Access the internet; find it; download it; then modify it, use it, distribute it, and/or incorporate it into a product. Best of all, it did not even cost a penny! What is it? It is open source code; source code that is licensed to the user under certain terms and conditions, without the requirement to pay a fee for modifying, copying or distributing the source code.
However, there are actual and potential "costs" associated with all open source code. For example, there is the "cost" of complying with the obligations set forth in a license for the open source code, which license governs modifying it, using it, distributing it, and incorporating it into a product. There are also, for example, the potential "costs" associated with any defects in the open source code and clouds on the pedigree (legal title) of the open source code.
There are many legal issues and just as many myths about open source code and open source licenses. Furthermore, open source code has become the subject of much debate and, most recently the cause for litigation.
The confusion and uncertainty surrounding open source code can make its use and application in practice a legal challenge. A failure to carefully consider the legal and practical issues surrounding the use and application of open source code may be costly.
1. WHAT IS SOURCE CODE?
Source code is computer program code that is readable by human software programmers; after source code is generated, it may be "compiled" into "object code" that runs on a computer. Source code can be readily interpreted and understood by a software developer, whereas object code, consisting of "1's" and "0's" is readily understood and interpreted by a microprocessor.
2. WHAT IS OPEN SOURCE CODE?
Companies trying to benefit from their proprietary developments protect source code through trade secrets, patents, and copyrights. For the most part, companies also kept the source code "hidden" or a secret and distributed only the object code.
However, over time, many people came to believe that the wide-spread use of object code only software prevented the free flow of ideas because without the source code, programmers could only see the result of the program and not easily know how the result was achieved. Accordingly, it became increasingly popular, particularly in the 1990's, to distribute software with its source code using a license that allowed free modification and distribution of that source code. The effect of such licensing causing such source code to become widely disseminated, for example, across the Internet and the ideas underlying such source code to become public.
One such license, the GNU General Public License (GNU GPL), took this idea one step further and required a recipient of source code covered by this license to distribute, or make available, his or her modifications to whomever the recipient distributed object code generated from the modified source code, effectively making visible all modifications to the source code of a modified program distributed under this license. The most famous software program that is governed by the GNU GPL is the Linux kernel, a core component of the Linux operating system started in the early 1990s by a young Finn named Linus Torvalds.
Later, in 1998 Netscape "opened" (made the source code) for its well-known Web browser publicly available under the Netscape Public License and the term "open source code" was coined. While the concept of open source embraces a variety of licensing regimes, a common thread is that the underlying source code is shared and visible.
3. WHAT IS THE UNCERTAINTY AND THE RISK FOR COMPANIES?
As the Linux operating system and other open source software continue to emerge as credible alternatives to proprietary software, companies may consider using such open source software within their business, whether, for example, for use internally on company computer systems or for integration in company products.
Companies that wish to use open source code must have a clear understanding of the applicable legal principles in order to make an informed decision regarding and guard against unintentional exposure to the uncertainty and risk associated with the use and application of open source code.
a. THE UNCERTAINTY OF USING OPEN SOURCE CODE
Companies need to be aware of the fact that open source code is intended to be governed by an applicable license that blends the concept of intellectual property and contract law in a way that has yet to be fully judicially tested. As of this date, no U.S. court has ruled on whether the GNU GPL or any other open source code license is an enforceable contract. In the case of Progress Software Corp. v. My SQL AB, 195 F. Supp. 2d 328 (D. Mass. 2002), the only U.S. case so far in which an open source code licensor sought an injunction, the court did not reach the issue of enforceability of the license. Instead, the court simply held that the licensor had not shown a likelihood of success on the merits, nor had the licensor shown irreparable harm. This lack of interpretive guidance creates uncertainty and risk, particularly where an open source code licensee relies on the validity and enforceability of the license for its business.
Further, there are many risks associated with compliance to the terms and conditions of such licenses. If a company fails to properly provide the proper copyright notices or attributions or does not give back modifications to the community under the terms of the license, the company could be faced with legal action. A company could, for example, be subject to an injunction preventing its use and distribution of products or services based on or including such open source code, have to pay a significant settlement or damage amount to the disgruntled open source code licensor, face possibly multiple suits by angry customers if it cannot support its products or services based on the open source code, and the time and expense of resolving the non-compliance through, perhaps, preparation of a new version of the product or service such that it no longer includes or is based on the open source code.
Another significant issue is that most open source code, including GNU GPL licensed code, is provided AS IS; there are no representations and no warranties. Moreover, most open source code licenses provide no indemnities of any sort. This leaves recipients of open source code, whether a recipient company that simply uses open source code internally or a recipient company that makes or distributes products or services based on or incorporating open source code, exposed to significant risks, particularly as to infringement of third party intellectual property rights (such as patents and copyrights).
For instance, a company could use open source code under the GNU GPL without open sourcing. Thus, the authors of the tools could potentially seek an injunction against the manufacturers, claiming that all of the customized code was being used in violation of the license agreement. The manufacturers could then face multiple suits from dissatisfied customers, and the manufacturers could in turn sue the software developer.
Such problems are not limited to software companies. For instance, a computer programmer at any company could download a few lines of code protected by the GNU GPL and incorporate it into a small subroutine in the company's network operation software. If the employee became discontented or left the company on unhappy terms, then the former employee could report any violations of the GNU GPL to the FSF, which could conceivably attempt to seek an injunction.
b. THE VIRAL OR TAINTING TYPE OF OPEN SOURCE LICENSES
Companies in the business of developing proprietary software that incorporate open source code need to be aware of the viral or tainting effects found in certain open source licenses, such as the GNU GPL. Such licenses include terms and conditions that purport to require the disclosure of all proprietary source code that is combined with the open source code.
More specifically, the GNU GPL requires that recipients of programs made subject to its terms be allowed to view the source code of those programs. Thus, to preserve the availability of source code, the GNU GPL encourages recipients of such programs to make modifications to them with the obligation that the complete source code, including of any modifications, accompany the modified programs when distributed by the recipients or otherwise be made available to those that receive the modified programs from the recipients. Furthermore, the GNU GPL limits a recipient's ability to impose requirements on downstream recipients as the program, modified or not, must be licensed under the terms of the GNU GPL.
These obligations can raise a number of concerns. For example, the GNU GPL may significantly restrict a company's ability to exploit and control modifications to a GNU GPL program that the company independently develops. Additionally, if a company's proprietary program incorporates part or all of a GNU GPL program, the GNU GPL's terms could be argued to require that all source code - including proprietary code - be divulged to all persons along the prospective chain of distribution. Thus, if GNU GPL licensed code is incorporated into, or with a company's proprietary code, there is possibly a great deal of uncertainty and associated risk.
Consequently, companies that intend to add functionality to an existing proprietary program by employing open source code that is licensed under an open source license or that intend to make significant modifications to such open source code should carefully consider the impact of the open source license or licenses for such code and proceed cautiously.
4. WHAT CAN THE PILLSBURY WINTHROP OPEN SOURCE PRACTICE TEAM DO FOR YOU TO ADDRESS THESE POTENTIAL PROBLEMS NOW
The issues raised by open source licensing touch on diverse areas of the law like contracts, patents, and copyright laws as well as the overlap of these bodies of law in litigation.
Pillsbury Winthrop has experts that are familiar with the practical and legal issues surrounding open source code and open source licensing and we can provide you with a full range of services and advice so that you can properly, with minimum risk, use and apply open source code in your business. For example, we can provide the necessary due diligence investigations relating to the current use or application of open source code in your company; advise and take steps to address problems raised by patents and copyrights of others covering open source code; develop strategies relating to warranty and indemnification issues with respect to open source code; analyze employment agreements and establish policies to address the concern of employee downloading of open source code and the use and application by such employees of open source code in your business; provide guidance on the impact of employee actions that may place a company under the obligations of an open source license agreement; help minimize your exposure to litigation stemming from the use and application of open source code; and handle any litigation that you may face arising from open source code.
The comments contained herein do not constitute legal opinion and should not be regarded as a substitute for legal advice. Copyright 2004 Pillsbury Winthrop LLP.