SFLC Settles With Verizon – Lessons Learned

The Software Freedom Law Center (SFLC) announced on Monday that an agreement has been reached to dismiss the lawsuit brought by Eric Andersen and Rob Landley, the two principal developers of the BusyBox open source software utility, against telecommunications giant Verizon Communications alleging that Verizon violated version 2 of the GNU General Public License (GPL) through the distribution of BusyBox in the firmware of the Actiontec MI424WR wireless router provided by Verizon to customers of Verizon’s “FiOS” fiber-optic Internet and television service. To date Andersen and Landley have also brought and settled similar suits alleging violations of the GPL against Monsoon Multimedia, Xterasys, and High-Gain Antennas. The Verizon settlement marks the end of the last of the suits brought by Andersen and Landley to date.

While the full terms of the settlement were not announced (other than as summarized in the press release issued by the SFLC), the terms appear to track those included in the settlement of the other cases. In particular, in return for reinstating the rights of Actiontec and Verizon to distribute BusyBox under the GPL, Actiontec has agreed to:

– Appoint an Open Source Compliance Officer within its organization to “monitor and ensure GPL compliance”;
– Publish the source code for the version of BusyBox it previously distributed on the Actiontec web site;
– Undertake substantial efforts to notify previous recipients of BusyBox from Actiontec and its customers, including Verizon, of their rights to the software under the GPL; and
– Pay an undisclosed amount of financial consideration to the plaintiffs.

The settlement does appear to be unique from the settlements reached in the other BusyBox cases in at least one respect. Each of the previous settlements (as announced on the SFLC web site) imposed obligations directly on the party named in the lawsuit — this despite the fact that in at least two of the other three BusyBox cases the allegedly offending device was provided to that party by a third party vendor. The settlement in the Verizon case, however, appears to impose obligations directly on Verizon’s third party vendor Actiontec. The reason for this appears to be related to the fact that, while Actiontec was not named as a defendant in the lawsuit, the agreement under which Actiontec provides its MI424WR wireless router to Verizon is rumored to include a clause under which Actiontec agreed to indemnify Verizon for liability relating to claims and lawsuits by third parties against Verizon relating to the router. If accurate, the indemnification clause would help explain why Actiontec (and not Verizon) played a central role in the settlement of the lawsuit against Verizon and appears to have agreed to bear the majority of the obligations under the settlement.

The presence of an indemnification clause in Verizon’s procurement agreement with Actiontec also underscores the value of being proactive in open source (and other) technology procurement measures. Open source compliance measures (and intellectual property and license compliance measures in general) are certainly not uniform across all companies — and companies cannot always depend on their suppliers to be as diligent as they themselves have been in their own compliance efforts. As a result, taking the step of reviewing procurement agreements to help ensure that suppliers of software and other technology agree in advance to stand behind their products and services in the event of an intellectual property infringement, license violation or other issue is an increasingly important practice (and one that appears to have paid dividends for Verizon in their BusyBox lawsuit).

BusyBox Settlement #2

The Software Freedom Law Center (SFLC) has announced that it has reached an agreement to settle and dismiss the lawsuit filed by Erik Andersen and Rob Landley, two of the principal developers of the popular BusyBox set of open source utilities, against Xterasys Corporation (a manufacturer of wireless routers and other networking products) alleging a violation of version 2 of the GNU General Public License (GPL). This leaves two pending suits by Andersen and Landley, against High-Gain Antennas, LLC (a manufacturer of antennas and other products for use in wireless networking applications) and telecommunications giant Verizon Communications.

As was the case with the settlement with Monsoon Multimedia, Inc., the terms of the Xterasys settlement were not released. However, based on the SFLC press release regarding the settlement, the terms appear to be nearly identical to those in the Monsoon case. While this is yet another case in which we will not see the establishment of binding legal precedent regarding the enforceability and legal interpretation of the GPL here in the U.S. (as has already taken place in Germany), it does appear that we are starting to see the establishment by the SFLC of a de facto precedent for settling cases alleging violations of the GPL. In each of its settlements to date, the SFLC has consistently imposed the following requirements on the defendant:

— The appoint an “Open Source Compliance Officer” to monitor and ensure GPL compliance;

— Publishing of the source code for the version of BusyBox previously distributed in violation of the GPL;

— Undertaking “substantial” efforts to notify previous recipients of BusyBox of their rights to the software under the GPL; and

— The payment of an “undisclosed amount” of financial consideration to the plaintiffs.

Of course, these settlement terms do not carry with them the same legal precedent as would a decision of a court of law. As a practical matter, however, by imposing a consistent set of settlement terms over time, the SFLC has begun to create a sort of standard for resolving future lawsuits alleging violations of the GPL. Defendants in future GPL violation lawsuits (and we are likely to see future suits) will not be legally bound to accept these terms and certainly will be free to attempt to forge their own paths to settlement. However, over time, the terms imposed by the SFLC are likely to represent an increasingly strong lure to those defendants to relatively quickly and cleanly resolve the GPL violation lawsuits against them through an accepted path of least resistance. Not legal precedent, but a strong practical guide for certain.

Stay tuned. The BusyBox cases are driving changes in the open source license enforcement landscape and open source compliance will need to evolve right along with those changes.

BusyBox Back For More

The Software Freedom Law Center (SFLC) has announced that it has filed two additional lawsuits on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendants in these new lawsuits are Xterasys Corporation (a manufacturer of wireless routers and other networking products) and High-Gain Antennas, LLC (a manufacturer of antennas and other products for use in wireless networking applications). The lawsuits are the second and third GPL enforcement lawsuits respectively ever filed here in the U.S. The first such lawsuit, filed against Monsoon Multimedia in September of this year, was quickly settled out of court on October 30. Both of the current lawsuits were filed November 19 in the United States District Court for the Southern District of New York.

The complaints in the current lawsuits are available online — “Erik Andersen and Rob Landley v. High Gain Antennas, LLC,” (case number 07-CV-10456) and “Erik Andersen and Rob Landley v. Xterasys Corporation” (case number 07-CV-10455). In substance, the current complaints read very similarly to the complaint filed in the Monsoon Media suit. Each of the current complaints alleges that the defendant continued to distribute BusyBox in violation of the GPL (and applicable copyright law) without also distributing the source code for BusyBox, despite having been contacted by SFLC. Each complaint likewise seeks an injunction against the defendant and requests that damages and litigation costs be awarded to the plaintiffs.

These cases are significant in that if either is ever heard before a judge, it will be the first time that a lawsuit alleging a violation of the GPL has gone to trial in the U.S. While these cases may take the route of the Monsoon Media suit — which settled out of court with Monsoon agreeing to remedy its violation of the GPL, ensure future compliance, and financially compensate the plaintiffs — these cases remain highly significant for a number of reasons, not the least of which include:

— It is widely suspected that the list of BusyBox users in violation of the GPL is quite long and that the BusyBox developers have already quietly settled out of court with a number of the companies on this list. With these two new lawsuits, it is clear that the earlier suit against Monsoon Multimedia is not a mere anomaly and that the BusyBox development community is not content to sit quietly as these alleged violations continue. Users of BusyBox are now on notice that they should take care to ensure that they are in compliance with the terms of the GPL as it applies to BusyBox.

— Ensuring compliance with the GPL (and other open source licenses) starts with knowing when and where software subject to the GPL and other open source licenses is in use in your organization. Implementing and maintaining an open source software license compliance program is key to gaining this knowledge. Cases such as these brought by the BusyBox developers underscore the growing importance of implementing and maintaining such a compliance program (and the growing risks posed by not doing so).

— The time line in each of the BusyBox cases has evolved from initial contact by the plaintiffs regarding the alleged violation through to the filing of a lawsuit at a very rapid pace. Unlike many of the “private” open source compliance actions brought in the past by the Free Software Foundation (FSF) it would appear that the SFLC is willing to act quite aggressively in pushing its grievances. Organizations need to respond quickly and decisively to any complaints about violations of open source software licenses, by the SFLC or any other organization.

Now more than ever, if your organization is not taking steps to identify and correct violations of open source software licenses on its own terms, others like the SFLC appear increasingly willing to do so for you on theirs. Remaining ignorant of existing open source software usage and potential open source software license violations, it would seem, is no longer bliss.

Let the Games Begin! — SFLC Files First Ever Lawsuit Alleging Violation of the GPL in the US

It was announced earlier today that the Software Freedom Law Center (SFLC) has filed a lawsuit on behalf of two of its clients alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). This lawsuit is significant in that it represents the first lawsuit ever filed in the U.S. based directly on a violation of the GPL.

The complaint was filed in the U.S. District Court for the Southern District of New York against Monsoon Multimedia, Inc. on behalf of Erik Andersen and Rob Landley. Messrs. Andersen and Landley are two of the principal developers of BusyBox, a popular set of open source utilities commonly used in embedded systems and often referred to as “The Swiss Army Knife of Embedded Linux.” Monsoon Multimedia is a provider of, among other things, digital video and multimedia products and technology. It should come as no surprise that Monsoon’s products include quite a bit of embedded software.

The complaint itself alleges that Monsoon has violated the GPL by distributing elements of the BusyBox software as part of Monsoon’s own products without ensuring that each downstream recipient of the products is provided with access to the source code of the BusyBox software. In this regard, the case alleges a fairly straight-forward GPL violation relying on the core “copyleft” requirements of the GPL — namely, that anyone distributing software licensed under the GPL must make a copy of the source code to that software available to recipients of the software. The SFLC claims that Monsoon Multimedia’s own web site publicly acknowledges that Monsoon’s products contain elements of the BusyBox software, but that Monsoon has not provided any recipients of those products with access to the underlying BusyBox source code, as is required by the GPL. The complaint requests that damages and litigation costs be awarded to the plaintiffs and seeks an injunction against Monsoon Multimedia.

While lawsuits have previously been brought in Germany and other countries successfully enforcing the GPL (and even obtaining injunctions against violators of the GPL), this is the first such lawsuit to be filed in a court in the U.S. That said, it is worth noting that this case is still in its very early stages, and we will have to wait for additional facts to emerge as Monsoon responds to the complaint and additional filings are made in the case. At this point it really remains to be seen whether the case will ultimately progress to the point where it results in any binding legal precedent regarding the GPL or whether it will settle out of court. This is, however, likely not the last we have heard from this case. Stay tuned. . .

[For those interested in the details, the lawsuit is titled Erik Andersen and Rob Landley v. Monsoon Multimedia Inc., case number 07-CV-8205 and will be heard by Senior District Judge John E. Sprizzo of the United States District Court for the Southern District of New York.]