What are the liability issues involved with using free and open source software (FOSS)? Here's a guide to copyrights, choosing a license, trademark registration, and patents.
Anyone can obtain free and open source software (FOSS), and install it on the company's computers. Just think: no expensive proprietary software that demands multi-user licenses.
But before you download any of these programs onto your business computers, software experts recommend that you ask a few questions about FOSS liability issues such as licenses, copyrights, patents, and trademarks. The reason is that violating any of these intellectual property protections can risk embroiling your business in litigation -- maybe not right now but at any point in the future.
"If you make copies or distribute modified versions of the software without satisfying the conditions (i.e. without permission), you infringe the copyright, which gives the copyright holder access to certain legal remedies," says The Legal Issues Primer for Open Source and Free Software Projects, published by the Software Freedom Law Center, which provides legal representation for FOSS projects. "In particular, the copyright holder can sue you for damages or ask a court to order you not to make or distribute further copies."
The Primer emphasizes that users need to know the conditions stated in their FOSS license so that they are not unwittingly violating copyright law. The first thing users need to know when they purchase open source software is if they received it from a reputable source, advises Philip Robb, a research and development manager in HP's Linux and Open Source Organization. Robb is also general manager of FOSSBazaar.org, an open source community of technology and industry leaders who are collaborating to push for adoption of free and open source software in business. Robb says that a software company in disarray will not have security updates on their website to protect users from malware or Trojan viruses in FOSS products, which could have the potential to bring your business to its knees.
License and copyleft questions
Software licenses and copyrights are different in the FOSS world. Developers and programmers in the FOSS ecosystem write these open source software programs collaboratively under an open source license, which permits users to use, change, copy, and distribute these programs free of charge, provided that they follow the licensing guidelines of the software. Most commercial software doesn't allow you to change a program and redistribute it -- unless you specifically negotiate that in a license.
You should know what particular FOSS license your software holds and what are that license’s restrictions. For example, Linux uses the GPU General Public License (GPL), which is more restrictive about modifications and additions than the liberal Berkeley Software Distribution (BSD) or Berkeley Unix license which gives unlimited use to developers and users.
The GPL is a "copyleft" license, which means that whoever receives the modified software must also adhere to the same GPL license restrictions, so that the functionality of the source code will continue to improve. Robb stresses that users should remember, "a copyleft has an author who dictates through their license what the downstream user (those who use the software after it had been modified) can do." However, if you're using this software for your own purposes and not distributing it to a third party, then you won't need to stick with these restrictions.
Patent and trademark concerns
The FOSS community discourages patents since patented software runs counter to their philosophy of distributing free software and having it modified by someone else downstream. When there is a patent infringement of an open source software program, the FOSS community rallies around the defendant, such as was the case when Firestar Software sued Red Hat. The community wanted to protect the patent and when Red Hat settled the lawsuit, the terms protected the software in both the upstream (the predecessors to Red Hat) and downstream communities.
"Software patents are a threat to users and developers of all varieties of software, and whether a company uses FOSS or proprietary software is unlikely to have much effect on its legal liability," Says Aaron Williamson, counsel for the Software Freedom Law Center.
He continues that, "It is often impossible for users and developers of software to know whether a given program infringes existing patents; the question requires exhaustive searching, careful legal analysis, and often guesswork to answer. Some FOSS licenses attempt to mitigate the harm of software patents by causing developers and licensees of software to grant broad licenses over any patents they own which might be read on the software."
Trademarks are another issue all together. For end-users, trademarks aren't a liability issue. Williamson says that trademark law is designed to protect consumers from confusing the knock-off project with the real one. If a company takes a logo without asking and then redistributes it or if a distributor markets its program and says that the creators of a related software project endorsed it, then a trademark infringement would occur. Also, if users build a support community around an open source project, they need to ask permission from the FOSS developers to make sure that it's okay to use their name and logo in the support community.
Risks of open source agreements
The risks of violating licensing, copyleft, and other intellectual property agreements involving FOSS aren't any greater than the risks your business undertakes licensing commercial software, according to Jim Zemlin, executive director of the Linux Foundation, which helps users and tech members navigate open source software legal matters. “You take risks anytime you enter into a vendor/employer relationship." Zemlin says. These days, large companies have put their faith in FOSS, such as Motorola, which uses Linux software in its cell phones. Zemlin adds that companies such as Red Hat, Oracle, and Novell, which install Linux for customers and also sell Linux support subscriptions, indemnify customers from legal risks. "The point of FOSS is having a huge vendor ecosystem that can assist mid-sized companies and indemnify their customers" in case of a patent infringement lawsuit, he adds.
Robb adds that Fossbazaar and Fossology, the latter a user community that facilitates the study of FOSS and provides free tools, can help users and developers gather information about FOSS licensing. Through webpapers and discussion groups, the sites try to lessen confusion and fears about using and managing FOSS, including patent infringement. These support communities, so prevalent in the FOSS world, give users an advantage over proprietary companies because they want to protect the FOSS system and its philosophy of the open distribution of knowledge. Another justification for using FOSS, according to Williamson, is that users have more range and freedom with FOSS than with proprietary software. They also know what to expect: FOSS license rights and responsibilities are brief and to the point, as opposed to the terms in proprietary licenses, which are generally long and jargon-filled.