The year 2013 was continued the trend of the increasing importance of legal issues for the FOSS community. FOSS projects continues to increase from 900,000 in 2012 to 1,000,000 in 2013 according to Black Duck Software. Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?p=721 my selection of the top ten issues for 2013 are as follows:
1. Android Patent Litigation. The litigation surrounding the Android operating system has continued around the world but a new front has opened in a suit recently filed by the Rockstar Consortium against Google, Samsung, ZTE, Pantec, Asus, LG Electronics, HTC and Huawei http://readwrite.com/2013/11/04/whats-at-stake-for-google-android-in-lawsuit-against-rockstar-consortium#awesm=~oqgbvEMRUOzuPC . The Rockstar Consortium consists of Apple, Microsoft, Blackberry, Ericsson and Sony . Unlike the litigation between Apple Computer and Samsung, this lawsuit goes after basic features of Android and could have a much broader impact on the Android market. The litigation between Apple Computer, Inc. and Samsung continues with cases pending throughout the world. As I mentioned in last year’s blog, a decision in Silicon Valley awarded Apple $1.05 billion in damages for Samsung’s violation of its patents. The judge reduced the damages, but the parties were granted new trial and the jury in the fall resolved the dispute over damages by awarding Apple $290 million. According to eWeek, Apple has been awarded $930 million across all of its suits http://www.eweek.com/mobile/slideshows /apple-vs.-samsung-patent-litigation-why-there-is-no-end-in-sight.html (Since we represent some of the parties in other matters, I offer no opinion on the correctness of the decision). The litigation will clearly continue.
2. License Compliance: Standard of Care: On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the “complete corresponding source code” of the software http://www.ifross.org/publikation/lg-hamburg-az-308-o-1013. Fantec objected that it had been assured by its Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable. The court rejected these excuses. The court required Fantec to pay a contractual penalty based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2. The distributor of GPLv2 software is responsible for compliance with the terms of the license and cannot delegate such responsible http://lawandlifesiliconvalley.com/blog/?p=750. Even the most sophisticated companies can have problems with the compliance as demonstrated by Samsung’s problems with the inadvertent release of the native Linux driver for Microsoft’s exFAT file-system http://lawandlifesiliconvalley.com/blog/?p=776.
3. Rise of Forks in Major Programs: One of the major advantages of open source software is the flexibility for companies to modify the software and even develop a completely different version of the product, so called “forking”. Although forks have occurred in the past, they are frequently temporary departures which are reintegrated into the original product. However in 2013, we witnessed a well-financed fork in a major product, MySQL software: Intel Capital led a consortium of investors in a $20 million round of financing for SkySQL (which is now managing the MariaDB version of MySQL). Google announced that it would migrate all of its MySQL software to the MariaDB version of the software. MySQL software is widely used and the effect of this fork is difficult to predict. Although not strictly a “fork”, the Android operating system continues to have challenges due to its fragmentation. These problems may be exacerbated by proprietary extensions such as the CyanogenMod which is a customized, aftermarket firmware distribution for several Android devices. The CyanogenMod is designed to increase performance and reliability over Android-based ROMs released by other vendors and carriers. Cyanogen has recently received a $23 million financing led by Andreessen Horowitz.
4. Enforcement of the FOSS Licenses: Although FOSS is widely used and GPLv2 is the most widely used license, the GPLv2 has rarely been the subject of litigation, particularly in the United States. Until 2013, this litigation has been brought primarily by non-profit entities on behalf of small companies and individuals. However, this year two lawsuits were brought by commercial companies to enforce the GPLv2 against other commercial companies: Continuent v. Tekelec and. Ximpleware v. Trilogy. As FOSS is more widely used, it is natural that it could become part of disputes between companies. The question is whether these suits indicate a trend or whether they are simply unusual situations. In addition, if the suits go to trial, they could provide guidance on the interpretation of the GPLv2.
5. GitHub Adopts a License Selection Policy. As I noted last year, one disturbing trend was the posting of “FOSS” modules without licenses. This problem was particularly acute on GitHub. However, Simon Phipps of OSI worked with GitHub and this year GitHub stated that “sharing your code isn’t everything… it’s also important to tell people how they can use that code” and that “choosing an open source license can be confusing” https://github.com/blog/1530-choosing-an-open-source-license. GitHub created www.choosealicense.com, a website to assist developers to select a license. Although I disagree with some of the statements in the choosealicense.com site, it is an important change to GitHub’s policy (I am particularly concerned about the inclusion of “No license” as an option similar to a traditional license).
6. Good News in the Patent Wars: Patent Settlement on VP8. Although much ink has been spilled over patent suits filed against open source projects, we rarely get to announce good news. This year, we have such an opportunity: Google settled patent threats from MPEG LA, LLC about Google’s use of the open source VP8 codec. The dispute arose in 2011 when Google announced that support in Google Chrome for the widely used H.264 codec would be dropped. Google would promote the VP8 codec as open source. Google had acquired this codec as part of the purchase of On24 Technologies in 2010. MPEG LA had been threatening On24 Technologies for a long time and, thus, the settlement is a surprise (although the announcement of a Department of Justice antitrust investigation into MPEG LA over its call for a patent pool for VP8 may have encouraged the settlement).
7. FOSS Enters Government Use. The use of FOSS by governments and government participation in FOSS projects would seem to be a natural fit, but has frequently run into problems in implementation. One example of a great success is the OpenStack cloud software project which began as a joint venture between NASA and Rackspace. The OpenStack project is now managed by an independent foundation and is one of the fastest growing open source projects, with over 290 supporting companies and 13,000 individual members. However, open source adoption by governments is very uneven. Germany has been particularly active in 2013: in January, Jimmy Schulz, a member of Parliament and chairman of the Interoperability, Standards and Free Software Project Group, stated that current law prohibits governments from being part of the development process in FOSS projects because they cannot give away services; he recommended that the law be changed to permit such participation. More recently in December, the new governing coalition agreed that public administrations should give priority to open source in their public procurement and commit the coalition to support open source at a European level. Munich also implemented its transition to open source IT in October and November https://joinup.ec.europa.eu/elibrary/case/limux-it-evolution-open-source-success-story-never. However, the UK, despite early commitments to open source, has not effectively implemented those strategies https://joinup.ec.europa.eu/elibrary/case/uk-public-open-source-falls-short-promise. In France, Jacques Marzin, the French state CIO, confirmed that government is working to implement the Open Source Guidelines approved last year by Prime Minister Jean-Marc Ayrault (these guidelines promote the use of free software and open source in French ministries). The situation in the US remains complex with FOSS being widely used but actions by some departments making such its use more difficult. The Department of Defense’s (“DoD”) release of the DoD Open Systems Architecture Contract Guidebook for Program Managers, v.1.1 in June demonstrates the complexity of the landscape for FOSS. On the one hand, this DoD publication acknowledges the “strong relationship between Open Source Software and Open Architecture” and, consistent with DoD’s Better Buying Power 2.0 Initiative, encourages the managers of DoD’s major systems to explore the use of FOSS; on the other hand the Guidebook cautions that certain FOSS licenses “may be problematic for the Government.” Recently, Lockheed donated the source code of the Distributed Data Framework (part of the Distributed Common Ground System) to the Codice Foundation, a nonprofit supporting government open-source projects; this donation makes the code available to all government agencies and their commercial partners. In addition, Representative Issa introduced the Federal Information Technology Acquisition Reform Act to encourage the use of FOSS and required that regulations be revised to ensure: “The standards and guidelines shall include those necessary to enable effective adoption of open source software.” Finally, the National Defense Authorization Act for Fiscal Year 2014 (“FY 2014 NDAA”) includes two sections that should ultimately work to encourage the use of FOSS. Specifically, Section 935 of the FY 2014 NDAA, titled “Additional Requirements Relating to the Software Licenses of the Department of Defense” provides that the Chief Information Officer of the DoD shall update the plan for the inventory of selected software licenses of the DoD required under section 937 of NDAA for FY 2013, to include a plan for the inventory of all software licenses of the DoD for which a military department spends more than $5 million annually on any individual title. With respect to Cloud Computing, Section 938 of the FY 2014 NDAA, titled “Supervision of the Acquisition of Cloud Computing Capabilities” provides requirements for reviewing, developing, modifying and approving the requirements for cloud computing solutions for data analysis and storage by the Armed Forces and Defense Agencies. Section 938 also includes requirements for reviewing, developing and implementing plans for the competitive acquisition of cloud computing systems, including developing plans to ensure that the cloud systems are interoperable and universally accessible and usable through attribute-based access controls, and plans to ensure the integration of cloud systems with enterprise-wide plans of the Armed Forces and the DoD for the Joint Information Environment and the Defense Intelligence Information Environment.
8. Contribution Agreements and Projects. The management of contributions to FOSS projects continues to be important. The Eclipse Foundation revised their contribution process by implementing new, simpler Contributor License Agreements (CLAs) for all contributors at Eclipse. The CLA is much shorter than CLAs for other projects, limiting the agreement to stating that the contributions will be provided under the license(s) for the project to which they’re making a contribution. They automated their process to accept contributions via git and Gerrit as well as automating their workflow. The importance of the terms of contribution agreements was also important in 2012 in the context of the departure of Nikos Mavrogiannopoulos from the GnuTLS project http://lawandlifesiliconvalley.com/blog/?p=721. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail http://lawandlifesiliconvalley.com/blog/?p=664. I am in favor of making the contribution process more simple, but the process should be clear. I have some concern that the Eclipse CLA goes too far in simplifying the CLA, for example by not including standard provisions from Article 2 of the Uniform Commercial Code (all of the old favorites, such as waiver of consequential damages and disclaimer of implied warranties).
9. Rise of Open Source Collaborations. Open source collaborations continued to grow. Two of the major new collaborations were the Allseen Alliance (the Alliance is based on the AllJoyn open source project which develops software which “can communicate over various transport layers, such as Wi-Fi, power line or Ethernet, regardless of manufacturer or operating system and without the need for Internet access”) and Open DayLight (software “to accelerate adoption of Software-Defined Networking and Network Functions Virtualization”). Both of these projects chose to become members of the Linux Foundation Collaborative Projects rather than developing their own independent organization. This option can be very attractive because it reduces the cost of starting the project. The OpenStack Foundation continues to grow at a rapid rate, increasing the number of companies involved from 150 to 290 and individual members from 6,000 to over 13,000 in early 2014 (as a matter of transparency, I represent the Foundation).
10. Commercial Companies Increase Support FOSS. Commercial companies have realized that the support of FOSS projects is an important strategy. IBM announced that it will invest an additional $1 billion in Linux and other open source technologies to support its Power System servers. As noted above, Intel invested $20M in SkySQL to develop MariaDB software, a fork of MySQL. Netflix is providing its cloud tools as FOSS, named Netflix OSS, to other cloud service providers. Netflix had developed many tools to fill in the gaps in Amazon Web Services (for example, the Chaos Monkey software for testing web application resiliency) and is now making them available as FOSS to other cloud providers. The adoption of the Netflix FOSS tools by other cloud providers could lead to such cloud providers being able to provide more scalable public clouds; such public clouds might even become an alternative to Amazon Web Services. Netflix also established the Netflix OSS Cloud Prize: the prize is $200,000 across ten prizes to reward developers for assisting in developing Netflix’s cloud platform. EMC and VMware took another approach: they spun out its Cloud Foundry software (a FOSS project) to form Pivotal, a new company with 500 employees; General Electric, then, invested $105 million in Pivotal. IBM also announced that they would collaborate with Pivotal in developing its technology.
The management of FOSS continues to evolve. Many companies have focused on managing their internal resources and repositories. However the rise of GitHub and other online repositories increases the complexity of this management. Samsung recently had this experience native Linux driver for Microsoft’s exFAT file-system which was accidently posted on GitHub. http://www.phoronix.com/scan.php?page=news_item&px=MTQxNzg. Samsung has corrected the problem and released the code under GPLv2. Ibrahim Haddad of Samsung made a wise strategic choice to work with the Software Conservancy’s GPL Compliance Project for Linux Developers to ensure that they maintained good relations with the community.
The Software Conversancy stated that “the Conservancy worked collaboratively with Ibrahim Haddad, the Group Leader for Open Source at Samsung Research America, and fellow community leaders, throughout the process after this code first appeared on GitHub. Conservancy’s primary goal, as always, was to assist and advise toward the best possible resolution to the matter that complied fully with the GPL. Conservancy is delighted that the correct outcome has been reached: a legitimate, full release from Samsung of all relevant source code under the terms of Linux’s license, the GPL, version 2. Conservancy has worked on many difficult compliance matters for many of its member projects (including BusyBox and Samba, in addition to our GPL Compliance Project for Linux Developers). Conservancy thus particularly appreciates Samsung’s celerity, responsiveness, and correct action on this matter.” http://sfconservancy.org/news/2013/aug/16/exfat-samsung/.
This issue may actually be more serious for startup companies, because they tend to use GitHub on a more ad hoc basis. Recently we worked with a startup company that inadvertently posted source code of some of its internal programs on GitHub.
We are continuing to see significant interest in FOSS management by venture investors and acquiring companies. These experiences emphasize the importance of developing and implementing a FOSS management program and including GitHub in the program.
On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the “complete corresponding source code” of the software http://www.ifross.org/publikation/lg-hamburg-az-308-o-1013.
The decision is one of the first to deal with this obligation to provide source code but the facts limit its value. For example, the damages are based on the breach of a prior cease and desist declaration between Welte and Fantec in which Fantec agreed not to violate the GPLv2. However, it does provide important guidance on how to manage FOSS compliance and the limits of delegation of these obligations.
Fantec, a European company, distributed a media player with a Linux-based firmware inside. Like many companies, Fantec used software from third parties. The firmware of the media player included the iptables software which is licensed under the GPLv2. Fantec provided a version of the source code of the firmware for download that they had received from their Chinese manufacturer. Harald Welte is one of the authors of the iptables software and has brought suit a number of times to enforce the GPLv2 for this software. Ironically, Welte had settled a prior violation by Fantec with respect to this firmware. As a result Fantec signed a cease-and-desist-declaration in 2010 and Fantec was contractually obliged to refrain from further GPLv2 violations (and otherwise to pay a contractual penalty).
The software available for download for the Fantec product was reviewed during a “Hacking for Compliance Workshop” in Berlin organized in 2012 by Free Software Foundation Europe. The hackers discovered that the source code provided by Fantec did not include the source code for the iptables software and that the source code for some other components did not match the versions used to compile the binary code of the firmware.
In 2012, the plaintiff gave Fantec notice of another GPLv2 violation and admonished Fantec to cease the infringement and to pay the contractual penalty and the out-of-court costs for legal prosecution. Fantec objected that it had been assured by his Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable.
Welte raised two arguments: first, Fantec provided source code that was incomplete and, second, that the source code was not the correct versions. The court affirmed a violation of the GPLv2 license conditions because the iptables code was not contained within the source code provided by Fantec. However, the court did not rule on the second argument that the source code was not up to date. Consequently, the decision does not provide significant guidance on the definition of the term “complete corresponding source code”.
The court required Fantec to pay a contractual penalty in the amount of € 5.100 based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2 (this award is standard under German law and is based on Section 97a (1), 31, 69c no. 3 and 4 of the German Copyright Act which awards costs for a justified warning by a party which is so cautioned). The court affirmed the culpability of Fantec’s violation by classifying the violation as negligent: the seller of firmware may not rely on suppliers´ statements about compliance. The distributor of GPLv2 software must carry out the assessment or commission experts to make the assessment even if they incurred additional costs. The failure to comply with the GPLv2 may not be defended such failure due to additional costs.
The decision is not surprising given existing German cases regarding the GPLv2. However, the case re-emphasizes the need for each company to have its own FOSS compliance process. Companies cannot simply rely on the statements of third parties. Each company should ensure that they have the formal process for handling the use of FOSS by their own employees and third parties. This process should include:
1. Policy for the use of FOSS (“FOSS Use Policy”)
2. Request and approval process for use of FOSS by employees
3. Approval and audit process for the use of FOSS from third parties, both through third-party products and acquisitions by the company
4. Auditing process for compliance with the FOSS Use Policy.
Given the rapidity of product development and the extensive use of third-party software in most products, a FOSS Use Policy must focus on managing relationships with third-party suppliers. A company must ensure that they have a clear set of standards for third-party providers for FOSS compliance. These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy. The Free Software Foundation Europe has useful recommendations on complying with GPLv2 obligations http://fsfe.org/activities/ftf/useful-tips-for-vendors.en.html.
Many companies will decide that they need to automate the process by using the software to scan third-party code and manage the process. And companies may also wish to use the Software Packet Data Exchange framework to help communicate the FOSS in a particular product http://spdx.org/.
Companies should adopt a formal FOSS use policy which should be integrated into the software development process. Companies should also be prepared to respond promptly to any assertions of violation of FOSS licenses and swiftly correct the problem.
I would like to thank my colleagues in Germany, Thomas Jansen and Hannes Meyle for assisting me on this post.
One disturbing trend is the posting of FOSS modules without licenses. Simon Phipps focused on this problem in his recent blog, particularly on the problems raised by the terms of service at Github. James Governor, the founder of analyst Red Monk, is quoted by Simon as stating: “”younger devs today are about POSS - Post open source software. f*** the license and governance, just commit to github” http://www.infoworld.com/d/open-source-software/github-needs-take-open-source-seriously-208046. Ironically, this approach will undercut the major desire of most FOSS developers: the broad use of their code. The lack of a license ensures that the software will be removed from any product meant to be used by corporations. Corporations are very sensitive about ensuring that all software that they use or which is incorporated in their products is properly licensed. I have worked on hundreds of FOSS analysis and the response to software without a clear license is almost always “rip it out”.
One other consequence not mentioned by Simon is that the failure to include a license also means the developer (and distributor) have potential liability in the United States under Article II of the Uniform Commercial Code (“UCC”). Article II of the UCC provides that if certain warranties are not “disclaimed” then the distributor (“seller” in UCC language) automatically gives those warranties. These warranties are disclaimed in all FOSS licenses, generally in capital letters and are the source of the provisions using obscure terms such as “merchantability” and “fitness for a particular purpose”. The developer would be liable for these warranties: merchantability (the product is of average quality in the trade), fit for a particular purpose (if the developer or distributor knows of the use by the licensee, then the software will be fit for such purpose) and indemnity (an indemnity for intellectual property infringement such as copyrights and patents). And if such warranties are breached the developer would be liable for “consequential damages” which includes lost profits. While it is unlikely that such suit would be brought, the potential liability for the developer will continue.
The Thanksgiving holiday has given me the opportunity to consider the critical new role of collaboration in innovation. This role was emphasized to me during a single day, November 17, in Silicon Valley. In the morning, I attended the Cloud Computer Expo and speaker after speaker, from Cisco to HP, discussed how OpenStack software was critical to their success in cloud computing and was transforming cloud computing industry. OpenStack software to enable cloud computing is being developed under the management of the OpenStack Foundation in a collaboration of over 150 companies. The OpenStack project was started by NASA and Rackspace, but was recently reorganized as a foundation to take over the funding and management of the project www.openstack.org (as a matter of transparency, I represent the OpenStack Foundation). I think that such collaborations will be increasingly critical for the future because many business problems are too complicated to be effectively solved by a single company. For example, the auto industry has joined with the consumer electronics industry to form a collaboration for entertainment systems in automobiles, the Genivi Alliance http://www.genivi.org/.
At the end of the day, I attended the Sierrra Ventures CIO Summit cocktail party (yet another good reason to have Sierra Ventures as an investor) and Jed York of the 49ers was discussing the role of technology in the new Santa Clara stadium (it sounds like it will be spectacular). Yet he also focused on the need to encourage collaboration with the Silicon Valley community to take advantage of the possibilities presented by the technology infrastructure of the new stadium.
From cloud computing to sports, collaboration has become central to business success in the 21st century.
Last year, 2011, was one of the most active years in legal developments in FOSS. This activity reflects the increase in FOSS use: Laura Wurster of Gartner, noted in the Harvard Business Review blog that open source has hit a “strategic tipping point” this year with companies increasingly focused on using “open source” software for competitive rather than cost reasons http://lawandlifesiliconvalley.com/blog/?p=619.
Continuing the tradition of looking back over top ten legal developments in FOSS, http://lawandlifesiliconvalley.com/blog/?s=top+10+2008&x=40&y=6, my selection of the top ten issues for 2011 are as follows:
1. Android Patent Litigation. One of the most widely reported legal developments in FOSS has been the patent wars surrounding the Android operating system. Over 40 patent cases are pending between a wide variety of parties, including Motorola Mobility, Inc., HTC, Samsung Electronics, Inc. and Apple Computer, Inc. This year saw several decisions in these suits. In Australia, Apple won a trial court decision which enjoined the distribution of Samsung’s Android tablets based on a claim that the Samsung tablet violated Apple’s design patents. However, after a series of appeals, Australia’s High Court overturned the injunction and Samsung can now distribute its tablets. Apple was more successful in Germany where it was successful in obtaining an injunction based on Apple’s design patents which prevents the distribution of Samsung’s Galaxy Tab 10.1 (however, Samsung has released a revised version named the Galaxy Tab 10.1N). Apple was not successful in obtaining an injunction against distribution of Samsung’s Galaxy Tab in the United States, although the judge stated that Apple’s design patents might be infringed. More recently, on December 19, the ITC ruled that HTC’s Android phones violated two claims of an Apple utility patent and issued an “exclusion order” for HTC Android phones which would take effect on April 19, 2012. HTC has announced that it will provide a workaround. Google has been handicapped by its lack of patents to assert in defense of Android (it started with only 600 patents, but is aggressively buying new patents and has agreed to purchase Motorola Mobility, Inc., primarily for its patent portfolio).
2. Oracle v. Google. A separate but related case is Oracle’s suit against Google for the alleged infringement of Oracle’s copyrights in the Java software (which it acquired from Sun Microsystems, Inc.) and certain Oracle patents by Android. Oracle is asserting that the Android operating system infringes the copyrights in “twelve code files and 37 specifications for application programming interface packages”. The decision on this claim could have a significant impact well beyond this case: most software lawyers have viewed APIs (and their specifications) as either having no copyright protection or very limited copyright protection. These views govern the interpretation of both FOSS and proprietary licenses. The court described APIs as follows:
Conceptually, an API is what allows software programs to communicate with one another. It is a set of definitions governing how the services of a particular program can be called upon, including what types of input the program must be given and what kind of output will be returned. APIs make it possible for programs (and programmers) to use the services of a given program without knowing how the service is performed. APIs also insulate programs from one another, making it possible to change the way a given program performs a service without disrupting other programs that use the service.
If Oracle prevails and the court finds that APIs are copyrightable, lawyers will need to rethink how they interpret both FOSS and proprietary licenses. The issue could be particularly important in determining whether interactions between software programs licensed under GPLv2 or GPLv3 create, respectively, “derivative works” or a “modified version” and, thus, impose the license terms of GPLv2 or GPLv3 on the software modules with which they interact. The first significant decision in the case rejected Google’s attempt to eliminate the claims through summary judgment (Google won only on a single minor point). http://www.scribd.com/doc/65143317/Oracle-v-Google-Denial-of-Google-s-Summary-Judgment-Motion. However, this decision is not surprising because summary judgment is generally used for settled issues of law; the copyright issues in this case are on the cutting edge of the law.
3. Perfect 10 v. Google. Although this case was not strictly about open source software, it established a critical principle for remedies for copyright infringement. These remedies also apply to enforcement of copyright licenses in certain situations. For decades prior to this decision, the presumption was that the remedy for copyright infringement was always “injunctive relief”. Injunctive relief means that a court orders an “infringer” to comply with the terms of the license. The Perfect 10 decision in the Ninth Circuit Court of Appeals made clear that “injunctive relief” is no longer a remedy which is always available for copyright infringement. Instead, the court stated that : We therefore conclude that the propriety of injunctive relief in cases arising under the Copyright Act must be evaluated on a case-by-case basis in accord with traditional equitable principles and without the aid of presumptions or a “thumb on the scale” in favor of issuing such relief.
Injunctive relief is an unusual remedy for breach of license agreements, because under Anglo Saxon law, the standard remedy for breach of contract is monetary payment. However, a remedy of monetary damages has little value for breach of open source licenses because the open source software is generally distributed at no cost. The Perfect 10 decision undercuts the value of the Jacobsen decision to the open source community. In Jacobsen, the Court of Appeals of the Federal Circuit decision found that injunctive relief was available for open source licenses if the relevant obligations were drafted to make them a “restriction” on the scope of the license rather than just a contractual obligation (a “covenant”) http://lawandlifesiliconvalley.com/blog/?p=65. However, the other standard copyright law remedies such as attorneys fees, actual damages and, potentially, statutory damages remain available. However, injunctive relief, the most valuable of remedies, may be more difficult to obtain to enforce open source licenses.
4. Publication of Software Package Data Exchange (“SPDX”) Specification. The management of open source software in the supply chain has been a continuing problem. However, the open source community has been working to find a solution to this problem. The work has been guided by the SPDX Group (the SPDX Group is a working group of the Linux Foundation and is associated with FOSSBazaar) which has developed the SPDX specification as a standard format for describing the components, licenses and copyrights associated with a software package. For example, SPDX Group has identified seven versions of the General Public License version 2, the most commonly used open source license. If widely adopted, SPDX will be critical to effectively manage open source software as it becomes more widely used in the supply chain. As noted in the Harvard Business Review blog by Gartner Group, the ubiquity of the use of open source software has not been matched by effective management of its use http://blogs.hbr.org/cs/2011/03/open_source_software_hits_a_st.html.
5. Revision of Mozilla Public License. The Mozilla Public License is one of the most popular open source licenses. After eighteen months of work, Mozilla has announced a new version. The Mozilla Public License version 2 (“MPLv2”) is a much simpler, shorter and more usable license. The new license has adopted approaches (and sometimes the terms themselves) from other open source licenses: the patent license provision was adopted from the Apache license and the termination provision from the General Public License version 3. In addition, Mozilla has made the MPLv2 compatible with the Apache license. And MPLv2 has also included a provision to make the license “compatible” with other licenses. For example, MPLv2 permits distribution of code under the MPLv2 with other modules licensed under GPL variants (GPLv2, GPLv3, APGL and LPGL) if such modules are part of a “Larger Work” (unless the notice in the software states that the software is “Incompatible with Secondary Licenses”). However, these differences mean that the transition to the MPLv2 for existing projects will require careful thought.
6. Cybits Decision in Germany. This decision makes clear that companies cannot alter the terms of software licensed under GPLv2. AVM is a manufacturer of FRITZ!Box router, a digital subscriber line DSL terminal, which uses the Linux Kernel as a part of their production firmware (which is licensed under GPLv2). Cybits, a software producer, distributes the Internet filtering software “Surf-Sitter DSL”, which is intended to protect children. The Surf-Sitter application downloads FRITZ!Box software to the user’s computer, modifies it and then reinstalls it back on the FRITZ!Box.
AVM claimed that Cybits did not have the right to modify the part of the FRITZ!Box firmware which was licensed under GPLv2. The court rejected AVM´s claims that Cybits should not be permitted to alter the firmware of AVM and denied that Cybits had infringed AVM´s copyright by distributing Surf-Sitter. The court found that the firmware is a collective work, which contains modules licensed under GPLv2. Cybits or any third party may modify the GPLv2 licensed software. Thus, AVM is not able to control any modifications to the GPL licensed components of the FRITZ!Box firmware.
7. Project Harmony Publishes Standardized Contributor Agreements. Many commentators have complained about the problems raised by the number of licenses approved as “open source”, a problem frequently referred to as “license proliferation”. Yet a similar problem is lurking in the development of open source software: the contribution agreements which govern the rights provided by contributors to a project. Project Harmony was a community effort to resolve this problem in advance by developing a set of standard agreements which can be adopted by open source projects http://www.harmonyagreements.org/about.html.
Many open source projects use the “license” for the project as a contribution agreement, but a variety of separate open source contribution agreements have developed over time, from the Apache Contributor Agreement to the Joomla Contributor Agreement http://community.joomla.org/images/JCA_General_Draft.pdf. Although many open source projects can use their standard open source license (i.e. GPLv2 for Linux or Mozilla Public License for the Mozilla browser) as the “contribution agreement”, this approach “locks in” the open source project to that license. If the open source project wishes to change the license (such as the change of OpenOffice project from GPLv2 to Apache), this approach would require that each contributor agree to the change. A good example of the potential for problems with this approach is the Open Street Map Project (“OSM Project”). The OSM Project has been struggling with shifting from a Creative Commons license to a more appropriate Open Database License http://wiki.openstreetmap.org/wiki/Open_Data_License_FAQ. After three years, the transition is still not complete. Finally, the OSM Foundation has given up on obtaining agreement from the remaining contributors and will probably delete contributions from contributors that have not agreed to shift to the new license http://en.wikipedia.org/wiki/Open_street_map#Licensing. In addition, open source licenses do not deal with a number of other issues which should be addressed by contribution agreements, such as contributions by minors and changes of license. Project Harmony also makes it easier for corporations to contribute to open source projects by avoiding the complexities of managing the differing terms of these new contribution agreements. The Project Harmony standard contribution agreements permit projects to make a choice between a license or assignment approach and, then, select among several options to change licenses in the future (without obtaining permission from each contributor.
8. Dispute over Koha Trademark. The importance of the protection of trademarks to open source projects was illustrated by the recent dispute over the Koha trademark between Horowhenua Library Trust (“HLT”) and a commercial company, PTFS, http://koha-community.org/update-2/. HLT manages the Koha open source project. PTFS filed for trademark protection for Koha in New Zealand after it had acquired a company which used the trademark and the trademark was, then, registered by the New Zealand government. Upon registration of the Koha trademark, HLT complained and appealed for help. Subsequently, PTFS agreed not to enforce the trademark and even to transfer the trademark to HLT http://patentbuff.com/2011/11/koha-alls-well-that-ends-well_28.html?spref=tw.
9. The Meaning of Open Source. The power of the community to police the misuse of “open” was demonstrated by Nokia’s attempt to claim that the Symbian mobile operating system was “open” for business http://www.groklaw.net/article.php?story=20110402143136766. However, the Symbian license is not consistent with the Open Source Definition. The copyright license in the Symbian license is as follows:
Subject to the terms and conditions of this Agreement, Nokia hereby grants to You a personal, non-exclusive, non-transferable, irrevocable (except as set forth in Clause 7.1 and 7.2 below), royalty-free and worldwide license under Copyrights licensable by Nokia to: i) reproduce and modify Source Code Components; ii) reproduce Binary Components and Documentation; iii) use and reproduce Utility Software, and iv) publicly display, distribute and make available (a) the Source Code Components to third parties that have acquired a valid source code license from Nokia; and (b) Utility Software, Binary Components and Source Code Components in binary form to third parties, (c) Documentation in unmodified form in all cases i)-iv) solely as part of the Symbian Platform or for use with the Symbian Platform, under the terms and conditions of this Agreement.
The agreement requires a separate license for source code from Nokia and limits the use to the “Symbian Platform.” Nokia was forced to “correct” their original statement to “open for business” rather open source http://symbian.nokia.com/blog/2011/04/04/not-open-source-just-open-for-business.
10. Open Hardware License. The open hardware movement received a boost when CERN published an Open Hardware License (“CERN OHL”). The CERN OHL is drafted as a documentation license which is careful to distinguish between documentation and software (which is not licensed under the CERN OHL) http://www.ohwr.org/documents/88. The license is “copyleft” and, thus, similar to GPLv2 because it requires that all modifications be made available under the terms of the CERN OHL. However, the license to patents, particularly important for hardware products, is ambiguous. This license is likely to the first of a number of open hardware licenses, but, hopefully, the open hardware movement will keep the number low and avoid “license proliferation” which has been such a problem for open source software.
I am looking forward to the upcoming Open Source Think Tank 2011 which we are co hosting with Olliance Group/Black Duck. Andrew Aitken has prepared a great agenda and we are going to have a case study by AOL which they describes as follows: AOL is planning two related open source initiatives: employing open source technologies and practices to improve the innovation and efficiency of their developers and releasing elements of their software portfolio as open source to enrich their ability to deliver content and encourage community contributions.
This year the Open Source Think Tank will be particularly interesting because of the dramatic expansion in the use and importance of Freedom and Open Source Software (”FOSS”). We will be discussing the recent completion of many important industry initiatives to make FOSS easier to use: Project Harmony (contributor agreement), SPDX (assisting management of the supply chain by providing a common vocabulary for describing licenses), new Mozilla license and Open Web Foundation (contributor agreements).
The Open Source Think Tank is unique because of the breadth and seniority of those who attend, from CEOs such as Larry Augustin (SugarCRM) and Tim Yeaton (Black Duck) to counsel such as John Noerenberg (Chief IP Counsel, Qualcomm) and Marissa Aufox (Compliance Counsel, Go Daddy Group) to CTOs such as Shawn Douglass (EMC) and Paul Daugherty (Chief Technology Architect, Accenture).
We will also be discussing the recent government initiatives which could dramatically increase the market for FOSS. I have mentioned these government initiatives in an earlier post. http://lawandlifesiliconvalley.com/blog/?p=607.
We have a few more spaces left for the Open Source Think Tank, but if you are interested you will have to move quickly. http://thinktank.olliancegroup.com/
This year has seen an increasing focus on the use by free and open source software (“FOSS”) by governments with recent announcements by the UK, the Australian Federal Government and NASA. FOSS projects and companies need to be aware of these efforts because of the scope of the opportunity to transform government and provide less expensive software infrastructure to government. Governments are also a very large market for software. Yet governments continue to be hampered by their habits of using proprietary software as demonstrated by the recent decision by an administrative court in Lille, France. http://lawandlifesiliconvalley.com/blog/?p=584 .
The UK Government recently provided a very broad endorsement of FOSS and open standards in UK government procurement. The UK government described its new policy for the next 24 months recently: http://www.cabinetoffice.gov.uk/resource-library/uk-government-ict-strategy-resources. The approach to FOSS is described below:
To assist with the deployment of agile solutions using open source technology, the Government will establish an Open Source Implementation Group, a System Integrator Forum and an Open Source Advisory Panel. These will aim to educate, promote and facilitate the technical and cultural change needed to increase the use of open source across government.
This encouragement is similar to the approach of the Department of Defense in the United States several years ago. http://lawandlifesiliconvalley.com/blog/?p=314. The UK government describes its goals in broader terms as follows:
The Government is taking a different approach to deliver this strategy, characterised by a strong centre and continued commitment to greater transparency through regular and open reporting. The approach includes:
mandatory open standards;
spending controls to ensure that new ICT solutions comply with strategy objectives;
transparency to ensure the continued comparison of common ICT services so that government gets the best price;
increased standardisation and modularisation of business processes and supporting technologies to create a platform from which government can deliver new models of open and innovative public services;
a new, strengthened governance structure; and
greater engagement with departments and suppliers to remove cultural as well as technical barriers.
The FSF Europe provides additional information on the approach in the UK. http://fsfe.org/uk/mapping-uk.en.html
This UK policy announcement follows a similar one by the Australian Government earlier this year which requires “covered procurements”, those procurements for over $80,000 AUS must comply with the Open Source Policy in procurement. http://www.finance.gov.au/e-government/infrastructure/open-source-software.html. The principles are summarized below:
Principle 1: Australian Government ICT procurement processes must actively and fairly consider all types of available software.
Australian Government agencies must actively and fairly consider all types of available software (including but not limited to open source software and proprietary software) through their ICT procurement processes. It is recognised there may be areas where open source software is not yet available for consideration. Procurement decisions must be made based on ‘value for money’. Procurement decisions should take into account whole-of-life costs, capability, security, scalability, transferability, support and manageability requirements.
For a covered procurement (over $80K), agencies are required to include in their procurement plan that open source software will be considered equally alongside proprietary software. Agencies will be required to insert a statement into any Request for Tender that they will consider open source software equally alongside proprietary software. Tender responses will be evaluated under the normal requirements of the Commonwealth Procurement Guidelines (CPGs). For a non-covered procurement (below $80K), agencies are required to document all key decisions, as required by the CPGs. This includes how they considered open source software suppliers when selecting suppliers to respond to the Select Tender or Request for Quotation.
Principle 2: Suppliers must consider all types of available software when dealing with Australian Government agencies.
Australian Government agencies will require suppliers to consider all types of available software (including but not limited to open source software and proprietary software) when responding to agencies’ procurement requests.
Agencies are required to insert this requirement into their tender documentation. Suppliers will need to provide justification outlining their consideration and/or exclusion of open source software in their response to the tender. Agencies will determine compliance with this requirement when assessing tender responses.
Principle 3: Australian Government agencies will actively participate in open source software communities and contribute back where appropriate.
The Australian Government, through AGIMO, will actively seek to keep up-to-date with international best practice in the open source software arena, through engaging with other countries and organisations. Australian Government agencies should also actively participate in open source software communities and contribute back where appropriate.
In the United States, NASA recently held an Open Source Summit where it described how it is using open source and how it intends to use it in the future. http://www.nasa.gov/open/source/live.html. Although I was not able to attend, the presentation by David Wheeler from the Institute of Defense Analysis of the Department of Defense was very interesting, both for his criticism for NASA’s approach to using FOSS as well as his discussion of how FOSS fits into the regime of government contracting. http://www.slideshare.net/ckleclerc/2011-nasa-open-source-summit-david-wheeler. The Federal Government has an elaborate set of procurement regulations (which differ between different agencies and which are very different from traditional “commercial arrangements” and set up a “unique” infrastructure for software licenses. Wheeler’s presentation describes how FOSS can be used in this system. I don’t agree with Wheeler’s complaints about the use of “intellectual property” but his summary can be very useful for persons trying to understand the fit between government regulations and FOSS.
Governments offer an enormous potential market for FOSS and the community needs to moniter government decisions on procurement, both at the policy level and on decisions about individual procurements.
My French partner, Sandrine Rambaud, brought to my attention a decision dated December 29, 2010, that leveled the playing field for open source vendors: the Administrative Court of Lille, France cancelled a public procurement procedure because the procedure excluded the possibility of proposing open source software in bid responses. Instead, the municipalities that put out the bid expressly required bidders to propose an Oracle database and Business Objects environments for the generation of reports.
The French company, Nexedi, which offers open source solutions, alleged that the tendering of the public procurement under such terms does not comply with the principles of equal treatment and non-discrimination, and in particular with Article 6 of the French Public Procurement Code. Article 6 provides that technical specifications included in a public bid cannot include the reference to a trademark or a patent, as such reference could favor or exclude some bidders or products. Such reference is only possible in very specific cases.
Nexedi challenged the validity of such procedure before the Administrative Court of Lille, which ruled to cancel the procedure. This decision is great news for open source companies and open procurement!
The Sixth Annual Spring Open Source Think Tank has now been scheduled on April 7th to 9th at the Sonoma Mission Inn in Sonoma. The Spring Think Tank is one of my favorite events because I get to spend time with the most interesting people in open source and discuss the future of the industry in one of the most beautiful areas of the world. By limiting attendees to CEOs, industry luminaries, CIO/CTOs, senior technology executives, legal experts and investors, we assure a lively and informed discussion (and a great opportunity to network with your peers).
We will be using our experience at the successful Fall Think Tank in Paris to add more real-world business cases to the agenda. Selected case studies will focus on the growing commercial maturity and complexity of open source and the evolution of cloud computing and SaaS. We are working on the agenda and will make it available closer to the date of the event. Just a reminder – this is not a traditional conference; all attendees are expected to contribute and actively participate in the brainstorming and workshop format.
This event sells out every year, if you have not already received an invitation, please go to .thinktank.olliancegroup.com and request an invitation.
Moreover, Andrew’s selection of Sonoma as the venue means that we are in the heartland of Pinot Noir and it is an implicit recognition by Andrew of the superiority of Pinot Noir over Cabernet Sauvignon. I am glad to welcome him to the lovers of the true wine!