Top legal developments in free and open source software last year
Top 10 open source legal developments in 2015
In 2015 there were a variety of legal issues of importance to the FOSS (free and open source) community. Continuing the tradition of looking back over the top ten legal developments in FOSS, my selection of the top ten issues for 2015 is as follows:
1. Settlement of Versata cases interpreting General Public License version 2 (GPLv2)
As we noted last year, the GPLv2 continues to be the most widely used and most important license for free and open source software. Black Duck Software estimates that 16 billion lines of code are licensed under the GPLv2. The courts issued several important opinions in the Versata cases in 2014, but all of the cases were settled in 2015 without further opinions.
The opinions were based solely on pleading issues, and thus, have limited precedential value, but they suggest how courts would rule on major issues raised by the GPLv2:
(a) the court approved the "one tier" structure of the GPLv2 in which a violation by an intermediate distributor (in this case Versata Software, Inc. (Versata)) does not terminate the rights of its downstream licensees (such as Pacific Life Ins. Co., Metropolitan Life Ins. Co., and the Prudential Ins. Co. of America)
(b) the definition of the type of activity which constitutes "distribution" and, thus, triggers the obligations under the GPLv2
(c) the nature of the patent rights granted in certain circumstances under the GPLv2 (For a more detailed description of the facts and holdings, see http://opensource.com/law/14/12/gplv2-court-decisions-versata)
These cases emphasize the need for management of the use of open source software because the dispute arose when Versata, a proprietary software vendor, included GPLv2 licensed software from a third party, Ximpleware, Inc. (Ximpleware). Versata did not appear to know that the Ximpleware software was in its proprietary software and failed to comply with the terms of the GPLv2. After discovering the violation of the GPLv2, Ximpleware sued all of Versata’s customers. Given the settlement of these cases, we will need to await another dispute to clarify the interpretation of the provisions of the GPLv2.
2. First decision interpreting General Public License version 3 (GPLv3)
The Regional Court of Halle in Germany issued the first decision interpreting the GPLv3 in July 2015. The case involved the actions of an institute of higher education. The defendant (licensee) did not object to the allegations of the violation of the GPLv3. Instead, the dispute focused on the application of the "einstatement" provisions in Section 8 of the GPLv3. Section 8 retained the automatic termination which was found in GPLv2, but provided for reinstatement of rights under the license if the licensee cured its breach within thirty days.
In this case, the user cured its breach within the necessary period, but refused to sign a "cease and desist" declaration which was sought by the plaintiff to ensure that the defendant would have an incentive not to breach the terms of the GPLv3 again. The court ruled that the reinstatement provision in Section 8 did not eliminate the plaintiff's right to a preliminary injunction to prevent further infringements, particularly if the defendant had refused to sign the plaintiff's cease-and-desist declaration. For more information, please see German court addresses GPLv3 section 8 termination provisions by Richard Fontana.
3. Linux programmer sues VMware for violation of GPLv2 for Linux
The Linux operating system is one of the most widely used FOSS programs in the world, yet it has rarely been involved in litigation. However in March 2015, Christoph Hellwig, a key Linux kernel developer, sued VMware in the district court of Hamburg, Germany. Hellwig asserted that VMware had violated the terms of the GPLv2 by combining VMware’s proprietary code called "vmkernel" with Linux in a manner which created a derivative work, but did not provide the complete corresponding source code of vmkernel under GPLv2. The vmkernel is the "kernel" of VMware’s ESXi operating system that manages the hardware and software resources of the physical server.
VMware has responded that vmkernel is not a derivative work of Linux but only interacts with Linux through the VMK API. VMware also noted that drivers working with vmkernel do not need to be Linux drivers, but VMware offers a "compatibility alternative through a loadable kernel module called 'vmklinux', which in association with any Linux drivers, is loaded by the vmkernel and interfaces with the vmkernel through VMK API." The facts relating to the dispute cannot be confirmed because the complaint and other court documents are confidential under the rules of German courts. This case is likely to be very important in determining the scope of the GPLv2 because the parties do not appear likely to compromise.
4. Community GPL compliance
The Software Freedom Conservancy (Conservancy) and Free Software Foundation (FSF) cooperated this year to develop and publish "Principles of Community Oriented GPL Enforcement" (Guidelines) in September 2015 (here and here). The increase of FOSS litigation has been the source of concern in the community and the Guidelines are meant to assist the community in developing a basis for a consistent and common approach to enforcement. The Guidelines follow the publication last year by the Software Freedom Law Center of the second version of the Practical Guide to GPL Compliance and the joint publication by the Conservancy and the FSF of the first version of their guide, the Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide.
5. European Commission antitrust investigation of Google and its Android Operating System (Android OS)
The European Commission (Commission) has opened an informal investigation to determine if certain conditions in Google’s agreements for the distribution of Android OS violate European Union (EU) antitrust rules. Specifically the Commission is looking at whether the terms of such agreements for Android OS requiring the use of Google’s proprietary applications and services violates EU rules. The Commission investigation will focus on the following three allegations:
whether Google has illegally hindered the development and market access of rival mobile applications or services by requiring or incentivising smartphone and tablet manufacturers to exclusively pre-install Google’s own applications or services;
whether Google has prevented smartphone and tablet manufacturers who wish to install Google's applications and services on some of their Android devices from developing and marketing modified and potentially competing versions of Android (so-called “Android forks”) on other devices, thereby illegally hindering the development and market access of rival mobile operating systems and mobile applications or services;
whether Google has illegally hindered the development and market access of rival applications and services by tying or bundling certain Google applications and services distributed on Android devices with other Google applications, services and/or application programming interfaces of Google.
The investigation demonstrates the importance of Android OS in the smartphone and tablet market because the Commission is investigating Google’s potential abuse of its "dominant position" with respect to the Android OS.
6. Android forking continues
CyanogenMod LLC (LLC) is a venture capital backed company that has developed CyanogenMod, a customized, aftermarket firmware distribution for several Android OS devices. The CyanogenMod firmware is based on the Android Open Source Project. CyanogenMod firmware was considered a significant potential competitor to Google’s Android OS because of its significant funding. However, the potential of the LLC’s business model is now subject to question due to a court decision in India.
One of the LLC's initial licensees was Oppo Electronics (Oppo), which is part of BBK Electronics Group, a large PRC company. The LLC granted Oppo a non-exclusive worldwide license and Oppo formed a new company, OnePlus, to distribute its CyanogenMod based phone. However, the LLC also granted exclusive rights in India to Micromax Informatics, Ltd (“Micromax”). The Indian court found that Micromax had exclusive rights to the CyanogenMod firmware and trademark in India. Later, OnePlus decided to develop its own fork of Android OS and cease use of the CyanogenMod firmware. This fork will, like CyanogenMod firmware, be based on the Android Open Source Project. This case demonstrates the flexibility of using the Android OS as well as the difficulties of developing an alternative to Google’s version of the Android OS.
7. Contribution policies
All open source projects need to ensure that they receive sufficient rights in the intellectual property rights (IPR) from the contributors to ensure that the project can license the project software to users. Most projects use either the "project license" or contribution license agreements. (Very few projects, instead, require the assignment of IPR for contributions.) However, the use of "contribution license agreements" is very controversial in certain communities, and particularly in the Linux community. On the other hand, my review of the emails at the time of the development of the Apache Software License version 2 (ASLv2) and discussion with the individuals involved in the drafting makes clear that the ASLv2 was meant to be used with the standard contribution license agreements developed at the same time as the ASLv2 although the ASLv2 includes Section 5 as a "backup" for contributions.
The different views of open source communities were very evident in the dispute within the OpenStack community over the use of the standard Apache contribution license agreements. Many developers with experience in the Linux community were very opposed to the continued use of the Apache contribution license agreements and wanted to adopt the Developers Certificate of Origin (DCO) as used in the Linux community. After significant discussion the Board decided to continue to use the standard Apache contribution license agreement for contributions by corporations but to adopt the DCO procedure for contributions by individuals.
8. Corporations release projects under FOSS licenses
As we noted last year, many large companies are using FOSS as an explicit strategy to build their software and this trend continued this year and accelerated. Jim Zemlin, Executive Director of the Linux Foundation, has described this strategic use of FOSS as external "research and development." Last year, Microsoft released the .NET software framework (this software is used by millions of developers to build and operate websites and other large online applications) under a FOSS license. This year Apple Computer, Inc. announced open sourcing of the Swift language. This continues a trend where major corporations are using open source development techniques to manage projects which they have developed internally, but which can be more cost effectively managed by a community.
9. Successful grant of 501(c)(6) exemption
Several years ago FOSS foundations were regularly granted exemptions under federal tax law by the Internal Revenue Service (IRS) under Section 501(c)(6). These exemptions make the contributions of FOSS foundation members tax deductible. However, in the last three to four years, the IRS has been routinely denying such exemptions for FOSS foundations. This year, however, the OpenStack Foundation (Foundation) was able to successfully obtain a 501(c)(6) exemption although it required the Foundation to appeal the initial denial before the Foundation was successful.
The responses by the IRS to the Foundation demonstrate a significant misunderstanding of how FOSS foundations operate and their role. For example, the IRS believed that the Foundation was directly competing with cloud offerings from Amazon, Google and Microsoft. Although the Foundation was ultimately successful, these misunderstandings are likely to continue to plague applications for 501(c)(6) status. To assist the community, the Foundation will be making its applications, the IRS responses and the Foundation’s responses to the IRS available on the Open Source Initiative (OSI) website this year.
10. FCC’s potential ban on open source software for routers
The FCC evinced a similar lack of understanding of FOSS in its proposed new regulations for routers. The initial draft appeared to prohibit the use of FOSS because of the requirement that manufacturers prevent user modifications that would enable radios in the routers that operate outside of their license or licensed parameters. The FCC noted that its actions are meant to address "interference" with FAA Doppler Radar weather systems caused by modified devices and other potential problems.
After a massive negative response by the FOSS community the FCC clarified that the guidance was not meant to prevent the use of FOSS and that router manufacturers can implement the guidance using a number of technical approaches. Many open source commenters remain skeptical about the FCC’s response. The FCC has not yet issued the final rule. However, at least one commentator has noted that in the past the FCC has cooperated with Linux distributors in order to ensure that Linux PC’s can be turned into wireless access points so we can hope that this issue will be resolved to the satisfaction of the FOSS community.