Friday, April 16, 2010

Breaking the International Log Jam: Cloud Computing and Open Source

Possibly the biggest challenge to the continued maturation of the open source and cloud technology industries is inconsistency in the treatment of legal and other issues across international borders. Great progress has been made on this front in the open source context both through community efforts, and by greater legal certainty from court decisions, legislation and government policies. While the cloud will benefit from the growing international consensus on open source, it differs in ways that create important limitations. We need a new international legal consensus for these technologies to continue their rapid evolution.

A. Open Source

Examples of the emerging international consensus on the validity of open source principles are becoming more common. Till Jaeger, a German attorney affiliated with the gpl-violations.org project, recently published an article on Groklaw entitled, "Enforcement of the GNU GPL in Germany and Europe." What I found most striking is that both the types of issues arising in Germany, and the manner in which they are adjudicated and resolved in Germany have direct parallels with the United States. In fact, I recommend this article as an excellent educational tool or refresher on the specific aspects of GPL most likely to lead to compliance issues whether you are in the U.S., Europe or elsewhere.

The consensus is also evident in that governments are increasingly accepting, or even adding preferences for, open source as part of their procurement policies.  For example, in 2009, the United States State Department and President Obama's Administration made headlines in the IT world for making open source prominent parts of their IT objectives. Roberto Galoppini also recently reported on a ruling by the Italian Constitutional Court finding that an Italian state law preferring open source is acceptable under Italian law.  All these factors show that open source is becoming mainstream with remarkable consistency in treatment across international boundaries.

B. Cloud

At first glance, the growing international consensus on the legalities of open source and the tight link between the open source and cloud technologies would seem to indicate that the cloud will achieve similar consensus. Take the Affero GPL as an example: the license is both nearly identical to the familiar GPL, and is specifically targeted for the proliferation of technology in a cloud and networking context. Unfortunately, minor differences between the Affero GPL and the standard GPL require a significant rethinking of how terms like "conveyance," "distribution," "derivative work," "corresponding source code" and other should apply in a cloud context.

The cloud also lacks international consistency in other ways too. Summarizing a 451 Group analysis, Charles Babcock at InformationWeek notes that U.S. investors appear to invest more money in cloud computing than their European counterparts, and the technology infrastructure for the foundational elements of cloud computing are not as mature in Europe as in the U.S. These impose practical challenges to the growth of the cloud computing infrastructure in Europe.

Differences in the U.S. and Europe legal environments potentially present an even bigger barrier. The 451 Group analysis also notes that the U.S. and Europe fundamentally differ in how they regulate data protection. As but one example: the U.S. Patriot Act, emphasizes the government's ability to access information under certain circumstances; whereas, the European Union Data Protection Directive emphasizes the rights of individuals to privacy and protection of their personal information. While these purposes do not necessarily conflict, they clearly are not aligned enough to claim any kind of consensus on how to handle data in a cloud environment.

C. Possible Solutions

We are nearing the time when cloud computing will become so fundamental to our use of technology that we need a set of legal principles, not just technical standards, that ensure broad access to data across international boundaries while also ensuring protection of intellectual property in a manner that promotes innovation and investment regardless of jurisdiction. Possibly the best model from which to start is the Berne Convention for the Protection of Literary and Artistic Works. Though the scope of adoption of the many clauses of the Convention has varied over the more than 100 years since its inception, the Berne Convention represents a broad consensus and acceptance of a core set of basic principles in copyright protection, which are largely consistent between the more than 160 signatory countries.

The same type of international discussion should focus on principles of validity and enforcement of open source agreements like the Affero GPL, as well as address appropriate measures for data portability while preserving data protection standards. The U.S., Europe and other jurisdictions should strive to reach at least a basic consensus on these issues in much less time than the 100+ years for the Berne Convention to reach its current level of maturity. The pace of change in cloud technology and our reliance on the cloud will face meaningful limits sooner rather than later. The growing international consensus on how to apply basic legal principles to open source in a consistent manner should serve as a model for achieving consensus over cloud issues.

Friday, April 2, 2010

Truth in Open Source Advertising

"Open core" has attracted a bit of controversy recently. Commentators have questioned the viability of open core as a meaningful product strategy and whether it differs from traditional product strategies. Regardless of how this debate is resolved, the discussion illustrates why software vendors employing any type of open source model need to pay particular attention to the way they market open source. The impact of using terms like "open" and "open source" could soon extend beyond the development community to include legal ramifications.

A. What is Open Core and Why the Debate?

Open core is a product delivery strategy that combines a core set of open source functionality with an added set of proprietary functionality. This strategy has been widely discussed over the last 2 years both to define what it is, and whether it has any value to software vendors and customers. Most recently, the discussion has shifted to a debate between two points of view:

(1) Open core is meaningful because it allows software vendors to develop software at a lower cost.

(2) Open core is nothing more than a twist on the traditional freemium model used by software vendors for years, and even if it lowers vendor costs it does not create additional value for customers. In addition, the open core strategy might be weakening as the industry evolves.

B. Vendors Must Use the Term "Open" With Care

While the debate over the viability of the open core strategy is interesting, it points to a larger issue that software vendors should be clear on how and why they use terms like "open" and "open source. Failure to do so could squander goodwill with the development and open source communities, and even make them more susceptible to risks like false advertising claims.

The terms "open" and "open source" have evolved from a set of almost religious principles espoused by non-profit organizations like the Free Software Foundation and the Open Source Initiative, to marketing buzz words, and the result is that these terms mean different things to different people. For example, Matthew Aslett recently noted that "[a]s more and more proprietary software vendors, and software service providers have engaged with open source development, the concept of an 'open source vendor' has become meaningless." Brian Prentice of Gartner recently explained another example of this change - open core providers are including end users and resellers in their definition of "community," which traditionally consisted only of developers who might participate in an open source project.

Questions on the meaning of these terms extend beyond the open core context to the open source world at large. Even GNU/Linux users are beginning to wonder what "open" means given that many versions of the open source operating system contain a significant amount of non-free software both in the kernel and in surrounding component.

C. Becoming a Substantive Legal Issue?

Traditionally, software vendors that abused the use of terms like "open" and "open source" only had to fear backlash from the very community they were attempting to leverage. The open source development community would punish these vendors by notifying the world of these vendors' non-open practices on blogs and message boards, which would result in lower community participation in sponsored projects.

Now, however, more proprietary vendors are vested in the open source business and are looking for ways to look more open and advertise their openness more aggressively. Software vendors clearly see a marketing advantage to using terms like "open" and "open source." With more money at stake, the competitive nature of this marketing could bring more scrutiny from competitors.

Competitors in the technology industry have long uses fair advertising laws to raise doubt over marketing claims as an indirect means of competition. In the United States, for example, they use rules and policies of the Federal Trade Commission, which which might now be more easily applied to the open source context. At a basic level, these rules and policies set forth the principle that advertising must be true, non-deceptive and fair, and claims must be backed by evidence.

At issue is whether a software vendor can and should use the terms "open" and "open source" in contexts where the definitions of these terms have different meanings in different communities, and whether vendors use them in a way that properly indicates the actual value that customers are seeking. Some of the common false advertising theories that a competitor might raise are: deceptive advertising; bait and switch; unfair comparative advertising; misleading endorsements and testimonials; and unfair price comparisons. For example, is it deceptive or unfair under advertising laws to advertise a free and open source product, or use such a product in a competitive comparison, when the vendor knows that the target customers will only be interested in the paid-for version of the product that has different features?

I raise these points not to trigger fear of a FTC crackdown. Instead, the concern is that competitors in a highly competitive environment might be willing raise seemingly insignificant violations as a way to slow down their rivals by interfering with their marketing campaigns. The real risk from these concerns is hard to predict when we consider that the term "open" is not tied to an objective standard and is ambiguous outside the traditional open source community.

D. Bottom Line

As in all customer relationships, fairness and honesty are the best policies both in direct communications and in marketing. Don't emphasize the terms "open" and "open source" in your marketing materials and messaging unless your open source offerings actually provide value to the customer. Also, be mindful of the changing perception of "open" in the industry as a whole, not just the traditional open source community, and adjust your marketing accordingly. These are good practices both for the health of your business and for minimizing legal risks.

[Note: Non-substantive editorial modifications were made within hours after the initial post.]