The Software Freedom Law Center (SFLC) announced on Monday that an agreement has been reached to dismiss the lawsuit brought by Eric Andersen and Rob Landley, the two principal developers of the BusyBox open source software utility, against telecommunications giant Verizon Communications alleging that Verizon violated version 2 of the GNU General Public License (GPL) through the distribution of BusyBox in the firmware of the Actiontec MI424WR wireless router provided by Verizon to customers of Verizon’s “FiOS” fiber-optic Internet and television service. To date Andersen and Landley have also brought and settled similar suits alleging violations of the GPL against Monsoon Multimedia, Xterasys, and High-Gain Antennas. The Verizon settlement marks the end of the last of the suits brought by Andersen and Landley to date.
While the full terms of the settlement were not announced (other than as summarized in the press release issued by the SFLC), the terms appear to track those included in the settlement of the other cases. In particular, in return for reinstating the rights of Actiontec and Verizon to distribute BusyBox under the GPL, Actiontec has agreed to:
– Appoint an Open Source Compliance Officer within its organization to “monitor and ensure GPL compliance”;
– Publish the source code for the version of BusyBox it previously distributed on the Actiontec web site;
– Undertake substantial efforts to notify previous recipients of BusyBox from Actiontec and its customers, including Verizon, of their rights to the software under the GPL; and
– Pay an undisclosed amount of financial consideration to the plaintiffs.
The settlement does appear to be unique from the settlements reached in the other BusyBox cases in at least one respect. Each of the previous settlements (as announced on the SFLC web site) imposed obligations directly on the party named in the lawsuit — this despite the fact that in at least two of the other three BusyBox cases the allegedly offending device was provided to that party by a third party vendor. The settlement in the Verizon case, however, appears to impose obligations directly on Verizon’s third party vendor Actiontec. The reason for this appears to be related to the fact that, while Actiontec was not named as a defendant in the lawsuit, the agreement under which Actiontec provides its MI424WR wireless router to Verizon is rumored to include a clause under which Actiontec agreed to indemnify Verizon for liability relating to claims and lawsuits by third parties against Verizon relating to the router. If accurate, the indemnification clause would help explain why Actiontec (and not Verizon) played a central role in the settlement of the lawsuit against Verizon and appears to have agreed to bear the majority of the obligations under the settlement.
The presence of an indemnification clause in Verizon’s procurement agreement with Actiontec also underscores the value of being proactive in open source (and other) technology procurement measures. Open source compliance measures (and intellectual property and license compliance measures in general) are certainly not uniform across all companies — and companies cannot always depend on their suppliers to be as diligent as they themselves have been in their own compliance efforts. As a result, taking the step of reviewing procurement agreements to help ensure that suppliers of software and other technology agree in advance to stand behind their products and services in the event of an intellectual property infringement, license violation or other issue is an increasingly important practice (and one that appears to have paid dividends for Verizon in their BusyBox lawsuit).