Section 9.3. What It All Means: The Implications of the SCO Crisis


9.3. What It All Means: The Implications of the SCO Crisis

The SCO lawsuits will likely drag on for years, and might even be succeeded by similar suits (discussed shortly). It highlights the flaws in the open source development model, which is what opened the door to litigation (and FUD) in the first place.

The SCO suits have exposed the myth that open source software, and Linux in particular, is immune from questions of authorship and ownership. Haters of Microsoft and Windows have been able to point to the open source model as the one alternative the software giant can't defeat in the marketplace, or purchase once it has lost. In this line of thinking, open source software is ownerless, thanks to the GPL.

From a legal standpoint, the copyright precedents for Linux and most open source projects are not as clear as its advocates might like. From a copyright perspective, it is not entirely clear whether it is a work of "joint authorship," a "compilation," or an endless series of "derivative works" that expands again when someone new tweaks the code. When Richard Stallman drafted the GPL in 1984, he tried to be very careful in basing his Copyleft model on contemporary copyright law, and his successors have been even more scrupulous. However, the GPL and its descendents have not been tested in the courts, meaning there is little precedent for how the SCO suit might play out.

The legal counsel for Stallman's Free Software Foundation has a simple explanation for thisthere is a lack of precedence because the GPL works. No one has seriously tried to challenge it. "The GPL has succeeded for the last decade, while I have been tending it, because it worked, not because it failed or was in doubt," Free Software Foundation counsel, Eben Moglen, said in a speech at Harvard University in February 2004 (http://www.gnu.org/philosophy/moglen-harvard-speech-2004.html).

SCO's original assertion was that IBM had not only violated the GPL (by contributing code to Linux for which it did not own the copyrights), but also had done so by violating the terms of its original licensing agreement with AT&T (an agreement now owned by SCO) to create the AIX flavor of Unix.

Anyone seriously spooked by SCO's claims should pay careful attention to that last sentence, and to this next point. SCO, as it turns out, is not asserting that IBM had added code to Linux which SCO happened to own. SCO claims that IBM engineers added code they had written themselves for AIX, an alleged move that violated SCO's rights. This is considered a very aggressive interpretation of its licensing deal with IBM. Furthermore, it means SCO cannot claim that IBM copied code verbatim from SCO, but merely borrowed the "structure, sequence, and/or organization" of Unix code for its contributions to Unix. The Linux code SCO is fighting over merely resembles the code it happens to own; it isn't a perfect copy. The last time the U.S. Supreme Court wrestled with a similar case, it ended in a 4-4 draw.

What's the upshot for open source users? Despite SCO's attempts to bully companies with its $699 licensing fee demand, its case against IBM is tenuous at the very best and isn't really relevant. (Of course, if SCO loses its dispute with Novell, it doesn't even have a case, but that's another story.) IBM's engineers assumed they were in the right, whether they recycled AIX code into Linux or not. Maybe they were, maybe they weren't. IBM will have to pay the costs of litigation, but Linux and the GPL themselves are hardly fatally flawed.

That said, the GPL is not and never has been a defense against the kind of intellectual property violations that SCO has alleged. Of course, no commercial license is, even ones that offer indemnification. But the weakness SCO has exposed will be sure to dog the open source movement for years to come, as lawsuits and their accompanying FUD will continue to focus on the idea, and difficulty in proving otherwise, that other people's copyrighted code is floating around inside of Linux.

Richard Stallman did anticipate this problem when he wrote the GPL, which is why his GNU project demanded that would-be contributors hand over proof that they were the copyright holders of their own submissions, and that they formally hand over the rights to the Free Software Foundation.

This approach created a legally sound foundation for the GNU project, but very likely inhibited its growth. When Linus Torvalds solicited contributions to his Linux kernel, he adopted the GPL but failed to put a similar copyright enforcement mechanism in place, leaving Linux open to exactly the kind of claims SCO has made. The flip side is that Linux might never have reached its tipping point among developers if it had made onerous demands similar to Stallman's.

However, Torvalds' unwillingness means that thousands of contributions to the Linux kernel (or any other open source application) are now a potential Trojan horse of litigation. The possibility that unethical developers dumped proprietary source code into Linuxcode copyrighted by their employers, perhaps, or else piratedleaves the door open to potentially hundreds of lawsuits by developers claiming that their proprietary code was added to Linux without permission by someone else. And then all Linux users would be served notice to pay a licensing fee. Commercial software has the same potential problem as well, or it did until legal precedent was established, thus curtailing future suits. Conceivably, a similar precedent will be applied to open source in the wake of the SCO lawsuit, or one of its successors.

Open source advocates have vowed repeatedly to rip out and rewrite from scratch the code allegedly stolen from SCO, provided SCO pointed to the code in question. Their vow, along with Raymond's assertion that at least one piece of offending code has already been flushed from the Linux kernel, speaks to one of open source's greatest strengths: the ability to easily locate, replace, and improve failed code. Whether that code suffered legal failure or runtime failure is almost beside the point.

The glimmer of a future campaign might have been revealed by Steve Ballmer, Microsoft's CEO, in a November 2004 speech at Microsoft's Asian Government Leaders Forum. In the speech, he claimed that, based on a report by the consultancy Open Source Risk Management, Linux infringes on 283 patents. The authors of the report said Ballmer "misconstrued" their research, which indicated that Linux might "potentially" infringe on 283 patents. The authors of the report also pointed out that there is no reason to think that commercial operating systems have any less risk of infringement than Linux, and that while many commercial software makers have been sued for infringement, not one open source or free software project has ever been sued for infringing a patent.

9.3.1. More FUD, Dead Ahead?

If, and when, SCO's claims against IBM and Linux in general are repelled by the courts, the question becomes who will step up and take SCO's place. Whether their chances in court would be better than SCO's is beside the point. What it does create is the specter of an endless series of lawsuitssome frivolous, perhaps, and some notagainst open source leaders, consuming millions of dollars in legal fees and spooking potential customers for years to come. Or at least that's the fear component of this particular piece of FUD. The reality is that, so far, there has been little cost for those who have embraced open source. While the flag bearers of the movement battle SCO, only DaimlerChrylser and AutoZone have been targeted among all other end users. SCO's threatening letters to the Fortune 1000 otherwise came to nothing.

Still, who would like to see this happen? Certainly any proponent of old-fashioned proprietary software. So, how about Microsoft?

The company's shadowy relationship with SCO has raised the fear in the open source community that Microsoft is actively recruiting stalking horses to sue the open source movement into submission. The SCO consultant who claims to have brokered the relationship between the two companies has since said publicly that he believes Microsoft "may have 50 or more of these lawsuits in the queue" (http://www.newsforge.com/trends/04/03/12/1731252.shtml).

Microsoft knows better than any company how quickly a competitive landscape can shift while the legal system hums along slowly behind it. Netscape management might have been proven right when Microsoft was later found guilty of antitrust violations, but by that time, Netscape had been swallowed by AOL, and it wasn't given back its former market share.

9.3.2. Indemnification: Could Sun Be a Safe Harbor with Open Source Solaris?

Anticipating this possible future, Hewlett-Packard, Novell, and other open source-friendly organizations have begun offering "indemnification" to open source customers (although, as with commercial licenses, their legal protection goes only so far, and it often isn't far at all). Often, the warranty is voided if the user modifies the softwarea move that limits the value of the indemnification for the small group who actually change Linuxand others are only SCO specific. A handful of start-ups hope to offer what amounts to insurance policies against being sued.

Even more curious is Sun's role in all of this. After paying more than $10 million to SCO for an all-encompassing license (and some warrants to purchase stock), Sun is fully indemnified against SCO's claims. Therefore, the company's announcement that it soon will make Solaris open source creates the possibility that Sun might be able to offer the only legally safe version of Linux on the market. To do that, Sun won't be able to offer customers code under the GPLSCO has already indicated it will not allow this, and Sun has historically been conservative with its own open source projects. But an open source Solaris would offer a safe middle ground for corporations hoping to use open source without needing special counsel on call 24/7.

Is the tradeoff between security and freedomthe freedom to modify and share code, or reap the benefits of others' workreally worth all the fuss? The answer to that depends, of course, on the needs, objective, and risk tolerance of the end user asking the question. Having to endure the saber rattling of SCO's successors down the road might become part of the open source equation for a lower TCO.

9.3.3. Patents: A Growing Concern

An area of emerging concern for software of all sorts is the explosion of patents that have been issued in the last 10 years. Patents, which in the U.S. protect an idea for 20 years from the date of filing, represent a threat different from copyright infringement. It is possible to violate a patent without knowing you are doing so. This is possible with copyright infringement, but only if there is a chain of copying from the source to you. But with a patent, an idea or technique is protected regardless of how you came upon the idea.

Various investor groups have formed to buy patents and then use them to pursue licensing deals. There have been some notable successes by firms pursuing this model, who have been able to force license fees after patents were upheld in court.

An unscrupulous technique called the submarine patent is also sometimes pursued. In this technique, someone files a patent for a device and then delays filing the details, while watching the market develop. The goal is to patent techniques that become crucial to an emerging technology.

It is possible that patents could be a threat to open source, but if so, they would be no less a threat to commercial source. Patent protection could be selectively pursued against open source, but this would likely bring the same players to the battlefield as are currently waging war in the SCO suits.

In the European Union, the future of patent protection for software is still being worked out, which has led some players to wait on the sidelines.

9.3.4. Worst-Case Scenarios

The potential risks in open source lawsuits are not easy to calculate. For example, what if SCO writes you a letter asking for a license fee. You could pay the $699 for each Linux installation you have. That's one way of calculating the size of the risk of using Linux. Another approach is to ignore the letter and wait for a lawsuit. Yet another is to try to get help from IBM or Sun. An organization called Open Source Risk Management offers indemnification against the risk of open source lawsuits for those who want to limit liability before the fact.

Nobody can say that for certain the risks are always small, even though they appear that way. Just as commercial software comes with risk, so does developing your own software. Anytime almost anything is created, it might infringe on a patent. To use any software involves risks of many different kinds. The question is whether the risks are acceptable. For millions of people around the world, the answer seems to be yes, despite a considerable amount of bullying and dissemination of FUD intended to make them think otherwise.



Open Source for the Enterprise
Open Source for the Enterprise
ISBN: 596101198
EAN: N/A
Year: 2003
Pages: 134

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net