GPL Enforcement, Frogs & Funny Hats

The GPL has become the most popular of open source licenses in large part because of its "copyleft" status. Not only does it virally attach to software code, but it automatically terminates if its source code distribution obligations are not honored. The severe consequences of breach, along with community pressure for compliance are strong deterrents to violations that would require enforcement measures. Even so, every open source company using GPL will be faced with GPL violations and must carefully consider both when enforcement is appropriate and what factors should be weighed as part of that decision.

To those open source companies that assume GPL enforcement is always the quickest, best strategy, I quote the great open source guru Homer J. Simpson: "you're living in a world of make-believe! With flowers and bells and leprechauns and magic frogs with funny little hats." Yes, it's true that enforcement serves a critical function. Not only does it prevent abuse of open source code on a case by case basis, but it also upholds the legitimacy of the GPL as a license vehicle and meets the community's expectations of its fellow members.

On the other hand, enforcement is not a panacea. The community might view inconsistent enforcement as arbitrary and self-serving, or it might have different views on what a company's enforcement priorities should be. In addition, enforcement actions might actually slow the adoption of open source in proprietary companies. A great recent example of this type of unintended consequence is the discussion arising from the recent string of settlements related to the Busybox GPL enforcement cases. Though widely criticized by a number of open source commentators, intellectual property attorney Edmund Walsh wrote an article in which he analyzed these cases and concluded that "for-profit companies [have] new reasons to re-evaluate the ways in which they use open source software as well as the extent to which they use it."

Open source companies should also consider strategic non-enforcement as an option, or take a further step and grant limited exceptions to open source licensing (assuming the company controls adequate IP rights). Among the benefits of these approaches is the ability to encourage specific types of partner and end user activities that would have been difficult to otherwise achieve without radically altering a dual license strategy. However, these approaches should be used with caution because they can easily backfire. The community might view this type of manipulation of open source strategy as counter to open source philosophy. It also could lead to end users using the software in unanticipated ways that negate the perceived or realized benefits of the approaches.

The moral of the story is ... as you consider your options with respect to enforcing the inevitable GPL violations that all open source companies face, avoid the frogs with funny little hats!

Speak to the Government in Language it Understands

Last week Matt Asay explored the downside of governments legislating open source use, and the theme was extended by Dana Blankenhorn who pointed out that the migration to open source must be evolutionary rather than something stipulated to occur at a point in time. Matt went further this week by highlighting the EU's recent message to its member countries urging them to use more open source, with the very astute observation that the tactics of advocacy and persuasion are likely to be more effective than legislation. The time is right to explore strategies for accelerated government adoption of open source.

In essence, the debate on how best to accelerate government adoption of open source has boiled down to whether to dictate use through legislation, or persuade governments through the same grass roots persuasion used for years by the open source community. In my opinion, we should not discount the value of the right kind of legislation, which can accentuate the positive aspects of the types of community persuasion that have been so effective. An ideal approach would be to create legislation that encourages the government to make procurement decisions based on criteria indicative of high-quality open source products and projects.

To explain what I mean, think of Section 508. Section 508 is a US federal law requiring government agencies to consider accessibility factors when purchasing IT products. Federal procurement rules implementing the law provide more details on the specific types of factors to be considered. In short, the government is not permitted to purchase software or hardware that does not meet its minimum accessibility standards (such as for use by blind or motion impaired workers or members of the public who access government information) unless choosing a fully accessible product over a less accessible product would create an undue burden.

Applying this idea to open source, we should start by identifying the procurement criteria that are the most advantageous to open source products and projects. Lower cost is clearly a primary factor for enterprises in determining when to convert from proprietary to open source. After a recent tour of several Fortune 100 comanies, Zack Urlocker of Sun/MySQL noted that the current weakness in the economy appears to be enhancing the effectiveness of the "cost savings" sales pitch.

While the same economic benefits will be attractive to governments, the unique nature of government services means that other factors will be at least as important if not moreso. Fortunately, the conventional wisdom is that the open source development model, as compared to the standard proprietary model, results in quicker development times, higher-quality features, features more relevant to end users, better scalability, more customizable products and more secure products (which is particularly important to agencies like the US Department of Defense). This is something that open source companies already do in their data sheets, white papers and savings calculators to convince commercial customers that purchasing open source is a good idea.

In order to make this kind of legislation happen, the open source community would have to muster its resources and undertake a significant lobbying effort. Even if it's not successful in creating new procurement rules or legislation, this type of unified effort would possibly be the best marketing campaign in the history of open source. In any case, an emphasis on the right kind of legislation could accelerate the typical grass roots marketing efforts and sales pitches.

Governments Dive Into Open Source: How Deep is the Pool?

Over the last few years we have seen a steady wave of news stories, blog postings and seminars have been telling us that the government is making a big splash by making open source IT solutions a priority. No doubt the rising tide of open open source will reach government just as it is reaching the rest of the software industry ... as Mark Radcliffe put it, open source is the Borg and resistance is futile! Even so, constituents have felt few drops from the splash that open source software has made, particularly here in Silicon Valley where it might be expected to be more prevalent. Consider this:

• Municipal/City Government - I live in San Jose, California, a city that proclaims itself the “Capital of Silicon Valley”, is home to some of the world’s largest technology companies, and host to an innovative festival combining technology and the arts. These high-tech credentials have not translated into adoption open source. In fact, the city rejected a 2008 proposal to ease budget pressures through the adopting lower cost open source software on the grounds that it would have limited impact and was inconsistent with other strategies.

• County Government - As far as I can tell, Santa Clara County, which includes the City of San Jose, has not adopted or even significantly considered the adoption of open source software on any meaningful scale.

• State Government - California, to its credit, is one of several states that seems to have made the adoption of open source a priority. Not only did the State formally authorize a search for open source replacements to proprietary software but, as Matt Asay has highlighted, the CIO for the California Air Resources Board has encouraged his staff to use open source software in any way possible. Other states have even gone so far as to propose legislation requiring the consideration of open source alternatives in any IT procurement.

• Federal/National Government - The US Federal Government has seen a steady increase the use of open source over the last several years, and this has been a regular topic of discussion by open source commentators such as open source commentators. The Department of Defense in particular has invested a great amount of resources into open source and has made significant efforts to reach out to the open source community.

• Regional/Continental Government - The open source movement has touched even higher levels of government. As the most prominent example, the European Union is probably the single biggest adopter of open source, with a pipeline of open source priorities that will likely keep the EU ahead of the curve for years to come.

These anecdotes are just a sampling of the type of news constantly swirling about government adoption of open source. While open source almost certainly is being utilized in critical government infrastructure and other ways that are not readily discernable to people other than IT administrators, all levels of government can do more to grab the wave of unique value that open source software provides and apply it in ways that better serve its constituents. Some governmental bodies, such as the EU and its member states, seem to have jumped into the deep end of the pool. (Matthew Aslett at the 451 Group recently embarked on an open source tour of Europe that has resulting in intriguing insights on the status of open source in Europe as a whole as well as specific countries including Austria, Switzerland, Romania and Russia.) In the meantime, governmental entities here in Silicon Valley continue to splash in the kiddie pool, or choose not to get wet at all. With some prominent exceptions of specific agencies that are clearly in the "deep end", the federal government and various states are wading in deeper pool waters, but no further than their feet can touch.

In my next post, I'll discuss some thoughts on a framework for government open source adoption that avoids the pitfalls of mandating it through legislation.

Relationships Matter

After a couple of postings focused on the state of the open source business, I would like to pick up the theme of earlier postings concerning fundamental legal considerations for open source businesses.

Good businesses are built on good relationships ... relationships with customers, partners, and employees. Open source companies have another important relationship to consider ... the community. In the spirit of the old adage "good fences make good neighbors," contracts, instead of wood or brick, help keep good relationships from going bad. While contracts are well accepted in customer, partner and employee relationships, they are not as effective in a community relationship. Whether through contracts or other means, open source companies must address the unique demands they face in balancing their profit motives with open source ideals.

The most fundamental of all business relationships is between vendor and customer, and standardized contracts are a well-accepted means of describing the expectations of these parties. While the commercial contracts of open source companies are generally the same as for proprietary companies, certain virtues of the open source development model allow open source companies to sidestep or minimize the many traditional commercial software contract clauses. For example, the availability of free software before purchase often makes customers less worried about issues like evaluation licenses, performance and ownership warranties, broad indemnification rights, and licensor liability obligations.

Partner relationships of all sorts (marketing, distribution, inbound licensing, joint development, etc.) also are commonplace in the open source business and typically addressed through standardized contracts. Because partners, like customers, can get the value of open source software without paying for it, open source companies must present additional value (such as marketing or referral benefits) compelling enough to entice partners to enter into agreements that provide adequate protection. Specific clauses might include prohibitions on forking the code or creating an unauthorized solution, or an obligation that a partner's solution must always be available under an open source license.

Employees are the most important assets of any technology business. As a result, employment agreements, related agreements governing ownership of inventions created by employees, and confidentiality agreements are regularly used. The traditional templates for these types of agreements are, however, at odds with the open source ideals of community participation because employees of open source companies are also members of the community. As a result, open source companies must challenge themselves to rethink the traditional scope of employer ownership rights and level of oversight in employee participation in outside projects and implement appropriate legal agreements and company policies. This type of flexible approach also has the benefit of being a great tool for recruiting potential employees from the community.

A community relationship is different than the other relationships above in that an open source company can't rely on a contract to set expectations ... the community has no single point of contact that can enter into contracts, and the relationship is based on a constantly evolving application of open source principles as well as trust established over time. However, a company's contributor agreement, the one important community-oriented legal agreement, should reflect community ideals such as by granting contributors joint ownership or broad usage right in contributed code. The community also looks to a company's position on patents as an indication of open source friendliness so a carefully considered patent policy is important see my previous post on patents for more on that). In general, open source companies need to establish a clear business strategy that incorporates open source principles, and be able to clearly and tactfully articulate why the community should accept a particular business decision even when it might conflict with open source ideals. Decisions as to when and how to enforce violations of open source licenses, or when to introduce closed source code into an open source solution are among of the most difficult for the community to accept, but a strong community relationship will help.

Each of these 4 relationships are vital to the success of an open source business. While contracts can play a primary role in open source companies and their customers, partners and employees being "good neighbors," the community relationship, by its very nature, is less predictable and requires trust along with the proper balance between sincerity in honoring open source principles and conviction on business strategies that might be seen as contradicting open source values.