Top 10 legal issues for free software of 2013 | Opensource.com
Top 10 legal issues for free software of 2013
The year 2013 continued the trend of the increasing importance of legal issues for the Free and Open Source Software (FOSS) community. FOSS projects have increased from 900,000 in 2012 to 1,000,000 in 2013, according to Black Duck Software.
Last year, I provided a look at the top legal issues from the year before. Continuing with this tradition, here is my take on the top ten legal developments in FOSS during 2013.
1. Android patent litigation
The litigation surrounding the Android operating system has continued around the world, but a new front has opened in a suit recently filed by the Rockstar Consortium against Google, Samsung, ZTE, Pantec, Asus, LG Electronics, HTC, and Huawei. The Rockstar Consortium consists of Apple, Microsoft, Blackberry, Ericsson, and Sony. Unlike the litigation between Apple Computer and Samsung, this lawsuit goes after basic features of Android and could have a much broader impact on the Android market. The litigation between Apple Computer, Inc. and Samsung continues with cases pending throughout the world.
As I mentioned in last year’s post, a decision in Silicon Valley awarded Apple $1.05 billion in damages for Samsung’s violation of its patents. The judge reduced the damages, but the parties were granted a new trial and in the fall of 2013, the jury resolved the dispute over damages by awarding Apple $290 million. According to eWeek, Apple has been awarded $930 million across all of its suits (Red Hat represents some of the parties in other matters, I offer no opinion on the correctness of the decision). The litigation will clearly continue.
2. License compliance and standard of care
On June 14, 2013, the district court of Hamburg found that Fantec violated the obligation in the GPLv2 to provide to its customers the "complete corresponding source code" of the software. Fantec objected that it had been assured by its Chinese supplier that the source code received from the supplier was complete. And Fantec claimed that they had investigated options with third parties for source code analysis and had been informed that such reviews were quite expensive and not completely reliable. The court rejected these excuses.
The court required Fantec to pay a contractual penalty based on the prior settlement agreement. In addition, the court awarded the plaintiff’s expenses in enforcing the GPLv2. The distributor of GPLv2 software is responsible for compliance with the terms of the license and cannot delegate such responsibility. Even the most sophisticated companies can have problems with the compliance as demonstrated by Samsung’s problems with the inadvertent release of the native Linux driver for Microsoft’s exFAT file-system.
3. Rise of forks in major programs
One of the major advantages of open source software is the flexibility for companies to modify the software and even develop a completely different version of the product, so called "forking." Although forks have occurred in the past, they are frequently temporary departures which are reintegrated into the original product. However in 2013, we witnessed a well-financed fork in a major product of MySQL software: Intel Capital led a consortium of investors in a $20 million round of financing for SkySQL (which is now managing the MariaDB version of MySQL).
Google announced that it would migrate all of its MySQL software to the MariaDB version of the software. MySQL software is widely used and the effect of this fork is difficult to predict. Although not strictly a "fork," the Android operating system continues to have challenges due to its fragmentation. These problems may be exacerbated by proprietary extensions such as the CyanogenMod, which is a customized, aftermarket firmware distribution for several Android devices. The CyanogenMod is designed to increase performance and reliability over Android-based ROMs released by other vendors and carriers. Cyanogen has recently received a $23 million financing led by Andreessen Horowitz.
4. Enforcement of the FOSS licenses
Although FOSS is widely used and GPLv2 is the most widely used license, the GPLv2 has rarely been the subject of litigation, particularly in the United States. Until 2013, this litigation has been brought primarily by non-profit entities on behalf of small companies and individuals. However, this year two lawsuits were brought by commercial companies to enforce the GPLv2 against other commercial companies: Continuent v. Tekelec and Ximpleware v. Trilogy. As FOSS is more widely used, it is natural that it could become part of disputes between companies. The question is whether these suits indicate a trend or whether they are simply unusual situations. In addition, if the suits go to trial, they could provide guidance on the interpretation of the GPLv2.
5. GitHub adopts a license selection policy
As I noted last year, one disturbing trend was the posting of "FOSS" modules without licenses. This problem was particularly acute on GitHub. However, Simon Phipps of the Open Source Institute (OSI) worked with GitHub, and GitHub stated that "sharing your code isn't everything... it's also important to tell people how they can use that code" and that "choosing an open source license can be confusing." GitHub then created choosealicense.com, a website to assist developers to select a license. Although I disagree with some of the statements in the choosealicense.com site, it is an important change to GitHub’s policy. (I am particularly concerned about the inclusion of "No license" as an option similar to a traditional license).
6. Good news in the patent wars
Patent settlement on VP8. Although much ink has been spilled over patent suits filed against open source projects, we rarely get to announce good news. This year, we have such an opportunity: Google settled patent threats from MPEG LA, LLC about Google’s use of the open source VP8 codec. The dispute arose in 2011 when Google announced that support in Google Chrome for the widely used H.264 codec would be dropped. Google would promote the VP8 codec as open source. Google had acquired this codec as part of the purchase of On24 Technologies in 2010. MPEG LA had been threatening On24 Technologies for a long time and, thus the settlement is a surprise; the announcement of a Department of Justice antitrust investigation into MPEG LA over its call for a patent pool for VP8 may have encouraged the settlement.
7. FOSS enters government use
The use of FOSS by governments and government participation in FOSS projects would seem to be a natural fit but has frequently run into problems in implementation. One example of a great success is the OpenStack cloud software project which began as a joint venture between NASA and Rackspace. The OpenStack project is now managed by an independent foundation and is one of the fastest growing open source projects, with over 290 supporting companies and 13,000 individual members.
However, open source adoption by governments is very uneven.
Germany has been particularly active in 2013: in January, Jimmy Schulz, a member of Parliament and chairman of the Interoperability, Standards and Free Software Project Group, stated that current law prohibits governments from being part of the development process in FOSS projects because they cannot give away services; he recommended that the law be changed to permit such participation. More recently in December, the new governing coalition agreed that public administrations should give priority to open source in their public procurement and commit the coalition to support open source at a European level. Munich also implemented its transition to open source IT in October and November. However, the UK, despite early commitments to open source, has not effectively implemented those strategies.
In France, Jacques Marzin, the French state Chief Information Officer (CIO), confirmed that government is working to implement the Open Source Guidelines approved last year by Prime Minister Jean-Marc Ayrault (these guidelines promote the use of free software and open source in French ministries).
The situation in the US remains complex with FOSS being widely used but actions by some departments making such its use more difficult. The Department of Defense’s (DoD) release of the DoD Open Systems Architecture Contract Guidebook for Program Managers, v.1.1 in June demonstrates the complexity of the landscape for FOSS. On the one hand, this DoD publication acknowledges the "strong relationship between Open Source Software and Open Architecture" and, consistent with the DoD’s Better Buying Power 2.0 Initiative, encourages the managers of the DoD’s major systems to explore the use of FOSS; on the other hand the Guidebook cautions that certain FOSS licenses “may be problematic for the Government." Recently, Lockheed donated the source code of the Distributed Data Framework (part of the Distributed Common Ground System) to the Codice Foundation, a nonprofit supporting government open-source projects; this donation makes the code available to all government agencies and their commercial partners.
In addition, Representative Issa introduced the Federal Information Technology Acquisition Reform Act to encourage the use of FOSS and required that regulations be revised to ensure: "The standards and guidelines shall include those necessary to enable effective adoption of open source software." Finally, the National Defense Authorization Act for Fiscal Year 2014 (FY 2014 NDAA) includes two sections that should ultimately work to encourage the use of FOSS. Specifically, Section 935 of the FY 2014 NDAA, titled "Additional Requirements Relating to the Software Licenses of the Department of Defense" provides that the Chief Information Officer of the DoD shall update the plan for the inventory of selected software licenses of the DoD required under section 937 of NDAA for FY 2013, to include a plan for the inventory of all software licenses of the DoD for which a military department spends more than $5 million annually on any individual title.
With respect to cloud computing, Section 938 of the FY 2014 NDAA, titled "Supervision of the Acquisition of Cloud Computing Capabilities" provides requirements for reviewing, developing, modifying, and approving the requirements for cloud computing solutions for data analysis and storage by the Armed Forces and Defense Agencies. Section 938 also includes requirements for reviewing, developing, and implementing plans for the competitive acquisition of cloud computing systems, including developing plans to ensure that the cloud systems are interoperable and universally accessible and usable through attribute-based access controls, and plans to ensure the integration of cloud systems with enterprise-wide plans of the Armed Forces and the DoD for the Joint Information Environment and the Defense Intelligence Information Environment.
8. Contribution agreements and projects
The management of contributions to FOSS projects continues to be important. The Eclipse Foundation revised their contribution process by implementing new, simpler Contributor License Agreements (CLAs) for all contributors at Eclipse. This CLA is much shorter than CLAs for other projects, limiting the agreement to stating that the contributions will be provided under the license(s) for the project to which they’re making a contribution. They automated their process to accept contributions via git and Gerrit as well as automating their workflow.
The importance of the terms of contribution agreements was also important in 2012 in the context of the departure of Nikos Mavrogiannopoulos from the GnuTLS project. As the primary drafter of the Harmony Project contribution agreements, I have had an opportunity to consider these issues in detail. I am in favor of making the contribution process more simple, but the process should be clear. I have some concern that the Eclipse CLA goes too far in simplifying the CLA, for example by not including standard provisions from Article 2 of the Uniform Commercial Code (all of the old favorites, such as waiver of consequential damages and disclaimer of implied warranties).
9. Rise of open source collaborations
Open source collaborations continued to grow last year. Two of the major new collaborations were the AllSeen Alliance (the Alliance is based on the AllJoyn open source project which develops software which "can communicate over various transport layers, such as Wi-Fi, power line or Ethernet, regardless of manufacturer or operating system and without the need for Internet access") and Open DayLight (software "to accelerate adoption of Software-Defined Networking and Network Functions Virtualization").
Both of these projects chose to become members of the Linux Foundation Collaborative Projects rather than developing their own independent organization. This option can be very attractive because it reduces the cost of starting the project. The OpenStack Foundation continues to grow at a rapid rate, increasing the number of companies involved from 150 to 290 and individual members from 6,000 to over 13,000 in early 2014 (as a matter of transparency, I represent the OpenStack Foundation).
10. Commercial companies support FOSS
Commercial companies have realized that the support of FOSS projects is an important strategy. IBM announced that it will invest an additional $1 billion in Linux and other open source technologies to support its Power System servers.
As noted above, Intel invested $20M in SkySQL to develop MariaDB software, a fork of MySQL. Netflix is providing its cloud tools as FOSS, named Netflix OSS, to other cloud service providers. Netflix had developed many tools to fill in the gaps in Amazon Web Services (for example, the Chaos Monkey software for testing web application resiliency) and is now making them available as FOSS to other cloud providers. The adoption of the Netflix FOSS tools by other cloud providers could lead to such cloud providers being able to provide more scalable public clouds; such public clouds might even become an alternative to Amazon Web Services. Netflix also established the Netflix OSS Cloud Prize: $200,000 across ten prizes to reward developers for assisting in developing Netflix’s cloud platform.
EMC and VMware took another approach: they spun out its Cloud Foundry software (a FOSS project) to form Pivotal, a new company with 500 employees. General Electric then invested $105 million in Pivotal. IBM also announced that they would collaborate with Pivotal in developing its technology.