strategy at Qualcomm Innovation Center) and he predicted that their Android releases would grow from 241 in 2010 to more than 365 in 2011.
Karim Yaghmour of Opersys provided a great overview of Android and its critical subsystems http://www.opersys.com/blog/abs-march2011. However, his presentation brought home the challenges of managing Android: he mentioned in passing that he was unhappy with the performance of the Android Toolbox, the component which Google substituted for BusyBox for Toolbox. He regularly substitutes BusyBox for Toolbox (one Android site had more than 25,000 downloads of BusyBox). BusyBox is described as follows;
a software application that provides many standard Unix tools, much like the larger (but more capable) GNU Core Utilities. BusyBox is designed to be a small executable for use with the Linux kernel, which makes it ideal for use with embedded devices. It has been self-dubbed “The Swiss Army Knife of Embedded Linux”.
According to Black Duck, Android Toolbox is a collection of 66 files, 52 are under the Apache 2.0 license and 14 are under BSD. Both the Apache 2.0 and BSD licenses are very permissive. However, BusyBox is licensed under the GPLv2, a copyleft license, which has very different and much more significant obligations, particularly the obligation to make the source code available either with the object code or through a written promise. More importantly, the license to BusyBox is the most actively enforced license in open source. The Software Freedom Conservancy and the Software Freedom Law Center have filed at least seven lawsuits (with many other disputes settled with ligitation) to enforce the GPLv2 license on BusyBox. Last year, they won $90,000 in damages from Best Buy.
Thus, a reasonable technical decision can dramatically change the obligations of the distributor. Since the GPLv2 is a “conditional” license, the failure to comply with these terms means that the license terminates automatically without a cure period. Thus, the distributor would be a copyright infringer. Since products including Android are frequently mass market products, the consequences could be significant liability arising from millions of unlicensed units. This reality demonstrates once again the need for careful management of the use of Android and clear communication between the developers and the relevant counsel.
I have just returned from the Open Source Think Tank in Sonoma http://thinktank.olliancegroup.com/agenda_public.php. We had a great time and the discussion was vigorous! The last year has continued the expansion of open source use, confirmed recently by Laurie Wurster’s March 2011 article in the Harvard Business Review http://lawandlifesiliconvalley.com/blog/?p=619. In particular, Android has been spectacularly successful and was a significant factor in Nokia’s recent failures in the handset market. The new Nokia CEO, Stephen Elop, described Nokia as being on a “burning platform” and identified Android as one of the major sources of their problems.
I provided my traditional Legal Update on Thursday (which you can see at http://www.docstoc.com/docs/76174077/Open-Source-Think-Tank-2011-Legal-Update). The success of open source has had consequences: it has focused attention of rights holders on the industry and made some open source companies targets for legal action. For example, Android’s success has been undercut by a tidal wave of litigation (with more than thirty eight lawsuits filed to date). I believe that these challenges (and its modest existing patent portfolio) are the motive for Google’s decision to bid $900,000,000 to purchase Nortel’s patent portfolio.
The ubiquity of the use of free and open source software has also resulted in many companies are demanding that their suppliers provide information on their use of free and open source software and how they comply with their licenses. Yet as recently noted by Laurie Wurster in her Harvard Business Review article, many companies have yet to adopt a formal approach to managing their use of free and open source software http://lawandlifesiliconvalley.com/blog/?p=619. At the request of our attendees, we addressed this management issue in a separate workshop.
The most interesting discussions were about the effect of cloud computing on open source. It was the subject of two panels and a brainstorming session. Nine out of ten groups in the brainstorming session believed that cloud computing was good for open source. However, attendees generally agreed that cloud computing undercuts two of the traditional advantages of open source: (1) low cost and (2) ease of use. Yet the flexibility of open source development techniques continue to provide significant advantages.
The attendees also agreed that open source companies (like all software companies) need to review their business models as customers in the cloud begin to expect “pay as you go” pricing. The tools in the cloud also permit very granular information on the use and interest in various features of a software program and the contributors who have provided those features: this capability may permit open source projects and companies to reward contributors directly for the success of their contributions.
The workshop led by AOL provided a great opportunity to work together to apply our cumulative experience in open source to real world problems. The conference works under Chatham House rules so you will need to see the results of those discussion.
As in the past, we included plenty of time to socialize with the other attendees. First Republic Bank put on a great cocktail party on Thursday, including tasting Araujo cabernet in their tasting (one of the cult cabs). The shift in venue from Napa to Sonoma enabled us to experience a new region of the wine country: Friday afternoon included tours at Chateau St Jean and Ledson (although Andrew somehow found wineries in Sonoma, the heart of Pinot Noir country, which focused on cabernet sauvignon). A hardier group went for a bike ride, but they split into the “wine group” who tasted and rode 12 miles; the hard core cyclists led by Peter Vescuso of Black Duck rode 30 miles. I think that the combination of topics and attendees made this Think Tank the best one to date.
We are already planning for next year, so please provide us with your suggetsions. As in the past, Andrew is working on a white paper which will provide more detail about our discussions. I look forward to the white paper to continue the dialog!