Busy Box Settles Another Case

News today from the Federal District Court for the Southern District of New York that Eric Andersen and Rob Landley, the two principal developers of the BusyBox open source utility, have moved to voluntarily dismiss the case they brought again High-Gain Antennas alleging that High-Gain had violated the GNU General Public License (GPL) by distributing the Busy Box software without complying with the terms of the GPL. The dismissal itself was officially approved by Judge Leonard B. Sand on March 3, 2008. While no press release has yet been issued by the Software Freedom Law Center (SFLC) , the non-profit legal group that represented the Andersen and Landley in the case, the strong presumption in a situation such as this is that the dismissal signals that case against High-Gain Antenna has reach a settlement. To date Andersen and Landley have brought similar suits alleging violations of the GPL against Xterasys Corporation, High-Gain Antennas, and telecommunications giant Verizon Communications. A settlement in the case against High-Gain Antenna would mark the third such settlement leaving only the case against Verizon still pending.

While Busy Box and the SFLC have not brought another suit since filing their case against Verizon back on December 6, 2007, action in the Verizon case looks to be coming soon as Verizon currently has until March 14, 2008 to answer or otherwise respond to the complaint filed against them in the case. It remains to be seen if the case against Verizon will be settled out of court or continue beyond this date and become the first lawsuit alleging a violation of the GPL ever to go to trial in the U.S. Regardless, the cases brought by Busy Box remain significant in demonstrating that open source licensors have the will and the ability to successfully enforce the GPL against alleged violators in court, rather than limiting themselves to pursuing other means of enforcing violations outside of court. What changes these and any future cases drive in the open source license enforcement landscape and open source compliance largely remains to be seen, but for certain they are driving changes. For additional information on the previous settlements, please refer to my prior posts (here, here, here, here, and here).

Advertisements

BusyBox Gets Busy with Verizon

The Software Freedom Law Center (SFLC) has announced that it has filed yet another lawsuit on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendant in this latest lawsuit is Verizon Communications. The lawsuit against Verizon is the fourth in a recent string of suits brough by the SFLC on behalf of Andersen and Landley. However, unlike the previous suits brought against Monsoon Multimedia, Xterasys Corporation and High-Gain Antennas, this suit is the first such suit against a major public company.

The complaint against Verizon was filed December 6, 2007 in the United States District Court for the Southern District of New York and is available online at — Erik Andersen and Rob Landley v. Verizon Communications, Inc. The complaint is similar in many respects to the complaints filed in the Monsoon Media, Xterasys and High-Gain suits, but specifically centers on Verizon’s distribution of a third party product containing the BusyBox open source software utility (as opposed to a product developed by Verizon).  In particular, the complaint against Verizon alleges that Verizon distributes the Actiontec MI424WR wireless router to customers of its “FiOS” fiber-optic Internet and television service and that the router contains the BusyBox software. Under the terms of the GPL, the complaint further alleges that Verizon is obligated to provide the source code of the BusyBox software to recipients of the Actiontec router. According to the lawsuit, Verizon continues to distribute BusyBox without source code in violation of the GPL, despite having been contacted by SFLC. The complaint likewise seeks an injunction against Verizon and requests that damages and litigation costs be awarded to the plaintiffs.

It remains to be seen if the current case against Verizon will be settled out of court (as happened in the case against Monsoon) or continue on and become the first lawsuit alleging a violation of the GPL ever to go to trial in the U.S. Regardless, this case is a highly significant indication that Andersen and Landley (and the SFLC) appear increasingly willing seek to enforce the GPL against alleged violators in court rather than pursuing out of court settlements. As I mentioned in connection with the previous BusyBox suits, now is the time to take steps to identify whether and to what extent your organization is using BusyBox and other open source software and to ensure that you are in compliance with the open source software licenses applicable to that software.

BusyBox Back For More

The Software Freedom Law Center (SFLC) has announced that it has filed two additional lawsuits on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendants in these new lawsuits are Xterasys Corporation (a manufacturer of wireless routers and other networking products) and High-Gain Antennas, LLC (a manufacturer of antennas and other products for use in wireless networking applications). The lawsuits are the second and third GPL enforcement lawsuits respectively ever filed here in the U.S. The first such lawsuit, filed against Monsoon Multimedia in September of this year, was quickly settled out of court on October 30. Both of the current lawsuits were filed November 19 in the United States District Court for the Southern District of New York.

The complaints in the current lawsuits are available online — “Erik Andersen and Rob Landley v. High Gain Antennas, LLC,” (case number 07-CV-10456) and “Erik Andersen and Rob Landley v. Xterasys Corporation” (case number 07-CV-10455). In substance, the current complaints read very similarly to the complaint filed in the Monsoon Media suit. Each of the current complaints alleges that the defendant continued to distribute BusyBox in violation of the GPL (and applicable copyright law) without also distributing the source code for BusyBox, despite having been contacted by SFLC. Each complaint likewise seeks an injunction against the defendant and requests that damages and litigation costs be awarded to the plaintiffs.

These cases are significant in that if either is ever heard before a judge, it will be the first time that a lawsuit alleging a violation of the GPL has gone to trial in the U.S. While these cases may take the route of the Monsoon Media suit — which settled out of court with Monsoon agreeing to remedy its violation of the GPL, ensure future compliance, and financially compensate the plaintiffs — these cases remain highly significant for a number of reasons, not the least of which include:

— It is widely suspected that the list of BusyBox users in violation of the GPL is quite long and that the BusyBox developers have already quietly settled out of court with a number of the companies on this list. With these two new lawsuits, it is clear that the earlier suit against Monsoon Multimedia is not a mere anomaly and that the BusyBox development community is not content to sit quietly as these alleged violations continue. Users of BusyBox are now on notice that they should take care to ensure that they are in compliance with the terms of the GPL as it applies to BusyBox.

— Ensuring compliance with the GPL (and other open source licenses) starts with knowing when and where software subject to the GPL and other open source licenses is in use in your organization. Implementing and maintaining an open source software license compliance program is key to gaining this knowledge. Cases such as these brought by the BusyBox developers underscore the growing importance of implementing and maintaining such a compliance program (and the growing risks posed by not doing so).

— The time line in each of the BusyBox cases has evolved from initial contact by the plaintiffs regarding the alleged violation through to the filing of a lawsuit at a very rapid pace. Unlike many of the “private” open source compliance actions brought in the past by the Free Software Foundation (FSF) it would appear that the SFLC is willing to act quite aggressively in pushing its grievances. Organizations need to respond quickly and decisively to any complaints about violations of open source software licenses, by the SFLC or any other organization.

Now more than ever, if your organization is not taking steps to identify and correct violations of open source software licenses on its own terms, others like the SFLC appear increasingly willing to do so for you on theirs. Remaining ignorant of existing open source software usage and potential open source software license violations, it would seem, is no longer bliss.

Affero GPLv3 Released

The Free Software Foundation (FSF) today announced the release of version 3 of the GNU Affero General Public License (AGPLv3). AGPLv3 is based on version 3 of the GNU General Public License (GPLv3), but has an additional term to allow users who interact with AGPLv3-licensed software over a network to receive the source code for that software (and modifications to that software). In particular, AGPLv3 modifes Section 13 of GPLv3 as follows:

While GPLv3 generally covers the distribution to third parties of modifications to software under GPLv3, it does not cover the situation where a user modifies software covered by GPLv3 and runs the modified software on a network without actually distributing a copy of the software. As a result, users making the functionality of software subject to GPLv3 available over a network (but not also distributing the software itself) are not required by GPLv3 to make available the source code to any modifications they have made to that software. This means that modifications to software covered by GPLv3 by companies operating operating under a software as a service (SaaS) or application service provider (ASP) model need not be released.

The fact that ASP/SaaS models are quickly becoming prevalent in the software industry and that the final draft of GPLv3 released earlier this year did not close this so-called “ASP Loophole” (or, if you prefer, “SaaS Loophole”) has led to a good deal of concern among open source commentators. The FSF intends that AGPLv3 will address these concerns by providing a means for developers to close this loophole. In particular, under AGPLv3, anyone running a copy of a modified version of software covered by AGPLv3 on a network must also make available a copy of those modifications as well (regardless of whether they have actually distributed the modified software itself). In their press release, the FSF notes that AGPLv3 is compatible with GPLv3 and, as a result, programmers who want to use the AGPLv3 for their work can also take advantage of software available under GPLv3. Given the additional coverage provided by AGPLv3, the FSF recommends that people consider using the AGPLv3 for any software which will commonly be run over a network.

Let the Games Begin! — SFLC Files First Ever Lawsuit Alleging Violation of the GPL in the US

It was announced earlier today that the Software Freedom Law Center (SFLC) has filed a lawsuit on behalf of two of its clients alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). This lawsuit is significant in that it represents the first lawsuit ever filed in the U.S. based directly on a violation of the GPL.

The complaint was filed in the U.S. District Court for the Southern District of New York against Monsoon Multimedia, Inc. on behalf of Erik Andersen and Rob Landley. Messrs. Andersen and Landley are two of the principal developers of BusyBox, a popular set of open source utilities commonly used in embedded systems and often referred to as “The Swiss Army Knife of Embedded Linux.” Monsoon Multimedia is a provider of, among other things, digital video and multimedia products and technology. It should come as no surprise that Monsoon’s products include quite a bit of embedded software.

The complaint itself alleges that Monsoon has violated the GPL by distributing elements of the BusyBox software as part of Monsoon’s own products without ensuring that each downstream recipient of the products is provided with access to the source code of the BusyBox software. In this regard, the case alleges a fairly straight-forward GPL violation relying on the core “copyleft” requirements of the GPL — namely, that anyone distributing software licensed under the GPL must make a copy of the source code to that software available to recipients of the software. The SFLC claims that Monsoon Multimedia’s own web site publicly acknowledges that Monsoon’s products contain elements of the BusyBox software, but that Monsoon has not provided any recipients of those products with access to the underlying BusyBox source code, as is required by the GPL. The complaint requests that damages and litigation costs be awarded to the plaintiffs and seeks an injunction against Monsoon Multimedia.

While lawsuits have previously been brought in Germany and other countries successfully enforcing the GPL (and even obtaining injunctions against violators of the GPL), this is the first such lawsuit to be filed in a court in the U.S. That said, it is worth noting that this case is still in its very early stages, and we will have to wait for additional facts to emerge as Monsoon responds to the complaint and additional filings are made in the case. At this point it really remains to be seen whether the case will ultimately progress to the point where it results in any binding legal precedent regarding the GPL or whether it will settle out of court. This is, however, likely not the last we have heard from this case. Stay tuned. . .

[For those interested in the details, the lawsuit is titled Erik Andersen and Rob Landley v. Monsoon Multimedia Inc., case number 07-CV-8205 and will be heard by Senior District Judge John E. Sprizzo of the United States District Court for the Southern District of New York.]

Seagate and the Economics of Patent Infringement

Earlier this week, the U.S. Court of Appeals for the Federal Circuit (CAFC) issued its decision in In re Seagate Technology, LLC. The decision has been well-covered by the legal press and with good reason. As one commentator stated, Seagate represents a “seismic” shift in the law on the issue of willful patent infringement. Indeed, Seagate appears to have the potential to significantly re-balance the economics of patent infringement cases here in the U.S.

Prior to Seagate, courts relied on a negligence-based standard articulated in the Underwater Devices Inc. v. Morrison-Knudsen Co. case to determine whether patent infringement was willful. Under this standard, one having “actual notice of another’s patent rights” had “an affirmative duty to exercise due care to determine whether or not it is infringing.” Seagate expressly overturns this standard and holds that proof of willful infringement instead requires a higher showing of “objective recklessness.” In doing so, Seagate raises the bar for a finding of willful infringement to a level substantially higher than that of mere negligence, thus making it more difficult for a patent holder to prove a claim for willful infringement.

Under U.S. patent law a finding of willful (and not merely innocent) infringement allows a claim for treble (3x) damages to be made against the alleged infringer. By raising the bar for a finding of willfulness, Seagate appears to significantly narrow the range of situations in which a patent holder can now credibly threaten (much less expect to win) a claim for increased damages based on willful infringement. This likely means more situations in which patent holders will be able to (at best) expect to obtain only actual damages if they bring a case to enforce their patent(s) against an alleged infringer. Considering that according to a 2004 report titled “Empirical Statistics on Willful Patent Infringement” by now CAFC judge Kimberly Moore, over 90% of patent cases involve allegations of willful infringement and claims for treble damages, it seems reasonable to assume that this change will figure significantly into the economics behind the decision to bring many future patent cases.

While much is made about the high costs of defending a patent case, the upfront “investment” necessary to bring a patent case is not insignificant. Seagate in essence lowers the potential return on that investment by making it more difficult to obtain treble damages. Particularly when viewed in light of other recent patent decisions such as eBay Inc v. MercExchange, L.L.C. (which denies a patent holder the ability to automatically obtain an injunction in the case of a finding of patent infringement – injunctions and damages being the primary remedies available in patent cases) and KSR v. Teleflex (which has been widely viewed as making it easier for infringement allegations to be challenged on the grounds that the patented invention at issue is too obvious to deserve patent protection), Seagate would appear to have the potential to motivate patent holders to reconsider bringing costly patent infringement cases and instead encourage them to negotiate less costly settlements or licensing arrangements (or perhaps take no action at all). After all, why would a reasonable (and value-maximizing) patent holder bring a patent case if the potential return does not justify the overall investment necessary to reach that return?

Whether this actually proves to be the legacy of Seagate remains to be seen. And, it will be very interesting to watch the extent to which Seagate and these other recent cases have an actual impact on the willingness of patent holders to threaten and bring patent cases in this country. Regardless, I would expect that foes of the continued rise in power of patents and patent holders and those who have ranted about the need for patent reform are likely to welcome Seagate as yet another step in the weakening of that power and toward the further reform of patent laws here in the U.S.

 

Changes in the Enforceability of Online Licenses and Contracts

As many of you know, my law practice deals in large part with contracts involving technology and intellectual property. Not surprisingly given the day and age in which we live, a number of these contracts are in the form of so called “click-through” or “click-to-assent” contracts in which a would-be licensee (in the case of software) or user (in the case of a service) is presented with a set of contractual terms on their computer and required to “click” a button displayed on their screen before being able to download, access, install or use the software or service in question. While it has long been established (and even longer taken for granted by those in the technology industry) that contracts are not legally unenforceable simply because they are implemented to using a click-through format rather than a more traditional signature format (or even more traditional wax seal format), the law continues to evolve around the boundaries within which these contracts are in fact enforceable.

One area of particular activity has involved notice. Contract law generally requires that a contracting party be given some level of notice of the terms of the contract before they can be bound by those terms. It is at least in part for this reason that when a party initially signs a contract, the contract typically includes a copy of all language included in the contract — whether in the body of the contract or in an exhibit, schedule or other attached document. Of course, some contracts are structured to reference separate terms not actually attached to the contract (e.g., conditions, policies, etc.) and purport to make those terms a legally binding part of the contract. In my practice, I have seen it become quite common for click-through contracts to be drafted in this manner, with the references to additional terms made via a link to a separate web page containing those terms.

A related issue for click-through contracts drafted in this way involves the level of notice required to modify the contract (including the linked-to terms). Many click-through contracts purport to allow modification without an actual “click” by other party to the contract — for example, simply by continuing to use the software or services in question after a modification has been posted to the web page liked to by the original contract. This situation has raised a number of questions regarding the extent to which changes to the linked-to terms are themselves actually binding upon the licensee/subscriber under the original contract, despite what the terms of the original contract may purport. The 9th Circuit Court of Appeals (which covers California, Washington and Oregon) recently opined on this question in the somewhat oddly titled case Douglas v. U.S. District Court for the Central District of California. In its decision, the 9th Circuit indicated that a proposed modification of the terms of a services contract, which was posted to a company’s web site, was not enforceable against an existing customer who was not provided with notice of the modification. In particular, the court said that the parties to a contract have “no obligation to check the terms [on the web site] on a periodic basis to learn whether they have been changed by the other side” and indicated that requiring the parties to do so would be tantamount to allowing one party to a contract to change the terms of the deal without the consent of the other party to that change.

The opinion of the 9th Circuit is not binding legal precedent in all areas (including my home state of Colorado). And, while it is too early to tell whether the other Circuits will move to follow the 9th Circuit, this case is of note for any company that employs click-through contracts to license their software or provide access to their services for at least two reasons. First, it underscores the fact that the law surrounding the enforceability of click-through contracts is still evolving and can vary (sometimes significantly) from jurisdiction to jurisdiction and state to state. Contracts often specify a chosen jurisdiction or state law under which the contact is to be interpreted, and this decision once again emphasizes the importance of paying careful consideration to this language in any click-through contract. Second, and more substantively, this case appears to place the burden squarely on the vendor/provider to provide reasonable notice of any changes to a click-through contracts (or any of the terms referenced by that contract), rather than on the customer to actively monitor the vendor’s web site for any such changes. This case (and any others that follow in its wake) provide important guidance to any company attempting to implement a modification to its existing click-through contracts, particularly if those contracts are structured in the same manner as the contract in this case. Of course, given that this is likely not the last we will hear on this issue, this case also provides strong justification for the periodic review and update of online contracts and contracting practices to ensure continued compliance as the law in this area continues to evolve. Stay tuned.
For those interested, you can read the case, ruling here: Douglas v. U.S. District Court for the Central District of California.