Legal Issues And Compliance Pertaining To Open Source Software
Open Source Software (OSS) is a kind of software with source code that can be modified, enhanced, and inspected by ANYONE. In the case of an OSS, a person may alter how the software works or improve it by adding features or fixing parts that do not work properly, by modifying the source code of the software program. This is different from a closed software, where only the person/organization that created the software has the capacity to alter it, OSS is preferable and is considered to be a better option for the users than the former, as it grants them more freedom in relation to a closed software. Some prime examples of OSS are the Apache HTTP Server, the e-commerce platform of Commerce, internet browsers like Mozilla Firefox and Chromium. Facebook, Google, and LinkedIn all release OSSs, so that developers may share knowledge, create solutions, and contribute towards the creation of stable and functional products. There are certain landmark judicial pronouncements in the field of OSS that hold paramount importance in deciding the future of OSS.
“Source code” is that part of the software that the software programmers use to change the software, in order to see how it works or functions. By having access to source code, a programmer can add or delete features to make the program function more efficiently.
As mentioned hereinabove, when source code is exclusively under the control of a person or an organization, it is called ‘proprietary’ or a ‘closed software’. Only the original authors have the right to alter such software. For example, Microsoft Office.
However, when the source code is available to the people and where anyone can alter it, then it is called an OSS. For example, Libre Office. In both cases, a user is required to use licensed software, but the licenses of OSS are different than proprietary software.
Some open-source licenses are such that the author has to release the source code as well. Open source licenses are beneficial to the programmers and non-programmers.
There are just two major license categories among the open-source licenses: “copyleft” which requires developers to make the source code and documentation available; and “permissive” which applies minimal conditions, such as author attribution.
Why Do People Prefer Open Source Software?
There are various reasons why people prefer OSS. Some of them are:
It gives a person control over the software. A person can alter or add something to it and can even delete the part which is unimportant or unnecessary.
It is helpful in learning especially for the students. They can ask for comments, critique, etc on the work they have done which helps them develop and improve their skills. They can share their work and also the mistakes so that other people may avoid it.
Open-source software is preferred to proprietary software because it provides security i.e. it is open to everybody. So, a person can add or delete material to improve a program. This proves to be helpful in cases where a person might have missed out on something. We should look for a company or development team that delivers quality products and issues patches quickly when a vulnerability is discovered. An individual has to consider the user base for the security of an OSS product and the quality of a product’s documentation is also required which can be done by looking at the consumer experiences. Security can also be improved by finding and fixing the bugs. Thus, people who use open-source software can add, delete, or fix something quickly compared to the proprietary software.
OSS provides stability to the users which means that their tools or content do not disappear even if the original authors stop working on them.OSS does not mean that something is free of charge. Programmers can charge money on the OSS.
The programmers have the license to alter or modify or improve the functions of the software.
Open Source Initiative (OSI) was founded in 1998 and is related to matters such as:
-source code availability and integrity
-distribution and properties of licenses
Open-source software v. Free software
The terms are often used interchangeably, but they have different meanings. Freeware is generally referred to proprietary software that the users can use or download at no cost but whose source code cannot be changed.
Some Important Case Laws
Versata Software Inc. V. Ameriprise Financial Inc & Ors.
Versata sued Ameriprise in Texas state court on May 3, 2013 (the "Texas case"), alleging that Ameriprise materially breached a software license between the two parties for Versata's Distribution Channel Management (DCM) software, which Versata licenses for millions of dollars.
The lawsuit primarily involves two contractual agreements between three companies. The first one is a Master License Agreement (MLA) between Versata and Ameriprise, whereby, the latter is granted a non-exclusive, non-transferable, and perpetual license to use the DCM software limiting its access to Ameriprise employees and certain permitted contractors only. However, Ameriprise allowed non-permitted contractors to access and work on the DCM software in violation of the MLA, due to which Versata purported to terminate the MLA and demanded Ameriprise to stop using and return the DCM software to Versata.
The second agreement is the General Public License (GPL) which Versata was granted by a nonparty XimpleWare Corporation, whereby, Versata was permitted to use XimpleWare’s “VTD-XML” software, an open-source product. Versata allegedly incorporated VTD-XML into its DCM software due to which Ameriprise counterclaimed in the suit stating that Versata was required by the GPL to make the DCM source code freely available to all users, including Ameriprise and its contractors.
Versata contended that Ameriprise’s breach of contract counterclaim which was based on Versata’a alleged violations of the GPL is preempted by copyright law. As a result, Ameriprise removed the case to the federal court to determine whether the case could be decided under copyright law.
Once XimpleWare became aware of the allegations made against Verasata by Ameriprise, it filed a federal lawsuit against both of them on November 5, 2013, for copyright infringement as well as for breach of contract.
It alleged that Versata infringed its copyright by including the source code in its DCM software without obtaining a commercial license, permission for the use of XimpleWare's products, or complying with the GPLv2 license.
It further claimed that Ameriprise distributed the DCM software without attribution to XimpleWare, XimpleWare's copyright notice, a reference to XimpleWare's source code, or any offer to make the source code freely available—all violations of the GPLv2.
In addition to the copyright case, XimpleWare also filed a Patent infringement case on the very same day against Versata, Ameriprise, and several of Versata’s customers.
Versata and XimpleWare reached an out-of-court settlement on 10th February 2015 for both patent and copyright infringement cases.
For the counterclaim of Ameriprise to that of Versata stating how it breached the GPLv2, the federal court concluded that the GPLv2 imposes additional obligations which are beyond the scope of the Copyright Act and as a result, the counterclaim of Ameriprise was not preempted and thus, sent the case back to the state court.
To what extent can software companies restrict their contractors from further subcontracting or redistributing their GPLv2 license still remains an open question as the court could not give a sound conclusion for the same.
In the Patent case, the court stated: "even if the original licensee—[here, Versata]—breaches its license for whatever reason, third-party customers of that original license retain the right to use XimpleWare's software so long as the customer does not itself breach the license by 'distributing' XimpleWare's software without satisfying [any] attendant conditions." In other words, if one party violates the license, it would not automatically terminate other licensees’ rights who have complied with the terms of the license.
Mark Radcliffe, a licensing expert and partner at law firm DLA Piper exclaims that “The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued.”
Other Important Cases
Another important case from the open-source software point of view is that of Oracle v. Google decided on 27 March 2018, which can be found here.
Brief facts of the case-
- Google held discussions with Sun (the original developer of Java) on how to implement JAVA APIs in the open-source Android mobile operating system
- The agreement never reached still Google implemented the APIs
- After Oracle acquired Sun, it sued Google for breach of copyright for copying API names and other elements.
- District court held API not protected by copyrights- Federal Court overturned this decision-Supreme Court also upheld the federal court’s decision in 2015
- District court dealt with the question of Google’s fair use defense and agreed with the same-Federal court overturned the decision-Google responsible for such copyright infringement.
Yet, another important case in the respect of open source software point of view is of CoKinetic Systems Corporation v. Panasonic Avionics Corporation, terminated on January 19, 2018, which can be found here.
Brief facts of the case-
- CoKinetic Systems Corporation filed a suit against Panasonic Avionics in the New York Federal Court seeking damages of around $100 million.
- The major claim of the petitioner was that the respondent has intentionally violated the GPLv2 open source licensing requirements, in addition to a lot of other actions aimed at monopolizing the market for in-flight entertainment software and media services.
- Panasonic refused to distribute the source code (OSS) and thus prevented its competitors from being able to build the software for in-flight entertainment services.
- By this unlawful act, CoKinetic alleges that the respondent has infringed the copyrights of a number of software developers that have contributed to Linux (the source code of which Panasonic refused to share)
- CoKinetic notified the court in an 11 January letter that the dispute with Panasonic Avionics had been settled.
OSS And Legal Issues
While there are benefits associated with the OSS, the software owners are many times unaware that it also includes certain obligations depending on the licensing terms. One such obligation is to include certain copyright notices and to make available certain codes.
If the OSS components are used in proprietary software, necessary steps should be taken to review the license terms and ensure that tall necessary notices are included and the source code is made available which may require the assistance of legal advisers.
If there is a failure in compliance with the OSS requirements it may result in legal action by the original licensors as well as negative publicity and other reputational impacts.
As there as complexities associated with the use of OSS, it is recommended that the issue of license term should have complied so that all notices can be included and the source code that is required is easily identified.
Important Recent Developments
Some of the important recent developments include the Android patent litigation includes the litigation surrounding the Android operating systems. It also includes the license compliance and standard of care to be taken by the companies or the software programmers and comply with the license procedures.
One of the important advantages of OSS is the flexibility for the companies to modify the software and develop a different version of the product called “forking”. The companies have to see the risk of forks included in programs.
All the stakeholders are allowed to use, study, share, and improve code for commercial or noncommercial reasons under Free and Open Source Software (FOSS). These licenses use copyright law for applying their terms and conditions as a legal framework. The four types of FOSS licenses are permissive, weak Copyleft, strong Copyleft, and network protective. Although FOSS is widely used and GPLv2 is the most widely used license, the GPLv2 has rarely been the subject of litigation. As FOSS is widely used, it is seen that there might be disputes between the companies. Therefore, enforcement of FOSS licenses should be complied with. The commercial companies realized that support of FOSS projects is an important strategy. The use of FOSS by Governments and Government participation is seen but there are problems in its implementation. The open-source adoption by Government is very uneven.
GitHub adopted a license selection policy that stated that "sharing your code isn't everything... it's also important to tell people how they can use that code" and that "choosing an open source license can be confusing." GitHub then created choosealicense.com, a website to assist developers to select a license. Also, the patent threats from MPEG LA, LLC were settled with Google regarding the use of Google’s open-source VP8 codec.
Growth in open source collaboration was seen in recent years. Two major collaborations were the AllSeen Alliance ( the Alliance is based on the AllJoyn open source project which develops software which "can communicate over various transport layers, such as Wi-Fi, power line or Ethernet, regardless of manufacturer or operating system and without the need for Internet access) and Open DayLight (software "to accelerate the adoption of Software-Defined Networking and Network Functions Virtualization)
Google emerged victorious in fair use in Java API case, the censure of Patrick McHardy, Hellwig lawsuit dismissed, U.S Government announces federal source code policy, Moglen steps down as FSF General counsel, Debian, and Ubuntu ship ZFS, Apache Software Foundation bans JSON license.
Various software tools are used to becoming license compliance. There are license scanning and scan result review tools as well as there are component identification tools. As an example of purely license scanning tools, there are FOSSology and ScanCode. For software composition analysis we can use open-source software called OSS-Review-Toolkit or a commercial product WhiteSource. The third group of open-source compliance tools is like knowledge bases where information about open-source component usage is gathered. This includes information about which open-source components are there in our project and licensing information of those components. These tools also provide a possibility to generate reports as SBOM and license disclosures from them.
The compliance has to be followed with or it results in lawsuits, bad public relations, etc. The organizations and companies must have a license and compliance strategy in place that fits both categories.
Thus, there are various issues and compliances that have to be followed while using open-source software. People prefer using OSS because it is easy to make changes by adding or deleting a particular part. The courts have also given important judicial decisions which give clarity on the use of licenses, infringement, etc. OSS has had some recent developments from which it can be seen that the compliances have to be followed otherwise the person or the organization has to face the legal consequences.