A license gives a person permission to use another’s IP in a way that would otherwise constitute infringement. A license will set out the conditions of use and if the user violates these conditions the license allows IP owners to exercise their property rights. This is an important distinction, because it is easier to obtain an injunction when one’s property rights have been violated, e.g., copyright infringement, than it is for a breach of contract. An injunction orders a party to refrain from the infringing activity and can halt business operations, whereas the ordinary remedy for a breach of contract is damages. In 2008, the United States Federal Court of Appeals in Jacobsen v. Katzer confirmed that if a license is limited in scope and the licensee acts outside the scope, the licensor can bring an action for copyright infringement.
WHY SHOULD I CARE ABOUT OPEN-SOURCE LICENSES?
In all likelihood your company has encountered OSS. OSS is becoming ubiquitous as companies that initially cast a wary eye on it have now realized its numerous benefits, including its ability to drive down development costs. It is now difficult to find commercial software that does not incorporate OSS in at least some areas.
While open source offers many benefits, it also heightens the probability of code contamination or unclean IP. Code contamination occurs when content is brought into a development project without regard for licensing or copyright obligations.
The value of a company and its product often depend on the cleanliness of their IP—not solely on its protection. Disregarding license obligations can have surprising and costly consequences for many stakeholders. In any merger and acquisition or funding deal, uncertainty over clean IP can:
- Generate risk and threaten successful closure
- Increase product time to market
- Affect software IP valuation and overall business valuation
- Result in litigation that can drag on for years, draining company resources
- Produce negative press and public scrutiny
One of the most well known examples of an open-source surprise attack comes from Cisco and Linksys. Linksys routers used chipsets supplied by Broadcom, and Broadcom outsourced development of these chips to an overseas developer. In 2003, Cisco acquired Linksys for $500 million. After the acquisition, the Free Software Foundation (FSF), an organization that actively seeks companies that violate open-source licenses, determined that the chips contained copyrighted code under the GPL and that Cisco was distributing the product in violation of the license. Cisco agreed to remediate the situation by releasing the source code. As a result, the software Cisco believed to be proprietary when it conducted its business and IP valuation of Linksys was now freely available to the public. In 2008, the FSF sued Cisco for copyright infringement, claiming that Cisco never completed the compliance process. In 2009, Cisco paid an undisclosed amount to the FSF and settled.
WHAT ARE THE MAIN OBLIGATIONS OF OSS LICENSES?
Despite the many benefits of OSS, companies often shy away from it because they do not fully understand the obligations of various licenses. There is fear that using OSS will require a company to give away all of its software for free, but this is not accurate. This section will explain the primary obligations of some of the most frequently used open-source licenses. Open-source licenses can be diverse and can range from quite permissive to quite restrictive. Some of the most frequently used OSS licenses that will be reviewed are:
• GNU General Public License (GPL) 2.0
• GNU General Public License (GPL) 3.0
• GNU Lesser General Public License (LGPL) 2.1
• New BSD License
• Apache License 2.0
• Mozilla Public License (MPL) 1.1
The matrix shows six of the most frequently used open-source licenses based on their salient obligations. Please note that this is not an exhaustive explanation and it should not be construed as legal advice. Please consult with an attorney.
LESSONS LEARNED
GPL violations and other open-source license violations occur on a regular basis, even if unbeknownst to the offender. The lawsuits in 2009 demonstrate that licensees cannot simply ignore their open-source licensing obligations. As seen in this article, licensors are willing to enforce the terms of the licenses in a court of law. The lawsuit against Best Buy, et al highlights the importance of understanding what OSS is, taking inventory of what OSS is included in each product, what licensing obligations apply, and compliance with these obligations. This process can be facilitated by IP audits, now made easier with automated source-code scanning tools that analyze and identify the presence of open source code, IP ownership, and what type of license applies.
It’s become common in many industries for products to contain hundreds and thousands of software components, so companies will increasingly seek assurances of clean IP. The Cisco-FSF saga described above serves as a cautionary tale to acquirers, targets, and other stakeholders in the software food chain that IP audits should be conducted not only during the due diligence phase preceding a closing, but also throughout the product life cycle from conception.