Learn about Linux
Download Linux
Get Linux helpSpecial Offers
Feature: Legal
What to do if you're involved in code-dispute litigation
Share
Print
CommentsThe SCO Group brought the issue to everyone's attention last year by suing IBM for $5 billion for alleged copyright infringement; others are now beginning to pick up the torch of litigium.
We at NewsForge believe that this is only the beginning; there will be many more people and companies trying to take advantage before the proprietary fringe market dies off.
In the interest of the public good, we have put together some suggestions -- or "ground rules," if you will -- to reference next time you find yourself on either side of a code-theft situation.
What to do if you think you've been violated
If you think someone in the free software community is using your code inappropriately, what do you do? John Weathersby of the Open Source Software Institute says, "I would recommend taking a very common-sense approach. Since you should be able to gain access to a free software package's code, start by requesting a copy of the program code and compare it to your code. If the code is identical, or share unique characteristics so that you can prove one belongs to you, then contact the appropriate person managing the free software program and let them know there is a possible dispute."
The "appropriate person" in question should be the project leader, or in his absence, one of the committers or lead developers. Visit the project's Web site and look through the list of contributors or developers.
For free software projects, make sure that you have reliable contact information clearly listed on your project site, including your name, appropriate phone number, and email address.
What you should not do is post "open letters," send out press releases, or troll message forums and blog comment sections on the matter, Weathersby said. "I am a strong advocate of trying to work out disputes amicably. This requires that all parties work together in good faith. It is rare that you should launch into a situation with all barrels blazing or with the mindset that you're exactly right and they are exactly wrong ... that leaves little room for dialog or negotiations."
What to do if you are accused of being a violator
When you're on the receiving end of a code theft allegation, the best plan of action is to stay calm and compare code. "My advice is to listen to each allegation, weigh its merits, and respond to each issue or dispute thoroughly, calmly, and pragmatically," Weathersby said. "And document every step. Most of the disputes come down to the true ancestry or provenance of the code. Good documentation can put a definitive end to wayward claims of authenticity and patronage."
Dan Ravicher, founding attorney with Open Source Risk Management, agreed. "The right behavior for any particular person depends on their objectives and their means," he said. "Generally, it isn't advisable to go off half-cocked and make public accusations without having first fully investigated the matter. Doing this can subject the accuser to severe liability on his own part.
"However, at the same time, it is rarely the case that doing nothing is the right answer either, because that can result in a waiver of rights. Perhaps the only thing that one should NOT do when one believe one's rights are being maligned by another is NOT seek competent legal assistance."
If you're accused of improperly distributing proprietary code in your free software project and the code in question cannot be easily rewritten, then it's time to review that code and question the developer who contributed it.
"To deal with that problem," Ravicher said, "free software should diligently review the sources of all code adopted into the program and require all contributors to put in writing that they haven't taken anyone else's code and, if appropriate, their employer waives any rights that they may have to the contributor's code. As you may know, if an employee writes code for a company, the company may actually own the code and the employee may have no right to license it to the free software project. This type of provenance procedure is something FSF has done for years and something Linus Torvalds has recently adopted for the Linux kernel."
Prevention, the best medicine
If you run a sloppy project, you're asking for trouble. If you don't know who contributed each piece of code, how to contact them, and when the code was contributed, then you are not properly documenting your work. In addition to having a written agreement with your contributors, you'll also want to form a committee to deal with potential infringement claims. Lastly, you should try to consolidate ownership of the entire code base for the project.
"The stewards of the free software project should establish a system for monitoring, or at least receiving and investigating reports of, potential infringement," Ravicher said. "They should also adopt procedures to obtain ownership of all the code in the free software program. This is something FSF has also done for years, because it is helpful to have one owner of all the copyrights in the code, instead of several owners of different portions of the program, because it consolidates all the interests into one party who can more effectively manage and assert them."
Also very important is registering the copyrights in the code before or very soon after it is released, Ravicher said. This is required in order to sue another party for infringement. It also provides statutory damages -- a fixed amount prescribed by the statute -- and attorney's fees as potential remedies, instead of just actual damages. (Actual damages are the actual amount of economic harm suffered by the copyright holder from the infringement, which is often much less than the statutory damages and much harder to prove).
Finally, "having set procedures for dealing with reports of potential infringement can reduce the burden of dealing with such issues when they arise," Ravicher said.
We also asked Peter Lamont, CEO of Australia-based Miro International and a corporate supporter of the open-source Mambo project, what his suggestions were to keep open source projects free of proprietary code.
"Developing a policy, obtaining copyright assignment, and introducing terms and conditions are all steps in the right direction to ensuring that the code contributed is the author's own work and is free from encumbrances," Lamont said. "Miro has introduced copyright assignment in Mambo to ensure that the code does not infringe anyone's rights and is an entire singular copyright work."
In the event that some proprietary code is required for an impending release, it may be important to find every person ever connected with it and talk to them each personally -- and not simply rely on one person representing ownership of the code.
"Companies, especially larger ones, can't take any chances with using outside code," said Steve Mutkowski, an open source intellectual property attorney with Microsoft. "We've had to do this ourselves many times: We researched every person that was ever connected with an application that we were considering using and obtained sworn statements from each one as to what their contribution was. It can take weeks or months. When we couldn't verify each person, we had to find something else or consider scrapping the project. It's just not worth it to ship something -- especially in a major release, like Office -- that might come back at you with heavy duty litigation at some future date."
Special case situations
Theoretically, all code theft disputes can be settled by talking and resolved by backing out a few patches or rewriting some code. Often, however, there are gray areas, such as with licensing, copyright attribution, and derivative code. In many cases, the amount of code in question is very small and can be easily recoded to satisfy both parties. When you're dealing with legal issues and initial attempts at a simple and mutually agreeable resolution have failed, your best bet is to hire a lawyer.
"Whether it is proprietary code found in a free software program or, vice versa, free software code found in a proprietary software program, the issues are virtually identical," Ravicher said. "In both cases, a potentially copyrighted work (the code) is being used (or copied, modified, and/or distributed) by some third party in a way that the owner of the copyrighted code has not authorized. While it is true that the copyright owner has offered licenses to use the code under certain terms, the use made of the code by the third party is not in compliance with the terms of the offered license.
"This may, and I stress may, mean that the third party is infringing the copyrights held on the code, but it does not necessarily mean that is the case, since there are many issues that go into determining whether infringement has actually occurred. Just for an example, one can infringe copyrights without literally copying any of the copyrighted source or object code. However, it is also possible to not be infringing any copyrights, even if one has literally copied source or object code distributed by another. The point of saying this is that there isn't a bright line test for copyright infringement," Ravicher said.
"I'd also note a very stark difference between code theft and copyright infringement," Ravicher said. "The former connotes an intentional act of taking from another with malicious intent. That's a very serious charge to make against another, and one should be darn sure to have evidence to support such a claim before making it. Copyright infringement is a much broader category of behavior that can include actors who had entirely good-faith intentions to respect the rights of another, despite in the end not succeeding in that aim."
Lamont added a firsthand perspective. "The Internet has enabled global participation in software projects, and as such introduced the problem of very different laws in different countries regarding copyright and intellectual property," he said. "In Miro's case, where we are alerted to misuse of our copyright products, we first send a company letter stating our case (whatever it may be at the time). If the result is not satisfactory, we refer the matter to our lawyers, who partner with a law firm in that country to take steps appropriate to that country's laws."
What if you can't afford a lawyer? "People should not assume hiring a lawyer is cost-prohibitive, as many lawyers are wiling to consider representation of free software clients either pro bono, on contingency, or at a reduced rate," Ravicher told NewsForge.
More on Page 2: How the FSF handles these issues
Comments
on What to do if you're involved in code-dispute litigationNote: Comments are owned by the poster. We are not responsible for their content.
And I have to say, good job NewsForge, and please, don't STFU!
And for those who thing it's safe to swim... go on in. It's the OS way to thin the herd.
Archives of an entire product/project history can be invaluable in the case of infringement claims. The main reason I use so many gigs of HDD is the storage of all that archived information, but that still pales compared to the boxes of floppies and CD's that contain historical backups.
Those archives verify not only that I create my own code, but they provide a checkpoint for verifying possible cases of infringement. What it can't do is help identify a case of infringement, particularly when dealing with third parties who don't expose their code.
IP theft and industrial espionage are real risks, and sometimes the best you can do is look at different company's positions in the market and hope to spot potential infringement cases. The problem then becomes proving it, which would typically require involving law enforcement.
The issue becomes particularly thorny if the potential thief has far more dollars for lawsuits and investigation than the original developer. Even with all his fame, can you imagine Linus trying to sue someone like IBM, HP, Sun, or Microsoft for IP theft? Without the millions to potentially waste on a lawsuit (as SCO has done), what could he do even if he knew code had been stolen? What if it were only a pattern in marketing that indicated the accused was using something similar or virtually identical?
Before any one blurts "patent", note that $20K or so required just to apply for a patent, and the number of infringement cases which run through the courts every year. The deck is emphatically stacked against the individual developer, even though most new technology came out of a garage or home office, much as the original Apple computers did.
What do you do about [L]GPL violators of your code
Posted by: Anonymous Coward on October 05, 2004 12:49 AM(some GPL, some LGPL) that I amintain and publish
for the environmental modeling community. What
should I do about the *persistent* problem of
license violations, involving the following:
* Stripping out the the license from
re-distributed code;
* Stripping out attributions from
re-distributed code; and
* Modifying and re-distributing the result
without specification of what mods were
made,and by whom.
In particular, is it appropriate for me to pursue
charges of academic misconduct against the
perpetrators? (The academic meteorology community
is notoriously bad for this kind of plagiarism
issue...)
Re:What do you do about [L]GPL violators of your c
Posted by: Anonymous Coward on October 06, 2004 03:58 PMAnd then, as far as you can WITHOUT identifying any perpetrators, point out that it is rife amongst their employees. Ask them (I really mean "order them"<nobr> <wbr></nobr>:-) to read the riot act to their employees, and give an undertaking (that is, you give the Institution a guarantee) that you will not take any further steps providing they abide by the licence - which allows for free use provided they don't plagiarise the software!
If it's a few individuals in an institution, I would have thought a polite letter (preferably from a lawyer) pointing out that they are committing a criminal and fraudulent offence would be enough. Point out that if such behaviour continues you have little option but to report them to their Principal for fraud, and to the authorities for copyright theft. Again, give them a guarantee that if they stick by the licence in future then you will drop the matter.
Cheers,
Wol
It's like having a stalker in your midst... n/t
Posted by: Anonymous Coward on October 05, 2004 05:12 AMOr in the words of one of Mambo's leading developers, "There have been many cases where [Mambo] developers seem to have breached the GPL, for instance, and the community has lashed out without forethought."
What are you talking about? Here is the complete quote, and for a little context, it had nothing to do with the Connolly dispute, but a disagreement between one of the Mambo developers, and a community member:
<A HREF="http://www.mambers.com/showpost.php?p=47446&postcount=20" title="mambers.com">Post in question.</a mambers.com>
"Unless, of course, they do something that irks the community. There have been many cases where developers seem to have breached the GPL, for instance, and the community have lashed out without forethought.
For the most post Mambo has a very supportive and positive community, sometimes misunderstandings can lead to rifts that lead to possibly talented developers or dedicated users leaving the community.
No community is perfect, this community could definitely use more unity."
That is one opinion of one person, who happend to come into the community at a time when several misunderstandings had cropped up regarding the terms of the GPL, and who had made it a personal goal of his to keep that topic in the forefront of conversation in the community to promote understanding of the terms of the license. He was not commenting on the specifics of the Connolly case, and it has really nothing to do with it.
Connolly has repeatedly lied and written half-truths in this matter. And, he never even claimed to have examined the code in question himself, or had the code examined by a knowledgeable party. He is just guessing that his code is being used, and he is wrong.
And he was wrong to issue press release after press release on the matter.
End of story.
Despite your weak counter, Futhermore's legal claims against the Mambo community are still as good.
Despite your weak counter, Futhermore's legal claims against the Mambo community are still as good.>>
In correct. That quote refers to the code Furthermore claims to own. Mambo has maintained this entire time that that code used in Mambo is not the same code that Furthermore claims to own.
If the legal claims are so good, where is the legal action? And, what is with all the press releases?
I've been writing software, both open source and proprietary, for over 20 years however, it's only in the last four years that I've been obliged to call in the legal brigade on a regular (all too regular) basis.
I live and work in South Africa. I think the best way to sum up the situation on litigation here is: "Avoid it at all costs!" The costs of legal representation is prohibitive and courts rarely (if ever) consider consequential losses resulting from pre-emptive or tactical litigation. I can only surmise that Dan Ravicher hasn't been to SA if he believes that: "...many lawyers are willing to consider representation of free software clients either pro-bono or on contingency...". The attorneys and advocates I have been dealing with over the past few years wouldn't represent their grandmothers on a pro-bono basis and, with the costs being generally awarded on the 'party and party' scale (about 40 - 50% of the real cost) it's a brave man who takes on a case here against a big opponent (such as the evil MS)
Another problem in smaller countries such as ours is that there are few attorneys who have the appropriate experience to deal with IP and copyright issues. Also, many of our statutory enactments on such matters are untried and legal opinion largely derives from US & UK precedents rather than local precedent which means that a case can go either way when it is heard.
Anyway, the upshot of all this is after having paid through the ringpiece for the past few years for advice that is (at best) dubious I've finally bitten the bullet and enrolled for an LLB. In my recent experience it is impossible to develop software without a paralegal background if only to preclude spending six months in court/chambers!
I thought I would inform NewsForge editors and readers of two other sources of great legal insight on these topics. The first is <A HREF="http://www.gtlaw.com/biographies/biography.asp?id=5523" title="gtlaw.com">Heather Meeker</a gtlaw.com>, an attorney with <A HREF="http://www.gtlaw.com/contact/offices/sv.asp" title="gtlaw.com">Greenberg Traurig in Silicon Valley</a gtlaw.com>. She is Co-Chair of the Open Source Committee of the ABA (American Bar Assoc.) Section of Science and Technology Law and advises companies on open source licensing issues. She also gives talks on open source licensing issues, including one in the Spring of 2004 at the <A HREF="http://www.osbc2004.com/" title="osbc2004.com">Open Source Business Conference</a osbc2004.com> in San Francisco.
Another leading expert in this area is <A HREF="http://townsend.com/attorneys/biodetails.asp?o=3278" title="townsend.com">Phil Albert</a townsend.com>, an attorney with <A HREF="http://townsend.com/offices/officedetails.asp?office=san+francisco" title="townsend.com">Townsend and Townsend and Crew in San Francisco</a townsend.com>. He writes <A HREF="http://linuxinsider.com/story/37078.html" title="linuxinsider.com">a weekly column</a linuxinsider.com> for <A HREF="http://www.linuxinsider.com/" title="linuxinsider.com">linuxinsider.com</a linuxinsider.com> that almost always touches on open source licensing issues.
Everybody says don't proceed through these hairy issues without a knowledgable attorney; well, here's two more in addition to those quoted in the article that could provide that competent and valuable advice.
1. Mr. Ravicher is correct that having a single copyright holder makes enforcement easier. However, developers may not want to surrender their copyrights in their work.
a. After all, it's theirs. Surrender the copyrights and it's not.
b. If all developers surrender their copyrights to a single entity, that entity could take the entire project private (remember CDDB/Gracenote?). Even if the surrender agreement has a provision prohibiting or restricting this, I would not want to be a developer involved in litigation to enforce it. I think both the outcome and remedy are far from assured.
c. An alternative might be an agreement that a developer who commits code to a project agrees that the project will act as the exclusive representative of all those who hold copyright on code in the project for enforcement of the license provisions of the project and the related interests of the copyright holders. The agreement could also provide that the copyright holder register that copyright with the national registration authority of the holder or the host country of the project, and that the project may on its initiative pay the registration fee and thereby place a lien on the code that the developer may not remove that code from the project without reimbursing the project.
2. Regarding Mr. Ravicher's statement:
"Generally, it isn't advisable to go off half-cocked and make public accusations without having first fully investigated the matter. Doing this can subject the accuser to severe liability on his own part."
I agree with the potential of liability in principle. However, even considering the decision in Diebold v. OPG (judgment against Diebold for false accusation of infringement, with assessment of damages), I do not have great faith in getting judgment recognizing that liability.
3. About Mr. Mutkowski's statements regarding Microsoft's detailed investigations of "outside code," there may be circumstances in which this is called for. However, considering his employer's attitude toward open-source software in general and GPLd programs in particular, I think this has to be taken with a grain of salt, in addition to a good look at the needle on the FUD-o-meter.
4. Regarding another statement by Mr. Ravicher:
"People should not assume hiring a lawyer is cost-prohibitive, as many lawyers are wiling to consider representation of free software clients either pro bono, on contingency, or at a reduced rate."
I believe Mr. Ravicher may be somewhat optimistic in this outlook, especially with respect to pro bono representation. Pro bono or contingency representation is most likely when the case for or against one party is quite clear and easily established by competent counsel. Unfortunately, IP litigation often involves matters that are anything but clear and easily established. Even reduced-rate representation can pile up large sums in protracted cases. It is worth trying to obtain counsel, but it may be a difficult search.
5. "'The point of saying this is that there isn't a bright line test for copyright infringement,' Ravicher said."
Some might say that it's like looking for a black line in the dark.
Y I would ....
Posted by: Anonymous Coward on October 05, 2004 12:33 AMSTFU
#