September 9, 2003

Darl McBride's Letter to Open Source Community

- by Darl McBride -

The most controversial issue in the information technology industry today
is the ongoing battle over software copyrights and intellectual property.
This battle is being fought largely between vendors who create and sell
proprietary software, and the Open Source community. My company, the SCO
Group, became a focus of this controversy when we filed a lawsuit against IBM
alleging that SCO's proprietary UNIX code has been illegally copied into the
free Linux operating system. In doing this, we angered some in the Open
Source community by pointing out obvious intellectual property problems that
exist in the current Linux software development model.

This debate about Open Source software is healthy and beneficial. It
offers long-term benefits to the industry by addressing a new business model
in advance of wide-scale adoption by customers. But in the last week of
August, two developments occurred that adversely affect the long-term
credibility of the Open Source community, with the general public and with

The first development followed another series of Denial of Service (DoS)
attacks on SCO, which took place two weeks ago. These were the second and
third such attacks in four months and have prevented Web users from accessing
our web site and doing business with SCO. There is no question about the
affiliation of the attacker -- Open Source leader Eric Raymond was quoted as
saying that he was contacted by the perpetrator and that "he's one of us." To
Mr. Raymond's partial credit, he asked the attacker to stop. However, he has
yet to disclose the identity of the perpetrator so that justice can be done.

No one can tolerate DoS attacks and other kinds of attacks in this
Information Age economy that relies so heavily on the Internet. Mr. Raymond
and the entire Open Source community need to aggressively help the industry
police these types of crimes. If they fail to do so it casts a shadow over
the entire Open Source movement and raises questions about whether Open Source
is ready to take a central role in business computing. We cannot have a
situation in which companies fear they may be next to suffer computer attacks
if they take a business or legal position that angers the Open Source
community. Until these illegal attacks are brought under control, enterprise
customers and mainstream society will become increasingly alienated from
anyone associated with this type of behavior.

The second development was an admission by Open Source leader Bruce Perens
that UNIX System V code (owned by SCO) is, in fact, in Linux, and it shouldn't
be there. Mr. Perens stated that there is "an error in the Linux developer's
process" which allowed UNIX System V code that "didn't belong in Linux" to end
up in the Linux kernel (source: ComputerWire, August 26, 2003). Mr. Perens
continued with a string of arguments to justify the "error in the Linux
developer's process." However, nothing can change the fact that a Linux
developer on the payroll of Silicon Graphics stripped copyright attributions
from copyrighted System V code that was licensed to Silicon Graphics under
strict conditions of use, and then contributed that source code into Linux as
though it was clean code owned and controlled by SGI. This is a clear
violation of SGI's contract and copyright obligations to SCO. We are
currently working to try and resolve these issues with SGI.

This improper contribution of UNIX code by SGI into Linux is one small
example that reveals fundamental structural flaws in the Linux development
process. In fact, this issue goes to the very heart of whether Open Source
can be trusted as a development model for enterprise computing software. The
intellectual property roots of Linux are obviously flawed at a systemic level
under the current model. To date, we claim that more than one million lines
of UNIX System V protected code have been contributed to Linux through this
model. The flaws inherent in the Linux process must be openly addressed and

At a minimum, IP sources should be checked to assure that copyright
contributors have the authority to transfer copyrights in the code contributed
to Open Source. This is just basic due diligence that governs every other
part of corporate dealings. Rather than defend the "don't ask, don't tell"
Linux intellectual property policy that caused the SCO v. IBM case, the Open
Source community should focus on customers' needs. The Open Source community
should assure that Open Source software has a solid intellectual property
foundation that can give confidence to end users. I respectfully suggest to
Open Source developers that this is a far better use of your collective
resources and abilities than to defend and justify flawed intellectual
property policies that are out of sync with the needs of enterprise computing

I believe that the Open Source software model is at a critical stage of
development. The Open Source community has its roots in counter-cultural
ideals -- the notion of "Hackers" against Big Business -- but because of
recent advances in Linux, the community now has the opportunity to develop
software for mainstream American corporations and other global companies. If
the Open Source community wants its products to be accepted by enterprise
companies, the community itself must follow the rules and procedures that
govern mainstream society. This is what global corporations will require.
And it is these customers who will determine the ultimate fate of Open Source
-- not SCO, not IBM, and not Open Source leaders.

Some enterprise customers have accepted Open Source because IBM has put
its name behind it. However, IBM and other Linux vendors are reportedly
unwilling to provide intellectual property warranties to their customers.
This means that Linux end users must take a hard look at the intellectual
property underpinnings of Open Source products and at the GPL (GNU General
Public License) licensing model itself.

If the Open Source community wants to develop products for enterprise
corporations, it must respect and follow the rule of law. These rules include
contracts, copyrights and other intellectual property laws. For several
months SCO has been involved in a contentious legal case that we filed against
IBM. What are the underlying intellectual property principles that have put
SCO in a strong position in this hotly debated legal case? I'd summarize them
in this way:

  1. "Fair use" applies to educational, public service and related
    applications and does not justify commercial misappropriation. Books
    and Internet sites intended and authorized for the purpose of
    teaching and other non-commercial use cannot be copied for commercial
    use. We believe that some of the SCO software code that has ended up
    in the Linux operating system got there through this route. This
    violates our intellectual property rights.

  2. Copyright attributions protect ownership and attribution
    rights -- they cannot simply be changed or stripped away. This is
    how copyright owners maintain control of their legal rights and
    prevent unauthorized transfer of ownership. Our proprietary software
    code has been copied into Linux by people who simply stripped off
    SCO's copyright notice or contributed derivative works in violation
    of our intellectual property rights. This is improper.

  3. In copyright law, ownership cannot be transferred without express,
    written authority of a copyright holder. Some have claimed that,
    because SCO software code was present in software distributed under
    the GPL, SCO has forfeited its rights to this code. Not so -- SCO
    never gave permission, or granted rights, for this to happen.

  4. Transfer of copyright ownership without express written authority of
    all proper parties is null and void.

  5. Use of derivative rights in copyrighted material is defined by the
    scope of a license grant. An authorized derivative work may not be
    used beyond the scope of a license grant. License grants regarding
    derivative works vary from license to license -- some are broad and
    some are narrow. In other words, the license itself defines the
    scope of permissive use, and licensees agree to be bound by that
    definition. One reason SCO sued IBM is due to our assertions that
    IBM has violated the terms of the specific IBM/SCO license agreement
    through its handling of derivative works. We believe our evidence is
    compelling on this issue.

The copyright rules that underlie SCO's case are not disputable. They
provide a solid foundation for any software development model, including Open
Source. Rather than ignore or challenge copyright laws, Open Source
developers will advance their cause by respecting the rules of law that built
our society into what it is today. This is the primary path towards giving
enterprise companies the assurance they need to accept Open Source products at
the core of their business infrastructure. Customers need to know that Open
Source is legal and stable.

Finally, it is clear that the Open Source community needs a business model
that is sustainable if it is to grow beyond a part-time avocation into an
enterprise-trusted development model. Free Open Source software primarily
benefits large vendors, which sell hardware and expensive services that
support Linux, but not Linux itself. By providing Open Source software
without a warranty, these large vendors avoid significant costs while
increasing their services revenue. Today, that's the only viable Open Source
business model. Other Linux companies have already failed and many more are
struggling to survive. Few are consistently profitable. It's time for
everyone else in the industry, individuals and small corporations, to
understand this and to implement our own business models -- something that
keeps us alive and profitable. In the long term, the financial stability of
software vendors and the legality of their software products are more
important to enterprise customers than free software. Rather than fight for
the right for free software, it's far more valuable to design a new business
model that enhances the stability and trustworthiness of the Open Source
community in the eyes of enterprise customers.

A sustainable business model for software development can be built only on
an intellectual property foundation. I invite the Open Source community to
explore these possibilities for your own benefit within an Open Source model.
Further, the SCO Group is open to ideas of working with the Open Source
community to monetize software technology and its underlying intellectual
property for all contributors, not just SCO.

In the meantime, I will continue to protect SCO's intellectual property
and contractual rights. The process moving forward will not be easy. It is
easier for some in the Open Source community to fire off a "rant" than to sit
across a negotiation table. But if the Open Source community is to become a
software developer for global corporations, respect for intellectual property
is not optional -- it is mandatory. Working together, there are ways we can
make sure this happens.

Best regards to all,

Darl McBride
The SCO Group

Click Here!