The year 2007 has been the most active year for legal developments in the history of free and open source (“FOSS”). In fact, you would have been hard pressed in past years to enumerate even five important legal developments. However 2007 permits the creation of a traditional “top ten” list. My list of the top ten FOSS legal developments in 2007 follows:
1. Publication of GPLv3. The GPLv2 continues to be the most widely used FOSS license, yet the law relating to software has developed significantly since the publication of the original publication of the GPLv2 in 1991. The first revision of the GPLv2 had a number of drafts over an 18 month period. However the new GPLv3 license is much more comprehensive than GPLv2 and addresses the new issues which have arisen in software law in the last 15 years.
2. SCO’s Attack on Linux Collapses. SCO filed lawsuits claiming that Linux infringed SCO’s copyrights in UNIX. These suits suffered a fatal blow when the court in the Novell litigation found that SCO did not own the copyrights in UNIX. The ownership of the copyrights is essential to prosecute cases for copyright infringement. The melt down of SCO’s strategy was complete when it filed for bankruptcy soon after this loss.
3. First Legal Opinion on Enforcing a FOSS License. In August, the district court in San Francisco surprised many lawyers by ruling that the remedies for breach of the Artistic License were in contract, not copyright. Most lawyers believe that the failure to comply with the major terms of an open source license means that the licensee is a copyright infringer and, thus, can obtain “injunctive relief" (which means that the court orders a party to cease their violation). On the other hand, if the remedy is limited to contract remedies, then the standard remedy would be limited to monetary damages. Such damages are of limited value to open source licensors. The district court decision has been appealed.
4. First US Lawsuit to Enforce GPLv2. The Software Freedom Law Center filed the first lawsuit to enforce the GPL for the BusyBox software in August. Subsequently, it filed three other lawsuits. Although the first three lawsuits were against small companies, the most recent lawsuit was against Verizon. These lawsuits represent a new approach for the SFLC which, in the past, has preferred negotiation to litigation. SFLC has settled two of the lawsuits. Each of the settlements has required that the defendants pay damages, another new development. These suits may be the first of many.
5. First Patent Infringement Lawsuit by Patent Trolls against FOSS Vendors. IP Innovation LLC (and Technology Licensing Corporation) filed suit against Red Hat and Novell in what may be the first volley in a patent war against a FOSS vendor. Acacia is a well known patent troll which has been buying patents for some time and works through multiple subsidiaries. The FOSS industry provides a tempting target because of its rapid growth. These suits could slow the expansion of FOSS because many potential licensees express concern about potential liability for infringement of third party rights by FOSS.
6. First Patent Lawsuit by a Commercial Competitor against a FOSS Vendor. Network Appliances, Inc. (“NetApps”) sued Sun Microsystems, Inc. (“Sun”) for patent infringement by Sun’s ZFS file system in its Solaris operating system. The ZFS file system posed a challenge to NetApps products because it permits the connection of less expensive storage devices to the operating system.
7. Microsoft Obtains Approval of Two Licenses by OSI. Microsoft Corporation continues its schizophrenic approach to FOSS by simultaneously asserting that the Linux operating system violates Microsoft’s patents and submitting two licenses for approval by OSI. In October, the OSI Board approved the Microsoft Public License (Ms-PL) and the Microsoft Reciprocal License (Ms-RL) as consistent with the Open Source Definition.
8. German Court Finds that Skype Violates GPLv2 The enforcement of the GPLv2 in Germany continues with a Munich court finding that Skype had violated GPLv2 by not including the source code with the binary version of the software (instead, Skype had included a “flyer” with a URL describing where to find the source code version). The suit was brought by Harald Welte, who has been the plaintiff in virtually all of the German enforcement actions for GPLv2. Harald runs gpl-violations.org, an organization which he founded to track down and prosecute violators of the GPL.
9. New License Options. Two of the most controversial issues in FOSS licensing, network use and attribution, were addressed in new licenses adopted this year. A “network use” provision imposes a requirement that when a program makes functions available through a computer network, the user may obtain the source code of the program. Essentially, it extends the trigger requiring providing a copy of the source code from “distribution” of the object code (as required under the GPLv2) to include making the functions available over a computer network. An “attribution” provision requires that certain phrases or images referring to the developing company be included in the program. This provision was very controversial on the License Discuss email list for OSI. The Free Software Foundation published the Affero General Public License in the fall which expanded the scope of the GPLv3 to include a “network use” provision. A limited form of attribution was included in the GPLv3. And OSI approved the Common Public Attribution License which included both the “network use” and “attribution” provisions.
10. Creation of Linux Foundation. The Open Source Development Labs and the Free Standards Group merged to form the Linux Foundation. The FOSS industry is unusual because of the extent to which it depends on non profit entities for guidance. These entities include the OSI, Free Software Foundation, Mozilla Foundation, Apache Foundation and Eclipse Foundation. This merger provides a much stronger platform to promote Linux and open standards.
Wednesday, December 19, 2007
Monday, December 17, 2007
BusyBox Settles Second GPL Suit
The Software Freedom Law Center ("SFLC") has settled a second BusyBox sofware lawsuit. The settlement for Xterasys is confidential, but appears to be virtually identical to the settlement for Monsoon Media. Dan Ravicher, the SFLC attorney for BusyBox, stated:
As a result of the settlement, Xterasys has agreed to cease all binary distribution of BusyBox until SFLC confirms it has published complete corresponding source code on its Web site. Once SFLC verifies that the complete source code is available, Xterasys' full rights to distribute BusyBox under the GPL will be reinstated.
Additionally, Xterasys has agreed to appoint an internal Open Source Compliance Officer to monitor and ensure GPL compliance, and to notify previous recipients of BusyBox from Xterasys of their rights to the software under the GPL. Xterasys will also pay an undisclosed amount of financial consideration to the plaintiffs.
The settlement suggests that SFLC has adopted a template for settlement. The lessons for FOSS management are the same as I suggested in my post about Monsoon Media. http://lawandlifesiliconvalley.blogspot.com/2007/11/monsoon-media-lessons-for-foss.html
1. You need to respond quickly and appropriately to any complaints about non compliance with open source licenses.
2. You should have a FOSS Use Policy to avoid these problems.
3. Your FOSS Use Policy should include a procedure for responding to these types of complaints.
4. Non-compliance, even “innocent” non-compliance, is getting more expensive.
If you don’t take these steps voluntarily, they may be imposed on you and you will have your own Open Source Compliance Officer.
As a result of the settlement, Xterasys has agreed to cease all binary distribution of BusyBox until SFLC confirms it has published complete corresponding source code on its Web site. Once SFLC verifies that the complete source code is available, Xterasys' full rights to distribute BusyBox under the GPL will be reinstated.
Additionally, Xterasys has agreed to appoint an internal Open Source Compliance Officer to monitor and ensure GPL compliance, and to notify previous recipients of BusyBox from Xterasys of their rights to the software under the GPL. Xterasys will also pay an undisclosed amount of financial consideration to the plaintiffs.
The settlement suggests that SFLC has adopted a template for settlement. The lessons for FOSS management are the same as I suggested in my post about Monsoon Media. http://lawandlifesiliconvalley.blogspot.com/2007/11/monsoon-media-lessons-for-foss.html
1. You need to respond quickly and appropriately to any complaints about non compliance with open source licenses.
2. You should have a FOSS Use Policy to avoid these problems.
3. Your FOSS Use Policy should include a procedure for responding to these types of complaints.
4. Non-compliance, even “innocent” non-compliance, is getting more expensive.
If you don’t take these steps voluntarily, they may be imposed on you and you will have your own Open Source Compliance Officer.
Monday, December 10, 2007
Paying Developers: A New Way to Develop Community
In Bangalore at FOSS.IN, Simon Phipps, Sun Microsystem's open source guru, announced on Friday that Sun will be establishing an "award program" to support innnovation and advance open source development relating to its products. He describes the program as providing a "substantial prize purse". The fund will be divided into six chunks of about $175,000 each — war chests to ignite original ideas in six streams or communities working on Sun-created open environments: OpenSolaris, GlassFish, NetBeans, OpenJDK, OpenOffice and OpenSparc. http://www.hindu.com/2007/12/08/stories/2007120854141800.htm
This announcement deals with one of the most fundamental questions in the FOSS industry: will the future of FOSS be constrained by the limited number of programmers who are willing to work for free? This issue translates into the more immediate question for FOSS companies of how to motivate FOSS developers to become part of their community given the proliferation of FOSS companies and projects. Many industry commentators have emphasized that developing a robust community is critical to the success of a company depending on an open source business model. This announcement may mark the rise of a new approach to community development.
This announcement deals with one of the most fundamental questions in the FOSS industry: will the future of FOSS be constrained by the limited number of programmers who are willing to work for free? This issue translates into the more immediate question for FOSS companies of how to motivate FOSS developers to become part of their community given the proliferation of FOSS companies and projects. Many industry commentators have emphasized that developing a robust community is critical to the success of a company depending on an open source business model. This announcement may mark the rise of a new approach to community development.
Sunday, December 9, 2007
BusyBox Files Lawsuit against Verizon to Enforce the General Public License
On Thursday, BusyBox, through the Software Freedom Law Center ("SFLC") filed a new lawsuit to enforce the General Public License ("GPL"). The lawsuit claims that Verizon used BusyBox software in one of its routers without complying with the GPL. This lawsuit is the fourth filed by the SFLC in the last two months and confirms that the trend that I mentioned in my earlier post http://lawandlifesiliconvalley.blogspot.com/2007/11/software-freedom-law-center-files.html. SFLC appears to be taking a much more aggressive approach by filing lawsuits within weeks of the original demand letter. In this case, SFLC states that they gave notice to Verizon on November 16 and filed suit on December 5. The allegations in this suit are similar to the earlier complaints. However, this lawsuit is the first against a company of substantial size.
Companies should review their use of BusyBox software which is the basis for these claims and should be prepared to respond quickly to demand letters from the SFLC.
Companies should review their use of BusyBox software which is the basis for these claims and should be prepared to respond quickly to demand letters from the SFLC.
Sunday, November 25, 2007
Software Freedom Law Center Files Second Round of Enforcement Actions for BusyBox Software
The Software Freedom Law Center ("SFLC") has filed a second round of lawsuits to enforce the General Public License ("GPL") for BusyBox software last week. The suits were filed against two different companies: High Gain Antennas, LLC ("High Gain") and Xterasys Corporation ("Xterasys"). As in the Monsoon Media case, the suits are based on the failure to make the source code of the BusyBox software available as required under the GPL.
As I mentioned in my earlier post, the SFLC is much more willing to bring a lawsuit than in the past http://lawandlifesiliconvalley.blogspot.com/2007/11/monsoon-media-lessons-for-foss.html. In past years, SFLC stated that they were involved in up to 50 enforcement actions a year, but never filed a lawsuit. In some cases, they also appear to be moving very rapidly to file such lawsuits: the suit against High Gain was filed on November 20 after an unsatisfactory response from High Gain on November 19 (however, according to the complaint, High Gain had received notice of the requirement to provide source code in August 2006 from a third party, but the source of this notice is not made clear). On the other hand, the initial notice by the SFLC to Xterasys was on May 23, 2007 and Xterasys responded on the same day. The last contact was on May 24, 2007 when SFLC reminded Xterasys to keep them informed of the results of the investigation. However, Xterasys did not further communicate with SFLC.
SLFC consistently takes the position that the failure to comply with all of the terms of the GPL "terminates" the permission in the license and the licensee becomes a copyright infringer. However as in Jacobsen, a court might decide that the failure to provide the source code is a breach of contract (which has a different set of remedies, generally limited to monetary damages) rather than copyright infringement http://lawandlifesiliconvalley.blogspot.com/2007/08/new-open-source-legal-decision-jacobsen.html. Please note that the SFLC and the Free Software Foundation have consistently taken the position that the GPL is not a contract, but I believe that this position is difficult to defend. In any case, I believe that the Jacobsen decision is wrong and the GPL is a very different license from the Artistic License. Yet this question of remedies remains open and depends on the exact terms of the license.
The clear lesson from these suits is to respond quickly if SLFC contacts your company and try to resolve the issue promptly.
As I mentioned in my earlier post, the SFLC is much more willing to bring a lawsuit than in the past http://lawandlifesiliconvalley.blogspot.com/2007/11/monsoon-media-lessons-for-foss.html. In past years, SFLC stated that they were involved in up to 50 enforcement actions a year, but never filed a lawsuit. In some cases, they also appear to be moving very rapidly to file such lawsuits: the suit against High Gain was filed on November 20 after an unsatisfactory response from High Gain on November 19 (however, according to the complaint, High Gain had received notice of the requirement to provide source code in August 2006 from a third party, but the source of this notice is not made clear). On the other hand, the initial notice by the SFLC to Xterasys was on May 23, 2007 and Xterasys responded on the same day. The last contact was on May 24, 2007 when SFLC reminded Xterasys to keep them informed of the results of the investigation. However, Xterasys did not further communicate with SFLC.
SLFC consistently takes the position that the failure to comply with all of the terms of the GPL "terminates" the permission in the license and the licensee becomes a copyright infringer. However as in Jacobsen, a court might decide that the failure to provide the source code is a breach of contract (which has a different set of remedies, generally limited to monetary damages) rather than copyright infringement http://lawandlifesiliconvalley.blogspot.com/2007/08/new-open-source-legal-decision-jacobsen.html. Please note that the SFLC and the Free Software Foundation have consistently taken the position that the GPL is not a contract, but I believe that this position is difficult to defend. In any case, I believe that the Jacobsen decision is wrong and the GPL is a very different license from the Artistic License. Yet this question of remedies remains open and depends on the exact terms of the license.
The clear lesson from these suits is to respond quickly if SLFC contacts your company and try to resolve the issue promptly.
Tuesday, November 20, 2007
Free Software Foundation Announces Final Affero General Public License
One of the most contentious issues during the drafting of the General Public License Version 3 was whether to add an obligation to make source code available for software licensed under GPLv3 if it was provided over a network. The GPLv2 only required source code to be provided upon the "distribution" of the program (although the Affero project, with the permission of the Free Software Foundation, developed a version of GPLv2 which included a requirement to make the source code available to any user of a network, rather than just upon distribution). With the rise of service providers such as Google, open source software was being modified and used, but the modifications were not being made available to the community.
Ultimately, the FSF decided not to include such a requirement in GPLv3 but provide this option through an alternative license, the Affero GPL. It also made the GPLv3 "compatible" with the Affero GPL in Section 13 of the GPLv3. This compatability is "hardwired" rather than a natural result of changes to the GPLv3 which permitted compatability with Apache. And the compatability is "one way": GPLv3 licensed code can be linked with or combined with works licensed under the Affero GPL, but works licensed under the Affero GPL cannot be licensed under the GPLv3.
The final version of the Affero GPL is not surprising. It includes the "network use" language which requires that the Corresponding Source of the Affero GPL licensed code (as well as any GPLv3 licensed code which is incorporated into it) be made available to any network user. The critical provision is as follows:
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have permission
to link or combine any covered work with a work licensed under version 3
of the GNU General Public License into a single combined work, and to
convey the resulting work. The terms of this License will continue to
apply to the part which is the covered work, but the work with which it is
combined will remain governed by version 3 of the GNU General Public
License.
The Affero GPL is an important option for companies or projects that are concerned that they will be used to provide services, but the service providers will not provide their modifications to the community. This issue can be important for a company: I worked with Socialtext to develop the Common Public Attribution License which included a network use provision and a very explicit attribution provision. This option may become more popular as more software is provided as a service. I still believe that the GPLv3 will continue to be much more widely used than the Affero GPL. In fact, I have a small bet with Fabrizio Capobianco, CEO of Funambol, that GPLv3 will continue to beat out Affero GPL over the next five years, so keep adopting GPLv3!
Ultimately, the FSF decided not to include such a requirement in GPLv3 but provide this option through an alternative license, the Affero GPL. It also made the GPLv3 "compatible" with the Affero GPL in Section 13 of the GPLv3. This compatability is "hardwired" rather than a natural result of changes to the GPLv3 which permitted compatability with Apache. And the compatability is "one way": GPLv3 licensed code can be linked with or combined with works licensed under the Affero GPL, but works licensed under the Affero GPL cannot be licensed under the GPLv3.
The final version of the Affero GPL is not surprising. It includes the "network use" language which requires that the Corresponding Source of the Affero GPL licensed code (as well as any GPLv3 licensed code which is incorporated into it) be made available to any network user. The critical provision is as follows:
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have permission
to link or combine any covered work with a work licensed under version 3
of the GNU General Public License into a single combined work, and to
convey the resulting work. The terms of this License will continue to
apply to the part which is the covered work, but the work with which it is
combined will remain governed by version 3 of the GNU General Public
License.
The Affero GPL is an important option for companies or projects that are concerned that they will be used to provide services, but the service providers will not provide their modifications to the community. This issue can be important for a company: I worked with Socialtext to develop the Common Public Attribution License which included a network use provision and a very explicit attribution provision. This option may become more popular as more software is provided as a service. I still believe that the GPLv3 will continue to be much more widely used than the Affero GPL. In fact, I have a small bet with Fabrizio Capobianco, CEO of Funambol, that GPLv3 will continue to beat out Affero GPL over the next five years, so keep adopting GPLv3!
Thursday, November 15, 2007
Oracle Announces 1,500 Customers for Its Unbreakable Linux
One of the concerns about the open source business model has been the risk that third parties provide support for a company's product and deprive the company of a significant revenue stream. This concern was crystallized by the Oracle announcement last year that they would support the Red Hat version of Linux at half of Red Hat's price. However, after six months, Oracle had announced only 26 customers. Many companies sighed with relief. However, Oracle recently announced that they had 1500 customers. For more information, see the story: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9046978. Oracle has acquired some significant clients such as Yahoo, Activision and IHOP. Yet some of these clients are clearly "testing" the service and working with both companies. It will be very interesting to see the numbers after two years (particularly renewals). Yet the Oracle/Red Hat competition may be less relevant for products other than Linux because Linux has a large community of developers which can be hired by Oracle or others who want to provide support services. No such community exists for many open source products. Consequently, this announcement is interesting for the Linux community but may have little relevance outside of the Linux market.
Subscribe to:
Comments (Atom)