An Open Source Software Primer for Lawyers July 17, 2014 Presentation to the ABA Open Source Committee, Section of Science & Technology Law Joanne Montague joannemontague@dwt.com Davis Wright Tremaine LLP 1
When legal issues arise Developing and releasing products containing OSS Embedding/bundling third party supplied software into products Running a web-based service using OSS Using OSS for business operations Acquiring ownership of another s software 2
Overview Legal risks Open Source Software (OSS) landscape OSS licenses Key risks to avoid Compliance and enforcement 3
The open source landscape Primary Definition of Open Source Software Software that is licensed under a license that conforms to the Open Source Definition (OSD) Community Development Projects May be used to produce OSS but not always Business Models Save in development costs particularly for operations and web-based services Promote commercial sales of other software, hardware, and/or support services 4
OSS licenses Important requirements of the OSD Must be royalty free Must permit modifications and redistribution Must not require license execution Must permit code extraction and separate redistribution $ I Agree Just because you do not need to sign a license does not mean that there are not significant terms and conditions. Nor does it mean that the IP is in the public domain. 5
Permissive and reciprocal licenses Permissive Licenses BSD, MIT, Apache Reproduce notices and license No requirement to make source code available Reciprocal: Copyleft Reproduce notices and license Requirement to make source code available Strong Copyleft licenses (GPL, LGPL) Do you need to understand inner workings of Copyleft code or is there a standard interface? Weaker Copyleft licenses (MPL, EPL, CPL) Usually limited to modifications to the Copyleft code 6
Key risks to avoid Loss of Trade Secrets Noncompliance with OSS Licenses Copyright infringement Injunction, statutory damages Breach of agreement Damages, specific performance Community outrage OSS Integrity/Pedigree Damages Injunction Unauthorized Contributions to Community 7
Is OSS enforcement different? OSS Differs from Other Acquired Software May be unaware of infringement No physical acceptance Use may avoid internal legal review May slips through internal procurement process Copyright ownership and standing to sue may be unclear Violations may be easier to detect 8
Why it matters Remedies for breach of contract Damages most common Specific performance Injunction Remedies for Copyright Infringement Damages Copyright owner s actual damages plus infringer s profits; OR Statutory Damages (# of infringing copies multiplied by statutory amount) Injunction Costs and attorneys fees 9
Enforcement Objectives Follow rules Raise social awareness Ensure intended value is recognized Attribution Marketing Sales of other products/services Improve software Discouraging use is not an objective 10
Compliance and Enforcement Jacobsen v. Katzer (Fed. Cir. 2008) Jacobsen manages OSS group called Java Model RR Interface (JMRI). JMRI, with many participants, created DecoderPro. Jacobsen holds copyright in the code, which he makes available for download under the Artistic License. Court held Katzer was a copyright infringer Settlement Feb. 18, 2010 Katzer develops commercial s/w for model train enthusiasts. Katzer failed to comply with the notice provisions of the Artistic License Even though Katzer agreed to comply going forward the D. Ct. could still impose an injunction on the basis that Katzer might fail to comply again 11
Compliance and Enforcement BusyBox Cases BusyBox Set of GPLv2 Unix utilities used in limited resource devices (e.g. cell phones, DVD players) Widely used in products sold by many manufacturers Spawned several lawsuits alleging: No inclusion of or offer for source code No copyright notice No copy of the GPL itself 12
Enforcement and Compliance BusyBox Settlement Terms Retain Open Source Compliance Officer Disclose source code for the version of BusyBox distributed Take substantial efforts to inform previous recipients of their rights under the GPL Pay an undisclosed amount to the owners of BusyBox $ 13
Compliance and Enforcement Issues Surrounding Android 2013-2014 0 U.S. smartphones running Android 0 Worldwide smartphones running Android 0 0 52% 81% 14
Compliance and Enforcement Issues Surrounding Android Dozens of cases filed alleging patent infringement by devices using Android OS Oracle v. Google: Allegations of copyright and patent infringement Jury found: No patent infringement Infringed Oracle s copyrights of 37 Java packages Infringed rangecheck routine No copyright infringement by 8 decompiled security files Deadlocked on Google s fair use defense District Court found replicated elements of the 37 Java packages, including the declaring code and the structure, sequence, and organization, not copyrightable. Appealed to Federal Circuit 15
Compliance and Enforcement Issues Surrounding Android (con.) Oracle v. Google (Fed. Cir. May 9, 2014) Declaring code copyrightable The question is not whether a short phrase or series of short phrases can be extracted from the work, but whether the manner in which they are used or strung together exhibits creativity Structure, sequence, and organization of the API packages copyrightable Reinstated jury s infringement finding as to 37 Java packages Remanded Google s fair use defense in light of this decision Affirmed district court s decisions: Granting Oracle s motion for JMOL as to the eight decompiled Java files Denying Google s motion for JMOL with respect to rangecheck function 16
Recent GPLv2 Cases Continuent, Inc. v. Tekelec, Inc. Complaint filed July 2, 2013, S.D. Cal. Continuent, provider of database clustering and replication management software, released Tungsten Replicator under GPLv2 Continuent alleged Tekelec copied, modified, and distributed Continuent s code in Tekelec s Subscriber Data Management product Order granting dismissal filed February 28, 2014 17
Recent GPLv2 Cases (con.) XimpleWare Corp. v. Versata Software, Inc. Complaint dated November 5, 2013, N.D. Cal. During a different lawsuit, Ameriprise informed XimpleWare that it had discovered portions of XimpleWare s GPLv2 code in Versata s DCM product Claims of: copyright infringement Lanham Act violations breach of contract breach of implied covenant of good faith and fair dealing unjust enrichment intentional interference of economic advantage unfair competition 18
Practice Tips Comply with the licenses for OSS you use Institute an OSS Corporate Policy and Procedures Identify an internal point of contact for OSS questions Scan code prior to transition points Take corrective action when necessary Respond immediately to any notification 19
Thank You! Joanne Montague joannemontague@dwt.com 20