When Microsoft contributed drivers to Linux to GPLv2, my reaction (and the general reaction in the community) was that “hell had frozen over” and to bring out the skates http://www.microsoft.com/presspass/features/2009/Jul09/07-20LinuxQA.mspx. Several recent reports suggest that these contributions were not voluntary and Microsoft had included GPLv2 licensed code in these drivers http://linux-network-plumber.blogspot.com/2009/07/congratulations-microsoft.html (Steve Hemminger of Vyatta) and http://www.kroah.com/log/linux/microsoft-linux-hyper-v-drivers.html (Greg Kroah-Hartman of Novell).
I view this contribution as valuable even if legal concerns drove it. I think that Microsoft acted as a responsible member of the community which is the behavior that we want to encourage. They could have simply rewritten the code to remove the open source components. I am under no illusion that Microsoft has suddenly turned into a complete supporter of open source (and for clarity, neither I nor my law firm represents them). However, Microsoft’s engagement with the open source community is going to be a gradual one and will have fits and starts. Microsoft is still fundamentally based on a proprietary model and has that mind set. They can change and should be encouraged to change. I hope that these revelations will not result in an attack on Microsoft for not being “truly” committed to the open source community. We should, instead, encourage them to continue to be involved.
This situation is a warning to companies that they need to have an open source policy and a process for managing their work with the open source software. See my earlier post, http://lawandlifesiliconvalley.com/blog/?p=107.
In fact, I think that the Microsoft press announcement bears further scrutiny, In addition to the announcement of the contribution, Sam Ramji mentions several ways in which Microsoft is implementing open source in their business strategy. This increased use of open source by Microsoft should be encouraged.
As I have mentioned in an earlier blog, the American Law Institute (ALI) has approved the Principles of the Law of Software Contracts (the Principles). Although ALI continues to make minor changes to the Principles, they are unlikely to make significant changes. If you want to learn more about the Principles, you can listen to a recent webinar which is posted at https://cc.callinfo.com/play?id=e0wjcw. This post will summarize my earlier comments and provide recommendations.
The Principles seek to “clarify and unify the law of software transactions,” but they would introduce a number of new concepts which are overly prescriptive and inconsistent with existing law. Lawyers from DLA Piper and many other firms expressed concerns about the Principles over time and most recently requested that the approval be delayed to deal with these concerns, but the Principles were approved in May and most of these concerns were not addressed. Many experienced software industry lawyers have expressed concern that the Principles, if imposed by the courts, will introduce cost and uncertainty, limit flexibility for businesses and consumers and have a negative impact on the software industry in the United States. The concern about the Principles in the software industry has led to strange alliances in opposition: Microsoft Corporation and the Linux Foundation, ordinarily fierce competitors with radically different views of licensing, sent a joint letter to the ALI to express their concern about the provisions in the Principles and request a delay in their approval. http://www.slideshare.net/markradcliffe/microsoft-linux-foundation-letter1. The IT Privacy and eCommerce Committee of the Association of Corporate Counsel association also expressed concern. http://www.slideshare.net/markradcliffe/acc-itpec-letter-and-discussion-points-re-ali-principles-of-the-law-of-software-contracts-5-11-09x
Lawyers dealing with software licensing need to understand key aspects of the Principles so they can consider their application to software licenses, but more importantly so they can assist the industry in responding to the Principles. Without the benefit of a clear and cogent industry response to the Principles for his or her consideration, judges may assume incorrectly that the Principles appropriately define the law as it should be. The publication of a proposal for law reform should not be a substitute for the legislative process or have the effect of overriding established statutory authority. I am working a number of industry groups to respond to the Principles. To keep updated on these efforts, you can go to http://www.linuxfoundation.org/principlesofsoftwarecontracts.
The best example of the flaws in the Principles is the new “non disclaimable” warranty of no hidden material defects. This warranty provides that licensors are liable for “hidden” material defects if they are aware of them at the time of the transaction. Yet this warranty is not otherwise found in the case law and incorporates new and difficult concepts, such as “hidden” and “material.” In addition, the concept of a “non disclaimable” warranty is fundamentally inconsistent with the approach of the existing laws with both Article 2 and both federal and state consumer statutes. This warranty, if adopted, is likely to lead to significant litigation without any clear benefit to licensees.
In addition to responding on behalf of the industry, software licensors need to consider the possibility that courts will be influenced by the Principles. I recommend that licensors consider the implications of all the following on the license agreements that govern the distribution of their software products and services. (The final version can be ordered from ALI website, www.ali.org):
1. Read Chapter 3 of the Principles to understand the new approach to express warranties and implied warranties.
2. Determine if your licenses are in the category of “Standard Form Transfer of Generally Available Software,” which generally is meant to apply to retail type of licenses. The actual definition is “a transfer using a standard form of (1) a small number of copies of software to an end user or (2) the right to access software to a small number of end users if the software is generally available to the public under substantially the same standard terms” (Standard Form License) and ensure that you comply with the new obligations for Standard Form Licenses. The Principles set the standard as when a “reasonable” licensor would believe that the licensee intends to be bound. However, the Principles include a “safe harbor” to make such licenses enforceable, which requires the following:
a) make the Standard Form License available prior to the transfer of the software, preferably easily accessible from the home page,
b) ensure that the licensee has reasonable access to the Standard Form License prior to the payment (or completion of the transaction if no payment is received),
c) ensure that for electronic transactions, acknowledgement by the licensee at the end of the Standard Form License or adjacent to the Standard Form License or for Standard Form License attached to packaged software, the right to return the unopened package of the software within a reasonable period for a refund
d) permit the licensee to store and reproduce a copy of the Standard Form License if only available electronically.
Other obligations applying to Standard Form Licenses include:
a) ensuring that the Standard Form License are “reasonably comprehensible” (i.e. the terms can be understood by a reasonable person of average intelligence and education)
b) deleting any electronic disablement remedy
c) deleting any advance agreement to modifications and implement a procedure to ensure that the licensee has a method of acknowledgement of the modification.
You should also consider how to best implement these requirements in other sales situations, such as telephone sales.
3. Review disclaimers of implied warranties to ensure that they comply with the new standards imposed by the Principles (this issue is particularly important for the implied indemnity for intellectual property infringement which requires that the disclaimer be in a record, conspicuous and employ clear language)
4. Review advertising and packaging to ensure that it does not create an express warranty and review disclaimers and other remedies to ensure that they meet the new standards in the Principles
5. Ensure that any use of “automatic disablement” (the use of electronic means to disable or materially impair the functionality of the software) is not used in “standard form transfer of generally available software” or consumer contracts and, if used, complies the new obligations in the Principles
6. Maintain records of your license agreements and any modifications, particularly for Standard Form Licenses
7. Consider implementing a method of disclosing the “material” bugs to comply with the new “non disclaimable” warranty of no hidden material defects
8. Review the limitation of liabilities and remedies to meet the new requirements in Section 4.
Although we were not able to include a separate legal track in OSCON, we have put together an independent track (with the assistance and blessing of OSCON) in a connecting hotel. We will address venture capital financing, choosing a license, basic legal issues and understaning the GPL. The speakers are very well known to the open source community including Larry Augustin, Brad Kuhn, Josh Stein and Larry Rosen. If you are available check out the schedule at http://en.oreilly.com/oscon2009/public/schedule/detail/10440.
We have limited space, so please come early.
The most recent Black Duck survey of the use of open source licenses reveals some very interesting trends. http://www.marketwatch.com/story/gplv3-licenses-quadruple-in-2009-but-gpl-projects-drop-by-five-percent-from-2008-levels.
First, GPLv3, the first revision to GPLv2 in twenty years, is increasing in adoption: it is now the fifth most common license, passing Mozilla, MIT and Apache. However, many large and important projects such as Linux, Hibernate and JBoss have chosen to remain with GPLv2. According to Black Duck, GPLv3 is growing at four times the rate of last year. GPLv3 is used on 9500 projects. These numbers reflect both decisions by new projects as well as existing projects. However, the decision to remain with GPLv2 has more than strategic dimension: large existing projects need to deal with the practical issues. For example, Linux has over 10,000 contributors and a shift to GPLv3 would require permission from each one of them (or rewriting the code) because Linus Torvalds licensed Linux under a “locked down” version of GPLv2. GPLv2 ,by its terms, permits any recipient of GPLv2 licensed software to shift to a newer version of the General Public License unless the licensor chooses to “lock down” the General Public License to a particular version. However, even projects which are not “locked down” need to carefully consider this move because the terms of GPLv2 and GPLv3 are inconsistant and a shift to GPLv3 would “fork” the project.
Second, Black Duck notes that the use of GPL license variants declined by 5%. I have not seen this shift in my practice (which is more focused on companies with commercial interests), but I think that it may reflect the greater number of projects being made available by universities (and some corporateions) who are interested in ensuring the widest possible usage and, thus, pick a permissive license like BSD or Apache. Matt Asay has an interesting perspective on this issue http://news.cnet.com/8301-13505_3-10276903-16.html?tag=mncol;title. I don’t agree with him that the licenses are irrelevant, but I do agree that data is a new source of value. Ironically, data is very difficult to protect under the US legal regime since its protection under copyright is limited.
I am surprised that we have not seen a greater growth in the use of the Affero General Public License v3. This license is the GPLv3 with a “network use” provision. Essentially, the license broadens the situation in which the GPLv3 obligations (making source code available and right to modify etc) are imposed from distribution (GPLv3) to include making the software available over a network. As we move into a more web centric world, I think that projects (and companies) which are trying to achieve the GPLv3 level of a “commons” need to consider AGPL. However, I will note that for many prospective licensees, the scope of AGPL is very troubling and there is a reluctance to license software using the AGPL software. For more information about aligning your business strategy and your intellectual property and licensing strategy, you can see by OSBC presentation at http://www.slideshare.net/markradcliffe/ip-and-licensing-strategy-for-open-source-companies
The Black Duck survey continues to provide very useful information about how the industry is evolving.