Legal Issues Affecting the Use of Open Source IT Solutions in the Enterprise Julia Sitarz Student, University of Connecticut WIPO Conference May 2007
Download ReportTranscript Legal Issues Affecting the Use of Open Source IT Solutions in the Enterprise Julia Sitarz Student, University of Connecticut WIPO Conference May 2007
Legal Issues Affecting the Use of Open Source IT Solutions in the Enterprise Julia Sitarz Student, University of Connecticut WIPO Conference May 2007 Global Web Server Use (May 2007) Source: Netcraft Apache IIS Other 10.00% 31.00% 59.00% Web Server Use Among Fortune 1000 Companies (Oct. 2006) Source: Port80 Web Server Survey 54.90% 23.30% 5.80% 16.00% Apache IIS Other Netscape What is Open Source/Free Software? • Software for which the source code is available for use, copying, modification, distribution and re-use • (“free as in free speech, not as in free beer”) • Free Software Foundation • Open Source Initiative • Total Cost of Ownership (TCO) What is Open Source? Cont’d • Source Code – can be read and adapted by human users • Object Code (Binary Code) – consists of 0s and 1s, – legible only to computers, – needed to execute program on computers Open Source vs. Proprietary • Open Source Software – Source Code available to users – Enables study, modification, and creation of derivative works and interoperable programs – Examples: Linux operating system • Proprietary Software – – – – Typically distributed only in Object Code Restricts access to Source Code Modification prohibited by contract terms Examples: UNIX operating system, Microsoft operating system Open Source Legal Risks • Untested license terms • Copyright infringement • Patent infringement How can businesses best manage these risks? Open Source Licenses and Copyright Law GNU General Public License (GPL) • Employed by majority of Open Source projects worldwide • Emerged in reaction to perceived change in software development industry in 1980s Richard Stallman’s 1984 GNU Manifesto: GNU, which stands for Gnu’s Not Unix, is the name for the complete Unix-compatible software system which I am writing so that I can give it away free to everyone who can use it. (…) I consider that the golden rule requires that if I like a program I must share it with other people who like it. Software sellers want to divide the users and conquer them, making each user agree not to share with others. I refuse to break solidarity with other users in this way. (…) Copying all or parts of a program is as natural to a programmer as breathing, and as productive. It ought to be as free. (…) GNU is not in the public domain. Everyone will be permitted to modify and redistribute GNU, but no distributor will be allowed to restrict its further redistribution. That is to say, proprietary modifications will not be allowed. I want to make sure that all versions of GNU remain free. Software Copyright • Grants copyright owner the exclusive rights to copy, distribute and modify the program • Software copyright holders permit or prohibit certain acts via licenses – Proprietary licenses assert restrictions on • Use – no decompiling, reverse engineering • Copying – only for backup • Redistribution – only as authorized agent – Open Source licenses makes source code available, and liberally permit use, copying, modification and redistribution GNU General Public License, § 2(b) The “Copyleft” Clause 2. • …b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License… 2 Main Kinds of OS Licenses Non-restrictive • No restrictions on distribution of derivative works • Do not prevent code from being used in non-Open Source applications • Example – the BSD License Restrictive • Apply restrictions on distribution of derivative works to ensure that the code will always remain free • Example – the GPL Legal Challenges to Open Source • SCO v. IBM – – trial date vacated pending resolution of SCO v. Novell – SCO v. Autozone – • stayed pending outcome of SCO v. IBM – SCO v. DaimlerChrysler – • summary judgment entered against SCO – Red Hat v. SCO – • stayed pending outcome of SCO v. IBM – SCO v. Novell – • hearings on Motions for Summary Judgment scheduled for May 31 The Problem of Patent Infringement… A software patent covers the functionality of the code, not merely its expression. Doctrine of Equivalents Patent Protection for Software – U.S. and European Examples Software Patent Developments • EU Directive on the Patentability of Computer-Implemented Inventions – Tabled due to lack of consensus • U.S. Patent Reform? – KSR International Co. v. Teleflex, Inc. • Supreme Court decision calling for more court flexibility in applying the obviousness standard • Could make it easier to invalidate some patents on the basis of obviousness • Considered victory for software companies Patent Problems with Linux • OSRM study – Found Linux potentially infringed 283 patents – City of Munich migration halted • Mitigating Factors: – Patents have not been court-validated – Approx. 1/3 of patents held by Open Source-friendly companies – Any project on the scale of Linux would be likely to infringe a similar number of patents Patent Détente or Beginning of Enforcement Campaign? Microsoft/Novell patent agreements Microsoft’s recent statements to media GPL Version 3 response Advising Business Users of OS • First question – how will Open Source software be used? – Without modification, in standard form, like any other commercial program? – Modifying or adjusting functionality, customization for internal purposes only? – Using the source code to develop other software for distribution? Managing Compliance with Licenses • Assess code base to determine what licensed materials are there, and what obligations those licenses impose • Explore appropriate remedies • Implement automatic and auditable controls • Assist employees to understand their obligations under Open Source licenses and intellectual property law Conclusion: OS Risk Management for All Companies • Understand that risks are associated with the use of any software – Recognize improbability of “mutually assured destruction” • Input risk analysis into Total Cost of Ownership comparison • Consider market means of shifting risk – Indemnification through OS vendors – Insurance