Open Source: Chicken Little and Age-Appropriate Explanations
In the mid 1990s, when I first began running into open source in my practice, I noticed that open source had a very strange effect on intellectual property lawyers. It was a Chicken Little situation, but instead of crying "the sky is falling" they were crying "the code is infringing."
Nearly ten years later, very few intellectual property lawsuits have actually been filed relating to open source. Roughly, the scorecard looks like this:
- Trademark infringement suits: 1 (MySQL-NuSphere)
- Copyright infringement suits: 1/2 (SCO, after modifying the complaint)
- Trade secret infringement suits: 1/2 (SCO, original complaint)
- Patent infringement suits: 0
The sky did not fall.
But it is cheap to laugh at us lawyers, who, after all, are paid to be frightened on behalf of others. The only upside for lawyers being reasonable is that their clients like them. The downside is that lawyers get sued for malpractice if they don't give conservative enough advice.
The lawyer who told Bill Gates' competitor not to sign IBM's non-disclosure agreement -- thereby foregoing his opportunity to become the largest software company in the world -- will never be threatened with malpractice claims. But his client probably didn't like him much.
What Were They Scared Of?
IP lawyers spend a lot of time cleaning up the poor housekeeping of their clients. We have seen it all -- from negligence to outright theft, companies developing technology are all over the spectrum when it comes to that tedious task known as intellectual property diligence. In short, any company building technology into its products that was not invented or authored by its own employees needs to make sure it has the proper licenses to use that technology.
If you have ever gone through a corporate sale or investment, you have been through this housecleaning process. The company is called upon to lay open its records, and show that if it is using anyone else's technology, it has the right to do that. It accomplishes this with license agreements.
Because lawyers are accustomed to reviewing inbound commercial licenses, which are wrapped up in a nice little bow, and include lovely little risk-bearing provisions like indemnities, they reacted to open source with suspicion. Not only does open-source code come with no warranties, it comes with no provenance -- or at least that was the way it looked to IP lawyers. So, no one would stand up and be responsible, economically, if the code was stolen IP, and no one could stand up and say, "I am the author of this code," because there was no single author. So, the IP lawyers told their clients to avoid open source like the plague. It was a bit like your mother telling you, "Don't put that in your mouth -- you don't know where it's been."
Age-Appropriate ExplanationsWhy did IP lawyers react with such fear to something that has been so un-litigated? It is because they only see the legal mechanics of software development, and not the practical mechanics of it. In this sense, IP lawyers need an age-appropriate explanation of adult topics. The process for commercial software is simple: We need some code, we go to a commercial vendor; if the code is infringing, we look to them for indemnity coverage. For the average software development, this process happens about a dozen times.
But the story for open-source development is more complex: We need some code, we assess commercial and open-source options, we choose open source, we get a copy (not necessarily from a commercial vendor), the world is our support team, and if the code is infringing, we suck it up. For IP diligence, this is information overload. Among IP lawyers, this causes wing-flapping.
So, you may wonder, why has it actually worked better than anyone expected?
The Adult Explanation
There are, in fact, many reasons why intellectual property infringement suits might not arise for open source -- or if they do arise, they will not be as costly or dangerous as intellectual property suits relating to closed-source software.
- Early discovery and constructive notice. If you are an intellectual property owner, and you are interested in filing infringement suits, and you want to accuse a piece of commercial software of infringement, you have a problem: you can't see the source code. You can get a copy of the object code and reverse compile it, but by doing this you risk copyright infringement claims being made against you. So, there are technical and legal barriers to figuring out whether you really have claim to file.
In open source, the reverse is true. You can determine whether you have a claim by just looking at the source code. Moreover, a plaintiff who has had the opportunity to discover the infringement, and fails to act on it, can see his remedies erode. If you sit on your rights long enough, you can lose all remedies (through a doctrine called "laches") and if you sit on them for a while, you can even more easily lose the right to injunctive relief. The bottom line is that open source would tend to make claims arise more quickly. Quicker claims are easier for defendants to deal with. The worst case for an IP defendant is having to pull a product from the shelves due to an injunction granted after the product has saturated the marketplace.
- Quick re-engineering of problems. For most companies, the worst case scenario for IP infringement is having to re-engineer a product. But when translated to the open source context, it's not quite so bad. Imagine the nightmare event: Someone files a patent infringement suit claiming that the sale of copies of the Linux kernel infringes a patent.
As soon as this suit is publicly announced, how many software engineers would go to work to engineer around the problem? Exact numbers would be difficult to predict, but we can estimate it would be just about all of them. How quickly will the product be re-engineered? As soon as humanly possible. Granted, this does not allow users of infringing code to avoid damages for infringement in the past, but it does temper the threat of injunctions, and avoid infringement after the claim is made.
- Lawyers don't work for free. Those who fear patents are quick to point out that patent litigation is expensive to defend, but it is also expensive to prosecute -- very expensive. One million dollars in legal fees is a baseline for an actual lawsuit. Thus, the trick to being an IP infringement plaintiff is to issue threats rather than file suits, and to go after the choke points that will yield the biggest damages -- developers and distributors. Going after individuals is too expensive. But most of the distributors in the open source space are not good targets for money damages.
Many open-source projects are not-for-profit or marginally profitable. Large distributors of open source, like Novell or Red Hat, would be more profitable targets. But they are also the most likely to defend their position to the hilt, and not capitulate to demand letters.
- The pillory. If damages are not an economically rational objective, that leaves injunctions -- which are attractive only to plaintiffs with competing products. Many open source products essentially have no competition. Those who compete with open source have their own problems. As the SCO case demonstrates, litigating against open source is a scorched earth strategy.
Any company that does it risks excommunication from the software community and a public relations nightmare. Not many companies have the intestinal fortitude for this. So, even more so than for proprietary software, the most likely sources of infringement claims are companies without viable businesses, such as IP holding companies with no business other than enforcing IP rights. But the latter are only out for money. If damages are not economically rational to seek, they will not seek them.
- Non-obviousness. The success of patent lawsuits is tempered by doctrines of patent law like non-obviousness. A patent can be invalidated -- and indeed never should issue -- if the teachings of prior art render the claimed invention obvious. All open-source code is by definition publicly available for use as prior art. If you believe open source is innovative, you must also conclude that the more open-source code is published, the fewer valid software patents will issue. This does not discourage lawsuits, because invalid patents can and do issue. But it makes patent lawsuits less successful.
These do not, of course, mean that open source is risk-free. It is risky. But so is using any technology, or engaging in any business. Intellectual property infringement lawsuits can be filed any day accusing open source software, and threatening to enjoin its use. People also die in car crashes, but that doesn't mean we don't drive to work. The industry, tacitly, has decided this is a manageable risk. The facts have not proved this decision wrong.
And by the way, Santa didn't leave you that bicycle; it was your parents who stayed up all night putting it together. But isn't that better, in a way?
Now, About Those Software Patents ...
Two months ago I suggested in this column, that software patents were not as evil as the free software community's rhetoric suggests. Thanks to all who wrote in to tell me how misguided my views were. Based on the comments to the article, many readers believe there are patent owners who stand ready to use their software patent portfolios to bring down open source. But no one had any explanations as to why they have not done so.
Have those patent owners simply been too taken up with other concerns -- such as the war on terror, or reacting to delisting notices -- to file their cascade of lawsuits, knowing, all the while, that their statute of limitations is ticking away? I doubt it. As I described above, I think that open source is robustly preventative of intellectual property lawsuits, and spreading FUD about patent infringement is neither useful nor realistic.
The facts bear me out -- and do not support the rhetoric. Just to be clear, software patents are not new; they already exist in the EU and they have existed for many years in the US. So those who claim patents stifle innovation, might be well served to point to some good, solid examples. Those whom claim that the chilling effect of patents is uniquely problematic for open source software should be able to point to more examples of patent infringement claims in open source software than in other industries.
So, let's use the lovely technology of the Web to investigate this: Please comment on this article and, instead of explaining in theory why patents stifle innovation, give me examples -- name names, at least to the extent you can. Obviously, an actual patent lawsuit accusing open source would be highly visible and create headlines. What would not create headlines would be the kind of infringement threat that is quietly settled and swept under the rug. That is what I want to hear about. If patents are an immediate danger, I would like to know. But I want to hear facts, not rhetoric. And I also want to hear about the reaction to patent threats. Has the accused code been re-engineered? How long was it off the "shelf"?
On Innovation's Side
I have seen innovation stifled many times in the course of practicing law. After the patent article, many people wrote to tell me that as a lawyer I clearly did not care what happened to the poor software developers whose innovative juices were being sucked out of them by the fear of patent infringement -- and that I only cared about my own pocketbook. (Believe me, I do care about my pocketbook -- particularly in April.)
But, in fact, my pocketbook ebbs and flows with my clients' business, not their legal woes. If it were not for the freedom to innovate, I would have no clients and no fees. But I have plenty of clients, and most of them develop software, and none of them have stopped even a single project due to the fear of patent infringement -- whether they are using open source in their projects or not. All of them know patent infringement is a possibility, but all of them are willing to take the risk.
In truth -- alas -- I am not in the ivory tower at all, as I wistfully suggested in my earlier "Fuzzy Patent" article. I am in the trenches, every day, helping my clients deal with intellectual property issues as they struggle to push products out the door in an industry where time elapses in dog-years. Though there is much rhetoric in the software community about how stifling patents are to innovation, that is not the problem I see in the trenches.
There is one huge, overarching evil that stifles innovation in the software industry -- but it is not software patents. It is a copyright license -- poorly drafted, contradictory, irremediably vague, and overreaching. It has resulted in millions of dollars of lawyer fees and the scrapping or re-engineering of many projects. I will leave it to your imagination to decide which license that is.
There is a delicious irony going on here. The current fear of patent infringement is not unlike the fear, ten years ago, of copyright infringement. Neither has materialized in any meaningful way, though there has been ample opportunity: Linux has become ubiquitous, Apache has no meaningful competition, and JBOSS and MySQL are saturating the industry. Even if a major lawsuit were filed tomorrow, open source would still have an outstanding track record of avoiding IP infringement, compared to proprietary software, which is the subject of frequent infringement claims.
So, to both the IP litigators who advise their clients that open source is dangerous, and the open source proponents who say that software patents are dangerous: If you think there is a troll under the bridge, you had better name him. Otherwise, people will think you are telling fairy tales.
Heather Meeker is a shareholder at the international law firm Greenberg Traurig, LLP, and specializes in intellectual property transactions for software and other technology clients. Ms. Meeker is the co-chair of the Open Source Committee of the Science and Technology Section of the American Bar Association. She advises clients regularly on open-source licensing issues and open-source business strategies.