Highlights of OSBC 2009 - Day 1

Yesterday I attended the first day of the 2009 Open Source Business Conference in San Francisco. This is the premiere event for anyone interested in open source and has separate tracks specifically appealing to Executives and Managers, Developers, Venture Capitalists, and Attorneys. This is a great place to not only see and hear all the "rock stars" of the open source industry, but you can even meet and talk to them in person ... it's like having a backstage pass, but without the groupies.

I attended several interesting sessions on the first day and some of the key points that stood out to me are below. I also participated in a session on managing open source within an organization with an excellent panel: Virginia Tsai Badenhope from Smithline Jha law firm, Joyce Chow from Apple, Angela Ziegenhorn from Symantec, and Duane Valz from Yahoo! I'll have a separate post on that in the next couple of days.

-New Meaning of "risk" in open source. In the past, open source discussions focused (often unnecessarily) on risk, specifically referring to the perceived risk with the quality of the software. Now, however, the stronger view is that NOT using open source software is risky... risky in the sense that IT managers might lose their jobs if they don't cut costs. (Matt Asay noted this in his keynote opening remarks.) The survey data presented by Michael Skok of North Bridge Venture Partners backed this up with unfamiliarity with open source ranking much higher as a barrier to adoption than legal concerns.

-Don't lose focus on innovation and quality. A good deal of discussion occurred around whether the current economic difficulties benefit open source. The majority view is that yes, indeed, those in need of software solutions are more likely to look to open source as a free or low cost alternative to proprietary software.

However, several presenters also pointed out that open source has always stood for more than cost savings and the open source community has worked hard to demonstrate the pace of innovation and quality of open source software. Marten Mickos, SVP of the Databased Group at Sun (at least for a little longer) made this point very well in the panel discussion portion of the keynote. During the Marketing in Open Source presentation moderated by Sun's Zack Urlocker, Greg Armanini from Zimbra (Yahoo!) emphasized this point saying that we don't want to lose the check on the innovation checkbox in procurements. It would be a shame to lose that message in the marketing push around low cost solutions. John Roberts, CEO of SugarCRM also said that the ability of customers to maintain control over the software and avoid lockin is critical.

-Issues of open source "purity" are not longer important. Creating a business with open source software is well accepted and must not be seen as a contradiction to open source values. This evident in the mainstreaming of open source in the software industry, the breadth and quality of open source solutions, and the fact that litigation of open source issues is becoming more common.

-The next frontier for open source is enterprise IT. This is where the big money is for the open source industry, and it is evidence of the legitimacy and broad acceptance of open source by even the most conservative customers. (Note - Jonathan Schwartz, CEO of Sun Microsystems (Disclosure: I work for Sun), said Sun's data shows that ALL of the Fortune 500 companies use open source.)

-Disruption is great for business, but don't disrupt adoption. Marten Mickos and other panelists had commented that a good business strategy is to target any industry that has not yet been disrupted by open source. Michael Skok of North Bridge Venture Partners further clarified this notion by emphasizing that adoption by users must still be easy. In other words, do not disrupt the ability of end users to obtain and use the product.

I found all of these points useful in further clarifying how best to implement open source as a business strategy and I hope you do too.

Open Source Prime Time? Sometimes...

No doubt the open source movement is having a significant, tangible, positive impact on the technology industry. It's success grows every day as we see it moving up the priority list of IT Managers and CIOs in large part because of the cost savings it offers. Even though open source has arrived on a macro scale, I see plenty of difficulties on a micro scale, which reminds me open source needs to make significant strides to be truly mainstream.

The micro level difficulties range from quirky annoyances to significant impediments to performing necessary activities. For example, I spoke at a PLI legal continuing education course on open source licensing a few months ago, and I will speak on a panel at the Open Source Business Conference next week. Both presentations required submission of slides and associated documentation prior to the presentation. A message went out to presenters: "Our presentation machines *do not* support OpenOffice." Microsoft PowerPoint and Microsoft Office were the only supported formats (in fact, sometimes even PDF is not supported). In addition, when collaborating with colleagues, no matter how carefully one converts OpenOffice documents to Microsoft Office formats, formatting and content problems are almost certain to occur.

[Update: OSBC presenters received an e-mail update today notifying us that OpenOffice documents are in fact supported for the presentation. Great news! One small step towards making open source practical for everyone in all circumstances.]

On an even more granular level, while open source tools are generally pretty good, they are not quite ready for full product use. Redlining, for example, is a critical tool lawyers and others use for tracking changes between different versions of contracts. While I use OpenOffice a majority of the time and am largely satisfied with it, the document comparison feature is inaccurate and unreliable. (For a positive spin on use of OpenOffice and other open source software in legal workflows, check out the Open Source for Lawyers website.)

My point is not to steer you away from open source. On the contrary, I am a heavy user of open source applications for my work and personal projects including Mozilla Thunderbird and Lightning for e-mail and calendar, and GIMP as a Photoshop alternative. However, I am acutely aware of the limitations of these applications when it's crunch time. When I have 15 minutes to produce a redline that will properly display all the sneaky changes an opposing attorney has made to a contract, I simply can't rely on OpenOffice. I hope this changes sometime in the near future.

Magic and Fear vs. Open Source Reality

I am surprised at how easy it is to let the magic or fear of open source sidetrack discussions that should be firmly rooted in legal considerations. Maybe this is because open source evokes such polarized reactions ... true believers show fanatical devotion to the open source movement as if it is a religion, while technology dinosaurs grumble about risk and cling to the notion that open source is a fad. The reality, of course, is that the majority of us fall somewhere in between these extremes and are in a constant state of assessment as to how best to use open source to our advantage. In making these assessments, we need to take care that we don't let the rhetoric around us cloud our judgment.

Attorneys need to pay special attention to this because one of the critical roles we play is to give an honest assessment of the facts and risks. Unfortunately, even the most experienced attorneys can be distracted by the level of rhetoric around open source, particularly when open source isn't a primary practice area. Like all legal issues, analysis of open source issues requires a disciplined approach. Here is short hierarchy of things to consider in order of priority (using GPL as the context in some cases):

1. Know the law. This is obvious, yet open source discussions often fail to include an explicit discussion of basic legal issues. In his 2001 essay on Enforcing the GNU GPL, Eben Moglen (then General Counsel of the Free Software Foundation) made it clear that even though the idea of free software is unusual in the world of proprietary intellectual property rights, "as a copyright license the GPL is absolute solid." Contract law is as important to open source as copyright law. The Federal Circuit Court of Appeals used contract law to reach its ruling in the recent Jacobsen v. Katzer case. Finally, the increased litigation surrounding the GPL (such as the Busybox line of cases and the FSF v. Cisco case) are as important a reason as any to make sure you know what the law says about open source.

2. Know the GPL. The basic concepts of copyleft and the goal of the GPL seem easy enough to understand - if you modify GPL-licensed code, you must distribute your modifications in source code. While this is generally true, the details of the GPL are critically important to determining how to comply with the license. The Software Freedom Law Center's Practical Guide to GPL Compliance provides a list of details that could be the subject of claimed violations. Truly understanding the GPL can be an impossible task when we consider the flexibility and ambiguity intentionally built into the GPL. Reading and understanding the SFLC's Practical Guide, FSF's FAQs on the GPL and other resources is important in interpreting the GPL.

3. Understand the community's priorities. One of the distinguishing elements of open source is the deep involvement of the community. Even if you think you have the "right" answer to a particular open source question under the law or based on a valid interpretation of the GPL, the community might reach an equally valid answer under its own analysis and interpretation. As a result, open source activities cannot be considered in a vacuum.

4. Evaluate where your business goals fit. Don't let irrational exuberance or paralyzing fear over open source rule your decision making. Open source decisions are business decisions like any other within an organization and should be subject to the same types of review and decision making considerations. Open source is a tool for use in achieving business objectives, but is not an objective in itself.

Admittedly, none of this is new ... these tips are considerations businesses evaluate every day. Even so, consider this a friendly reminder that open source is neither magic nor the bogeyman. It is just another tool in your toolbox and should be treated accordingly.

From User to Contributor

As open source software becomes more widely used, the flow of contributions back to open source projects become more important. Contributions back to an open source project are not only an indicator of the health of a particular project's community, but they are critical to ensure these projects are able to grow and realize the benefits of community involvement. Matt Asay noted in a recent Open Road Blog posting, a lack of contributions from enterprises "may have serious, negative consequences for the long-term health of the open-source ecosystem."

A recent article by Dan Woods in Forbes explains that this is the result of a gap between the "enlightened self-interest" of individuals who contribute for their own benefit, and institutional collaboration, which is "much lower than expected and hoped for, based on patterns of individual participation." While the Forbes article provides some excellent background on the problem and how we reached this point, I would like to dig a little deeper into the reasons why enterprises don't contribute, and what changes are needed to encourage more contribution.

Enterprises (primarily for-profit corporations, but also government entities and foundations) often have few incentives to contribute to open source projects, and many incentives to not contribute. At a fundamental level, the traditional thinking of enterprises has been that ownership of intellectual property is an important part of preserving corporate assets. Though the open source movement is changing these views, ownership and tight control has also traditionally been seen as crucial to preserving a competitive advantage. In addition, enterprises often suffer from the failings of bureaucratic organizational structures, which make the process of obtaining the multiple layers of necessary approvals for release of intellectual property rights difficult if not impossible. Finally, another basic concern of for-profit enterprises is that any time spent on open source projects is time taken away from core, for-profit activities.

No doubt the above described bias against open source contribution is the product of short-sighted thinking. While we should not expect that enterprises would change their position on openness in a short time frame, we can propose short-term, high-impact fixes that quickly and strongly demonstrate the benefits of open source and encourage more openness. Some specific examples include:

• Appeal to employees of enterprises to voice their desire to participate in open source projects, and use resulting the groundswell of employee requests as a way to incent enterprises to develop a well-reasoned participation policy rather than perpetuating ad-hoc or unknown participation.

• Create model policies that enterprises can easily adopt to permit employee participation and facilitate enterprise contribution, with an emphasis on the benefits of participation over the traditional focus on ownership and control of IP rights.
  

• Clearly demonstrate cases in which contributions create a win-win situation for enterprises and communities, possibly in a public white paper format.
  

• Begin with the low-hanging fruit: contributions related to internal IT infrastructure components rather than contributions that are perceived to compromise competitive advantage; tackle the issue of contributions related to competitive-advantage at a later time after the benefits of contribution are clear.

• Acknowledge that strategic and competitive situations might exist that warrant withholding or delaying making contributions, while emphasizing that it is a rare case when choosing not to contribute is the best course.

Some of these are aspirational, but the underlying themes are important: (1) Every technology company has a massive base of employees who are interested, if not heavily involved, in open source, and these employees can be the agents of change within enterprises. (2) Enterprises need to better understand the economic and other benefits of contribution, and the lessening importance of ownership and control of IP rights. (3) This movement should occur incrementally by starting with the types of projects that are least likely to encounter the traditional organizational resistance.

These changes will happen on their own over time, but we can establish an environment that encourages enterprises to speed progress. At stake is the ability for open source projects to survive and reach the critical mass necessary for all community members to realize significant benefits of the open source movement.

Distance Learning - All I Want is a Law Degree

Few industries are as slow to adopt new methods and technologies as the legal profession. Certainly, the stability provided by relying on tried and true technology is valuable in an industry that is largely risk averse, but this bias against new technologies sometimes seems arbitrary. This is why current activity in favor of law degrees through distance learning is encouraging.

Until recently, the American Bar Association's Standards for Approval of Law Schools prohibited accredited law schools from granting credit for correspondence courses except in very narrow circumstances. As an example, see the ABA's old position on distance learning, which included a statement that "a law school shall not grant credit for study by correspondence." The limitation was so severe that law students who needed to take a significant portion of their course work by correspondence were effectively barred from practicing law in the vast majority of states. The new rules permit accredited law schools to count substantial amounts of distance learning credits towards the minimum coursework requirement subject to meaningful oversight by the school, and further subject to additional qualifications described in the Standards. The rule change means that instead of a bias against distance learning, the ABA now recognizes distance learning as a legitimate means of obtaining a law degree when the shortcomings of education without in person interactions are addressed.

Only a handful of states permit graduates of all-correspondence law schools to take the bar exam, which is why I was surprised by the news of a recent court case in Massachusetts (among the states with the strictest bar admission rules). (Note that California is one of the states that permits graduates of non-accredited law schools to take the bar exam, subject to other requirements that do not apply to graduates of accredited law schools. Also, several states already have alternative review processes on an as-requested case-by-case basis even though they don't permit graduates of non-accredited schools to automatically take the bar exam.) The circumstances surrounding the case were covered in a recent edition of the California Bar Journal. A recent graduate of Los Angeles based Concord Law School, the first all-online law school, wanted to practice law in Massachusetts even though he knew the state did not permit graduates of distance learning schools from taking the bar exam. In spite of the rule, the student petitioned the state bar and initiated a court case seeking the right to take the exam. The law school graduate was such an effective advocate in representing himself through the briefs he filed and his oral arguments in the court case that the Massachusetts Supreme Court ruled he could take the exam.

The case indicates a shift in the legal profession's bias against distance learning to an acceptance that, under the right circumstances, distance learning can produce strong candidates for attorneys. In practical effect, while the case does not mean that distance learning will automatically be accepted as a substitute for traditional law school attendance, it does mean that more states will likely add alternative review criteria for distance learning candidates when determining whether they should be permitted to take the bar exam.

The trend towards distance learning in legal education is part of a larger trend in support of distance learning for virtually all professions. Among the primary objections to distance learning is the lack of personal interaction and the environment of school and students is seen as critical to making good lawyers. This type of criticism is not typically cited as a weakness of distance learning in other professions. It's true that many attorneys will go into areas of the profession that require excellent client interaction skills, but these types of skills are not necessarily learned in the classroom environment. In fact, one could argue that the distance learning model more closely matches the way most attorneys perform their jobs on a day-to-day basis. Consider my experience as in-house counsel at MySQL, where over 90% of the company's employees worked outside the Silicon Valley office where I worked. The bulk of my client interactions were more often through e-mail, telephone and occasional travel rather than direct personal interaction.

Distance learning also serves another important purpose. It allows those with valuable real-life experience in non-legal professions and endeavors to pursue a legal career. Take the case of a lieutenant colonol in the US Army who is taking law school courses while deployed in Afghanistan, which was described in a recent edition of the California Bar Journal. These types of students typically have day jobs and families and would not be able to pursue a law degree were it not for distance learning, yet the breadth and depth of their experiences is exactly what will allow them to make immediate valuable contributions to the legal profession ... certainly more quickly than I could have as a law graduate who attended law school immediately after graduating from college.

No doubt, the ability to have quality personal interaction skills is critical to success in virtually all professions, but these skills can be learned outside the classroom environment and they are exercised in different ways by each individual. As a result, it does not seem fair that distance learning law students should be at a significant disadvantage. This is one case where it appears that the legal profession is taking the right steps to move into the 21st century.

No Preliminary Injunction in Jacobsen Case

Those who follow the Jacobsen v. Katzer case know that it likely will have a significant on how US courts view open source licenses and what legal remedies are available when they are violated. The latest twist in the case, as reported on the Madisonian blog, is the decision of the US District Court for the Northern District of California to deny Jacobsen's request for a preliminary injunction. On its face, this decision might seem like a setback in the ability of open source licensors to ensure the terms and principles of the open source licenses are enforcable. However, my view is that the facts of the Jacobsen case are unique enough that this ruling will not significantly interfere with the efforts of other open source licensors to obtain injunctions.

For an excellent summary of the history of the Jacobsen case, including all the legal developments up to and including the Federal Circuit's ruling in August, please see Larry Rosen's excellent article "Bad Facts Make Good Law: The Jacobsen Case and Open Source". The particular fact of importance here is that Jacobsen requested a preliminary injunction based on Katzer's failure to comply with the terms of the Artistic License requiring the licensee to "duplicate all of the original copyright notices and associated disclaimers". Compare this to the Free Software Foundation's claims against Cisco, which include allegations that Cisco failed to comply with the GPL and LGPL obligations to distribute source code to modifications made by a licensee.

This distinction important because the types of harm likely to result from failure to distrbute source code are easier to identify and articulate than the types of harm from failure to reproduce copyright notices. Under the 2008 US Supreme Court opinion in Winter v. Natural Resources Defense Council, the Court elaborated on the well-accepted requirements for granting a preliminary injunction with a particular emphasis on the point that plaintiffs must show more than a mere possibility of harm, but must actually back up the claims of harm with meaningful evidence. Here is criteria cited by the Court for all US courts to use in deciding whether a preliminary injunction request should be granted:

"A plaintiff seeking a preliminary injunction must establish (1) that he is likely to succeed on the merits, (2) that he is likely to suffer irreparable harm in the absence of preliminary relief, (3) that the balance of equities tips in his favor, and (4) that an injunction is in the public interest." (I added the parenthetical numbers for easier identification in this blog post. The Court cites multiple cases on this point going back to 1982 including another 2008 opinion.)

Elements (2) and (4) are the most important for our purposes. With respect to element (2), meaningful harm from a failure to maintain proper copyright notices in publicly available software seems difficult to prove, and proving that the harm is irreparable is even more difficult. At worst, a recipient of the licensed software would receive the proper copyright notice after the software is distributed, but this would not result in any change in use or non-use of the software. By contrast, a failure to distribute source code could change the way a recipient uses the software, which is central to the purpose of the open source license.

Element (4) is particularly interesting as applied to open source software which, by its very nature, is intended to benefit the public. The public does not necessarily benefit from knowing whether a particular copyright notice is accurate, but the public cannot take full advantage of the software made available under an open source license unless it receives the actual source code.

Setting aside variations in application of the law across jurisdictions, a plaintiff is a more likely to be able to present evidence adequate to support a preliminary injunction when a case revolves around availability of source code under an open source license as compared to a claim of failure to adequately comply with copyright notice requirements. In my opinion, cases like the FSF's claims against Cisco are the types of cases we are most likely to see in enforcement of open source license terms. As a result, plaintiffs should not let the Jacobsen case discourage them from requesting preliminary injuctions, particularly when the plaintiff's claims are based on failure to distribute source code.

FSF Motives in the Cisco Case

One of the comments I received to a recent post questions the motives of the Free Software Foundation ("FSF") in its complaint against Cisco, and whether the FSF is overreaching in the remedies it proposes. Specifically, the comments reference The Software Lawyer blog posting entitled Free Software Foundation Sues Cisco: Some Criticism. To summarize, the blog post questions whether the FSF would accept GPL compliance as a solution to the disagreement with Cisco and goes further to say that "[the FSF] wants to push Cisco around and it wants money."

I think these views are overly cynical of the FSF's motives. I also disagree that endorsing the FSF's actions results in granting a licensor power to choose substitute license terms. Below, I discuss my reasoning for these conclusions in more detail in hopes of illuminating the issues in the broader discussion around the meaning of license compliance and the role of license enforcement in the open source world. Please also note that I am not concluding that the FSF will be successful in its litigation either through a judgement on the merits of the case or a favorable settlement. Instead, my intent is to illustrate that the FSF's actions appear reasonable.

[Note: I have no knowledge of the FSF's or Cisco's thoughts, reasoning or internal discussions on these matters - all of my comments are based on the complaint and public statements by these entities and commentators.)]

FSF Motives

The views presented in the comments and blog post suggest that the FSF motives are pointed more towards self interest than support of the goals of the free software movement. To the contrary, the FSF's actions indicate that it is legitimately trying to enforce the principles of free software by ensuring that Cisco honors the freedom of its users to have access to source code. No doubt the FSF would like to make an example out of Cisco and would like to see onerous penalties (including monetary damages) imposed for failure to comply as a means of discouraging other potential infringers, but this is consistent with enforcing the principles of software freedom.

The commentary also cites the FSF's requirement that Cisco appoint an open source officer as a potential remedy outside the scope of the complaint. While this might seem unusual, it is consistent with a common litigation strategy in which plaintiffs ask for more than they might be entitled to from a court. This tactic helps push settlement discussions and alternatives to litigation remedies. In fact, FSF is not the first to use this approach. Similar terms have been agreed upon in the string of Busybox cases, which were also litigated by the Software Freedom Law Center. These actions indicate a good litigation strategy rather than impure motives or overreaching.

Motives of a Large Company as an Alleged Infringer

The commentary also assumes that large companies in Cisco's position, would necessarily do their best to comply with license terms as fast as possible, and that such a company would not continue shipping an allegedly infringing product unless absolutely certain of ability to comply. In turn, the commentary suggests that this indicates the FSF has unreasonably deemed Cisco's proposed compliance activities as inadequate. This conclusion is not supported in my view.

It is fair to assume that a company in Cisco's position would perform a risk analysis based on the FSF's stated concerns and could reasonably decide to respond by engaging FSF directly. This strategy would permit the company to work through compliance options over an extended time period. From a purely utilitarian standpoint, this approach seems more favorable than immediately pulling a product suspected of GPL infringement without first consulting the FSF, which would result in further difficulties. No doubt in the multiple years of discussion between Cisco and the FSF, both parties understood that some sort of compliance actions were appropriate, but they had differing interpretations on the types of remedies and time frames for resolution. As a result, it appears that the FSF likely has a reasonable basis for its conclusion that Cisco was not acting fast enough and the use of litigation was a way to stress the importance of compliance is justified.

Remaking the Rules

The claims that FSF's proposed remedies are "remaking the rules" and that it "gets to choose the terms of reinstatement" also are not warranted. The GPL and LGPL licenses immediately terminate once a licensee violates their conditions. Once termination occurs, a licensor can choose to enforce an infringement claim and use the threat of damages awarded by a court as leverage to negotiate a settlement that includes more than monetary damages. This is the approach the FSF is taking with Cisco and it seems consistent with good litigation strategy.

In fact, the FSF has also chosen to work with Cisco for several years to obtain compliance without litigation, which further indicates the reasonableness of its actions. The FSF's proposed remedies are separate and distinct from the rights available to Cisco and all other potential licensee under the GPL. The FSF could not remake the rules of litigation remedies even it wanted and it doesn't seem fair to conclude that the FSF is trying to remake the rules or make up substitute license terms.

In short, whether the FSF will be successful in reaching a favorable judgment on the matters in the complaint or obtaining a favorable settlement with Cisco remains to be seen. Even so, the FSF's motives and actions seem reasonable in the context of the allegations in the complaint.