Thursday, July 24, 2008

Who Has a Shaky Foundation?

The commercial software licensing business as we now know it started with the move from mainframe computers to affordable personal computers and has been around for at least 20 years. Similarly, open source licensing as we now know it arguably started with release of version 2 of the GPL just a few years later.

Even though these software license and distribution models have been in effect for roughly the same period of time, "conventional wisdom" (the Freakonomics definition) appears to be that the proprietary software license model is built on a solid legal foundation, while the open source model is filled with legal uncertainty. Recent developments on the legal front for both business models remind us that these stereotypes often do not hold true.

The open source community has had a recent string of recent "wins" giving it more credibility from a legal perspective. The continual flow of BusyBox cases, including the recent initiation of an action against Extreme Networks and settlement with Super Micro Computers, Inc., has shown that the GPL can be readily enforced, particularly in cases where GPL-covered code can easily be tracked and where the nature of the software requires the type of linking or integration that would create a derivative work or modification.

In addition, Red Had recently settled a patent dispute and showed that it is possible to successfully negotiate a patent license that protects the open source community as a whole. Both Red Hat's explanation of its strategy, and Mark Radcliffe's analysis of the license terms are fascinating reading for anyone who wants to see the gory legal details that go into making open source work for everyone.

By contrast, a recent case in U.S. Federal District Court in Seattle illustrates that the very foundation of the proprietary license model is still subject to uncertainty. In Vernor v. Autodesk, Autodesk found itself on the losing end of the court's interpretation of the "first sale doctrine," a principle in copyright law that permits purchasers of a copy of a copyrighted to distribute that copy without obtaining additional permission. Another implication of the first sale doctrine is that copyright holders cannot use license agreements to control distribution of copies of their work in perpetuity.

While this Autodesk case was decided in a district court, at least two U.S. Courts of Appeals have made similar rulings, and some others have yet to address the issue directly. The difference in opinion between the Circuit Courts has not been addressed by the U.S. Supreme Court. As another indication of the momentum behind this view, William Patry, Senior Copyright Counsel for Google and author of one of a highly respected legal treatise on copyright law, stated in response to the Vernor decision that to permit a license to circumvent the first sale doctrine "is an absurd position to me, and in such cases, federal courts should take a common sense view of the transaction in order to avoid abolition of the first sale doctrine".

The first sale doctrine is consistent with some of the basic principles of open source, but it does not provide the same level of freedom that copyleft and other open source licenses provide. As a result, the Vernor decision isn't likely to impact the open source model directly.

Instead, the important message here is that no matter how exciting the successes they enjoy or how dire the challenges they face, both the open source and proprietary software license business models as we know them today have solid legal foundations and will certainly survive.

Wednesday, July 23, 2008

Silicon Valley Cocktail Party Small Talk

Whether you scan the newspaper headlines once in a while as you pass the newsstand, or multitask with NPR in your headphones, New York Times RSS feeds to your laptop and CNN Headline News ported to your mobile phone via Slingbox, it's important to have a few interesting tidbits of recent information readily at hand if you happen to attend a cocktail party or other social gathering.

While the subject of open source software might not be the key to climbing the social ladder in many places, it would be a clear hit in Silicon Valley Extended (e.g., beyond the San Francisco Bay Area to include the Raleigh-Durham Research Triangle, Bangalore, India and other places that live and breath technology). With that in mind, here is a list of 5 important issues in open source that will likely continue to heat up over the coming months (in no particular order) and that are worthy of discussion with your tech colleagues:

1. Security of Open Source Software. When Fortify Software released its report on security in the open source software industry, it created an immediate reaction. Fortify noted that typical community open source development models and projects often do not incorporate the types of security safeguards that enterprises like to see. It was a critique of process more than security features of the software itself. While the underlying message was sound, it created an immediate reaction from (a) the open source development community, which took issue with the implication that open source software is not secure (in fact, a pillar of open source adoption has always been that it is more secure precisely because it is open and subject to constant testing), and (b) anyone else who wanted to spread fear, uncertainty and doubt ("FUD") about the open source industry. Commentators like Dana Blankenhorn recognized the overreaction by the media and others in their blog posts. Bottom line: While open source software processes are not always at the level of security typically employed by enterprises, the software itself is largely secure, and likely more secure than its proprietary counterparts.

2. Cloud Computing. Cloud computing is the availability and use of computing resources over a network when the actual machines used for processing tasks are not specifically identified ahead of time and are reassigned frequently. One fear for users of cloud computing (like Amazon's EC2 offering) is that the cloud will break and the one vendor that controls it will not be able to fix it. Even worse, user data will be stuck in the cloud. Classic vendor lock-in. As noted by the 451 Group, many believe that an open source cloud platform would reduce these risks and a number of alternatives to Amazon and the other big name cloud vendors. Bottom line: As in all other segments of the software industry, cloud computing vendors need to be aware of the disruptive capabilities of open source.

3. Mobile Infrastructure. Apple has been getting virutally all the buzz in the mobile market because of its release of iPhone 3G. While the closed nature of the iPhone's architecture has drawn heated criticism from the Free Software Foundation, it has gotten at least a temporary pass from the type of widespread critical commentary you might expect from others in the open source community. In parallel, the open source community is looking forward to LiMo and Android as the first true open source alternatives. Out of nowhere, Nokia's recent acquisition of the outstanding stake in the Symbian mobile operating system added even more strength to the mobile open source movement. In addition to the platform, we also have companies like Funambol, which has already brought a level of freedom to the mobile market that was previously unheard of. Bottom line: Open source will see rapid adoption in mobile, and they are just now getting their ducks in a row.

4. Virtualization. The recent emergence of virtualization technology presents a significant challenge to open source licensing. Virtualization enables the creation of software appliances, which combine software components into a finely tuned package. According to rPath, a one of the thought leaders in software appliances, virtualization can be used to combine operating systems, open source software and proprietary software into a single package without violating open source license obligations or subjecting proprietary code to copyleft. While the legal analysis is too new to have been well tested, it is easy to foresee scenarios in which virtualization is used to avoid they types of product interaction that would have been deemed a modification or derivative work of an open source work, and be subject to copyleft. Bottom line: The industry is just now starting to apply deeper levels of creativity in how virtualization is used, and the impact on all types of software license models, including open source, needs to be carefully considered on a case by case basis.

5. Standing to Sue in Open Source. From the open source perspective, one of the biggest limitations on enforcement of copyleft open source licenses is that the entire responsibility of enforcement falls on the copyright holder. If the copyright holder either doesn't want to pursue a license violation, or doesn't have the resources to do so, no one else can undertake that responsibility on behalf of the community. An enforcement mechanism that enables community members who lose access to source code that otherwise would have been available would solve this problem, but this would likely require a change to the copyright statutes themselves. Another option would be for the open source community to use its collective influence to urge copyright holders to either enforce their rights, or assign them for others to enforce. Bottom line: Nothing is likely to change any time soon on the legislative front, but a community body might be able to find alternative means of enforcement.

BONUS


6. Software/Platform as a Service. GPLv2 and v3 are extremely effective in applying copyleft to software distributed in the standard ways (through online download or on physical media). These licenses, however, have no effect on software used solely over a network connection without any distribution. The Affero GPL was created specifically to address SaaS and PaaS models by applying copyleft to software accessed over a network. The Affero GPL has seen modest adoption (125 projects, according to Palamida ), and Funambol CEO, Fabrizio Capobianco has been a fantastic advocate for the license including by adopting it for Funambol open source projects. Bottom line: With the growth of SaaS/PaaS, coupled with the growth of open source, more service providers will take a serious look at AGPL, which will likely increase adoption.

Please share your thoughts on the key trends in the technology industry that will impact the open source world.