ABA Open Source Panel in New York

While much of the open source community was in San Francisco last week at the LinuxWorld Expo , I was in New York at the 2008 Annual Meeting of the American Bar Association (ABA) speaking at the “Life after GPLv3: New Developments in Open Source Software Licensing” event organized by the ABA Section of Intellectual Property Law. My presentation covered an update on the lawsuits filed over the past 12 months by the Software Freedom Law Center (SFLC) on behalf of their clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, Verizon Communications, Bell Microproducts, Inc., Super Micro Computer, Inc. and Extreme Networks alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL) in connection with BusyBox. In addition to discussing the history and resolution of the BusyBox cases (including my involvement with several of the cases), I also highlighted the similarities and differences between these cases and past open source software license enforcement efforts outside of the courts by the Free Software Foundation (FSF) and Harald Welte of gpl-violations.org. The presentation materials are now available online. I understand that the ABA will be posting the materials from the other presenters at the event, as well as a podcast of the entire event, on the ABA website in the coming weeks.

Many thanks to Mark Wittow and Gloria Archuleta, co-charis of ABA IP Section for organizing the event and inviting me to speak. Thanks also to my co-presenters Terry Ilardi of IBM Corporation, Jim Markwith of Microsoft Corporation, and Gabe Holloway of Leonard, Street and Deinard, as well as the moderator of the panel discussion portion of the event, Sue Ross of Fulbright & Jaworski L.L.P.

BusyBox Goes Extreme

Adding to the already substantial list of lawsuits filed on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility), the The Software Freedom Law Center (SFLC) has announced today the filing of yet another suit alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL) in connection with BusyBox.  The current suit has been filed against Ethernet solutions provider Extreme Networks.  As with the previous suits brought by Andersen and Landley (against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, Verizon Communications, Bell Microproducts, Inc. and Super Micro Computer, Inc.) , the complaint against Extreme Networks alleges that Extreme makes and sells various products containing firmware in which BusyBox, or a modified version of BusyBox, is included.  Specifically, the complaint names the Summit X450 Series network switches as one of the offending products offered by Extreme.  According to the lawsuit, Extreme continues to distribute this product and others with firmware containing BusyBox without making the source code to BusyBox available in accordance with the terms of the GPL.   As the complaint notes, under the terms of the GPL, Extreme is obligated to provide the source code of the BusyBox software to recipients of products with firmware containing BusyBox.

According to the complaint, Extreme was first notified of the requirements of the GPL as early as July of 2006 by a “third party” who requested a copy of the Busy Box source code.  The complaint further alleges that the SFLC later contacted Extreme in February 2008 on behalf of the BusyBox developers and that the parties have had multiple interactions since that time in an attempt to settle the allegations against Extreme.  The complaint continues, however, that Extreme has failed to respond to the latest notice provided by the SFLC on June 26, thus prompting the lawsuit.  As with the complaints in previous cases, the complaint filed against Extreme  requests that an injunction be issued against the defendant and that damages and litigation costs be awarded to the plaintiffs.

The take away from this latest suit is fairly simple.  As the campaign of lawsuits brought by BusyBox continues to roll forward (and it appears safe to now call it a “campaign”), and as mentioned in connection with the previous BusyBox suits, product vendors (particularly in the wireless and terrestrial networking space) should take note of whether and to what extent the products distributed by their organizations (including products produced by third parties) contain BusyBox or other open source software.  And, as shown by the timeline in this and the other BusyBox cases, those vendors should take seriously any contact from the SFLC or other organizations inquiring about potential violations of the GPL or other open source licenses.

Red Hat Settles with Firestar

News out of Boston that Red Hat has settled the long-running patent infringement lawsuit filed against it by Firestar Software and a later suit filed against the company by DataTern.

Filed on June 26, 2006, the lawsuit by Massachusetts-based software vendor Firestar Software, Inc. was brought against Red Hat in connection the Hibernate 3.0 software product acquired by Red Hat through its then-recent acquisition of JBoss. In the lawsuit, Firestar alleged that JBoss and Red Hat are infringing U.S. patent number 6,101,502 (issued on August 8, 2000) through their activities relating to Hibernate. While software patent infringement lawsuits had become increasingly frequent in the world of proprietary software at the time of the lawsuit, the suit was viewed as the first of its kind relating to a widely distributed open source software product.

The specific financial and other terms of the settlement were not disclosed. However, Red Hat indicates that the settlement includes broad terms covering “all software distributed under Red Hat’s brands.”  Of particular note, the settlement also protects all “upstream predecessor versions” as well.   In addition, Red Hat indicates that the settlement protects “derivative works of, or combination products using, the covered products from any patent claim based in any respect on the covered products.” Perhaps most importantly (for shareholder of Red Hat in particular), the company indicates that the settlement is sufficient to enable RedHat (and its users) to continue to distribute its open source software products in compliance with the terms of all applicable open source licenses.

In its press release on the settlement, Red Hat indicates that the settlements leave Red Hat with one remaining patent infringement suit against it — based on a complaint filed in October 2007 by IP Innovation LLC and Technology Licensing Corp, both subsidiaries of patent troll (er, “holding company”) Acacia Media.

BusyBox is Back, Back Again

The Software Freedom Law Center (SFLC) has announced today that it has filed a new round of lawsuits on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendants in the new lawsuits are Bell Microproducts, Inc. (dba “Hammer Storage“) and Super Micro Computer, Inc., each well-established distributors of a wide range of storage and other computer hardware products and components. These two new suits bring the total of lawsuits brought by the SFLC on behalf of the BusyBox developers to six (the previous four having been filed against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, and Verizon Communications.

The complaints against Bell Micro and Super Micro were filed on June 10, 2008 in the United States District Court for the Southern District of New York and are available online at — Erik Andersen and Rob Landley v. Bell Microproducts, Inc. d.b.a. Hammer Storage and Erik Andersen and Rob Landley v. Super Micro Computer, Inc. The complaints are similar in many respects to the complaints previously filed by filed in the Monsoon Media, Xterasys, High-Gain and Verizon suits. In each case the complaint alleges that the defendant “makes and sells various communications and hardware devices” containing firmware that contains BusyBox (either directly or in modified form). In the case of Bell Micro, the complaint specifically targets the Bell’s “MyShare HN1200 network attached storage device” and with Super Micro the complaint specifically names the “AOC-SIM1U+ IPMI 2.0 System Management Card“. Under the terms of the GPL, each complaint alleges that the defendant is obligated to provide the source code of the BusyBox software to recipients of the named products containing the firmware containing BusyBox. According to each lawsuit, Bell Micro and Super Micro continue to distribute products containing firmware containing BusyBox without source code in violation of the GPL, despite having been contacted by SFLC. Each complaints seek an injunction against each company and requests that damages and litigation costs be awarded to the plaintiffs.

It remains to be seen if the current cases will be settled out of court (as has happened in each of the prior cases brought by BusyBox to date) or continue on and become the first lawsuit alleging a violation of the GPL ever to go to trial in the U.S. Regardless, these cases signal that after a brief hiatus Eric Andersen and Rob Landley (and the SFLC) appear again to be interested in enforcing the GPL against alleged violators in court rather than pursuing out of court settlements. As mentioned in connection with the previous BusyBox suits, now is the time to take steps to identify whether and to what extent your organization is using BusyBox and other open source software and to ensure that you are in compliance with the open source software licenses applicable to that software.

OSBC 2008 Presentations Online

Last week marked the completion of another very successful Open Source Buinsess Conference (OSBC) in San Francsico.  Presentations from OSBC 2008 are now online.

Included among those presentations is my presentation on Putting Open Source Compliance to Work (On Your Own Terms).  The presentation covers a lot of ground, but is focused on providing companies that use open source software with tools to deal with the increasing level scrutiny of open source that has arisen with the ever-widening variety of roles in which open source software is being put to work by those companies.  Among the examples of this increased scrutiny, the presentation covers:

— The BusyBox lawsuits brought by the developers of the BusyBox open source utility against Monsoon Media, Xterasys, High-Gain and Verizon based on alleged violations of version 2 of the GNU General Public License (GPL);

— Renewed open source license enforcement by GPL-violations.org Project in Europe against Skype and others;

— Enforcement of software patents against open source software in cases involving RedHat and Novell; and

— The increasing trend of disclosures around open source usage and liability made by public companies in their filings with the SEC.

The presentation makes the point that companies that are not taking steps to implement open source compliance measures on their own terms are increasingly finding themselves being required to comply on terms set by one of these other groups.  The presentation discusses tools companies can use to put open source compliance to work on their own terms to address this changing source enforcement landscape, including:

— Strategies to address increased diligence and scrutiny from customers, investors, shareholders and others;

— Tools to evaluate the changing risks posed by open source;

— Current best practices for implementing compliance measures to address open source compliance risks; and

— Techniques for taking open source compliance efforts beyond merely risk mitigation to help add value to your business.

I encourage you to download a copy of the materials.