[Fsfe-france-gpl] Attorney Dan Ravicher on Open Source Legal Issues

[loic]

http://slashdot.org/article.pl?sid=01/06/05/122240&mode=thread

Attorney Dan Ravicher on Open Source Legal Issues [ The Courts ]
Posted by Roblimo on Tuesday June 05, @12:00PM from the
ignorance-of-the-law-is-no-defense dept.  Quite a while back we asked
Dan Ravicher, a young attorney who is personally interested in Open
Source and Free Software licensing issues, a bunch of questions on the
subject . We waited and waited for his answers, and the wait turned
out to be worthwhile because Dan ended up writing what amounts to a
legal FAQ for Open Source and Free Software developers. This is
important reading for anyone involved in any way with Open Source or
Free Software development.

Attorney Interview Disclaimer:

Legal opinions posted on Slashdot are for general information purposes
only and should not be taken as specific legal advice. If that's what
you need, you should consult a lawyer familiar with the laws in your
jurisdiction about your situation. Also, please remember that
everything you read here represents Dan's personal opinion, which is
not necessarily shared by his employer, Brobeck, Phleger & Harrison
LLP, or any of Brobeck's nearly 1000 other attorneys.

Now the interview itself...

When will source code be considered speech?  by LordNimon Every
programmer knows that source code is speech, and should be protected
like any other speech. However, the courts just don't seem to realize
that, probably because none of the judges have ever been
programmers. What would it take for the court system to generally
acknowledge that source code is speech, and how long will it take for
that to happen? What do you think will be the biggest ramifications
if/when it does happen?

Dan

SHORT ANSWER

Source code is speech, but not all speech receives the same amount of
First Amendment protection. Due to its functionality, source code
cannot receive the highest form of First Amendment Protection. But
source code that is expressive in nature may receive some First
Amendment protection.

LONG ANSWER

I have some good news and some bad news.

The good news is that the few courts to consider the issue concluded
that source code is speech. Further, in the DeCSS case, it seems as
though the federal appeals court in New York will uphold the lower
court judge who also concluded that source code is speech. However,
the bad news is that the First Amendment's protection of speech is not
absolute and not all speech gets the same amount of First Amendment
protection.

The amount of protection given particular speech depends upon it's
content. While some speech can easily be categorized as political,
commercial, verbal acts or otherwise, First Amendment analysis often
looks at the speech's expressiveness as opposed to its functionality
to determine the corresponding level of protection. Purely expressive
speech regarding public affairs, politics and government (think "F---
the draft!" on the back of a jacket worn by an individual with no
intent to cause imminent lawlessness) gets heightened First Amendment
protection, while purely functional speech (think "Do you have any
drugs?" to an undercover police officer or "I accept" to a party which
has offered a contract) gets little First Amendment protection. This
leaves speech which is both expressive and functional, such as
commercial speech (think "Eat at Joe's!"), lying somewhere in the
middle. Further, indecent speech (think adult porn) gets very little
protection while obscene speech (think child porn) gets no protection
whatsoever.

Since source code is by its nature functional, it seems unlikely that
any court would ever find that it is purely expressive. However, the
courts which have addressed the issue have concluded that source code
can also be expressive. In fact, in 1999 a federal court in California
wrote, "While source code can be easily compiled into object code by a
user, ignoring the distinction between source and object code obscures
the important fact that source code is not meant solely for the
computer, but is rather written in a language intended also for human
analysis and understanding." Therefore, there is no universal answer
to the question of how much First Amendment protection applies to
source code. Rather, the issue depends in part on the particular
expressive versus functional nature of the source code in question.

However, although the speech involved may be an important element, the
true focus of First Amendment analysis is whether a particular law
unconstitutionally abridges free speech. Courts ask whether a
particular law violates the First Amendment, not whether particular
speech deserves First Amendment protection. Therefore, speech can not
be looked at in isolation. Rather, a particular law must be looked at
to determine how it affects speech. Laws aimed at speech with a
certain message are deemed "content-based" and most often receive
heightened scrutiny. On the other hand, laws which are
"content-neutral", such as time-place-manner restrictions, most often
receive less scrutiny. For instance, in the DeCSS case, the court is
looking at the Digital Millenium Copyright Act to determine what level
of scrutiny it shall receive in relation to its regulation of speech.

Another issue which deserves attention is the fact that the First
Amendment rights we all have are alienable. That is, we can bargain
away those rights through a contract. Confidentiality agreements are a
prime example of one party giving up their right to speak which are
routinely enforced. This issue as it relates to license agreements and
their prohibition against publishing reviews or benchmark test results
is addressed in response to question 8 below.

OFF TOPIC RESPONSE TO COMMENT

Lastly, I just wanted to respond briefly to your comment about judges
not being computer programmers. While this is true, so is the fact
that most computer programmers are not lawyers. However, this doesn't
prevent computer programmers from understanding difficult legal
issues. Likewise, judges are generally capable of understanding
computer programming issues.

No funds, no change of winning?  by antis0c I'm a freelance
programmer, and like most programmers I do it for the love of the
"art", and because of that most of my creations are licensed under
GPL.. However, my question is, what would happen if Big Corporation X
were to take my code, integrate it into a proprietary system, and sell
it for millions, ignoring all demands to release source to the
modifications (and thus breaking the GPL). What could I honestly do
besides writing letters threatening legal action?

I obviously don't have the funds to compete in the courtroom with Big
Corporation X, and even if I were to try, the expense and time alone
would set me into debt for probably the greater part of the rest of my
life. What chance does the GPL or any other Open Source licensed
software have, if a good part of it's development team is composed of
just average guys with bills, debt and little free time?

Dan

SHORT ANSWER

Keep writing good code.

LONG ANSWER

You are correct; without substantial resources, it is extremely
difficult to successfully enforce your intellectual property rights
against a major software company. However, I strongly urge you to not
underestimate the power that individuals and small organizations have
to cause change.

For instance, you could assign your rights to an entity who is
sympathetic to the open source movement and who has the resources to
vindicate your interests. Many large entities in the open source world
(including the Free Software Foundation and Sun) ask developers to
assign their interests back to them. This coalesces the ownership into
one entity which has the resources to bring legal actions to assert
the copyright interests in the code. [Note: This is discussed further
in response to question 9 below.] Further, it might be possible to
find a law firm willing to take a copyright infringement case on a
contingent fee basis. This prevents the "little guy" from being denied
"his day in court."

Also realize that the courtroom is not the only place (in fact not
even the most important place) you can compete with Big Corporation
X. The court of public opinion often favors the David over the
Goliath. The key here is to make sure the general public knows how you
are helping them, and that "hacker" is not a negative term. Small
businesses are often noted for better customer service, better product
and better innovation than their multi-national counterparts. Further,
publicity is very inexpensive and can be extremely helpful. For
example, just today (June 4, 2001) a New York Times article with the
headline, "Open-Source Movement Advances," presented the free software
movement and the open source concept in a very positive light.

In the meantime, it is my view that the best thing you can do is keep
writing code. And not just any code, write the best damn code you
can. Write code that is pioneering and revolutionary and causes the
entire software development community to recognize it as singly that
of the open source realm. Write code that solves problems closed
source developers don't even know exist. Spend your valuable time
addressing programming issues, not legal ones. After all, you chose to
be a programmer, not a lawyer.

Now, this may lead to your code being more desirable in the eyes of
those with bad faith intent, but it will also be more attractive to
those with good faith intent. I encourage you to be receptive to all
who wish to learn about and support your programming, including
non-programmers such as business people, lawyers, students, etc. Once
there's a gathering of individuals around your code (or a project
which your code is part of), it won't be as hard to organize an
effective intellectual property defense scheme. Odds are that someone
in this group will have the legal, business, public relations, or
other training and experience to worry about those issues while you
continue to write damn good code. If you, the other developers, and
the supporting folks pool resources, you may soon have sufficient
capability to vindicate your combined interests.

Further, I urge you to not be overly cynical about our justice
system. Yes, there are flaws which subject our legal system to
manipulation and abuse and, yes, things move slowly and sometimes
backward for periods, but I truly believe that our system is pretty
good and eventually produces the correct results.

Public Domain by Flying Headless Goku A common justification for
choosing an open source license, and putting up with all the
license-compatibility issues, over simply releasing the code into the
public domain is fear of litigation. Do you believe that the creator
of public domain software (perfection disclaimed, use at own risk) is
at any greater legal risk than the creator of open-source licensed
software in the case of costly software failure? (I'm especially
interested in any relevant precedent you are aware of)

Dan

SHORT ANSWER

Yes.

LONG ANSWER

Yes, one who releases code into the public domain has greater
litigation exposure than one who only releases the code through valid
contracts (licenses) which include limitation of liability and
disclaimer of warranty terms. The default rules for relationships
amongst parties (the ones that apply in the absence of a valid
contract) are based in tort and include negligence, warranties and
other basis of liability. However, when the parties enter a valid
contract, the contract's terms supercede the default rules unless the
terms violate a statute, a constitution or public policy. Limitation
of liability and warranty disclaimers contained in valid contracts
(which are used to limit risks to the developer) are routinely upheld
by courts.

However, whether mass-market public software licenses (such as the
GPL, MozPL, IBMPL, etc.) are enforceable has yet to be addressed, or
even litigated. This is why I wrote my paper; the uncertainty
surrounding the enforceability of such licenses causes inefficient
waste by those parties who wish to use such licenses in that they will
have to assume risk associated with this uncertainty.

Microsoft Licensing by Alien54 In your detailed paper, you note:
37. For instance, under the first sale doctrine, an owner of a piece
of software can transfer her program to whomever and for whatever she
desires. The use of a license prevents this doctrine from applying,
which allows computer programming firms to price-discriminate between
customer characteristics. If Microsoft wants to give Windows software
to public schools at a cost blow the production cost and the
transaction consummates a sale, the first sale doctrine would apply,
and the school could resell the programs at a higher price to a
corporation, retaining the difference. This would cause Microsoft to
charge all customers one price, either by lowering its price, forcing
it to run at a loss, or raising its price, thus making the program
unavailable to schools and other meagerly funded organizations. This
result is economically inefficient and would most assuredly be
politically unpopular. I am interested on the implications of the fact
of Microsoft's monopoly in as it applies to licensing. While it can be
argued that the two issues are separate, and one is not relevant to
the other, many people look at the practices of Microsoft in this
regard and view it with horror and contempt. Are there instances where
such licensing practices impose a non-legitimate enforcement of
"rights", and in fact constitute improper maintenance of a monopoly?
Or do people have these separate issues confused, when they should be
treated separately?

Dan

SHORT ANSWER

Yes, intellectual property licensing implicates antitrust law. License
provisions which have a net anticompetitive effect are illegal.

LONG ANSWER

Yes, since intellectual property licensing can be anticompetitive,
antitrust law is implicated. Antitrust law holds that any
anticompetitive effects of intellectual property licensing are
permissible only if they are outweighed by their procompetitive
effects. One highly important factor in this analysis is the market
power of the parties involved, specifically if either party is a
monopoly.

As you mention, the Department of Justice deemed Microsoft ("MS") to
have a monopoly in certain markets and to have engaged in licensing
with net anticompetitive effects. MS first came under scrutiny for its
licenses with OEM's that were designed to achieve long term
exclusivity. That time a settlement was reached by which Microsoft
agreed to reduce the term of it's agreements and allow for OEM's to
install other operating systems on their computers. The second round
of scrutiny currently under review by a federal appeals court in
Washington involves MS requiring the bundling of Internet Explorer
with Windows and is still being litigated. The dispute in that case
centers around whether MS has monopoly power and whether the
intellectual property licensing provisions at issue have a net
anticompetitive effect.

Images and Sounds by K45 How does the GPL affect non-sourcecode files
that are part of an application?

Specifically, I'm concerned about the images and sounds that are
included with a game I'm working on.

Does the GPL "contaminate" these other files that are included? If so,
how do "source" and "binary" distribution apply to images and sounds.

Dan

SHORT ANSWER

The GPL may "contaminate" sound and image files if they are part of a
whole work, and that work is based on a GPL licensed program.

LONG ANSWER

The relevant part of the GPL reads, If identifiable sections ... are
not derived from the Program, and can be reasonably considered
independent and separate works in themselves, then this License, and
its terms, do not apply to those sections when you distribute them as
separate works. But when you distribute the same sections as part of a
whole which is a work based on the Program, the distribution of the
whole must be on the terms of this License, whose permissions for
other licensees extend to the entire whole, and thus to each and every
part regardless of who wrote it. ... the intent is to exercise the
right to control the distribution of derivative or collective works
based on the Program. In addition, mere aggregation of another work
not based on the Program with the Program (or with a work based on the
Program) on a volume of a storage or distribution medium does not
bring the other work under the scope of this License. Therefore, under
the GPL, if the non-source code files are "distributed as part of a
whole which is a work based on the [GPL'd] program," then the whole
application, including those non-source code files, must be
distributed under the GPL. However, if the non-source code files are
not "based on the [GPL'd] Program" and are "merely aggregated" with
the GPL'd program for distribution, then those non-source code files
do not have to be distributed under the GPL. This means that the issue
lies in how the non-source code files are incorporated into or with
the GPL'd program.

If no source code exists for parts of the work, section 3 of the GPL
states that "the preferred form of the work for making modifications
to it," must be distributed in order to satisfy the "source"
distribution requirement. Since I have very little technical
knowledge, I'm not sure exactly what is "the preferred form" for
making modifications to image and sound files.

There are also two other issues which you might want to think
about. First, no court has yet ruled on the validity of the
GPL. Therefore, the above section may be held unenforceable. Second,
if you are the complete owner of all the copyrights in either the
non-source code files or the program, you have the ability to license
those copyrights under both the GPL and other licenses, if you so
choose. Say for instance, a GPL'd game comes your way and you wish to
add graphic X. You create graphic X in a way which creates in you all
its copyrights. If you then incorporate graphic X into the game, the
enhanced game must be distributed under the GPL. However, you can also
distribute your graphic X under other licenses, including closed
source.

Helping avoid contributory and vicarious liability by cworley Fred von
Lohmann wrote a White Paper for the EEF concerning avoidance of
"contributory and vicarious copyright infringement" (being liable for
writing software that promotes "fair use", but can be used for
copyright infringement).

In that, he states guidelines for developers. One of the guidelines
is: "Be open source".

I would think Open Source would set you up for liability in such
matters: anybody who modified your code, making it able to infringe on
copyrights, would make you vicariously liable for opening the code in
the first place.

Or, take for example, TiVo. Their systems are open source, they've
posted their kernel and tool modifications on their web site (as per
the GPL). Now they're worried that someone could use that to easily
create code that will allow MPEG extraction from the unit (and
widespread distribution of copyrighted materials).

I'm not sure how being open source can protect a software developer
from such litigation.

Can you explain this?

Dan

SHORT ANSWER

Whether one is liable for contributory and vicarious copyright
infringement is an extremely fact specific inquiry. Being open source,
by itself, does nothing to absolve one of liability for contributory
and vicarious liability.

LONG ANSWER

For those who have not had the opportunity to read von Lohmann's
paper, let me restate the underlying law regarding contributory and
vicarious copyright infringement before addressing your question.

Neither contributory nor vicarious copyright infringement claim that
the defendant violated any copyright; rather they claim the defendant
helped or benefited from someone else's copyright infringement. First
and most obvious, both forms of liability require the copyright owner
to show actual copyright infringement by someone. Whether or not the
source code of the program is released to the public won't make a
difference on the finding of this element.

Along with the showing of actual infringement, contributory
infringement requires the plaintiff copyright owner show (1) the
defendant actually knew or reasonably should have known of the direct
infringement at the time (2) the defendant induced, caused or
materially contributed to the direct infringement. For instance, one
can be liable for contributory infringement if they release a software
product that is used to infringe copyrights without any substantial
non-infringing uses. Vicarious infringement requires the plaintiff
copyright owner to show (1) the defendant could control or oversee the
direct infringement and (2) the defendant received benefit from the
infringement. Since element (2) for both of these tests has been
relaxed by the courts, the discussion properly focuses on the
knowledge element for contributory infringement and the control
element for vicarious infringement.

Being open source in and of itself most likely won't make any
difference for these elements. However, being open source, as opposed
to proprietary, may make it easier for the initial developer (or one
way upstream from the current version) to argue lack of control or
knowledge, especially if the project undergoes significant development
by downstream developers without any involvement or control by the
original author. This requires the open source code to be entirely
released without any continuing control, monitorization or ownership
at a point well before the time that the code is known to have
infringement capabilities. [Note: reasons why open source developers
may want to keep control and/ or ownership over their projects are
discussed in the responses to Questions 2 and 9.]

Therefore, if the open source developer retains control over the
program or if the version of the program used to commit copyright
infringement is similar to the version of the program originally
released by the open source developer, being open source does nothing
to reduce potential contributory or vicarious copyright
infringement. Other actions, such as providing maintenance or support,
might also support a finding of contributory or vicarious copyright
infringement.

Without putting words in his mouth, what I think von Lohmann was
trying to say was not "be open source", but rather "be extremist" by
selecting either "total control or total anarchy" as he puts it. He
advocates either retaining complete and entire dominion over your code
and the users of your code so that you can prevent any copyright
infringement or, at the other extreme, releasing the code entirely to
the public without any ability to control or determine how it
develops. In order to decide which is better for a project, this
benefit of a potential reduction in liability exposure should be
measured against the associated consequences of loosing all ability to
control or receive financial benefit from the project.

RELATED DISCUSSION

Lastly, when thinking about contributory and vicarious liability, open
source developers should also consider the Digital Millenium Copyright
Act (17 U.S.C. 1201). The DMCA isn't directly concerned with copyright
infringement, rather it addresses the technological measures that some
copyright owners use to control access to their works. For instance, a
court recently held (and the issue was not appealed) that CSS is a
technological measure that effectively controls access to movies. In
essence, the main copyright laws protect the property, while the DMCA
protects the fence which the property owner erects around her
property.

Specifically, the DMCA states that as of Oct. 28, 2000, "No person
shall circumvent a technological measure that effectively controls
access to a work." Further, the DMCA says the following: No person
shall manufacture, import, offer to the public, provide or otherwise
traffic in any technology, product service, device component, or part
thereof, that -

(A) is primarily designed or produced for the purpose of circumventing
a technological measure that effectively controls access to a work;

(B) has only limited commercially significant purpose or use other
than to circumvent a technological measure that effectively controls
access to a work; or

(C) is marketed by that person or another acting in concert with that
person with that person's knowledge for use in circumventing a
technological measure that effectively controls access to a work.  As
the DeCSS case demonstrates, these provisions expose software
developers to potential liability if they create programs which can be
used to defeat technological measures.

Big ballpark hypothetical by wrinkledshirt Okay, some unknown hacker
creates his/her foo application and releases the source under
GPL. Something occurs that leads him/her to suspect that the foo
source has been incorporated into a commercial product that isn't
following the terms of the GPL with regards to rereleasing the
source. Furthermore, the things that lead him/her to suspect this
aren't basic paranoia -- someone with a conscience and access to the
suspect source has leaked information about it or whatnot. Or maybe
something else -- point is, there is a case that could be made.

- From a PRACTICAL standpoint, what sort of things would this unknown
hacker have to do to make their case? Would it be possible from a
practical point of view under (eg) the United States legal system for
this unknown hacker to take the company to court? What sorts of costs
would he/she incur? What sort of time-frame would it take to achieve
resolution? What sorts of potential rewards or compensation could
he/she expect? Are there any precedents that are analogous to this
situation?

Dan

SHORT ANSWER

It would be difficult, but not impossible for an individual computer
programmer with little or no money to vindicate her copyright against
a major corporation. Resolution could take between several months and
several years. If successful, she can enjoin the infringing activity
and receive money damages.

LONG ANSWER

Practically speaking, the unknown hacker should seek legal counsel who
is familiar with litigating copyright law in the context of software
source code. And, yes, it is possible for an individual to take on a
major corporation, such as by enlisting the help of others (possibly
even a friendly corporation) or, in the rare instance, by a law firm
taking the case on a contingency fee basis. [For more discussion of
this, see the answer to question 2 above.] Such a copyright case can
last anywhere from several months (if settled during or shortly after
discovery) to several years if the case goes to trial and appeal.

Copyright Infringement occurs when someone other than the copyright
owner exercises one or more of the exclusive rights of the copyright
owner. An unauthorized use of the copyrighted material exposes the
infringer to criminal and/ or civil liability under U.S. copyright
law. Further, the copyright holder in a civil case does not have to
prove intent to infringe by the defendant, but only that the act of
infringement occurred. The defendant corporation would likely defend
the case vigorously by, among other things, asserting a variety of
defenses including the affirmative defense of fair use.

Once a copyright holder proves copyright infringement, she can recover
actual damages and lost profits if they can be adequately
proven. Otherwise, if the copyrighted work was properly registered,
the copyright owner can get attorney's fees and statutory damages,
which can be as high as $150,000, without any requirement of actual
proof of harm. Copyright holders can also seek an injunction to
prevent the alleged infringement from continuing during or after the
litigation.

Also, as a side note, it would be difficult for a case to rely
entirely on individuals "with a conscience and access to the suspect
source." For one reason, they are probably in violation of their
employee confidentiality agreement by telling anyone about what they
know to be in the suspect source code, so they may not want to come
forward to testify. Consequently, it would be helpful to discover
other evidence (documents, sworn testimony, etc.) supporting the
allegations.

As for precedent, in the case LMP v. Universal Lighting, a law firm
took a technology-related case for a couple of garage inventors on a
contingency fee basis and won a $92 million judgment. Although it took
several years and a couple appeals, the plaintiffs eventually had
their rights vindicated.

Supremacy Clause and shrinkwrap "no review" terms.  by coats Daniel,
you write, 59. There is a huge flaw with this core of these Supremacy
Clause preemption arguments. The underlying rationales given for
performing a separate Supremacy Clause preemption analysis are exactly
the same arguments made for finding the license procedurally or
substantively unconscionable under state contract law. How does this
square with shrinkwrap license clauses that demand no one publish
reviews or benchmarks without permission? Both Microsoft and Oracle
employ such clauses, for example. It would seem to me that this
conflicts with the original (1823?) Supreme Court decision that
established the "fair use" doctrine -- the Court declared that
Congress might not pass a copyright law so stringent as to restrain
freedom of speech nor freedom of the press... and benchmarking and
publishing the results certainly is a legitimate exercise of the
latter! And the subject would seem to me to be precisely a Supremacy
Clause argument...

Dan

SHORT ANSWER

The rights given to individuals by the Constitution and Congress are
mere default starting positions which can be freely transferred by
contract. As long as a contract is validly formed, the Supremacy
Clause will not undo the bargain struck by the parties.

LONG ANSWER

The Supremacy Clause of the Constitution preempts any state law which
"stands as an obstacle to the accomplishment and execution of the full
purposes and objectives of Congress." Some argue that state contract
law which enforces software license provisions such as prohibitions
against publishing benchmarks or reviews circumvents the doctrine of
fair use and the first amendment and, as such, should be preempted by
the Supremacy Clause. Those who advance this argument believe that
parties should not be allowed to use contracts to undo the
congressional fair use balance struck between the right of copyright
owners to control the use of their works and the Constitutional right
of individuals to the freedom of speech. However, the accepted view is
that individuals have the right to contract around the fair use
balance struck by Congress. Therefore, copyright law and the
Constitution supply mere default rules, which only apply in the
absence of an agreement between the parties.

The Constitution also gives us the right to give up our rights (think
Miranda warning, "You have the right to remain silent; If you choose
to waive that right and talk, we can use what you say against
you."). We can also exchange the rights we are given initially for
other rights (think confidentiality agreements which say "I agree to
restrict my right to tell people what you show me, if you also agree
to restrict your right to tell people what I show you."). Validly
entered contracts are the vehicle by which rights are exchanged. And
although there are some differing points of view, the widely accepted
theory is that the Supremacy Clause has no application to validly
entered contracts. Therefore, as long as they are part of a validly
entered into license agreement, the anti-publication of benchmarks or
reviews provisions are completely legal and enforceable.

RELATION TO OPEN SOURCE LICENSING

Contrary to what I sense is your feeling, it is my view that the open
source community should be encouraged by this result for the simple
reason that several provisions in the most common public software
licenses (the GNU General Public License and the Mozilla Public
License) could also be deemed to limit the fair use rights of
licensees. For instance, the GPL requires the licensee to license
under the GPL any future work which includes part of the licensed
work. This arguably prevents someone from making a fair use of GPL'd
code (for example, by taking a small line of code and incorporating it
into a million line program which is part of a doctoral
thesis). However, by entering into the GPL, the licensee possibly
waives her right to make any such fair use. If the Supremacy Clause
was to preempt this provision, the intent and strength of the GPL
would be seriously thwarted. Therefore, it is good for the free
software community that the Supremacy Clause does not strike
provisions of validly entered software licenses.

Further, there is another reason why the open source community may be
benefited by the anti-publication of benchmarks or review provisions
of closed-source licenses. Assume two software products compete in a
market, one is closed source and licensed under terms which include
the anti-publication provisions mentioned above while the other is
licensed under a public software license, such as the GPL. The open
source product will presumably be or become the subject of published
benchmark reports and reviews, while the closed source product will
not. Educated consumers may be less likely to purchase the closed
source product because they have no available information regarding
its performance or quality. Further, even if there are published
benchmarks and reviews for the closed source software, educated
consumers may recognize that those reports and reviews were only
published with the consent of the closed source company. This fact
will detract from the reliability and value of the report or review to
the consumer. So at least in theory, the anti-publication provisions
may actually hinder the closed source product's ability to compete
with open source products in the marketplace.

Contributor Agreements by dood I'm one of the lead developers on the
Open Source project Jive. Many of our contributors work on the project
as part of their job duties at their place of employment. In light of
that, we've been considering a mandatory Contributor Agreement for all
code that is submitted to the project (excluding one-liners).

We want the agreement to accomplish three things:

1. Stipulate that the code is being released to the project under the
   project's license (for our project this is the Apache License).

2. Ensure that the contributor has permission to release the
   intellectual property to the project, including any necessary
   permission from their employer.

3. Make sure that the contributor does not apply for patents for the
   code that they're submitting.

My question is:

1. Do you see legal value in this sort of agreement?

2. Do you know of any boilerplate agreements that exist?

3. Shouldn't more Open Source projects be worried about IP issues that
   a contributor agreement seeks to prevent?

Dan

SHORT ANSWER

Yes, there is legal value in this sort of agreement. Yes, there are
"boilerplate" agreements available, but I strongly advise against
relying on them entirely. Yes, the managers of open source projects
should consider the intellectual property issues involved with their
project and consider the appropriateness of a contributor agreement.

LONG ANSWER

- From a purely legal standpoint, such an agreement provides several
benefits to open source projects. The potential for your project to
incorporate submitted code that actually belongs to someone else
(namely the contributor's employer) creates a risk for your
project. Requiring contributors to confirm that they have permission
to release the code to your project helps to reduce your exposure to
third party intellectual property infringement claims. In addition to
having the agreement for legal reasons, it could also be helpful to
also post a detailed FAQ about why such an agreement is needed and who
a contributor can contact if they (or their employer) have issues or
questions.

It should please you to know that several members of the open source
community, including the Free Software Foundation and Sun, already go
about protecting their open source projects by requiring contributors
to complete similar type agreements. However, one difference between
what I've seen and what you propose is that such agreements do not
forbid the contributor from applying for patents; rather they require
the contributor to grant a license to any future patents she receives
to the project as well.

As for "boilerplate" agreements, at the risk of sounding self serving,
I encourage you to have a lawyer review any documents before using
them for your project. The time and money you invest will ensure that
the agreement complies with the specific laws of your jurisdiction
while also addressing and satisfying the specific needs of your
project.

How Can We be More Effective?  by bwt The open source community
interaction with law and politics to date has been almost completely
reactive. Typically some company or government institution has or is
about to do something draconian before we are able to
mobilize. Sometimes we get there in time, sometimes not. Examples are:
DMCA, UCITA, and hundreds of software patents, Microsoft's embrace and
extend campaign of the week, ... the list goes on.

What can we do as a community to be more effective in protecting
ourselves. I'm someone who has joined the EFF, written letters to the
copyright office, participated heavily on Openlaw, and written letters
to my Congressmen. Many of us are involved in these ways, but somehow
we've got to take it up a notch. What's the next step?

Dan

SHORT ANSWER

I strongly believe that the free software movement has been and
continues to be incredibly successful in the only arena that matters,
the market place.

LONG ANSWER

I think you don't give yourself enough credit. The impact free
software has had in such a short period of time is simply amazing,
especially when one considers the economic disadvantage open source
supporters have in relation to those who oppose them. Being reactive
is not necessarily a bad thing; it's much better than being alienated,
indifferent or complacent. But, since you asked, I make a few
suggestions below, which may help the free software movement continue
to progress at its already extremely productive rate.

My first suggestion is to recognize what has been accomplished. Often
it is easy to focus on what has not been done or what has gone wrong,
but every once in a while, it is necessary to appreciate the
achievements of the past. Although you believe the open source
movement lost certain legal battles (such as DMCA, UCITA, software
patents, etc), what matters is the war in the marketplace. In my
opinion, open source development has been galvanized, not thwarted, by
these "losses." To support this conclusion, I simply point to the
amount of press open source software has received to date and to the
number of major corporations, including IBM, HP and Netscape, who have
made severe commitments to the ideas behind the free software
movement.

My second suggestion is for open source developers to keep writing
good code. After all is said and done, people care about getting the
best product they can at the cheapest price. The free software
community has already proven to many people that it provides a
competitive and sometimes superior alternative to proprietary software
development. Although legal issues are important to the success of an
open source project, they should always come second to the technical
development of the code. It is my opinion that law does not lead the
market, rather the market leads the law. Therefore, winning in the
marketplace will lead to winning in the legal system, not vice versa.

My last suggestion is to encourage the open source community to take
advantage of the marketplace of ideas. Although some individuals
deserve a little more credit than others for the achievements of the
free software movement, the key to the success of open source software
development has been the involvement of vast numbers of
individuals. To this end, I would encourage those in the free software
movement to welcome varying points of view. Limiting the amount and
kind of ideas which are presented and discussed will serve a great
disservice to the movement. Only through (sometimes heated) debate
will the most merit-worthy principles reveal themselves.

But again, I reiterate that it is my sincere opinion that the
accomplishments of the open source movement to date can only be
described as remarkable.

"Special Guest Comment" by Richard M. Stallman I'm glad that people
are interested in asking about the GNU GPL, but while asking, please
keep in mind that the GPL was not developed by the Open Source
Movement, and really has no connection with it.

The Open Source Movement was founded in 1998 by people who disagreed
with the Free Software Movement's idealistic goals. Many open source
developers use the GNU GPL for pragmatic reasons--to make sure that
their programs won't be "embraced and extended" into proprietary
versions. Anyone is welcome to use the GPL, for whatever reason. But
in order to understand the GPL, you need to think of it as a free
software license, not as an open source license.

I wrote the GPL in the 1980s as part of the Free Software
Movement. The goal of the Free Software Movement is to give computer
users the freedom to share and change the software that they use. The
GPL is designed specifically to achieve that goal--to make sure every
user of a GPL-covered program has the freedom to share and change it.

Dan

Mr. Stallman is indeed correct. However, since the practical, as
opposed to theoretical, legal differences between free software and
open source are minimal in comparison to their collective differences
with proprietary software development, my responses above use the
terms interchangeably. By doing so, I do not intend to imply that all
public software licenses are the same; just as I do not intend to
imply that all proprietary software licenses are the same by also
grouping them together in my answers. Lastly, Mr. Stallman's point
that the GPL differs from other open source licenses reinforces my
suggestion above that individuals should seek specific legal advice
for their specific circumstances.