From User to Contributor

As open source software becomes more widely used, the flow of contributions back to open source projects become more important. Contributions back to an open source project are not only an indicator of the health of a particular project's community, but they are critical to ensure these projects are able to grow and realize the benefits of community involvement. Matt Asay noted in a recent Open Road Blog posting, a lack of contributions from enterprises "may have serious, negative consequences for the long-term health of the open-source ecosystem."

A recent article by Dan Woods in Forbes explains that this is the result of a gap between the "enlightened self-interest" of individuals who contribute for their own benefit, and institutional collaboration, which is "much lower than expected and hoped for, based on patterns of individual participation." While the Forbes article provides some excellent background on the problem and how we reached this point, I would like to dig a little deeper into the reasons why enterprises don't contribute, and what changes are needed to encourage more contribution.

Enterprises (primarily for-profit corporations, but also government entities and foundations) often have few incentives to contribute to open source projects, and many incentives to not contribute. At a fundamental level, the traditional thinking of enterprises has been that ownership of intellectual property is an important part of preserving corporate assets. Though the open source movement is changing these views, ownership and tight control has also traditionally been seen as crucial to preserving a competitive advantage. In addition, enterprises often suffer from the failings of bureaucratic organizational structures, which make the process of obtaining the multiple layers of necessary approvals for release of intellectual property rights difficult if not impossible. Finally, another basic concern of for-profit enterprises is that any time spent on open source projects is time taken away from core, for-profit activities.

No doubt the above described bias against open source contribution is the product of short-sighted thinking. While we should not expect that enterprises would change their position on openness in a short time frame, we can propose short-term, high-impact fixes that quickly and strongly demonstrate the benefits of open source and encourage more openness. Some specific examples include:

• Appeal to employees of enterprises to voice their desire to participate in open source projects, and use resulting the groundswell of employee requests as a way to incent enterprises to develop a well-reasoned participation policy rather than perpetuating ad-hoc or unknown participation.

• Create model policies that enterprises can easily adopt to permit employee participation and facilitate enterprise contribution, with an emphasis on the benefits of participation over the traditional focus on ownership and control of IP rights.
  

• Clearly demonstrate cases in which contributions create a win-win situation for enterprises and communities, possibly in a public white paper format.
  

• Begin with the low-hanging fruit: contributions related to internal IT infrastructure components rather than contributions that are perceived to compromise competitive advantage; tackle the issue of contributions related to competitive-advantage at a later time after the benefits of contribution are clear.

• Acknowledge that strategic and competitive situations might exist that warrant withholding or delaying making contributions, while emphasizing that it is a rare case when choosing not to contribute is the best course.

Some of these are aspirational, but the underlying themes are important: (1) Every technology company has a massive base of employees who are interested, if not heavily involved, in open source, and these employees can be the agents of change within enterprises. (2) Enterprises need to better understand the economic and other benefits of contribution, and the lessening importance of ownership and control of IP rights. (3) This movement should occur incrementally by starting with the types of projects that are least likely to encounter the traditional organizational resistance.

These changes will happen on their own over time, but we can establish an environment that encourages enterprises to speed progress. At stake is the ability for open source projects to survive and reach the critical mass necessary for all community members to realize significant benefits of the open source movement.

Distance Learning - All I Want is a Law Degree

Few industries are as slow to adopt new methods and technologies as the legal profession. Certainly, the stability provided by relying on tried and true technology is valuable in an industry that is largely risk averse, but this bias against new technologies sometimes seems arbitrary. This is why current activity in favor of law degrees through distance learning is encouraging.

Until recently, the American Bar Association's Standards for Approval of Law Schools prohibited accredited law schools from granting credit for correspondence courses except in very narrow circumstances. As an example, see the ABA's old position on distance learning, which included a statement that "a law school shall not grant credit for study by correspondence." The limitation was so severe that law students who needed to take a significant portion of their course work by correspondence were effectively barred from practicing law in the vast majority of states. The new rules permit accredited law schools to count substantial amounts of distance learning credits towards the minimum coursework requirement subject to meaningful oversight by the school, and further subject to additional qualifications described in the Standards. The rule change means that instead of a bias against distance learning, the ABA now recognizes distance learning as a legitimate means of obtaining a law degree when the shortcomings of education without in person interactions are addressed.

Only a handful of states permit graduates of all-correspondence law schools to take the bar exam, which is why I was surprised by the news of a recent court case in Massachusetts (among the states with the strictest bar admission rules). (Note that California is one of the states that permits graduates of non-accredited law schools to take the bar exam, subject to other requirements that do not apply to graduates of accredited law schools. Also, several states already have alternative review processes on an as-requested case-by-case basis even though they don't permit graduates of non-accredited schools to automatically take the bar exam.) The circumstances surrounding the case were covered in a recent edition of the California Bar Journal. A recent graduate of Los Angeles based Concord Law School, the first all-online law school, wanted to practice law in Massachusetts even though he knew the state did not permit graduates of distance learning schools from taking the bar exam. In spite of the rule, the student petitioned the state bar and initiated a court case seeking the right to take the exam. The law school graduate was such an effective advocate in representing himself through the briefs he filed and his oral arguments in the court case that the Massachusetts Supreme Court ruled he could take the exam.

The case indicates a shift in the legal profession's bias against distance learning to an acceptance that, under the right circumstances, distance learning can produce strong candidates for attorneys. In practical effect, while the case does not mean that distance learning will automatically be accepted as a substitute for traditional law school attendance, it does mean that more states will likely add alternative review criteria for distance learning candidates when determining whether they should be permitted to take the bar exam.

The trend towards distance learning in legal education is part of a larger trend in support of distance learning for virtually all professions. Among the primary objections to distance learning is the lack of personal interaction and the environment of school and students is seen as critical to making good lawyers. This type of criticism is not typically cited as a weakness of distance learning in other professions. It's true that many attorneys will go into areas of the profession that require excellent client interaction skills, but these types of skills are not necessarily learned in the classroom environment. In fact, one could argue that the distance learning model more closely matches the way most attorneys perform their jobs on a day-to-day basis. Consider my experience as in-house counsel at MySQL, where over 90% of the company's employees worked outside the Silicon Valley office where I worked. The bulk of my client interactions were more often through e-mail, telephone and occasional travel rather than direct personal interaction.

Distance learning also serves another important purpose. It allows those with valuable real-life experience in non-legal professions and endeavors to pursue a legal career. Take the case of a lieutenant colonol in the US Army who is taking law school courses while deployed in Afghanistan, which was described in a recent edition of the California Bar Journal. These types of students typically have day jobs and families and would not be able to pursue a law degree were it not for distance learning, yet the breadth and depth of their experiences is exactly what will allow them to make immediate valuable contributions to the legal profession ... certainly more quickly than I could have as a law graduate who attended law school immediately after graduating from college.

No doubt, the ability to have quality personal interaction skills is critical to success in virtually all professions, but these skills can be learned outside the classroom environment and they are exercised in different ways by each individual. As a result, it does not seem fair that distance learning law students should be at a significant disadvantage. This is one case where it appears that the legal profession is taking the right steps to move into the 21st century.

No Preliminary Injunction in Jacobsen Case

Those who follow the Jacobsen v. Katzer case know that it likely will have a significant on how US courts view open source licenses and what legal remedies are available when they are violated. The latest twist in the case, as reported on the Madisonian blog, is the decision of the US District Court for the Northern District of California to deny Jacobsen's request for a preliminary injunction. On its face, this decision might seem like a setback in the ability of open source licensors to ensure the terms and principles of the open source licenses are enforcable. However, my view is that the facts of the Jacobsen case are unique enough that this ruling will not significantly interfere with the efforts of other open source licensors to obtain injunctions.

For an excellent summary of the history of the Jacobsen case, including all the legal developments up to and including the Federal Circuit's ruling in August, please see Larry Rosen's excellent article "Bad Facts Make Good Law: The Jacobsen Case and Open Source". The particular fact of importance here is that Jacobsen requested a preliminary injunction based on Katzer's failure to comply with the terms of the Artistic License requiring the licensee to "duplicate all of the original copyright notices and associated disclaimers". Compare this to the Free Software Foundation's claims against Cisco, which include allegations that Cisco failed to comply with the GPL and LGPL obligations to distribute source code to modifications made by a licensee.

This distinction important because the types of harm likely to result from failure to distrbute source code are easier to identify and articulate than the types of harm from failure to reproduce copyright notices. Under the 2008 US Supreme Court opinion in Winter v. Natural Resources Defense Council, the Court elaborated on the well-accepted requirements for granting a preliminary injunction with a particular emphasis on the point that plaintiffs must show more than a mere possibility of harm, but must actually back up the claims of harm with meaningful evidence. Here is criteria cited by the Court for all US courts to use in deciding whether a preliminary injunction request should be granted:

"A plaintiff seeking a preliminary injunction must establish (1) that he is likely to succeed on the merits, (2) that he is likely to suffer irreparable harm in the absence of preliminary relief, (3) that the balance of equities tips in his favor, and (4) that an injunction is in the public interest." (I added the parenthetical numbers for easier identification in this blog post. The Court cites multiple cases on this point going back to 1982 including another 2008 opinion.)

Elements (2) and (4) are the most important for our purposes. With respect to element (2), meaningful harm from a failure to maintain proper copyright notices in publicly available software seems difficult to prove, and proving that the harm is irreparable is even more difficult. At worst, a recipient of the licensed software would receive the proper copyright notice after the software is distributed, but this would not result in any change in use or non-use of the software. By contrast, a failure to distribute source code could change the way a recipient uses the software, which is central to the purpose of the open source license.

Element (4) is particularly interesting as applied to open source software which, by its very nature, is intended to benefit the public. The public does not necessarily benefit from knowing whether a particular copyright notice is accurate, but the public cannot take full advantage of the software made available under an open source license unless it receives the actual source code.

Setting aside variations in application of the law across jurisdictions, a plaintiff is a more likely to be able to present evidence adequate to support a preliminary injunction when a case revolves around availability of source code under an open source license as compared to a claim of failure to adequately comply with copyright notice requirements. In my opinion, cases like the FSF's claims against Cisco are the types of cases we are most likely to see in enforcement of open source license terms. As a result, plaintiffs should not let the Jacobsen case discourage them from requesting preliminary injuctions, particularly when the plaintiff's claims are based on failure to distribute source code.

FSF Motives in the Cisco Case

One of the comments I received to a recent post questions the motives of the Free Software Foundation ("FSF") in its complaint against Cisco, and whether the FSF is overreaching in the remedies it proposes. Specifically, the comments reference The Software Lawyer blog posting entitled Free Software Foundation Sues Cisco: Some Criticism. To summarize, the blog post questions whether the FSF would accept GPL compliance as a solution to the disagreement with Cisco and goes further to say that "[the FSF] wants to push Cisco around and it wants money."

I think these views are overly cynical of the FSF's motives. I also disagree that endorsing the FSF's actions results in granting a licensor power to choose substitute license terms. Below, I discuss my reasoning for these conclusions in more detail in hopes of illuminating the issues in the broader discussion around the meaning of license compliance and the role of license enforcement in the open source world. Please also note that I am not concluding that the FSF will be successful in its litigation either through a judgement on the merits of the case or a favorable settlement. Instead, my intent is to illustrate that the FSF's actions appear reasonable.

[Note: I have no knowledge of the FSF's or Cisco's thoughts, reasoning or internal discussions on these matters - all of my comments are based on the complaint and public statements by these entities and commentators.)]

FSF Motives

The views presented in the comments and blog post suggest that the FSF motives are pointed more towards self interest than support of the goals of the free software movement. To the contrary, the FSF's actions indicate that it is legitimately trying to enforce the principles of free software by ensuring that Cisco honors the freedom of its users to have access to source code. No doubt the FSF would like to make an example out of Cisco and would like to see onerous penalties (including monetary damages) imposed for failure to comply as a means of discouraging other potential infringers, but this is consistent with enforcing the principles of software freedom.

The commentary also cites the FSF's requirement that Cisco appoint an open source officer as a potential remedy outside the scope of the complaint. While this might seem unusual, it is consistent with a common litigation strategy in which plaintiffs ask for more than they might be entitled to from a court. This tactic helps push settlement discussions and alternatives to litigation remedies. In fact, FSF is not the first to use this approach. Similar terms have been agreed upon in the string of Busybox cases, which were also litigated by the Software Freedom Law Center. These actions indicate a good litigation strategy rather than impure motives or overreaching.

Motives of a Large Company as an Alleged Infringer

The commentary also assumes that large companies in Cisco's position, would necessarily do their best to comply with license terms as fast as possible, and that such a company would not continue shipping an allegedly infringing product unless absolutely certain of ability to comply. In turn, the commentary suggests that this indicates the FSF has unreasonably deemed Cisco's proposed compliance activities as inadequate. This conclusion is not supported in my view.

It is fair to assume that a company in Cisco's position would perform a risk analysis based on the FSF's stated concerns and could reasonably decide to respond by engaging FSF directly. This strategy would permit the company to work through compliance options over an extended time period. From a purely utilitarian standpoint, this approach seems more favorable than immediately pulling a product suspected of GPL infringement without first consulting the FSF, which would result in further difficulties. No doubt in the multiple years of discussion between Cisco and the FSF, both parties understood that some sort of compliance actions were appropriate, but they had differing interpretations on the types of remedies and time frames for resolution. As a result, it appears that the FSF likely has a reasonable basis for its conclusion that Cisco was not acting fast enough and the use of litigation was a way to stress the importance of compliance is justified.

Remaking the Rules

The claims that FSF's proposed remedies are "remaking the rules" and that it "gets to choose the terms of reinstatement" also are not warranted. The GPL and LGPL licenses immediately terminate once a licensee violates their conditions. Once termination occurs, a licensor can choose to enforce an infringement claim and use the threat of damages awarded by a court as leverage to negotiate a settlement that includes more than monetary damages. This is the approach the FSF is taking with Cisco and it seems consistent with good litigation strategy.

In fact, the FSF has also chosen to work with Cisco for several years to obtain compliance without litigation, which further indicates the reasonableness of its actions. The FSF's proposed remedies are separate and distinct from the rights available to Cisco and all other potential licensee under the GPL. The FSF could not remake the rules of litigation remedies even it wanted and it doesn't seem fair to conclude that the FSF is trying to remake the rules or make up substitute license terms.

In short, whether the FSF will be successful in reaching a favorable judgment on the matters in the complaint or obtaining a favorable settlement with Cisco remains to be seen. Even so, the FSF's motives and actions seem reasonable in the context of the allegations in the complaint.

The Obligatory End of Year Blog Post

Virtually all media elements engage in the age-old ritual of summarizing the year that was, and looking ahead to the year that will be. Though the number of blogs dedicated to open source, or even those that mention open source on a frequent basis, is extremely small in the blogging universe, my open source compatriots are doing the same ... look at Matt Asay's The Open Road, Zack Urlocker's Open Sources, and Dana Blankenhorn's Linux and Open Source, to name a few. Each of these writers have provided valuable insight into the important open source events of 2008 and areas of focus for 2009 and I encourage you to read their posts.

I do not presume to add much to what these writers have already provided, but I would like to make a few observations. First, I see 2008 as a great success for the open source movement both on an industry-wide basis, and from my personal perspective. The industry as a whole has gained acceptance to the point that it is viewed as an important consideration in the business strategy of all software companies. On a personal level, not only was I privileged to be part of MySQL at the time of Sun's acquisition, but I also started this blog and made more than twenty postings.

Second, I believe 2009 has a strong chance of being the year that open source achieves critical mass not only of mind share, but of economic sustainability. While it's true that several open source companies are making in the tens of millions of dollars in revenues, the economic pressures that hit hardest at the end of 2008 could result in significant gains in revenue opportunities for these companies in the coming year. The economic pressures might be so severe that all IT spending is burdened throughout 2009, but the important point is that in the near future, the cost-conscious thinking arising in these times will likely lead to a radical change in the view of what constitutes value. No doubt, the open source industry will benefit.

The only prediction that can be made with any certainty is that few predictions become reality. In any case, I wish everyone all the best in 2009!

Making Money with Open Source

The question of whether a business can make money with open source software has most often been answered with an uninformed "no," at least until recently. As open source becomes mainstream and an integral part of the software industry, the common answer to this question is becoming, "yes, but I'm not exactly sure how." This was the topic that Joyce Chow (Apple Inc.) and I addressed in our presentation on Open Source Business Models at the Practicing Law Institutes seminar on Open Source Software in San Francisco earlier this month. Here is a brief summary of the highlights of our presentation.

To start, calling open source a "business model" is not accepted by everyone. Open source is clearly a development and license model, but it does not directly derive revenue. It is best viewed as a tool or strategy that can be used to generate revenue, much like any other business strategy. For the sake of simplicity, this post will treat use of open source in any meaningful way as a strategy that is an open source business model.

Open source business models are best considered as a spectrum of strategies using open source, from a 100% open source software model, to a pure proprietary model (though some might argue that "proprietary" is not the opposite of "open source" ... we will treat it here as the other end of the spectrum because it indicates that revenue is generated with no reliance on open source software). Along the spectrum are various combinations of development, licensing, services and other strategies with different triggers for generating revenue. Some of the most well know, starting from pure open source and moving to pure proprietary, are:

• 100% Pure Open Source - This is not a business model in the sense that entities in this category are typically non-profit entities that collect donations for the purpose of furthering the goals of their chosen open source project rather than profit-seeking. Entities like the Apache Foundation and Free Software Foundation fall into this category.
  

• Open Source as a Lure - Companies like Google and Sun Microsystems (my employer) employ this strategy. Google hosts its own open source code repository and open source applications (such as Android) optimized to its search results framework to generate higher web traffic and resulting ad revenue from developers and application users. Sun optimizes its hardware-dependent open source applications (such as Open Storage, xVM Ops Center, and MySQL database software) so they work extremely well on Sun's high-performance servers. In both cases, revenue is not derived from the open source software directly, but rather from the increased sales of related activities and materials.

• Aggregation and Services - These are really two separate models, but aggregation is not a viable business opportunity on its own and the two models are well matched. In consideration of seemingly infinite amount the open source code available on sites like Sourceforge or Launchpad, pulling related code together into a fully functioning application is a real value. Red Hat's ability to compose Linux from multiple sources with many copyright holders into an enterprise-friendly, reliable operating system is a perfect example. Providing services (including training, support, maintenance and professional consulting) is a very compelling revenue opportunity. Services are a natural addition to aggregation because of the expertise and knowledge gained in the process of aggregating code and ensuring it works properly. Red Hat also enhances its offering by providing a full spectrum of services to customers.

• Embedded Use - Open source software licensed as embedded components is another viable business model, but the revenue generating potential lies in the use of a dual-license model rather than the value of the open source software itself. An embedded component licensed under a permissive open source license (e.g., BSD, MIT, Apache, etc.) will not generate revenue because users have no incentive to pay for the freely available software with broad license rights. By contrast, an embedded component licensed under a restrictive or viral license (e.g., GPL) forces a potential OEM or system integrator to purchase a commercial license to the same software. Of course, this requires full ownership (or at least broad license rights) of all rights in the software. The MySQL database is an example of this model.

• Tiered Product - Tiered open source software offerings include two basic types of models. First, an open source offering could be an entry level version of a product, much like the evaluation or "light" version of a proprietary product, with a more fully-featured version available for a fee. However, the open source vendor has an advantage over the typical proprietary evaluation product because the source code is freely available for modification and customization. Funambol's open source and carrier grade editions illustrate this type of tiered product well. Second, an open source offering could be fully featured with no separate enterprise version of the product, and the open source vendor can compel purchase of a commercial license by offering additional tools or add-ons that make the open source software more valuable either by making it easier to use or enhancing its efficiency. In both cases, we come closer to a pure proprietary model in that revenue is generated by the value of the software itself either alone or in conjunction with other software or services.

• Incidental Open Source - Many of the most useful and reliable software tools, components and subroutines are available under open source licenses. As a result, virtually all software developed and distributed today contains open source software to save time and resources. However, the mere inclusion of open source components in a software product does not mean that a software vendor is engaged in the open source business. As a result, the incidental use of open source should not be seen as a means of generating revenue through the use of open source.

• Pure Proprietary - The name says it all. Distribution of software containing no open source components, and with no connection to other open source software is in no way an open source business model. This model was common 10 - 15 years ago with most software vendors such as Microsoft, Oracle and others, though all of these vendors not use open source materials at least on an incidental basis and are actively participating in other open source business models.

This is not an exhaustive list by any means. Each business entity must consider its goals, strengths, and the multitude of variables of each development, license, go-to-market element and revenue trigger for each open source strategy to ensure it finds the best point along the spectrum for it's unique needs. Moreover, these business models should be combined to achieve maximum effectiveness.

Open Source Legislation and Budgeting

California's fiscal health is in a downward spiral with no end apparently in sight. But when that end comes, the crash will be a doozy. After enduring California's longest budget stalemate in history, a time period spanning July to September 2008, the legislature and governor agreed upon a budget that was almost immediately torpedoed by the nation's economic crisis.

Now California legislators are arguing virtually around the clock from their entrenched positions (Democrats primarily advocating tax increases, with Republicans primarily advocating spending cuts) to find a way to plug a budget gap likely exceeding $40 billion by next year. The current proposal would impact Californians with massive additions to and increases in taxes, surcharges and fees including a 2.5% income tax surcharge, an additional $0.10 (possibly more) per gallon fee on gas purchases, and numerous other increases. It would also include dramatic cuts and work stoppages in infrastructure projects.

The budget stalemate not only illustrates the disconnected between political parties, but the disconnect between the politicians and their constituents. The citizens of California deserve to have a stronger voice over their politicians and the policies that impact them directly. You are surely asking, "what does this have to do with open source?" Well, nothing directly, but the ideals of open source (as identified by the Open Source Initiative and the classic text "The Cathedral and the Bazaar", as well as concepts drawn from the book "Wikinomics") provide an excellent starting point for changing the budget and legislative processes to better serve the state. Consider these advantages found in the open source model:

• More brain power means more diversity of views and better ability to solve problems
  

• Speedy fixes to problems and resolution of issues
  

• Lower overhead by outsourcing difficult issues to those with expertise and interest
  

• Creating a closer tie between companies (politicians/government) and customers (constituents)
  

• Better responsiveness to customer feedback and needs
  

• Facilitating a sense of inclusion and legitimacy of decisions and actions

The idea that government activities would benefit from more transparency to and direct involvement from involvement of constituents is not new. An organization known as MorePerfect.org has had its website running since 2006 offering a platform for anyone to voice there opinion, and draft and modify legislation on any issue (including revising the US Constitution). This is but one example, but imagine how effective such an idea could be if both the legislature and constituents committed to it.

Maybe the politicians could set aside their entrenched positions by listening to the priorities and needs of citizens, which would not only lead to a budget aligned with the state's needs but would also help win the trust of citizens.