The Decision All Of Open Source Has Been Waiting For

As has been widely publicized in the industry, legal and even mainstream media, on August 13, 2008 the U.S. Court of Appeals for the Federal Circuit (CAFC) issued its decision in the closely-watched case of Jacobsen v. Katzer. In its decision, the CAFC confirmed one of the core legal assumptions upon which the entire open source world is based — namely that open source licenses are legally enforceable as licenses under U.S. copyright law. Perhaps more importantly, the CAFC’s decision also validated the ability of open source licensors to seek injunctive relief under copyright law to stop violations of open source licenses, in addition to merely being able to seek monetary damages in compensation for those violations. While the decision itself totals only 12 pages, it has potentially far-reaching implications for both users and distributors of free and open source software (and has instantly become required reading for anyone with interest or involvement in open source software licensing or compliance issues).

District Court Case

Interestingly, the Jacobsen case was originally filed as a patent infringement case in the U.S. District Court for the Northern District of California. In the case, Matthew Katzer (through his company Kamind Associates Inc. d/b/a KAM Industries) alleged that the DecoderPro model railroad software developed and distributed by Robert Jacobsen infringed U.S. Patent No. 6,530,329 (for a “model train control system”) owned by Katzer. Jacobsen responded to these allegations by, among other things, seeking to invalidate the Katzer patent on the basis of fraud. In particular, Jacobsen asserted that significant portions of the software covered by Katzer’s patent, and marketed by Katzer under the name “Decoder Commander,” were in fact comprised of code taken from Jacobsen’s own DecoderPro software. Jacobsen also brought a counterclaim against Katzer asserting copyright infringement on the basis of Katzer’s unauthorized use of the portions of DecoderPro in Decoder Commander.

The DecoderPro software is distributed by Jacobsen under the Artistic License, a well-known open source license. Jacobsen’s counterclaim alleged that Katzer distributed the portions of DecoderPro included in Decoder Commander in violation of the Artistic License by failing to comply with the attribution provisions of the license. In particular, the Artistic License requires that all original copyright notices and disclaimers on the software received under the license be preserved in any distribution of software and that any changes made by the licensee be distinguished from the software originally received under the license. Jacobsen asserted Katzer’s failure to adhere to these provisions of the Artistic License constituted an infringement of Jacobsen’s copyright in DecoderPro, reasoning that the use of DecoderPro outside of the scope of the applicable license constituted copyright infringement.

On this basis, Jacobsen moved for a preliminary injunction to enjoin Katzer from infringing the copyright in DecoderPro. However, in a decision issued on August 17, 2007 the district court surprised many by denying Jacobsen’s motion.

Conditions vs. Covenants

It is well-settled that the grant of a license to copyrighted material effectively constitutes a waiver of the licensor’s right to sue for copyright infringement, so long as the licensee complies with the conditions placed on the scope of that license. If a licensee does not remain within the scope created by those conditions, it thus follows that the licensee is infringing the copyright of the licensor and that the licensor may seek an injunction against the licensee to stop the infringing activity. A condition on the scope of a license is, however, treated differently from a separate covenant placed on the license. Rather than giving rise to the right to seek an injunction for copyright infringement, the violation of a separate covenant is treated more akin to a breach of contract and thus gives rise only to a right to seek monetary damages for that breach.

The district court in Jacobsen found that the Artistic License has a very broad scope, placing very few actual conditions on a licensee’s right to copy, distribute, and create derivative works of software provided under the license. The court found that even the use by Katzer of portions of DecoderPro in Decoder Commander did not exceed the scope of these conditions. Separate and apart from these conditions, the court found that the attribution provisions of the Artistic License instead constitute a separate covenant between the parties to the license. As a result, Katzer’s use of portions of DecoderPro without providing the required attribution to Jacobsen constituted only a violation of a separate covenant to the license and not a violation of a condition of the license itself. Thus, though Jacobsen may be subject to monetary damages for breach of these covenants, the court found that his actions did not constitute copyright infringement. As a result, the court held that it had no basis upon which to issue an injunction for copyright infringement.

Appeal to the CAFC

The decision of the district court in Jacobsen surprised many in the open source community who had long assumed that a failure to comply with the terms of an open source license such as the Artistic License would constitute a violation of the conditions on the scope of the license and thus give rise to a claim for copyright infringement and the right of the licensor to seek an injunction to stop the infringement. The decision caused concern that the court had effectively foreclosed the option of an injunction as a remedy for the violation of an open source license, leaving aggrieved open source licensors with only the far less attractive (and often far more difficult to obtain) remedy of monetary damages. The decision of the CAFC in the appeal of the district court’s finding, however, serves to calm many of these concerns.

Stating that “Copyright holders who engage in open source licensing have the right to control the modification and distribution of [their] copyrighted material,” the CAFC found that the “clear language” of the Artistic License creates conditions, and not covenants, to protect the rights of the licensor at issue under the license. These conditions, the court noted, include not only the provisions regarding the copying, distribution, and modification of the software subject to the license but also the relevant attribution provisions. In justifying its conclusion, the CAFC noted that the conditions on distribution, modification, and attribution in the Artistic License serve to create significant and direct economic benefit to the licensor under the Artistic License. The conditions are thus necessary to accomplish the objectives of the licensor and therefore must be enforced. Interpreting the provisions of the Artistic License otherwise would, according to the decision of the CAFC, render them “meaningless” by foreclosing the ability to enforce those provisions through injunctive relief.

The CAFC thus vacated the decision of the district court and remanded the case back to the district court for further consideration in accordance with the decision of the CAFC.

The Impact

While Jacobsen is focused on the language of the Artistic License, the decision of the CAFC is broadly worded and seemingly also applicable to the language of many other popular open source licenses, such as the widely used GNU General Public License (GPL) and GNU Lesser General Public License (LGPL). As a result, the decision should be viewed as a ringing endorsement of the validity of not just the Artistic License but of open source licenses in general. In addition, the decision opens the door for open source licensors under all open source licenses to seek injunctive relief for copyright infringement as a remedy for license violations.

It is also significant to note that a finding of copyright infringement gives rise not just to the option of injunctive relief, but to additional remedies as well. Under U.S. copyright law, copyright holders may in many cases also seek statutory damages (without the need to prove actual monetary damages) in the case that the infringement involves a registered copyright. Likewise, registered copyright holders can also make a claim for the recovery of attorney’s fees for copyright infringement. Depending on how Jacobsen is interpreted in future contexts, the case thus has the potential to provide open source licensors with strong additional powers to enforce their rights.

For companies that have already taken steps to comply with the open source licenses to which they are subject, the CAFC’s decision in Jacobsen should not have a significant impact. However, Jacobsen has the potential to significantly increase the risk of noncompliance with open source licenses. For those companies that have elected not to comply with open source licenses or, as is the case with many companies, have chosen to remain unaware of the open source software licenses to which they may be subject, Jacobsen should be all the incentive that is necessary to adopt and implement a sound open source license compliance program.


Heading to New York?

I will be in New York on August 8th to speak on a panel at this year’s American Bar Association (ABA) Annual Meeting. The panel, titled “Life after GPLv3: New Developments in Open Source Software Licensing” is sponsored by the ABA Section of Intellectual Property Law and is being held at 2:00 PM on the 8th at the Waldorf-Astoria.

We have structured the panel as a series of brief presentations by the panelists followed by a general Q&A session on the presentations. While the title for the panel is a bit innocuous, the presentations will cover a variety of relevant open source topics, including: GPLv3 and the GPLv3 drafting process (including differences between GPLv2, GPLv3 and other open source licenses), open source patent concerns, legal strategies for using open source software in connection with proprietary software, and issues raised by open source software under the Sarbanes Oxley Act of 2002 and other corporate regulations.

My presentation will include a brief history and update on the “BusyBox lawsuits” brought over the last year by The Software Freedom Law Center (SFLC) on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). I will be including information based both on my personal experience working with defendants in several of the BusyBox cases as well as discussions with others involved in the suits. Details on the panel and the other panelists are included below.

For those of you based in New York or headed to the ABA Annual Meeting, please let me know if you would be interested in getting together while I am in town.

2008 ABA Annual Meeting
Section of Intellectual Property Law

2:00 p.m. – 3:30 p.m.
CLE Program: Life after GPLv3: New Developments in Open Source Software Licensing.
co-sponsored by the Section of Science & Technology Law

The past year has seen significant legal developments concerning open source software licensing, most notably, the publication of the GPLv3 license, which is much more comprehensive than GPLv2 and attempts to address the changes in software law over the past 15 years, as well as initial efforts to enforce open source software license requirements in the courts. This panel will explore the new GPLv3 license, how it differs from GPLv2, the status of GPLv3 adoption and recent litigation concerning the enforcement of GPL and other open source license terms affecting GPLv3 or other open source license use.

Sue Ross, Fulbright & Jaworski L.L.P., New York, NY

Gabe Holloway, Leonard, Street and Deinard, Minneapolis, MN
Terry Ilardi, IBM Corporation, Armonk, NY
Jason Haislmaier, Holme Roberts & Owen LLP, Boulder, CO
Jim Markwith, Microsoft Corporation, Redmond, CA

BusyBox Goes Extreme

Adding to the already substantial list of lawsuits filed on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility), the The Software Freedom Law Center (SFLC) has announced today the filing of yet another suit alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL) in connection with BusyBox.  The current suit has been filed against Ethernet solutions provider Extreme Networks.  As with the previous suits brought by Andersen and Landley (against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, Verizon Communications, Bell Microproducts, Inc. and Super Micro Computer, Inc.) , the complaint against Extreme Networks alleges that Extreme makes and sells various products containing firmware in which BusyBox, or a modified version of BusyBox, is included.  Specifically, the complaint names the Summit X450 Series network switches as one of the offending products offered by Extreme.  According to the lawsuit, Extreme continues to distribute this product and others with firmware containing BusyBox without making the source code to BusyBox available in accordance with the terms of the GPL.   As the complaint notes, under the terms of the GPL, Extreme is obligated to provide the source code of the BusyBox software to recipients of products with firmware containing BusyBox.

According to the complaint, Extreme was first notified of the requirements of the GPL as early as July of 2006 by a “third party” who requested a copy of the Busy Box source code.  The complaint further alleges that the SFLC later contacted Extreme in February 2008 on behalf of the BusyBox developers and that the parties have had multiple interactions since that time in an attempt to settle the allegations against Extreme.  The complaint continues, however, that Extreme has failed to respond to the latest notice provided by the SFLC on June 26, thus prompting the lawsuit.  As with the complaints in previous cases, the complaint filed against Extreme  requests that an injunction be issued against the defendant and that damages and litigation costs be awarded to the plaintiffs.

The take away from this latest suit is fairly simple.  As the campaign of lawsuits brought by BusyBox continues to roll forward (and it appears safe to now call it a “campaign”), and as mentioned in connection with the previous BusyBox suits, product vendors (particularly in the wireless and terrestrial networking space) should take note of whether and to what extent the products distributed by their organizations (including products produced by third parties) contain BusyBox or other open source software.  And, as shown by the timeline in this and the other BusyBox cases, those vendors should take seriously any contact from the SFLC or other organizations inquiring about potential violations of the GPL or other open source licenses.

Red Hat Settles with Firestar

News out of Boston that Red Hat has settled the long-running patent infringement lawsuit filed against it by Firestar Software and a later suit filed against the company by DataTern.

Filed on June 26, 2006, the lawsuit by Massachusetts-based software vendor Firestar Software, Inc. was brought against Red Hat in connection the Hibernate 3.0 software product acquired by Red Hat through its then-recent acquisition of JBoss. In the lawsuit, Firestar alleged that JBoss and Red Hat are infringing U.S. patent number 6,101,502 (issued on August 8, 2000) through their activities relating to Hibernate. While software patent infringement lawsuits had become increasingly frequent in the world of proprietary software at the time of the lawsuit, the suit was viewed as the first of its kind relating to a widely distributed open source software product.

The specific financial and other terms of the settlement were not disclosed. However, Red Hat indicates that the settlement includes broad terms covering “all software distributed under Red Hat’s brands.”  Of particular note, the settlement also protects all “upstream predecessor versions” as well.   In addition, Red Hat indicates that the settlement protects “derivative works of, or combination products using, the covered products from any patent claim based in any respect on the covered products.” Perhaps most importantly (for shareholder of Red Hat in particular), the company indicates that the settlement is sufficient to enable RedHat (and its users) to continue to distribute its open source software products in compliance with the terms of all applicable open source licenses.

In its press release on the settlement, Red Hat indicates that the settlements leave Red Hat with one remaining patent infringement suit against it — based on a complaint filed in October 2007 by IP Innovation LLC and Technology Licensing Corp, both subsidiaries of patent troll (er, “holding company”) Acacia Media.

BusyBox is Back, Back Again

The Software Freedom Law Center (SFLC) has announced today that it has filed a new round of lawsuits on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging copyright infringement based on a violation of version 2 of the GNU General Public License (GPL). The defendants in the new lawsuits are Bell Microproducts, Inc. (dba “Hammer Storage“) and Super Micro Computer, Inc., each well-established distributors of a wide range of storage and other computer hardware products and components. These two new suits bring the total of lawsuits brought by the SFLC on behalf of the BusyBox developers to six (the previous four having been filed against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, and Verizon Communications.

The complaints against Bell Micro and Super Micro were filed on June 10, 2008 in the United States District Court for the Southern District of New York and are available online at — Erik Andersen and Rob Landley v. Bell Microproducts, Inc. d.b.a. Hammer Storage and Erik Andersen and Rob Landley v. Super Micro Computer, Inc. The complaints are similar in many respects to the complaints previously filed by filed in the Monsoon Media, Xterasys, High-Gain and Verizon suits. In each case the complaint alleges that the defendant “makes and sells various communications and hardware devices” containing firmware that contains BusyBox (either directly or in modified form). In the case of Bell Micro, the complaint specifically targets the Bell’s “MyShare HN1200 network attached storage device” and with Super Micro the complaint specifically names the “AOC-SIM1U+ IPMI 2.0 System Management Card“. Under the terms of the GPL, each complaint alleges that the defendant is obligated to provide the source code of the BusyBox software to recipients of the named products containing the firmware containing BusyBox. According to each lawsuit, Bell Micro and Super Micro continue to distribute products containing firmware containing BusyBox without source code in violation of the GPL, despite having been contacted by SFLC. Each complaints seek an injunction against each company and requests that damages and litigation costs be awarded to the plaintiffs.

It remains to be seen if the current cases will be settled out of court (as has happened in each of the prior cases brought by BusyBox to date) or continue on and become the first lawsuit alleging a violation of the GPL ever to go to trial in the U.S. Regardless, these cases signal that after a brief hiatus Eric Andersen and Rob Landley (and the SFLC) appear again to be interested in enforcing the GPL against alleged violators in court rather than pursuing out of court settlements. As mentioned in connection with the previous BusyBox suits, now is the time to take steps to identify whether and to what extent your organization is using BusyBox and other open source software and to ensure that you are in compliance with the open source software licenses applicable to that software.

Intellectual Property and Sarbanes-Oxley?

What does the Sarbanes-Oxley Act of 2002 (or “SOX”) have to do with intellectual property you ask? While these two topics have historically made for strange bedfellows, the importance of managing intellectual property assets and issues surrounding those assets under Sarbanes-Oxley is increasingly becoming a potential trap for the unwary.

Passed into law in 2001 in large response to the then-recent corporate corruption and fraud scandals involving the likes of Enron, WorldCom, HealthSouth, Tyco, Adelphia and others, Sarbanes-Oxley represents one of the most sweeping changes in U.S. securities laws in the past 70 years. In the wake of these scandals, SOX attempted to bolster investor confidence by increasing transparency and accountability in financial accounting involving public companies here in the U.S. SOX has proven, however, to be much more than a law addressing financial accounting. SOX is written broadly to trigger obligations with respect to any and all assets that have a material impact on the financial condition of a public company — including IP assets.  As intellectual property assets have come to comprise an increasingly more material part of the value of most all companies (not just “technology” companies, but all companies that rely on technology to conduct their day-to-day operations), intellectual property has come to play an ever more material role in the financial condition of those companies. As a result, intellectual property assets and the management of those assets and issues relating to those assets has (and will continue) to pose an increasingly more important issue with respect to SOX compliance (notably, even as to companies for which it has not posed an issue in the past). While the issue of SOX and IP will be front and center for public companies, even private companies that plan in the future to become publicly traded or that are planning an exit by merger or acquisition with a public company, should be wary of the potential risks posed by IP under SOX.

Earlier this week I covered this topic and discussed the growing importance of the management of intellectual property assets under Sarbanes-Oxley in a presentation at the 2008 Intellectual Property Institute in Denver. I had the pleasure of sharing the stage for the presentation with Dean Salter, one of my partners at Holme Roberts & Owen and truly the “dean” of the Denver securities law community. As usual when presenting with someone of Dean’s stature, I probably ended up taking away from the presentation just about as much as I contributed. The materials from the presentation are available online if you would like to read more about this topic. We will also be giving the presentation as a webinar later this year. Stay tuned for details.

OSBC 2008 Presentations Online

Last week marked the completion of another very successful Open Source Buinsess Conference (OSBC) in San Francsico.  Presentations from OSBC 2008 are now online.

Included among those presentations is my presentation on Putting Open Source Compliance to Work (On Your Own Terms).  The presentation covers a lot of ground, but is focused on providing companies that use open source software with tools to deal with the increasing level scrutiny of open source that has arisen with the ever-widening variety of roles in which open source software is being put to work by those companies.  Among the examples of this increased scrutiny, the presentation covers:

— The BusyBox lawsuits brought by the developers of the BusyBox open source utility against Monsoon Media, Xterasys, High-Gain and Verizon based on alleged violations of version 2 of the GNU General Public License (GPL);

— Renewed open source license enforcement by Project in Europe against Skype and others;

— Enforcement of software patents against open source software in cases involving RedHat and Novell; and

— The increasing trend of disclosures around open source usage and liability made by public companies in their filings with the SEC.

The presentation makes the point that companies that are not taking steps to implement open source compliance measures on their own terms are increasingly finding themselves being required to comply on terms set by one of these other groups.  The presentation discusses tools companies can use to put open source compliance to work on their own terms to address this changing source enforcement landscape, including:

— Strategies to address increased diligence and scrutiny from customers, investors, shareholders and others;

— Tools to evaluate the changing risks posed by open source;

— Current best practices for implementing compliance measures to address open source compliance risks; and

— Techniques for taking open source compliance efforts beyond merely risk mitigation to help add value to your business.

I encourage you to download a copy of the materials.