Red Hat Settles with Firestar

News out of Boston that Red Hat has settled the long-running patent infringement lawsuit filed against it by Firestar Software and a later suit filed against the company by DataTern.

Filed on June 26, 2006, the lawsuit by Massachusetts-based software vendor Firestar Software, Inc. was brought against Red Hat in connection the Hibernate 3.0 software product acquired by Red Hat through its then-recent acquisition of JBoss. In the lawsuit, Firestar alleged that JBoss and Red Hat are infringing U.S. patent number 6,101,502 (issued on August 8, 2000) through their activities relating to Hibernate. While software patent infringement lawsuits had become increasingly frequent in the world of proprietary software at the time of the lawsuit, the suit was viewed as the first of its kind relating to a widely distributed open source software product.

The specific financial and other terms of the settlement were not disclosed. However, Red Hat indicates that the settlement includes broad terms covering “all software distributed under Red Hat’s brands.”  Of particular note, the settlement also protects all “upstream predecessor versions” as well.   In addition, Red Hat indicates that the settlement protects “derivative works of, or combination products using, the covered products from any patent claim based in any respect on the covered products.” Perhaps most importantly (for shareholder of Red Hat in particular), the company indicates that the settlement is sufficient to enable RedHat (and its users) to continue to distribute its open source software products in compliance with the terms of all applicable open source licenses.

In its press release on the settlement, Red Hat indicates that the settlements leave Red Hat with one remaining patent infringement suit against it — based on a complaint filed in October 2007 by IP Innovation LLC and Technology Licensing Corp, both subsidiaries of patent troll (er, “holding company”) Acacia Media.

Intellectual Property and Sarbanes-Oxley?

What does the Sarbanes-Oxley Act of 2002 (or “SOX”) have to do with intellectual property you ask? While these two topics have historically made for strange bedfellows, the importance of managing intellectual property assets and issues surrounding those assets under Sarbanes-Oxley is increasingly becoming a potential trap for the unwary.

Passed into law in 2001 in large response to the then-recent corporate corruption and fraud scandals involving the likes of Enron, WorldCom, HealthSouth, Tyco, Adelphia and others, Sarbanes-Oxley represents one of the most sweeping changes in U.S. securities laws in the past 70 years. In the wake of these scandals, SOX attempted to bolster investor confidence by increasing transparency and accountability in financial accounting involving public companies here in the U.S. SOX has proven, however, to be much more than a law addressing financial accounting. SOX is written broadly to trigger obligations with respect to any and all assets that have a material impact on the financial condition of a public company — including IP assets.  As intellectual property assets have come to comprise an increasingly more material part of the value of most all companies (not just “technology” companies, but all companies that rely on technology to conduct their day-to-day operations), intellectual property has come to play an ever more material role in the financial condition of those companies. As a result, intellectual property assets and the management of those assets and issues relating to those assets has (and will continue) to pose an increasingly more important issue with respect to SOX compliance (notably, even as to companies for which it has not posed an issue in the past). While the issue of SOX and IP will be front and center for public companies, even private companies that plan in the future to become publicly traded or that are planning an exit by merger or acquisition with a public company, should be wary of the potential risks posed by IP under SOX.

Earlier this week I covered this topic and discussed the growing importance of the management of intellectual property assets under Sarbanes-Oxley in a presentation at the 2008 Intellectual Property Institute in Denver. I had the pleasure of sharing the stage for the presentation with Dean Salter, one of my partners at Holme Roberts & Owen and truly the “dean” of the Denver securities law community. As usual when presenting with someone of Dean’s stature, I probably ended up taking away from the presentation just about as much as I contributed. The materials from the presentation are available online if you would like to read more about this topic. We will also be giving the presentation as a webinar later this year. Stay tuned for details.

“Lawyering Skills” Courtesy of the U.S. Supreme Court

For those of you who have not yet seen this (and I was one of you until earlier today), Bryan Garner, the founder of LawProse and the editor-in-chief of Black’s Law Dictionary (as well as a fantastic version of the Official Rules of Golf), has recently conducted a series of interviews with of the Justices of the U.S. Supreme Court (with the notable exception of Justice David Souter) regarding legal writing and other lawyer skills.  Garner is truly one of the definitive authorities (if not the definitive authority) on legal writing and legal usage of the English language (and, yes, he is a major proponent of the use of plain English in the law and legal writing).  He brings great depth and background to the interviews.  The interviews are available online on the LawProse web site.  I encourage you to take a look.

Cert denied on In re Seagate

A quick update on a previous post regarding In re Seagate Technology LLC. In Seagate, the Court of Appeals for the Federal Circuit CAFC expressly overturned prior precedent and raised the standard for determining whether a patent infringement is willful from one requiring an “affirmative duty to exercise due care to determine whether or not [one] is infringing” if one is merely on “actual notice of another’s patent rights” to a far higher standard requiring “objective recklessness.” In doing so, the CAFC effectively raised the bar for a finding of willful patent infringement to a substantially higher level than the previous standard of mere negligence, thus making it more difficult for a patent holder to prove a claim for willful infringement.

While the decision on willful infringement in the Seagate case was significant (some even called it “seismic“), the Seagate case itself had been appealed to the U.S. Supreme Court, leaving the door open to a potential reversal or modification of the decision. However, on February 25th, the U.S. Supreme Court denied a petition to review the Seagate case (including the decision on willful infringement). While not carrying the same weight as an actual decision by the Supreme Court, the denial affectively serves to establish the standard of “objective recklessness” as the law of the land.

Many have gone so far as to say that this decision now removes the affirmative obligation that a patent infringement defendant have obtained an opinion from competent legal counsel before initiating possibly infringing activity. Whether this actually proves to be the legacy of Seagate still remains to be seen. However, at minimum, the decision by the Supreme Court cements Seagate as yet another step in the further judicial reform of patent laws here in the U.S.

For more information on the case, see Convolve Inc. v. Seagate Technology LLC (U.S., No. 07-656, review denied 2/25/08) .

IP “Crash Course” Online

Thanks to the sponsorship of Silicon Flatirons, TechStars, the Longmont Entrepreneurial Network (or “LEN” for short), and Colorado Capital Group we were able to put on a great Intellectual Property “Crash Course” for Entrepreneurs presentation at the end of last month before a standing-room-only crowd at the University of Colorado School of Law. Thanks to all of you who attended the event (especially those who had to sit in the aisles or stand during the presentation)!

As I mentioned during the event, the presentation was recorded. While I had hoped to have had the audio portion of the presentation online by now, we are still working to have the audio synchronized with the slides before posting. Since many of you have been (patiently) waiting for the presentation to be posted online, I have gone ahead and posted a copy of the slides to this site. I am hoping that this will suffice until we can get the audio synchronized and uploaded. Please stay tuned for the audio — and thank you for your patience. ;-)

BSC SaaSy Slides Online

Albeit a bit belatedly, I would like to thank the Boulder Software Club and my co-presenters Kirk Holland (General Partner at Vista Ventures), Don Hazell (EVP Worldwide Sales and Field Operations at Rally Software) and Jim Pollock (President of AWhere Inc.) for helping to put together a great event on The Challenges of Software as a Service (SaaS).  We ended up having a super turnout for the event, even on a snowy night here in Boulder — so super that I am told we set an attednence record for the Boulder Software Club.  In addition to a background on SaaS in general, the presentation covered a broad swath of topics, including revenue models, platform design, R&D,  sales and compensation, marketing, support, partnering opportunities, distribution channels, valuation and funding, exit scenarios and (yes) legal issues too (although legal issues were far from the main focus of the presentation).  It seemed that everyone came away from the event with a lot of new knowledge, ideas and perspectives on the topic of SaaS (I know I did).  For those of you who have been looking for the slides from the presentation (the audio was not recorded as far as I know), you can find a copy online at the Boulder Software Club web site.

McAfee Issues Risk Factor Over Open Source Licenses

Computer security firm McAfee has included a risk factor in its most recent annual report filed last month with the Securities and Exchange Commission (SEC) warning investors of potential risks posed to the company by “ambiguous” license terms governing open source software used in McAfee products. The report notes that “despite having conducted the appropriate due diligence,” these ambiguities “may result in unanticipated [licensing] obligations regarding our products. ” As the report puts it, “to the extent that we use ‘open source’ software, we face risks.” These are interesting comments indeed from a company more accustomed to issuing warnings about the dangers posed by software viruses and bugs to other companies.

McAfee appears to be particularly concerned with the terms of version 2 of the GNU General Public License (GPL), by most measures the most prevalent open source license in the world today. McAfee acknowledges use of open source software under the GPL in its annual report and notes that it perceives that there are risks posed by the fact that “the scope and requirements of the [. . . ] GPL have not been interpreted in a court of law.” They also, however, appear to acknowledge a broader scope of open source usage, indicating that “other forms” of open source software licensing present license compliance risks to McAfee which “could result in litigation or loss of the right to use this software.”

While not noted specifically in the annual report, the reference to “litigation” appears to have been prompted by the recent spate of lawsuits filed by the Software Freedom Law Center (SFLC) on behalf of its clients Erik Andersen and Rob Landley (the two principal developers of the BusyBox open source utility) alleging violations of the GPL. These suits, brought against Monsoon Multimedia, Xterasys Corporation, High-Gain Antennas, and Verizon Communications, represent the first lawsuits brought in the US to enforce the GPL (click here and here for more information about these cases). As a user of software licensed under the GPL, it appears from its annual report that McAfee considers the potential for additional suits by the BusyBox developers (or suits by the owners of other open source software used by McAfee in its products) to pose a potentially material risk to the company. Note that McAfee has also at times been an outspoken critic of open source software and the role they claim it plays in assisting hackers in the development of bots and other malware. Whether McAfee has come to perceive itself as a larger target for such suits as a result of these statements is not mentioned in their annual report.

Of course, McAfee is not the first company to include a cautionary statement regarding open source software or open source licensing in their SEC filings. For example, as InformationWeek notes in an article about McAfee, DVR-maker Tivo warned investors in its 2007 annual report that it may have to discontinue using open source software in its products due to concerns about the GPL. Likewise, many proprietary software companies have made references in their SEC filings to the risks posed by competition created by open source software. In particular, Microsoft created a stir when it noted in a prospectus filed in 2003 that, “the popularization of the open source model continues to pose a significant challenge to our business model.” McAfee itself has also included competition-related open source risk factors in previous filings, and includes one again in another section of its current annual report, warning of increasing “competition from numerous smaller companies, shareware and freeware authors and open source projects” that are developing competing products to those of McAfee.

While not unprecedented, the current filing by McAfee underscores the fact that the BusyBox cases (and the potential for other lawsuits like them) represent a series of changes ongoing in the open source software license enforcement landscape. The fact that McAfee has seen fit to include a risk factor in its annual report regarding the potential risks posed by cases such as these is a good example of how open source compliance practices are beginning to evolve to address these changes. As I have mentioned in the past, now more than ever, companies that do not take note and move to evolve their open source compliance practices to address these changes on their own terms will increasingly find themselves being required to do so on terms imposed by others. McAfee, it would appear, is not content to wait for this to happen.