United States: The Truths and Myths of Open Source Software

Last Updated: May 31 2006
Article by Melise R. Blakeslee and Brian E. Ferguson

In the 1960s and 1970s source code was passed between a close knit community of programmers at the pre-eminent computer science institutions in the United States, such as MIT, Stanford, Carnegie Mellon and Berkeley.1 Programmers expected that any improvements made to code would be published to the entire community. The movement did not gain widespread publicity until 1998 when Netscape, in an effort to ensure Microsoft’s dominance would not erode open internet web protocols, released the source code to its web browser, Netscape Navigator. Following this announcement, the Open Source Initiative was founded to improve the marketing and distribution of the free software community. Vendors, such as Oracle and IBM, began to announce their support of the open source operating system Linux.

The definition of open source is slightly more contentious than its history suggests. Open source can be best described as a method or philosophy for software licensing and distribution designed to encourage use and improvement of software by ensuring that anyone can copy the source code and modify it freely.2 While organizations differ on whether a license complies with their characterization of open source, most can agree that the meaning of open source has little or nothing to do with the fee charged for the software. This is just one of the many myths of open source software. This article will dissect several of the most prevalent myths of open source software and the legal and business issues surrounding them.

Myth One: Open Source Is in the Public Domain

A piece of software cannot be both open source and in the public domain. The definition of open source and public domain make the contradiction clear. If an item is in the public domain, there are no laws that restrict its use by the public at large.3 Although a majority of the public might believe otherwise, the entire regime of open source depends on copyright law to restrict the use of software. For example, the GNU General Public License (GPL) binds the recipient of open source software to a set of restrictions governing the ongoing licensing of the open source software.4 The "viral" nature of the GPL is possibly its most glaring restriction. A recipient’s modifications of the original software become subject automatically to the GPL, which means the recipient cannot restrict access to the source code of the new and improved version. Further, if the GPL-covered software is combined with any other software (including that which is considered to be proprietary), then the combination must be treated as "open" under the GPL, including that which had been proprietary.

Resolving whether open source software is the same as software in the public domain is crucial. Imagine the following scenario: a software company finds some source code that is in the public domain. They spend years modifying the code and create a new and improved application. The company then seals up the code and sells it to the public for a substantial profit. Tweak the scenario and the difference is drastic: the software company instead acquires some source code covered by the GPL. They create the same ingenious new application and sell to the public without releasing the source code. The creator of the original code licensed under the GPL sues the company for violating the license agreement, seeks damages, and releases the new and improved source code to the public. The legal ramifications of mistaking open source code for code in the public domain could not be more severe for any software developer.

Myth Two: No One Gets Caught Misusing Open Source

The suggestion that open source licenses are not enforced probably goes hand in hand with the myth that it is in the public domain. As open source usage becomes more prevalent and more companies plan their business model around it, the enforcement of open source licenses will undoubtedly increase.

On June 15, 2001, MySQL, a Swedish software company that markets open source database software, filed suit in federal district court against Progress Software Corporation, a U.S. software company that signed an interim agreement with MySQL to market the MySQL software product.5 MySQL alleged that Progress breached the terms of the GPL governing the use of MySQL’s software and, more specifically, that Progress sold a derivative work of MySQL’s software without providing the source code.6 The parties have since settled the dispute, but the case illustrates that open source licensors are willing and able to enforce the terms of their open source license agreements.

Enforcement of open source license agreements is not limited to the typical scenario of a licensor filing suit to ensure a licensee adheres to the terms of it agreement. For example, in 2003 SCO Group, Inc. (SCO) filed suit against International Business Machines (IBM) alleging breach of contract, unfair competition, misappropriation of trade secrets and interference with

contract stemming from IBM’s alleged incorporation of SCO’s proprietary UNIX code into the open source Linux operating system.7 IBM counter-claimed, alleging that SCO was itself a modifier and distributor of Linux and, therefore, was required to abide by the terms of the GPL.8 Those terms provided that SCO would not assert certain proprietary rights over programs distributed under the terms of the GPL. IBM expects that if SCO is found to have implicitly agreed to the terms of the GPL by distributing Linux, then SCO may not have a basis to assert infringement claims against anyone.9

There are also several watch-dog organizations to whom open source license violators can be reported, such as the Free Software Foundation, Inc. and GPL-violations.org. These organizations have adopted a model similar to the now-familiar Business Software Alliance (BSA) and Software & Information Industry Association (SIIA), which conduct audits of proprietary software. Once a violation is reported the organization reports it to the copyright holder for enforcement. These groups then assist the copyright holder with any action and widely report any settlements received.

The age of litigation is upon us. It may be an open source licensor accusing a licensee of misuse or a copyright infringement defendant trying to defend by establishing that the copyright holder violated an open source license agreement. In many ways and forms, misuse of open source code is increasingly the subject of litigation. The fact that open source proponents are beginning to litigate to enforce the licenses that are the foundation of their initiative is evidence debunking the next myth of open source.

Myth Three: Proponents of Open Source Are Hostile to Intellectual Property Rights

One might expect that the proponents of open source software would eschew the intellectual property rights their proprietary counterparts have relied on to generate profit. However, the premise of open source software—allowing complete access to source code in exchange for certain promises—is predicated on the enforceability of the GPL and other similar licenses under copyright law.

The GPL grants recipients of software the permission to copy, distribute and modify the program.10 In exchange for the right to copy the software the recipient is obligated to include a notice of copyright, a disclaimer of warranty and a copy of the original GPL.11 The right to modify the program carries with it the obligation to license the modified work on the same terms as the GPL.12 The goal of these two provisions is to ensure that once a program is licensed under the GPL, the program and its derivatives will perpetually remain open source.

While the objectives of the GPL are apparent, the question is often raised as to whether the GPL and other similar licenses are enforceable. In the United States the extension of copyright law to computer programs avails the owner of the exclusive right to copy, distribute and prepare derivative works.13 Even though the two philosophies, open source and proprietary, are opposed in many ways, each depends on the same set of exclusive rights to achieve its goals. Those who believe GPL licenses are fully enforceable point out that, in the absence of an unenforceable license, copying or modifying an open source program constitutes infringement. Such partisan advocates pose the question: if open source licenses are not enforceable, then where does the recipient receive the right to copy, modify and distribute an open source program? Further, if shrink-wrap licenses (i.e., a unilateral contract requiring no consent) are enforceable (as several U.S. courts have held), then why should open source licenses be treated differently? On the other side, many argue that such licenses are overreaching because they dictate how the recipient’s own creation must be licensed. Despite the controversy, to date no authoritative decision exists on the GPL’s enforceability or validity or that of similar licenses under copyright laws.14

Myth Four: Open Source Presents Too Much Legal Uncertainty

Fear, uncertainty and doubt, or FUD, is the marketing tactic computer software incumbents have long used to ward off upstarts by emphasizing brand recognition over technical merit. It appears the FUD campaign has come full circle with IBM, whose marketing tactics in the early 1970s led an ex-employee to call them FUD,15 now being on the defensive as SCO’s legal battle against IBM and Linux users exploits the supposed legal uncertainties surrounding open source software.

The retailers of open source are taking measures to stem any uncertainty caused by the SCO litigation. Novell, Inc.; Hewlett-Packard, RedHat, Inc.; JBoss Inc.; and Sun Microsystems, Inc. are all offering protection or indemnification programs to shield customers from legal threats arising from the use of Linux.16 Offering protection to customers suggests these corporations have done the research and believe the litigation brought by SCO is unsubstantiated. This raises the question: why protect customers from baseless claims? The answer, of course, is to combat FUD marketing by erasing uncertainty and doubt from the minds of actual and potential customers.

The legal uncertainties of open source persist because there are a myriad of licenses covering a wide range of software. Customer concerns focus on the fact that they cannot, to a specific degree of precision, verify their right to use the open source software and protect themselves from liability. A prime example is a Linux customer who potentially faces a copyright infringement claim solely for subscribing to an allegedly tainted version of Linux. The litigation between IBM and SCO could potentially eliminate some uncertainty by supplying an authoritative answer on the GPL’s enforceability. Rulings on the enforceability of open source licenses will help both retailers and customers make informed decisions about the risks associated with the use of a particular piece of open source software

Myth Five: Open Source Is Not Profitable

"Free as in free speech, not free as in free beer" is the phrase chosen by some to help understand the meaning of open source and free software.17 Slight differences exist between free software and open source software, but neither is intended to convey the principle that the software is free of charge.18 The use of the word "free" in relation to open source is meant to describe the freedoms associated with the software (freedom to copy, distribute and modify) and not its price in the market. The GNU Project, sponsored by the Free Software Foundation, takes the following stance on charging for open source software:

Since free software is not a matter of price, a low price isn’t more free, or closer to free. So if you are redistributing copies of free software, you might as well charge a substantial fee and make some money. Redistributing free software is a good and legitimate activity; if you do it, you might as well make a profit from it.19

The GPL also allows the owner of the software to charge for its distribution.20

Dispelling the notion that open source software is free of charge suggests there is room for profit in open source, but there is even stronger proof that entities can and will profit from open source. Red Hat is proving that open source vendors can profit by adopting a service-based business model focusing on quality, reliability and ease of integration rather than one based on profiting from the sale and licensing of proprietary software. The argument of hard-line proprietary software supporters is that offering software under the open source model will ultimately destroy the incentive to create new software. The response is clear—open source vendors are not offering something for nothing. Rather, they are offering a new way of doing business in the world of software, treating software as a service rather than a commodity.

Licenses other than the GPL exist for organizations to accomplish their business goals. At one end of the spectrum, the GPL license essentially requires a business model centered around programming and support services to generate profit. At the other end of the spectrum, licenses similar to the Berkeley Software Distribution license (BSD) allow commercial organizations to build upon free software to create proprietary software. Between these two types of licenses there exists a small constellation of alternatives and variations, and tension exists between the two ends of the spectrum. Open source purists believe the BSD license is detrimental to the open source initiative because it does not require users of BSD-licensed software to openly release their modifications. However, the Macintosh Operating System is a clear example of the successful creation of proprietary software based, at least in part, on BSD-licensed code.21 The BSD, the GPL and other licenses derived from them offer software developers the ability to satisfy their proprietary and open source goals by selecting the appropriate license for their business model.

Myth Six: Open Source Is Not Reliable

Reliability is the foundation of open source. The ideology behind open source is not new—one of the guiding principles behind patent law is to encourage the disclosure of new technology in order to accelerate innovation. It is difficult to refute the logic in the following statement from the Red Hat website: "[W]e believe open source simply creates better software. It multiplies one company’s development capacity many times over."

There is ample proof that open source is reliable. Many critical components of the internet are run on open source:

  • BIND—an open source program at the heart of the Domain Name System (DNS) 22
  • Sendmail—nearly all e-mail messages sent over the internet rely on this open source mail transport server, which serves nearly 75 percent of all internet sites23
  • Apache—this open source web server hosts nearly 60 percent of all websites, including Yahoo!24

The largest opponent of open source software, Microsoft, admitted the threat presented by open source in the now-famous Halloween documents. The documents, internal Microsoft marketing memos leaked to the public in October 1998, identified open source software as a major threat to Microsoft market dominance and suggested ways to interrupt its progress. The documents stated that "commercial quality can be achieved or exceeded by [open source software]" and characterized Linux as "long-term credible."25 As larger players, such as IBM, HP and Sun, become more involved in the open source movement, the reliability and support surrounding open source will only continue to mature.

Understanding what is and what is not a myth of open source is critical to anyone considering the use of open source in their own products. Notions that open source software is in the public domain and that proponents of open source shun intellectual property law must be discarded. Scrutinizing the above myths to assess their relative validity will allow retailers and customers to gauge the true legal and financial risks associated with the use, modification and distribution of open source code. In today’s market, consulting a lawyer with a firm grasp of open source and its many variant licenses is vital to avoiding the pitfalls and land mines to which any open source venture is vulnerable.

Footnotes

1. Chris Rasch, A Brief History of the Free/Open Source Software Movement, http://www.openknowledge.org/writing/open-source/scb/brief-open-source-history.html.

2. Denis Howe, Free On-Line Dictionary of Computing, http://foldoc.org/?query=open+source&action=Search.

3. If the software has been written in the United States in the last decade, then the only way it passes into the public domain is by the author taking an affirmative step to dedicate it to the public domain; thus, no U.S. law protects it. The other ways a work enters the "public domain" are: (1) copyright protection was never available in the first place (e.g., facts, concepts, techniques, etc.); (2) copyright protection was never properly secured (this applies to older works); or (3) copyright protection has expired. However, just because something is in the public domain in the United States does not mean that it is unprotected in other countries. As a general matter, it is wise to assume that any work of authorship is protected until proven to the contrary.

4. There are dozens, if not hundreds, of different versions of open source licenses. The GPL was chosen for discussion purposes because it illustrates many of the important principles behind the open source movement.

5. Laura A. Majerus, Court Evaluates Meaning of "Derivative Work" in an Open Source License, FindLaw, June 16, 2003, http://library.findlaw.com/2003/Jun/16/132811.html.

6. Id.

7. Kerry D. Goettsch, Recent Development: SCO Group v. IBM: The Future of Open-Source Software, 2003 U. Ill. J.L. Tech. & Pol’y 581, 583 (2003) (hereinafter Goettsch).

8. Id. at 584.

9. Id. at 584.

10. GNU General Public License Version 2, Preamble, June 1991, http://www.gnu.org/licenses/gpl.txt.

11. Id. at clause 1.

12. Id. at clause 2.

13. 17 U.S.C 106.

14. Goettsch at 584.

15. Fear, Uncertainty, and Doubt, Wikipedia, http://en.wikipedia.org/wiki/FUD.

16. Todd Weiss, LinuxWorld: A defiant IBM says Linux indemnification is unnecessary, Computerworld.com, Jan. 21, 2004, http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,89269,00.html.

17. The Free Software Definition, GNU Project, http://www.gnu.org/philosophy/free-sw.html.

18. Why "Free Software’’ is better than "Open Source," GNU Project, http://www.gnu.org/philosophy/free-software-for-freedom.html (outlining the similarities and differences between open source and free software from the perspective of a free software supporter).

19. Selling Free Software, GNU Project, http://www.gnu.org/philosophy/selling.html.

20. GNU General Public License Version 2, clause 1, June 1991, http://www.gnu.org/licenses/gpl.txt.

21. Based on Unix, Apple.com, http://www.apple.com/macosx/features/unix (stating that UNIX users will feel at home in the robust BSD environment that underlies Mac OS X).

22. Tim O’Reilly, Ten Myths about Open Source Software, O’Reilly.com, Nov. 1, 1999, http://opensource.oreilly.com/news/myths_1199.html.

23. Id.

24. Id.

25. Halloween Documents, Wikipedia, http://en.wikipedia.org/wiki/Halloween_documents.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Melise R. Blakeslee
 
In association with
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert
Email Address
Company Name
Password
Confirm Password
Mondaq Topics -- Select your Interests
Accounting and Audit
Anti-trust/Competition Law
Consumer Protection
Corporate/Commercial Law
Criminal Law
Employment and HR
Energy and Natural Resources
Environment
Family and Matrimonial
Finance and Banking
Food, Drugs, Healthcare, Life Sciences
Government, Public Sector
Immigration
Insolvency/Bankruptcy, Re-structuring
Insurance
Intellectual Property
International Law
Law Practice Management
Litigation, Mediation & Arbitration
Media, Telecoms, IT, Entertainment
Privacy
Real Estate and Construction
Strategy
Tax
Transport
Wealth Management
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.