I’m Not An IT Lawyer: Why Does “Open Source” Matter to Me?

October 14, 2009

Jennifer Buchanan O’Neill

Vice President and Managing Assistant General Counsel, Product Development

American Bar Association

Notices and Disclaimers

Copyright © 2009 Jennifer Buchanan O’Neill. All rights reserved. Apache is a trademark of The Apache Software Foundation. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

The statements and opinions expressed herein are those of the author and are not necessarily those of CA, Inc. (“CA”).

To the extent permitted by applicable law, the content of this presentation is provided “AS IS” without warranty of any kind. In no event will the author or CA be liable for any loss or damage, direct or indirect, arising from or related to the use of this information, including, without limitation, lost profits, lost investment, business interruption, goodwill or lost data, even if expressly advised in advance of the possibility of such damages.   Neither the content herein nor any software product referenced serves as a substitute for your compliance with any laws (including but not limited to any act, statute, regulation, rule, directive, standard, policy, administrative order, executive order, and so on (collectively, “Laws”)  referenced herein or otherwise. You should consult with competent legal counsel regarding any such Laws.

CA CONFIDENTIAL -- PREPARED IN ANTICIPATION OF LITIGATION

Overview

The line between intellectual property lawyers and general practitioners was once a clear one. IP lawyers filed patent applications, registered trademarks, and counseled their clients on whether reprinting an article was “fair use” of a copyrighted work. Generalists negotiated contracts, prosecuted and defended litigation, and drafted corporate filings.

In the current economy, a generalist may not be able to consult an IP specialist. And the pervasive quality of technology means that IP issues are present in many transactions, particularly with respect to the use and licensing of software.

You don’t have to be a programmer to help your client address these concerns. But inevitably, you will need to understand the concept of open source.

CA CONFIDENTIAL -- PREPARED IN ANTICIPATION OF LITIGATION

Agenda

What is “open source” code?

When may the use of open source code present legal concerns for my client?

What do I need to know to evaluate my client’s use of open source code?

CA CONFIDENTIAL -- PREPARED IN ANTICIPATION OF LITIGATION

What Is Open Source Code?

“Source code” is human-readable instructions for the software program

Source code is compiled or converted, creating “object code” that the computer can read and execute

Commercial software is generally licensed in object code form under a proprietary license

“Open source” software is licensed in source code form, at no charge, under terms freely available to the public

The end-user of open source code can modify it and distribute those modifications

The Urban Legends of Open Source

Open source code is not public domain Open source is not freeware Open source is not shareware Open source may still be subject to

regulation Open source may be licensed by

companies for use with their proprietary products and services

The Urban Legends of Open Source (cont.)

Open source licenses are enforceable

– First major appellate case addressing open source: Jacobsen v. Katzer, 535 F.3d 1373 (Fed Cir. 2008)

– Violation of conditions may constitute copyright infringement

– Violation of covenants may constitute breach of contract

– Potential remedies include statutory or actual monetary damages, specific performance, injunctive relief

Where May Open Source Be An Issue?

Inbound technology licenses Professional or technical services

agreements Business process outsourcing Employment agreements Mergers and acquisitions Internal business use

Where May Open Source Be An Issue? (cont.)

Joint research and development/CRADAs Customer sales contracts In-house software development Participation in industry alliances and

standards bodies Internal policies for Internet and email

usage

What Do I Do Now?

If my client wants to license code from a third party:• Require that party to identify all open source code that it uses and

distributes, together with the governing license and a description of how the code is used

• Assess that party’s compliance with applicable licenses. AVOID BEING A DOWNSTREAM INFRINGER.

• Obtain sufficient contractual protections against infringement in the form of warranties and indemnification

If my client wants to license code to a third party:• Determine what open source code has or will be used by your

client, including documentation of any modifications made• Assess compliance and remediate any potential issues prior to

external distribution of code• For proposed future use, evaluate internal controls to verify

whether compliance is feasible

What Do I Look For?

Where can I find the license agreement?– Online open source community or project web site– User documentation– Clickwrap agreement accompanying software– LICENSE, NOTICE, or other *.txt file in the program’s source or

object code– Confirm licensing on a third-party site like Ohloh or Koders

Look for dual/tri-licensing scenarios Determine requirements for use, redistribution

and modification of code – Wide range of licenses with different ramifications for

commercial users– Scan the source code if there’s any doubt as to origin

Other Key Concerns

What is the impact to your client’s patent rights?

Many licenses include a royalty-free patent license granted by each contributor to each end-user.  Licensed patents are typically those patent claims that are necessarily infringed by using or selling the contribution or the open source component containing it.  

Those licenses may also contain “patent retaliation” clauses.  An end-user may lose all patent licenses granted under the license if it institutes litigation against anyone alleging that the software infringes its patent rights.

Other Key Concerns

Is the open source component critical to your client’s business (as a service provider or otherwise)?

Verify how the open source project or community ensures the pedigree of the code.

• Contributors may have submitted code under terms other than those of the community• Proprietary code may have been incorporated in violation of applicable licenses • Established open source communities like Apache Software Foundation and Eclipse Foundation have implemented best practices for maintaining integrity of contributions.• Review terms of the project’s Contributor License Agreement (or equivalent)• Again, when in doubt, SCAN the code

Questions?

About CA

CA (NASDAQ: CA), the world's leading independent IT management software company, helps customers optimize IT for better business results. CA's Enterprise IT Management solutions for mainframe and distributed computing enable Lean IT—empowering organizations to more effectively govern, manage and secure their IT operations. Founded in 1976, CA today is a global company with headquarters in the United States and 150 offices in more than 45 countries. CA serves more than 99% of Fortune 1000® companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide.