ALI Legal Recommendations Could Create New Liability for Open Source Licensors

The American Law Institute ("ALI") has recently published the first draft of the ALI Principles of the Law of Software Contracts ("Principles") http://www.ali.org/index.cfm?fuseaction=projects.proj_ip&projectid=9 <http://www.ali.org/index.cfm?fuseaction=projects.proj_ip&projectid=9> . The ALI was founded in 1923 and has a membership consisting of judges, practicing lawyers, and legal scholars from the United States as well as some foreign countries, selected on the basis of professional achievement and demonstrated interest in the improvement of the law. ALI is a very prestigious non profit institution whose purpose is to: "publishes various Restatements of the Law, model codes, and legal studies to promote the clarification and simplification of the law and its better adaptation to social needs, to secure the better administration of justice, and to encourage and carry on scholarly and scientific legal work."


These Principles have great potential to clarify the difficult issues of software licensing and, when adopted, will have a significant effect on software licensing. The Principles have been developed by a committee of law professors with limited input from an advisory committee. The Principles are now available for public comment and I want to encourage the community to provide comments on the Tentative Draft (see below).

I, as general counsel of OSI, and Karen Copenhaver, as general counsel of the Linux Foundation have written a letter expressing our concern that several of the proposed terms represent very dramatic changes from existing law which are likely to have a very negative effect on the open source software industry. Although a number of provisions in the Principles will be of interest to the open source community, I want to focus on two recommendations which could have a significant negative impact on open source licensors and contributors.

The Principles recommend the creation of two new "non disclaimable" warranties which would result in significant problems for the open source community. The warranties are the (1) warranty of non infringement of intellectual property rights (such as patents or copyrights) if the contributor knew or should have known of the infringement and the contributor holds himself out by occupation as having knowledge or skill peculiar to the software and (2) warranty of no hidden material defects. Current law (and all OSI approved licenses) permit the contributor (and any licensor) of open source software to completely disclaim all warranties i.e. promises about performance or non infringement which could result in liability to a contributor or a licensor(so called AS IS provisions).

Despite some discussion in the Summary Overview of Section 3 suggesting that these warranties would not apply to open source licensors, the actual language of the first warranty, Section 3.01, would apply it to most open source software licensors and contributors. The relevant section follows:

§3.01 Indemnification Against Infringement

a. Except as provided in (c) or as excluded or modified under (d), a transferor that deals in software of the kind transferred or holds itself out by occupation as having knowledge or skill peculiar to the software must defend at its own expense any action brought by a third party against the transferee that is based on a claim under the laws of the United States or a State thereof by way of infringement or the like if the transferor knew or should have known of the infringement at the time of transfer. The transferor must pay those costs and damages finally awarded against the transferee in any such action that are specifically attributable to such claim or those costs and damages agreed to in a monetary settlement of such action.

The exceptions to the obligation are modest: the obligations would not apply if the licensee uses the software outside the scope of the license or the software was developed based on specifications provided by the licensee. The ability to disclaim this warranty is not permitted under the Principles for the following category of software: "Standard Form Transfer of Generally Available Software" (a defined term in the Principles) . The Principles state that open source software is included in this category. Given the view expressed in the Section Overview, we hope that the provision can be clarified to make the warranty disclaimable for open source licensors.

The second warranty, Section 3.05, would apply to all open source software licensors and contributors and appears to present a more difficult problem. The relevant section follows:

§3.05 Other Implied Quality Warranties

a. Unless modified or excluded, implied warranties may arise from course of dealing or usage of trade.

b. The transferor warrants to any party in the normal chain of distribution and to the end user that the software contains no material hidden defects of which the transferor was aware at the time of the transfer. This warranty may not be excluded. In addition, this warranty does not displace an action for misrepresentation or its remedies.

“Disclosure of a material hidden defect occurs when a reasonable transferee would understand the existence and basic nature of a defect. Disclosure ordinarily should involve a direct communication to the transferee, if feasible. A mere posting of defects on the transferor’s website generally should be insufficient.” From Comment b, following § 3.05.

These recommendations also raise similar concerns for commercial licensors. OSI and the Linux Foundation will be soliciting comments on the Principles and expect to have a mechanism to receive those comments by the end of June and will post how to provide comments on our sites. We look forward to hearing from you.

2008 Open Source Think Tank: The Future of Open Source

Olliance Group, the leading consulting firm for open source companies, has published the Summary Report from the 2008 Open Source Think Tank in Febuary of this year. http://thinktank.olliancegroup.com/images/stories/2008%20think%20tank%20summary%20report.pdf. The Think Tank is sponsored by Olliance Group and DLA Piper and is an opportunity for 120 leading members of the open source community to come together and discuss the future of open source software. The attendees include CEOs of Open Source Software companies, CIOs of large companies, venture capitalists, attorneys and other luminaries.

The Summary Report focuses on three major themes:

1. Open source software companies are recognized as a viable strategy for building a software business. The past skepticism has been washed away by the increase in venture capital financing for open source companies http://lawandlifesiliconvalley.blogspot.com/2008/04/venture-capital-investments-in-open.html and the significant acquisitions of open source companies last year, including the acquisition of Zimbra by Yahoo and MySQL by Sun Microsystems, Inc.

2. Open source software vendors have matured sufficiently so that client expectations are that open source vendors should maintain the same standards as traditional commercial software vendors. Open source vendors, like commercial software vendors, must ensure that they address the entire product lifecycle, from support and maintenance to integration and work with third party products.

3. Open source software vendors need to mature and deal with the confusion and, sometimes fear, about the the risk of using open source software. The attendees expressed concern about the dichotomy between the ubiquity of open source software and the lack of recognition of companies of such widespread use.

Please read the Summary Report and we hope to see you next year at the 2009 Think Tank.

Venture Capital Funding for Open Source Shows Significant Increase in First Quarter

The Venture Capital Journal noted in its April issue that investments in open source software increased dramatically in the first quarter of 2008 to $112 million from $200 to 250 million each year. The VCJ attributes this increase to the demise of the traditional multi year enterprise software licensing model as well as the recent very successful exits by open source companies such as MySQL and Xensource. One of the most significant advantages of the open source business model is the reduction of the cost of sales and marketing. For example, Amit Pandey, CEO of Terracotta, which provides infrastructure software for enterprise Java, notes that his download rate has risen 1000% since they shifted to an open source model; he estimates that a traditional software company would have had to spend $4-5 million dollars to achieve the same effect. Yet the article concludes in controversy: several VCs believe that early stage open source investments are no longer of interest because all of the good deals have been done yet other venture capitalists, such as Larry Augustin, believe that many new early stage open source companies are attractive and will get funded this year.

My experience is consistent with Larry’s view. I am seeing an increase in companies which have started with an open source business model as well as many companies which are shifting either in whole or in part to an open source business model. However, entrepreneurs need to be careful not to believe that “open source” is funding “pixie dust”.

This reality was emphasized in a recent SD Forum presentation on Successful Open Source Venture Investing. The venture capitalists, Kevin Efrusy from Accel and Prashant Shah of Hummer Winblad, are very experienced in open source investments. They emphasized that “open source” was not magic: companies must fit the same financial criteria as other software investments. Both venture capitalists noted that the open source business model does provide significant advantages in swift and inexpensive adoption by end users. Yet the company needs to take advantage of these “free downloads’ by finding a way to monetize them. The most popular model for venture backed companies is “dual” licensing in which proprietary additions are made available in a commercial offering which also includes the “free” open source software. However, the typical open source company uses a variety business models: dual licensing, advertising, maintenance services and professional services (including customization and installation). In fact, many of the older open source companies started with a service only model, providing only maintenance and professional services. David Lilly, the founder and CEO of Groundwork Open Source, described how the company shifted their business model by reducing service based revenues from 80% to 30%. The open source business model continues to have significant advantages over traditional software business models, but open source companies must still meet the traditional economic criteria for venture backed software companies.

OSBC: Aligning Intellectual Property Strategy and Open Source Strategy

Recently, at the OSBC, I spoke on how to align your intellectual property strategy to your open source business strategy. This issue can be very simple if you are joining or contributing to an existing project, because you will be bound to use the license of the project. However, if you have more flexibility, you need to consider a number of elements: (1) the sources of revenue (2) the type of product (3) business model (4) type of project (5) channels (6) type of community and (7) competitors. Once you have answered these questions, you then need to review your intellectual property options, such as such as patent, trademark, trade secret, copyright, licenses and domain names to implement your open source business strategy.

For example, a new web infrastructure software company might decide to adopt a dual licensing model and to adopt a license which is relatively compatible in order to interact effectively with other open source software used on the web. The company has decided that its most important intellectual property will be patents and trademarks. The license options include MPL, CDDL, CPAL or if integration is less important, GPLv2, GPLv3 and AGPL.

The materials also describe some of the mistakes that open source companies have made. If you are interested in the presentation it is posted on the OSBC website. http://akamai.infoworld.com/event/osbc/08/docs/GC-Radcliffe.pdf

HBS Open Source Case: Salvation or Suicide

Harvard Business School recently published a case on whether a software game company, KMS, which makes a device which permits amateurs to sound like professional musicians should adopt an open source business model. http://harvardbusinessonline.hbsp.harvard.edu/b02/en/common/item_detail.jhtml?id=R0804XThe case demonstrates the increased recognition of the strategic importance of decisions about the adoption of the open source software business model. Unfortunately, the case does not reflect the developments in business models for commercial open source software. The case focuses on an open source business model based primarily on providing technical services. Yet most commercial open source companies have adopted a dual distribution model. Moreover, as Marten Mickos noted in his 2007 keynote at OSBC, commercial open source companies have thirteen ways to make money, with four of them which he identifies as “scalable”. In addition, the analysis in the case if confused because KMS’ product includes hardware as well as software. Such hardware could give KMS a substantial advantage against competitors trying to provide an open source version of the product. In my experience, virtually all decisions about the adoption of open source business model deal solely with software products. Consequently, I think that the case would have been more powerful (and more realistic) to focus on case in which the product was solely software.

The Case Commentaries are very interesting. Jonathan Schwartz of Sun Microsystems, Inc. makes the critical point that KMS needs to determine its business goals before the company can make a meaningful decision about adopting an open source business model. He draws a contrast between Apple and Nokia in the handset market: Apple is trying to define what a handset should be and they sold 4 million iPhone handsets last year. On the other hand, Nokia is trying to be the largest handset maker in the world, has adopted an open platform and sold 400 million handsets last year.

Gary Pisano of Harvard Business School was also very insightful about the necessary elements for success in converting to an open source business model: ensuring that your software architecture is “modular” and creating a developer community. The creation of a developer community is a significant challenge for a new product and quite different from the skills required for developing and distributing proprietary software. He also notes that natural advantages conferred on KMS by its role as the creator of the “platform”. Finally, he focuses on the new reality for all “proprietary” software vendors: they need to be prepared for competitors who adopt an open source model.

Eric Levin makes good points about the importance of being able to control the brand and the strategic life cycle, but concludes that KMS has alternatives to adopting an open source business model such as adding personalization. However, I think that this alternative is an illusion and it seems to contradict his prior points.

The final Case Commentary by Michael Bevilacqua focuses on legal issues and, from his view, the significant additional risk of intellectual property infringement in an open source business model. I don’t agree with his conclusions. First, most “proprietary software” includes significant amounts of open source code which would carry risks similar to a pure open source business model. Second, he notes the increased risk of patent infringement in open source software. I disagree that the risk of patent infringement is greater in open source companies than in proprietary software companies. Most proprietary software companies do not undertake patent searches prior to writing software, so both types of companies are equally at risk of infringing a third party’s patents. However, the open source business model does entail legal risks: the scope of many important open source licenses (such as the GPL) are unclear because they use terms, such as derivative works, which are poorly defined in copyright law when applied to software and the licenses have never been interpreted by courts. In addition, the remedies available under open source licenses, whether injunctive relief or only monetary damages, are not clear. Consequently, many companies limit the use of open source software based on the open source license under which it is provided.

It is great that Harvard Business School has acknowledged the strategic importance of decisions about the open source business model, but we hope that their next case is more focused.

Open Source as the Borg: Resistance is Futile

The recent report by Gartner, the State of Open Source 2008 (http://www.gartner.com/; report G00156659), as summarized on their site provides some very interesting conclusions:

1. By 2013, a majority of Linux deployments will have no real software TCO advantage over other operating systems.

2. By 2012, 90% of enterprises will use open source either direct or embedded.

3. By 2011, open source will dominate software infrastructure for cloud-based providers.

4. By 2012, software as a service (SaaS) will eclipse open source as the preferred enterprise IT cost cutting method.

I agree with Gartner that open source will continue to penetrate more companies, but I think that it will occur much more rapidly than suggested by Gartner. And they are absolutely correct that use of open source is "elusive". We find that virtually all of our clients use open source even if they are not aware of it. Gartner captures the reality of open source use in their statement that: "Users who reject open source for technical, legal or business reasons might find themselves unintentionally using open source despite their opposition."

I don't agree with their conclusion about Linux and SaaS. I agree with the skepticism expressed by Mark Taylor http://news.zdnet.co.uk/software/0,1000000121,39379900,00.htm. My experience is that the use of Linux continues to grow rapidly and it is likely to take an even more important role in mobile devices. The statement about SaaS confuses a business model with a method of developing software. Many open source companies use SaaS as a distribution model and it does not make them less "open source." http://lawandlifesiliconvalley.blogspot.com/2008/03/open-source-overview-from-osbc.html

The report once again emphasizes how open source is becoming part of the mainstream. A decade can make a big difference: "Microsoft: Resistance is Futile" http://www.news.com/2009-1023-229218.html.

Venture Capital Investments in Open Source Accelerate

A recent 451 Group report notes that venture capital investments in open source companies are at an all time high this quarter. http://blogs.the451group.com/opensource/2008/04/01/vc-funding-for-open-source-hits-an-all-time-high/. They raised $203.75m, up from $100.40m in the same quarter of 2007. He expresses caution that few of the deals were seed or Series A and that much of the funding was raised by some mature companies, such as SugarCRM.

This increase in funding for open source experience is consistant with what I am seeing in Silicon Valley where I work with about 40 startups (not all open source). Most software venture deals have an open source component to them and venture capitalists are very interested in new open source projects. I know of at least four new open source companies that are seeking funding, several are based on existing projects. So I disagree with Matt that the relatively smaller number of seed and Series A deals are a cause for concern. Seed deals in particular are difficult to find (several of the companies that I mentioned above have bootstrapped or used friends and family money, so they are basically invisible). In addition, I know of four foreign open source companies that are coming to the US because of the size of the market and the depth of the venture capital market. I think that 2008 will be another record year for open source funding.