ThinkingOpen

I will be in New York on August 8th to speak on a panel at this year’s American Bar Association (ABA) Annual Meeting. The panel, titled “Life after GPLv3: New Developments in Open Source Software Licensing” is sponsored by the ABA Section of Intellectual Property Law and is being held at 2:00 PM on the 8th at the Waldorf-Astoria.

We have structured the panel as a series of brief presentations by the panelists followed by a general Q&A session on the presentations. While the title for the panel is a bit innocuous, the presentations will cover a variety of relevant open source topics, including: GPLv3 and the GPLv3 drafting process (including differences between GPLv2, GPLv3 and other open source licenses), open source patent concerns, legal strategies for using open source software in connection with proprietary software, and issues raised by open source software under the Sarbanes Oxley Act of 2002 and other corporate regulations.

My presentation will include a brief history and update on the “BusyBox lawsuits” brought over the last year by The Software Freedom Law Center (SFLC) on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). I will be including information based both on my personal experience working with defendants in several of the BusyBox cases as well as discussions with others involved in the suits. Details on the panel and the other panelists are included below.

For those of you based in New York or headed to the ABA Annual Meeting, please let me know if you would be interested in getting together while I am in town.

2008 ABA Annual Meeting
Section of Intellectual Property Law

2:00 p.m. – 3:30 p.m.
CLE Program: Life after GPLv3: New Developments in Open Source Software Licensing.
co-sponsored by the Section of Science & Technology Law

The past year has seen significant legal developments concerning open source software licensing, most notably, the publication of the GPLv3 license, which is much more comprehensive than GPLv2 and attempts to address the changes in software law over the past 15 years, as well as initial efforts to enforce open source software license requirements in the courts. This panel will explore the new GPLv3 license, how it differs from GPLv2, the status of GPLv3 adoption and recent litigation concerning the enforcement of GPL and other open source license terms affecting GPLv3 or other open source license use.

Moderator
Sue Ross, Fulbright & Jaworski L.L.P., New York, NY

Speakers
Gabe Holloway, Leonard, Street and Deinard, Minneapolis, MN
Terry Ilardi, IBM Corporation, Armonk, NY
Jason Haislmaier, Holme Roberts & Owen LLP, Boulder, CO
Jim Markwith, Microsoft Corporation, Redmond, CA

Adding to the already substantial list of lawsuits filed on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility), the The Software Freedom Law Center (SFLC) has announced today the filing of yet another suit alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL) in connection with BusyBox.  The current suit has been filed against Ethernet solutions provider Extreme Networks.  As with the previous suits brought by Andersen and Landley (against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, Verizon Communications, Bell Microproducts, Inc. and Super Micro Computer, Inc.) , the complaint against Extreme Networks alleges that Extreme makes and sells various products containing firmware in which BusyBox, or a modified version of BusyBox, is included.  Specifically, the complaint names the Summit X450 Series network switches as one of the offending products offered by Extreme.  According to the lawsuit, Extreme continues to distribute this product and others with firmware containing BusyBox without making the source code to BusyBox available in accordance with the terms of the GPL.   As the complaint notes, under the terms of the GPL, Extreme is obligated to provide the source code of the BusyBox software to recipients of products with firmware containing BusyBox.

According to the complaint, Extreme was first notified of the requirements of the GPL as early as July of 2006 by a “third party” who requested a copy of the Busy Box source code.  The complaint further alleges that the SFLC later contacted Extreme in February 2008 on behalf of the BusyBox developers and that the parties have had multiple interactions since that time in an attempt to settle the allegations against Extreme.  The complaint continues, however, that Extreme has failed to respond to the latest notice provided by the SFLC on June 26, thus prompting the lawsuit.  As with the complaints in previous cases, the complaint filed against Extreme  requests that an injunction be issued against the defendant and that damages and litigation costs be awarded to the plaintiffs.

The take away from this latest suit is fairly simple.  As the campaign of lawsuits brought by BusyBox continues to roll forward (and it appears safe to now call it a “campaign”), and as mentioned in connection with the previous BusyBox suits, product vendors (particularly in the wireless and terrestrial networking space) should take note of whether and to what extent the products distributed by their organizations (including products produced by third parties) contain BusyBox or other open source software.  And, as shown by the timeline in this and the other BusyBox cases, those vendors should take seriously any contact from the SFLC or other organizations inquiring about potential violations of the GPL or other open source licenses.

News out of Boston that Red Hat has settled the long-running patent infringement lawsuit filed against it by Firestar Software and a later suit filed against the company by DataTern.

Filed on June 26, 2006, the lawsuit by Massachusetts-based software vendor Firestar Software, Inc. was brought against Red Hat in connection the Hibernate 3.0 software product acquired by Red Hat through its then-recent acquisition of JBoss. In the lawsuit, Firestar alleged that JBoss and Red Hat are infringing U.S. patent number 6,101,502 (issued on August 8, 2000) through their activities relating to Hibernate. While software patent infringement lawsuits had become increasingly frequent in the world of proprietary software at the time of the lawsuit, the suit was viewed as the first of its kind relating to a widely distributed open source software product.

The specific financial and other terms of the settlement were not disclosed. However, Red Hat indicates that the settlement includes broad terms covering “all software distributed under Red Hat’s brands.”  Of particular note, the settlement also protects all “upstream predecessor versions” as well.   In addition, Red Hat indicates that the settlement protects “derivative works of, or combination products using, the covered products from any patent claim based in any respect on the covered products.” Perhaps most importantly (for shareholder of Red Hat in particular), the company indicates that the settlement is sufficient to enable RedHat (and its users) to continue to distribute its open source software products in compliance with the terms of all applicable open source licenses.

In its press release on the settlement, Red Hat indicates that the settlements leave Red Hat with one remaining patent infringement suit against it — based on a complaint filed in October 2007 by IP Innovation LLC and Technology Licensing Corp, both subsidiaries of patent troll (er, “holding company”) Acacia Media.

The Software Freedom Law Center (SFLC) has announced today that it has filed a new round of lawsuits on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendants in the new lawsuits are Bell Microproducts, Inc. (dba “Hammer Storage“) and Super Micro Computer, Inc., each well-established distributors of a wide range of storage and other computer hardware products and components. These two new suits bring the total of lawsuits brought by the SFLC on behalf of the BusyBox developers to six (the previous four having been filed against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, and Verizon Communications.

The complaints against Bell Micro and Super Micro were filed on June 10, 2008 in the United States District Court for the Southern District of New York and are available online at — Erik Andersen and Rob Landley v. Bell Microproducts, Inc. d.b.a. Hammer Storage and Erik Andersen and Rob Landley v. Super Micro Computer, Inc. The complaints are similar in many respects to the complaints previously filed by filed in the Monsoon Media, Xterasys, High-Gain and Verizon suits. In each case the complaint alleges that the defendant “makes and sells various communications and hardware devices” containing firmware that contains BusyBox (either directly or in modified form). In the case of Bell Micro, the complaint specifically targets the Bell’s “MyShare HN1200 network attached storage device” and with Super Micro the complaint specifically names the “AOC-SIM1U+ IPMI 2.0 System Management Card“. Under the terms of the GPL, each complaint alleges that the defendant is obligated to provide the source code of the BusyBox software to recipients of the named products containing the firmware containing BusyBox. According to each lawsuit, Bell Micro and Super Micro continue to distribute products containing firmware containing BusyBox without source code in violation of the GPL, despite having been contacted by SFLC. Each complaints seek an injunction against each company and requests that damages and litigation costs be awarded to the plaintiffs.

It remains to be seen if the current cases will be settled out of court (as has happened in each of the prior cases brought by BusyBox to date) or continue on and become the first lawsuit alleging a violation of the GPL ever to go to trial in the U.S. Regardless, these cases signal that after a brief hiatus Eric Andersen and Rob Landley (and the SFLC) appear again to be interested in enforcing the GPL against alleged violators in court rather than pursuing out of court settlements. As mentioned in connection with the previous BusyBox suits, now is the time to take steps to identify whether and to what extent your organization is using BusyBox and other open source software and to ensure that you are in compliance with the open source software licenses applicable to that software.

The Software Freedom Law Center (SFLC) announced on Monday that an agreement has been reached to dismiss the lawsuit brought by Eric Andersen and Rob Landley, the two principal developers of the BusyBox open source software utility, against telecommunications giant Verizon Communications alleging that Verizon violated version 2 of the GNU General Public License (GPL) through the distribution of BusyBox in the firmware of the Actiontec MI424WR wireless router provided by Verizon to customers of Verizon’s “FiOS” fiber-optic Internet and television service. To date Andersen and Landley have also brought and settled similar suits alleging violations of the GPL against Monsoon Multimedia, Xterasys, and High-Gain Antennas. The Verizon settlement marks the end of the last of the suits brought by Andersen and Landley to date.

While the full terms of the settlement were not announced (other than as summarized in the press release issued by the SFLC), the terms appear to track those included in the settlement of the other cases. In particular, in return for reinstating the rights of Actiontec and Verizon to distribute BusyBox under the GPL, Actiontec has agreed to:

- Appoint an Open Source Compliance Officer within its organization to “monitor and ensure GPL compliance”;
- Publish the source code for the version of BusyBox it previously distributed on the Actiontec web site;
- Undertake substantial efforts to notify previous recipients of BusyBox from Actiontec and its customers, including Verizon, of their rights to the software under the GPL; and
- Pay an undisclosed amount of financial consideration to the plaintiffs.

The settlement does appear to be unique from the settlements reached in the other BusyBox cases in at least one respect. Each of the previous settlements (as announced on the SFLC web site) imposed obligations directly on the party named in the lawsuit — this despite the fact that in at least two of the other three BusyBox cases the allegedly offending device was provided to that party by a third party vendor. The settlement in the Verizon case, however, appears to impose obligations directly on Verizon’s third party vendor Actiontec. The reason for this appears to be related to the fact that, while Actiontec was not named as a defendant in the lawsuit, the agreement under which Actiontec provides its MI424WR wireless router to Verizon is rumored to include a clause under which Actiontec agreed to indemnify Verizon for liability relating to claims and lawsuits by third parties against Verizon relating to the router. If accurate, the indemnification clause would help explain why Actiontec (and not Verizon) played a central role in the settlement of the lawsuit against Verizon and appears to have agreed to bear the majority of the obligations under the settlement.

The presence of an indemnification clause in Verizon’s procurement agreement with Actiontec also underscores the value of being proactive in open source (and other) technology procurement measures. Open source compliance measures (and intellectual property and license compliance measures in general) are certainly not uniform across all companies — and companies cannot always depend on their suppliers to be as diligent as they themselves have been in their own compliance efforts. As a result, taking the step of reviewing procurement agreements to help ensure that suppliers of software and other technology agree in advance to stand behind their products and services in the event of an intellectual property infringement, license violation or other issue is an increasingly important practice (and one that appears to have paid dividends for Verizon in their BusyBox lawsuit).