The year 2012 had many important FOSS legal developments which reflects the continued increase in FOSS use. During a recent webinar with Black Duck, we noted that FOSS projects have increased from 600,000 in 2010 to 900,000 by December 2012. In addition, a Dr. Dobbs’ survey in the third quarter of 2012 stated that more than 90% of developers are using FOSS in two of the most rapidly growing areas, cloud computing and mobile computing.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?p=664 my selection of the top ten issues for 2012 are as follows:
1. Android Patent Litigation. The litigation surrounding the Android operating system has continued around the world. Although some of the cases have settled, the litigation has continued to result in multiple decisions in different countries. One of the most important decisions occurred in Silicon Valley: on August 24, 2012, the jury awarded Apple Computer, Inc. (“Apple”) $1.05 billion in damages for Samsung’s violation of its patents. The decision is particularly interesting because the lawsuit involved four design patents and three utility patents (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision). Many intellectual property lawyers have been skeptical about the value of design patents, particularly in comparison to utility patents. This decision will undoubtedly cause a re-assessment of the value of design patents. However, more recently, in the same case, the judge refused to grant Apple a permanent injunction against the distribution of the Samsung products found to be infringing. This decision will be appealed and we will not know the final answer for some time. The multiple cases will undoubtedly continue next year.
2. Protection of APIs: Oracle v. Google. A separate but related case also involved the Android operating system. Oracle sued Google for the alleged infringement of Oracle’s copyrights in the Java software (which it had acquired from Sun Microsystems, Inc.) and certain Oracle patents. Oracle alleged that Google’s Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The results of the dispute were complicated because the judge first had the jury make a decision about copyright infringement but reserved for himself the decision about whether the application programming interfaces (“APIs”) were copyrightable. Thus, in early May, the jury found that Google had infringed the copyrights in Oracle’s APIs (although they deadlocked on whether the copying was “fair use”). However, at the end of May, Judge Alsup issued a decision finding that the Java APIs were not protectable under copyright law. The decision is one of the first on this issue. The critical part of the decision stated:
So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API. It does not matter that the declaration or method header lines are identical.
Under the rules of Java, they must be identical to declare a method specifying the same functionality — even when the implementation is different. When there is only one way to express an idea or function, then everyone is free to do so and no one can monopolize that expression. And, while the Android method and class names could have been different from the names of their counterparts in Java and still have worked, copyright protection never extends to names or short phrases as a matter of law.
Although the decision is carefully limited to the facts of the Oracle case, it strongly suggests that judges will provide more limited protection to computer software under copyright law: This order does not hold that Java API packages are free for all to use without license. It does not hold that the structure, sequence, and organization of all computer programs may be stolen. Rather, it holds on the specific facts of this case, the particular elements replicated by Google were free for all to use under the Copyright Act. (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision).
If it is upheld, the decision has important implications for the scope of FOSS licenses: the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques using APIs may limit the scope of these licenses.
3. EU Copyright Law Does Not Protect Computer Language and Functions. The SAS Institute, Inc. (“SAS”) v. World Programming, Limited (“WPL”) decision in the European Court of Justice involved the scope of copyright protection for computer programs and has important implications for FOSS and the scope of “derivative works” under copyright law http://curia.europa.eu/jcms/upload/docs/application/pdf/2012-05/cp120053en.pdf. The case addresses issues similar to the Oracle v. Google case described above (in fact, Judge Alsup asked for a briefing from the parties in the Google case after the SAS decision was announced).
The case involved the copying of the scripts and certain functions of the SAS analytical software. The SAS software enables users to write and run their own application programs in order to adapt the SAS software to work with their data. These “application programs” are called “scripts” and are written in a language which is peculiar to the SAS software. WPL recognized that a market existed for alternative software capable of executing application programs written in the SAS language. WPL produced the ‘World Programming System’, designed to emulate the SAS components as closely as possible in that, with a few minor exceptions, it attempted to ensure that the same inputs would produce the same outputs. This approach would enable users of the SAS software to run the “scripts” which they have developed for use with the SAS software on the ‘World Programming System’.
The court found that such functions and programming language were not protected under the EU Directive on Protection of Computer Programs:
Article 1(2) of Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs must be interpreted as meaning that neither the functionality of a computer program nor the programming language and the format of data files used in a computer program in order to exploit certain of its functions constitute a form of expression of that program and, as such, are not protected by copyright in computer programs for the purposes of that directive.
Similar to the Google decision, this decision has important implications for the scope of FOSS licenses. As I noted above, the GPL family of licenses is generally viewed as imposing obligations on “derivative works” as defined by copyright law. The combination of more limited scope of copyright protection for computer software and the rise of “loosely coupled” programming techniques may limit the scope of these licenses.
4. Expansion of Open Source Initiative. The Open Source Initiative (“OSI”) has decided to broaden its base by expanding its role as an advocacy organization. The OSI has reached started membership programs for individuals and affiliated organizations (as a matter of transparency, I am outside general counsel to the OSI on a pro bono basis). OSI describes this change as follows: “The OSI is moving its governance from a model of volunteer and self-appointed directors to one driven by members. Our high-level objectives in doing so are to provide a broad meeting place for everyone who shares an interest in open source software, with the continuing aim of strengthening the OSI so that it can more effectively fulfill its goals over the long term.” The Affiliate Program has successfully signed up over twenty open source organizations include among others the Linux Foundation, Mozilla Foundation, Debian and OW2.
5. Unlicensed FOSS. One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. As I mentioned in my earlier post, http://lawandlifesiliconvalley.com/blog/?p=708, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on the analysis of hundreds of software programs and the response to software without a clear license is almost always “rip it out”. In addition, as I discuss in more detail in the post, this approach could also subject the developer to liability under the Uniform Commercial Code (an admittedly low probability).
6. Qualification of FOSS under the Trade Agreement Act. Talend, a licensor of open source enterprise software, has recently received a ruling from the U.S. Customs Service corroborating that its software complies with the Trade Agreements Act of 1979 (19 USC 2511 et seq.) (“TAA”). FOSS adoption by the US Federal government must comply with many regulations, some of which can be difficult given the nature of modern software development. The details of the approval are found in my earlier post http://lawandlifesiliconvalley.com/blog/?p=697.
7. Contributor Agreements Redux. Recently, the issues of contribution agreements arose in the departure of Nikos Mavrogiannopoulos from the GnuTLS project http://lwn.net/SubscriberLink/529522/854aed3fb6398b79. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail http://lawandlifesiliconvalley.com/blog/?p=664. GnuTLS is “a secure communications library implementing the SSL,TLS and DTLS protocols”. The project was commenced in 2000 under the GNU project. As is true of all GNU projects, the copyrights in the contributions are assigned to the Free Software Foundation (“FSF”). When Nikos left, Richard Stallman reminded him that he could fork the project, but that the FSF would retain ownership of copyright in the project code. The LWN article concludes that the basis for copyright assignment “seems to be weak”. I disagree with this conclusion and Bradley Kuhn makes some very cogent arguments in the comment sections. Copyright assignment does provide the manager of the FOSS project (in this case, FSF) with significant advantages in enforcement as well as changing the license of a project. Without an assignment, a licensee can raise several potential defenses (such as a license from an alleged joint copyright owner) whose strength is uncertain. In addition, any change in the project license would require the approval of each contributor to the project. However, copyright assignments also mean that the community needs to be comfortable that the project strategy of the project manager is aligned with the community. However, as FOSS projects continue for a longer period, this alignment may be more difficult to determine in advance. And this approach also poses practical problems for the FOSS project manager: the project manager needs to be very disciplined about getting the written assignments from all contributors. Such assignments may be difficult to obtain from developers employed by a corporation because corporations are reluctant to assign intellectual property rights. This dispute emphasizes the importance of FOSS projects and their contributors carefully considering the needs of the project when deciding on how to obtain the necessary rights in contributions. Project Harmony provides information and proposed agreements to assist FOSS projects to make these decisions http://harmonyagreements.org/. Once determined, the method of implementation of a contribution agreement is important: the Eclipse Foundation also provides an excellent summary of their approach to due diligence issues relating to accepting contributions http://www.eclipse.org/legal/EclipseLegalProcessPoster.pdf.
8. Rise of Open Source Collaborations. Open source collaborations have become an increasingly important strategy for companies to address major software development problems. This trend is best illustrated this year by the creation of the OpenStack Foundation (“Foundation”). The Foundation takes over the OpenStack project from a Rackspace who had managed project for several years (as a matter of transparency, I represent the Foundation). OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter. The Foundation is run by a board of twenty four members, with eight members representing individuals, eight members representing Gold Members and eight members representing Platinum Members. The Foundation has over 150 corporate members and more than 6,000 individual members http://www.openstack.org/. In a second example, Deutsche Bank announced in September the formation of the Lodestone Foundation to coordinate the development of IT solutions for capital market companies http://lodestonefoundation.com/. The OpenStack Foundation and the Lodestone Foundation join the many foundations who manage open source collaborations for combinations of corporations which include, among others, the Linux Foundation, Genivi Alliance and Eclipse Foundation.
9. UK Government Adopts Open Standard Principles. The UK government adopted Open Standards Principles in government IT procurement through a Cabinet Report http://www.cabinetoffice.gov.uk/resource-library/open-standards-consultation-documents. The report adopted Open Standards to encourage “software interoperability, data and document formats in government IT specifications.” One of the goals of the adoption of the Open Standard Principles was to ensure that FOSS and proprietary software could compete on an equal level. One important requirement of UK Open Standard Principles is that the patent rights for the standards must be available on a royalty free basis: “rights essential to implementation of the standard, and for interfacing with other implementations which have adopted that same standard, are licensed on a royalty free basis that is compatible with both open source and proprietary licensed solutions. These rights should be irrevocable unless there is a breach of licence conditions.” Government remains a significant potential market for FOSS companies but their procurement procedures continue to hinder such adoption (see discussion of Talend’s success with the Trade Agreement Act above).
10. More Standardized Process on FOSS Compliance by Large Companies. In my practice, I have seen an acceleration of an existing trend: many large companies are much more focused on FOSS compliance and are developing standardized procedures to ensure compliance. I work with many small companies entering into commercial relationships with large companies as well as large companies entering into commercial relationships and purchasing smaller companies. Although some technology companies have developed and implemented such procedures for commercial relationships for several years, such processes have recently become much more widespread and sophisticated. They range from elaborate contractual provisions relating to remedies to special procedures for “remediation” through removal of certain modules and developing functionally compatible software. Although a limited number of technology companies have also implemented a separate due diligence process for FOSS compliance in acquisitions for several years, these practices are also spreading more widely to both technology companies and non-technology companies. Acquiring companies are even willing to change the form of a transaction to avoid potential FOSS compliance problems: recently, I worked with a company that shifted an acquisition from a merger to a sale of assets primarily based on FOSS compliance concerns. This development emphasizes the need for small companies to have a structured approach to the management of the use of FOSS and to be able to demonstrate such management to both potential commercial partners and potential acquirers.
The use of the Android operating system continues to grow. Gartner recently reported that Android had become the leading operating smartphone operating system in the world in the first quarter of 2011. http://www.computerworld.com/s/article/9216848/Gartner_Android_and_Apple_win_big_globally_in_Q1. Android grew from 9.6% to 36% of the market in the last year. Its lead over smartphones running Symbian is now almost 10 million units per quarter. During the first quarter of 2011, manufacturers distributed 36.3 million smartphones running Android while only 27.6 million smartphones running Symbian were distributed.
Yet Android continues to be a very complicated product from a licensing point of view http://lawandlifesiliconvalley.com/blog/?p=635. Peter Vescuso of Black Duck and I worked to provide a summary of the issues in managing licenses in software development based on the Android operating system http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495469387 . I have included a more detailed legal perspective http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202495473435.
I have just returned from the Open Source Think Tank in Sonoma http://thinktank.olliancegroup.com/agenda_public.php. We had a great time and the discussion was vigorous! The last year has continued the expansion of open source use, confirmed recently by Laurie Wurster’s March 2011 article in the Harvard Business Review http://lawandlifesiliconvalley.com/blog/?p=619. In particular, Android has been spectacularly successful and was a significant factor in Nokia’s recent failures in the handset market. The new Nokia CEO, Stephen Elop, described Nokia as being on a “burning platform” and identified Android as one of the major sources of their problems.
I provided my traditional Legal Update on Thursday (which you can see at http://www.docstoc.com/docs/76174077/Open-Source-Think-Tank-2011-Legal-Update). The success of open source has had consequences: it has focused attention of rights holders on the industry and made some open source companies targets for legal action. For example, Android’s success has been undercut by a tidal wave of litigation (with more than thirty eight lawsuits filed to date). I believe that these challenges (and its modest existing patent portfolio) are the motive for Google’s decision to bid $900,000,000 to purchase Nortel’s patent portfolio.
The ubiquity of the use of free and open source software has also resulted in many companies are demanding that their suppliers provide information on their use of free and open source software and how they comply with their licenses. Yet as recently noted by Laurie Wurster in her Harvard Business Review article, many companies have yet to adopt a formal approach to managing their use of free and open source software http://lawandlifesiliconvalley.com/blog/?p=619. At the request of our attendees, we addressed this management issue in a separate workshop.
The most interesting discussions were about the effect of cloud computing on open source. It was the subject of two panels and a brainstorming session. Nine out of ten groups in the brainstorming session believed that cloud computing was good for open source. However, attendees generally agreed that cloud computing undercuts two of the traditional advantages of open source: (1) low cost and (2) ease of use. Yet the flexibility of open source development techniques continue to provide significant advantages.
The attendees also agreed that open source companies (like all software companies) need to review their business models as customers in the cloud begin to expect “pay as you go” pricing. The tools in the cloud also permit very granular information on the use and interest in various features of a software program and the contributors who have provided those features: this capability may permit open source projects and companies to reward contributors directly for the success of their contributions.
The workshop led by AOL provided a great opportunity to work together to apply our cumulative experience in open source to real world problems. The conference works under Chatham House rules so you will need to see the results of those discussion.
As in the past, we included plenty of time to socialize with the other attendees. First Republic Bank put on a great cocktail party on Thursday, including tasting Araujo cabernet in their tasting (one of the cult cabs). The shift in venue from Napa to Sonoma enabled us to experience a new region of the wine country: Friday afternoon included tours at Chateau St Jean and Ledson (although Andrew somehow found wineries in Sonoma, the heart of Pinot Noir country, which focused on cabernet sauvignon). A hardier group went for a bike ride, but they split into the “wine group” who tasted and rode 12 miles; the hard core cyclists led by Peter Vescuso of Black Duck rode 30 miles. I think that the combination of topics and attendees made this Think Tank the best one to date.
We are already planning for next year, so please provide us with your suggetsions. As in the past, Andrew is working on a white paper which will provide more detail about our discussions. I look forward to the white paper to continue the dialog!
Recently Laurie Wurster of Gartner wrote an article in the Harvard Business Review which confirms that the free and open source software (“FOSS”) has reached a “tipping point” in adoption by companies which confirms a trend she noted in her 2008 report (Accenture and IDG have reached similar conclusions). http://blogs.hbr.org/cs/2011/03/open_source_software_hits_a_st.html
Yet she notes that this increase in adoption has not been matched by implementing processes to manage such use. She raised the same issue in her 2008 report. http://lawandlifesiliconvalley.com/blog/?p=107. In the Harvard Business Review in March 2011, she states:
Even as our survey painted a rosy picture of the future of enterprise use of open source software, it also surfaced a concern. Most organizations, it revealed, have not established a policy framework to guide decision-making on the use of open source software. A proper framework would outline types of licenses acceptable to the organization, guidelines pertaining to intellectual property, regulations governing contributions to external projects, and an approved vendor/project list. Just a third of respondents claimed their organizations have anything like this kind of policy structure; the rest rely on ad hoc or informal processes
In fact, this problem is sufficiently important that we are having a specific breakout session on FOSS management at the Open Source Think Tank this week. http://lawandlifesiliconvalley.com/blog/?p=600.
Recently, Edward Naughton, a lawyer with Brown Rudnick, raised concerns about Google’s potential violation of the license for the Linux kernel (the General Public License Version 2, “GPLv2”) in developing the Android operating system:
“I have serious doubts that Google’s approach to the Bionic Library works under U.S. copyright law. At a minimum, Google has taken a significant gamble. While that may be fine for Google, because it knows about and understands the risks, many Android developers and device manufacturers are taking that same risk unknowingly. If Google is wrong, the repercussions are significant for the Android ecosystem: the manufacturers and developers working with Android would be incorporating GPLv2-licensed code into applications and components and taking on the copyleft obligations of that license”
However, his statements are based on a fundamentally flawed analysis of the application of the GPLv2 to Linux: he ignores the modification to GPLv2 found in the “Note” (see below) which fundamentally limits the scope of “derived works” under the GPLv2 as it applies to Linux (as a matter of transparency, neither I nor my law firm, DLA Piper, represents Google and this opinion is my own and may not reflect the views of DLA Piper or its clients). The Note is found at the top of the GPLv2 on the license page of the website of the Linux kernel:
NOTE! This copyright does *not* cover user programs that use kernel services by normal system calls - this is merely considered normal use of the kernel, and does *not* fall under the heading of “derived work”. Also note that the GPL below is copyrighted by the Free Software Foundation, but the instance of code that it refers to (the linux kernel) is copyrighted by me and others who actually wrote it. http://www.kernel.org/pub/linux/kernel/COPYING
This flawed analysis is coupled with a basic misunderstanding of the intentions of Linus Torvalds and contributors to Linux: Naughton suggests that Linus and other contributors are interested in having GPLv2 apply to “user space” and that the common program used with Linux kernel files, glibc, enjoys a special informal blessing which permits its use without extending the effect of the GPLv2 to programs in “user space”. In fact, the reverse is true. Linus and the contributors to Linux want to avoid the application of GPLv2 to programs in “user space” as a fundamental basis of the development of Linux. This intention has been clear since the initial development of Linux as evidenced by Linus Torvald’s adoption of the “clarification” to the GPLv2 in the form of the Note.
Naughton argues that the GPLv2 requires that any program which reproduces and distributes Google’s “cleaned” Linux header files is subject to GPLv2. It is undisputable that the unmodified GPLv2 requires that programs that are “based on” the GPLv2 licensed software must be distributed under the GPLv2. However, Naughton ignores the critical difference about the scope of the GPLv2 as modified by the Note. The effect of the Note on this issue is substantial.
Naughton mentions this “Note” but only in passing when discussing glibc:
The preferred option in the industry is to build the application against a different set of kernel header files that accompany the GNU C library (“glibc”). The headers in glibc are different from the “raw” header files, because they’ve been created, with the apparent blessing of the Linux kernel maintainers, from a subset of the raw files by means of a standard process. Within the industry, these header files are referred to as “sanitized” header files. Linus Torvalds and the kernel maintainers have publicly declared that applications can use these sanitized header files without becoming subject to GPLv2 because these sanitized header files are “normal system calls” http://lkml.org/lkml/2003/12/4/239.
However, the creation of the “sanitized” header files are not subject to an informal “blessing” with kernel maintainers (in fact, they don’t have the authority to provide such a blessing which can only be done by the copyright owners of the contributions to Linux): the Note, which is part of the legal framework adopted by Linus and agreed to by all contributors, limits the scope of works “based on” under the GPLv2 for the kernel. In fact, Naughton’s description of the Bionic’s Library modification of the Linux header files is very similar to the manner in which he describes the operation of glibc. Thus, it is difficult to understand the difference between the analysis of the scope of the modified GPLv2 with glibc and with the Bionic program. The key issue is whether the interaction of the Bionic Library with the kernel uses “normal system calls” and, thus, it is not a “derived work”. It appears that the Bionic program uses normal system calls. These facts explain why none of the Linux committers (a notably outspoken group) has chosen to challenge the use of the Bionic program.
Naughton makes much of the expressed desire of certain Google programmers to ensure that Android “keep GPL out of user space”. Yet this goal is fundamental to the Linux community. Linus Torvalds stated: “User programs are _clearly_ not derived works of the kernel, and as such whatever the kernel license is just doesn’t matter.” http://lkml.org/lkml/2003/12/3/228. In fact, Linus Torvalds recently stated about Naughton’s article that “It seems totally bogus,” Torvalds told IT World’s Brian Proffitt. “We’ve always made it very clear that the kernel system call interfaces do not in any way result in a derived work as per the GPL.” http://www.networkworld.com/community/node/72428.
Nonetheless, his concluding paragraph focuses on the risks arising under copyright law, a focus which is misplaced: the critical issue, is whether the scope of the modified GPLv2 applied to Linux rather than US copyright law. In fact, his risk of application of the copyleft provisions of the GPLv2 only arises if (i) the Linux header files (as “cleaned” by the Google development scripts) are copyrightable and (ii) the Bionic software reproducing and distributing are “based on” the Linux kernel and, thus, are not exempted by the limitations on “derived works” in the Note. The “copyright” part of his analysis also has flaws although the result is considerably less clear for this analysis than the analysis of the interpretation of the modified GPLv2 (and we may not have all of the relevant facts). For example, one factual error in his discussion is his reference to the Linux header files as part of an “Application Programming Interface”: these files are part of an Application Binary Interface”. It is not clear whether this programming difference has legal consequences, but it is critical for this type of analysis to ensure that the underlying facts are correct.
Even the copyright argument has problems: the copyrightability of the Linux header files is subject to serious doubt. Copyright law protects “works of authorship fixed in a tangible medium of expression.” However, software programs are functional (unlike books and movies) and the scope of protection is limited. The most widely used legal test for determining copyright infringement in software programs expressly limits the scope of protection for certain parts of software program (the “filtration” step):
Professor Nimmer points out that “in many instances it is virtually impossible to write a program to perform particular functions in a specific computing environment without employing standard techniques.” 3 Nimmer § 13.03[F], at 13-65. This is a result of the fact that a programmer’s freedom of design choice is often circumscribed by extrinsic considerations such as (1) the mechanical specifications of the computer on which a particular program 710*710 is intended to run; (2) compatibility requirements of other programs with which a program is designed to operate in conjunction; (3) computer manufacturers’ design standards; (4) demands of the industry being serviced; and (5) widely accepted programming practices within the computer industry. Id. at 13-66-71. http://scholar.google.com/scholar_case?case=6976925648486076739.
Steven J. Vaughan-Nichols noted recently that he interviewed Eric Raymond, then president of the Open Source Initiative, during the SCO litigation and “Eric told him that there was a “reason why Unix and Linux’s header files looked the same: “Do you know that there is not one bit of executable code in those files? They’re pretty much all macros and declarations forced by POSIX and other technical standards.” http://www.zdnet.com/blog/open-source/does-googles-android-violate-linuxs-copyright/8497. Linus Torvald in a statement on March 22, 2011 made the point even more strongly, calling Naughton’s claims “bogus”. These statements are helpful in analyzing the copyrightability of the Linux header files, but only a court can provide a final answer. However, it is interesting that all of the cases cited by Naughton relating to “interfaces” found that the interfaces are not copyrightable.
This dispute reflects the challenges of the analysis of open source legal issues: the law in this area is uncertain and the analysis is very fact dependent. However, the statement that the law is uncertain regarding software is not unusual: this uncertainty has existed from the date that Congress debated whether to apply copyright to software under the Copyright Act of 1976 (they set up a special group to review the issue among others after the adoption of the 1976 Act, the National Commission on New Technological Uses of Copyright Works) Although the violation of the GPLv2 does not appear to be a problem for Android, Android has more than its share of lawsuits on both patent and copyright claims. Anyone who is using Android in their products needs to ensure that they understand these risks and monitor the progress of these suits.
My French partner, Sandrine Rambaud, brought to my attention a decision dated December 29, 2010, that leveled the playing field for open source vendors: the Administrative Court of Lille, France cancelled a public procurement procedure because the procedure excluded the possibility of proposing open source software in bid responses. Instead, the municipalities that put out the bid expressly required bidders to propose an Oracle database and Business Objects environments for the generation of reports.
The French company, Nexedi, which offers open source solutions, alleged that the tendering of the public procurement under such terms does not comply with the principles of equal treatment and non-discrimination, and in particular with Article 6 of the French Public Procurement Code. Article 6 provides that technical specifications included in a public bid cannot include the reference to a trademark or a patent, as such reference could favor or exclude some bidders or products. Such reference is only possible in very specific cases.
Nexedi challenged the validity of such procedure before the Administrative Court of Lille, which ruled to cancel the procedure. This decision is great news for open source companies and open procurement!
The Sixth Annual Spring Open Source Think Tank has now been scheduled on April 7th to 9th at the Sonoma Mission Inn in Sonoma. The Spring Think Tank is one of my favorite events because I get to spend time with the most interesting people in open source and discuss the future of the industry in one of the most beautiful areas of the world. By limiting attendees to CEOs, industry luminaries, CIO/CTOs, senior technology executives, legal experts and investors, we assure a lively and informed discussion (and a great opportunity to network with your peers).
We will be using our experience at the successful Fall Think Tank in Paris to add more real-world business cases to the agenda. Selected case studies will focus on the growing commercial maturity and complexity of open source and the evolution of cloud computing and SaaS. We are working on the agenda and will make it available closer to the date of the event. Just a reminder – this is not a traditional conference; all attendees are expected to contribute and actively participate in the brainstorming and workshop format.
This event sells out every year, if you have not already received an invitation, please go to .thinktank.olliancegroup.com and request an invitation.
Moreover, Andrew’s selection of Sonoma as the venue means that we are in the heartland of Pinot Noir and it is an implicit recognition by Andrew of the superiority of Pinot Noir over Cabernet Sauvignon. I am glad to welcome him to the lovers of the true wine!
Today, the federal jury in the Oracle vs. SAP case awarded Oracle $1.3 billion (yes, with a “B”) in damages for copyright infringement by SAP’s TomorrowNow subidiary. This massive award demonstrates once again the critical nature of “due diligence” in merger transactions. SAP admitted to copyright infringement, so the amount of the damages was the only issue. SAP had suggested $40,000,000 and Oracle demanded $1.65 billion. Recently, Reuters reported that SAP had agreed to pay Oracle $120,000,000 for Oracle’s agreement not to seek punitive damages. (for transparency purposes, we do work for Oracle but were not involved in this litigation).
The challenges of “due diligence” in mergers is discussed in a 2004 Harvard Business Review article “The Secrets of Great Due Diligence http://hbswk.hbs.edu/archive/4104.html. As the article notes:
Deal making is glamorous; due diligence is not. That simple statement goes a long way toward explaining why so many companies have made so many acquisitions that have produced so little value. Although big companies often make a show of carefully analyzing the size and scope of a deal in question—assembling large teams and spending pots of money—the fact is, the momentum of the transaction is hard to resist once senior management has the target in its sights. Due diligence all too often becomes an exercise in verifying the target’s financial statements rather than conducting a fair analysis of the deal’s strategic logic and the acquirer’s ability to realize value from it. Seldom does the process lead managers to kill potential acquisitions, even when the deals are deeply flawed. [...]
The nature of TomorrowNow’s business should have required extra care because TomorrowNow provided third party “maintenance services” for Oracle software. These services are fraught with risk: such companies are strongly tempted to use the software and tools of the company for whose products they are providing maintenance and particular care must be taken to ensure that they resist that temptation.
With the increase in mergers and acquisitions, this case stand as a warning of the importance of careful intellectual property due diligence. The lessons for acquiring companies are:
1. Intellectual property due diligence is now of greater importance
2. Copyright liability may be as high as patent liability
3. Take particular care with business models based on third party intellectual property rights
4. Determine how third party software use (both open source and commercial) is managed (the answer “ad hoc” is not a good one)
5. Be prepared to walk away if the problem is significant or fix it prior to closing
The lessons for companies being acquired are:
1. Review your intellectual property ownership as well as use of third party intellectual property rights because acquiring companies are going to much more attentive to these issues
2. Fix any issues that you identify prior to entering merger discussions: many problems can be fixed given enough time, but you won’t have time once you start the merger process
3. Adopt a policy on the use of third party software (including both open source and commercial) to avoid these problems and because acquirors (and your customers) will be asking about it.
Open source has now become ubiquitous, yet management of its use remains uneven. The recent Forrester Research report at LinuxCon notes that 2010 was the year of using open source to improve business process execution speed and company growth. The adoption of open source has decreased in importance because open source is now so widely adopted.
Recently, Dell had problems with compliance with its Stark tablet http://laforge.gnumonks.org/weblog/2010/09/13/. This case illustrates critical lessons in open source management: (1) diligence is essential and (2) open source has many free lance enforcers who are checking compliance. Dell used the Android operating system in the tablet. Dell failed to comply with the terms of the GPLv2 to make available the source code with the object code even though everyone “knows” that the Android operating system is licensed under the Apache license. As Black Duck noted in a recent report on Android software, the Android operating system is based on the Linux operating system and has 185 sub components which use nineteen different open source licenses. The compliance failure was first noted by Harald Welte of gpl-violations. Harald is one of the “free lance” enforcers of the GPL.
The industry is responding to these challenges through a number of initiatives.
1. The Linux Foundation working with the Fossology project has developed: the Software Package Data Exchange™ (SPDX™) specification is a standard format for communicating the components, licenses and copyrights associated with a software package www.spdx.org.
2. The Linux Foundation has developed tools to assist in determining and managing open source http://www.linuxfoundation.org/programs/legal/compliance/tools.
3. HP has made its open source scanning tools available through Fossology http://www.fossology.org/.
4. GPL violations has made its binary scanning tools available http://www.binaryanalysis.org/en/content/show/download.
5. Project Harmony is an informal group of lawyers and industry members who are discussing the role of contribution agreements in open source projects. The discussion ranges from the appropriateness of contributor agreements to the use of assignment or licenses in contribution agreements.
Linux Foundation is also preparing a checklist for compliance which will be available in the fourth quarter of 2010. These efforts should make compliance simpler over time, but it is important for companies to participate in these efforts to make them more effective.
Olliance Group and DLA Piper are proud to announce that Airbus, a European consortium producing the Airbus family of passenger aircraft will present a business case with the support of the Eclipse Foundation at the Think Tank Sept 28 & 29. Among the topics to be addressed are; long-term community support models, shared innovation between industry, vendors and the community, and open source in supply chain management. With more than five years of strategic use of open source, Airbus will present sophisticated questions for the Think Tank audience to deliberate. This will be a practical discussion of the opportunities and challenges presented by open source for large enterprise organizations with unique requirements. We think that this addition will continue the Open Source Think Tank tradition of focusing on practical solutions to real world problems. To learn more about the Open Source Think Tank, please go to http://thinktank.olliancegroup.com/.