open source software (oss): oss licenses and business ... · • examples: socialtext, eyeos...
TRANSCRIPT
Open Source Software (OSS): OSS Licenses and Business Models – Main IP Issues
concerning OSS
Malcolm BainID LAW Partners/BGMA and Free Software Foundation Europe
(FSFE)
Barcelona
WIPO National Seminar on the Protection of Software and Databases
Beirut – Lebanon, 20-21 December 2012
Background - Malcolm Bain
• Partner, id law partners / Brugueras Garcia-Moliner i Associats (BGMA), Barcelona, Spain
• Areas of work– IP Law – Software licensing, compliance– IT Law – Ecommerce, data protection, databases, digital
evidence– Commercial: IT distribution and procurement
• Member of FSFE-Legal Task Force (but do not represent the FSFE)
• University work: UOC, UPF, UDL
Free Software Foundation Europe
• Non profit organization www.fsfe.org • Mission:
• Promotion of free software• Promotion of freedom in the Information Society
• Focus: Access, Collaboration, Equality• Activities:
• Awareness• Standards • Legal Aspects – Patents
DISCLAIMER: ALL OPINIONS EXPRESSED ARE MY OWN
Index
1. Free and Open Source Software - FOSS
2. FOSS Business Models
3. Main IP Issues concerning FOSS
Traditional software licensing…
• Traditional / proprietary software license: – Only provides a “rights to use the software”– Restricts certain uses– Prohibits modifications– Difficult to transfer, if not prohibited– Does not allow access to source code– Excludes warranties and limits liabilities– Payment of licensing fees according to determined criteria
(number of users, data processed, CPUs, etc.)
• “Closed” for commercial reasons – Revenue streams: licensing fees/royalties (ROI)– Control of support and evolution
What is Free and Open Source Software?
• Software distributed under a FOSS license – “Free” as in freedom (set out in the license)
• Freedom to use• Freedom to transform, adapt, customize• Freedom to distribute and share • But also free as in no license fees (usually)
– “Open” as in access to source code
• Contrast: – with Proprietary/Closed source licensing– not with “commercial” software, as FOSS can be
commercial
Origins of FOSS
• “On shoulders of giants”– From Aristotle and Averroes, to Newton and Boswell, to
Stallman…• Sharing ethics (Hackers)
– "Information increases in value by sharing it with other people. Data can be the basis for someone else's learning; software can be improved collectively“
• US Universities– UC Berkeley – “BSD” flavour UNIX operating system – 1970s/80s– MIT: Richard Stallman: GPL (1980s)
“Free Software”
1. The freedom to run the program, for any purpose. 2. The freedom to study how the program works, and
adapt it to your needs (access to the source code). 3. The freedom to redistribute copies, so you can help
your neighbor.4. The freedom to improve the program, and release
improvements to the public, so that the whole community benefits.
http://www.fsf.org/philosophy/free-sw.html
Free Software Manifest (1989)
Open Source
• Open Source Initiative (OSI) is a non-profit organisation that “certifies” OSS licences: compliance with the Open Source Definition.
• There are hundreds of licences in existence. 72 approved OSS licences (including Free Software licences such as GPL/LGPL).
• No significant legal difference with Free Software - different philosophical and ethical approach
• Open Source is seen as “less restrictive” than Free Software: more pragmatic approach, focus on software quality through openness and sharing
www.opensource.org
Open Source Definition
1. Free Redistribution.2. Source code (will be made
available for examination). 3. Derivative works (must be
allowed). 4. Integrity of The Author's
Source Code5. No Discrimination against
persons or groups.
6. No Discrimination against fields of endeavour.
7. Distribution of License (no additional licenses)
8. License Must Not Be Specific to a Product.
9. The license must not restrict other software (within same distribution).
10. License Must Be Technology-Neutral
FOSS Licensing
• Extremely active FOSS community, heterogeneous• Hundreds of different “FOSS” licenses.
– From: “You may use this software as you wish” to: GPLv3 or AferroGPLv3
– Some “standard” (OSI approved), others home-made or “adapted” OSI licenses with “tag-ons”
• 6 most common licenses cover over 90% of open source projects
• About 65% use a copyleft license
BSD
GPL / LGPL
CPL
Apache
MPL
Elements of FOSS licenses
• Common elements: “Some rights reserved”– Attribution of authorship / keep copyright notice– Grant of rights: the license permits
• Reproduction, installation, use• Transformation (including re-engineering and decompilation, etc.)• Distribution and public communication (or equivalent)
– Warranty and Liability disclaimers
• Distinguishing features– Obligations on redistribution!!!
• Permissive• Copyleft
– Other: patent grants, termination procedure, additional rights, etc.
Copyleft
• Objective: keep the code free!• Implementation: license conditions on redistribution• Example license: GPLv2
– “2(b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
• Impact: redistribution of the code under the same license, derivative works that are redistributed must be shared… and sometimes collective or composed works including the code also
• Not the opposite of copyright – use of copyright law for protection and imposing conditions on redistribution.
FOSS License ecology
Type Characteristic Examples
Permissive No restrictions on reuse / redistributionDerivatives / Compilations may be closed
BSD, MIT, Apache 2
Weak copyleft
Only copyleft on the original core code, not on extensions or composed works using the code
LGPL, MPL, CPL
Strong copyleft
Copyleft on all the redistributed work, including derivates and composed works
GPL2, GPL3, EUPL
Example license: BSD
• Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:– Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.– Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
– Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
• Warranty and Liability Disclaimer…
Implications of FOSS
• Users (all types)– Free to download, install, test and use– Free to modify, adapt, customize to one’s needs– Free to redistribute “as is”– Free to redistribute improvements / customizations– Usually no license fees– Direct license and source code: independence from suppliers
• Developers: – Sharing and reuse of software components– Sharing of corrections – Collaborative development (Cathedral/Bazaar)– Access to source code: knowledge sharing and transfer
FOSS Projects
• Sourceforge.net: over 150.000 projects (many inactive)
• Google Code, FreeCode, Codeplex...
• Ohloh (one of the largest): tracks 500.000 projects and 450.000 source code repositories.
• Flossmetrics: about 18.000 significantly active projects (2007)
Examples of use of FOSS
• Apache web server: most common web server• Domain name management system BIND• Google search engine infrastructure• Amazon webshop and webservice / cloud platform• Firefox browser, Thunderbird email client• Asterisk: Voice IP telephony• Android cell phone operating system• Joomla, Drupal, Plone: content management systems• Linux: >78% of the world's top 500 supercomputers
Relatives of FOSS licenses
• Document / Content licenses– Creative Commons licenses– GFDL (wikipedia)
• (Open) Data licenses– Open database license– Database Contents License
– CC zero
Software ecology
Proprietary Software• Closed source• Shareware• Freeware • Evaluation
Non-Proprietary Software• Free Software • Open Source Software • Public Domain
Commercial Software• Software licensed for a fee• Both propietary and
free software
Mixed platforms?
Technical aspects of SoftwareTwo fundamental characteristics
Operating system
Basic components: Databases, communications
Applications: office, email, ERP, etc
User interface• Needs
• Specifications
• Analysis
• Design
• Development
• Testing
• Validation/Certification
• Maintenance, evolution
Modularity: architecture Software life-cycle
ICT finances
• 80% of a typical IT project spend:– Project consultancy/management– Implementation– Custom coding– Integration– Data migration– Training and implementation– Maintenance and support
• Only 20% typically on license fees
Propietary business models
• Sale of licenses• Sale of services
– customisations– Integration and services– Support and maintenance
• Certification and channel (partners)• Documentation
FOSS Business Model 1. Dual Strategy
• Same software, different license: licensor offers – free use of the software with some legal limitations, or– for a fee, commercial distribution rights (and a optionally larger
set of features) • Legal issues:
– IPR– Licensing– Trademark – Community management
• Examples: MySQL, Funambul, Sleepycat
FOSS Business Model 2. Split OSS/commercial products
• A basic FLOSS software and a commercial version / propietary extensions
• Also called “Open core”• Legal issues:
– IPR management and licensing
– Product sales (propietary license)
• SugarCRM, Pentaho, Alfresco, Openbravo...
FOSS Business Model 3. Subscription Strategy
• Selling software as a service, charging the customer with monthly or annual fees for gaining access to continuous updates of an OSS product
• Legal issues– SLAs – 1st and 2nd level tiers – Warranties and liabilities (inc. IPR)– Channel management / online sales
• Openbravo, Pentaho, Alfresco, etc.
FOSS Business Model 4. Product Specialist
• Revenues from services – both maintenance and consulting - “best code here” and “best knowledge here”
• Legal issues: – Maintain access to source code– Foster widespread community– Maintain knowledge advantage– Develop “distribution” channels: OEM, etc.– Low entrance barrier? – Brand buidling
• Red Hat, Ubuntu, Suse,
FOSS Business Model 5. Consulting Strategy
• Integration consulting for open source software; pure service model, where the basic functionality costs nothing, and all the money is in customization
• Legal issues– Client contracts– OSS integration and compatibilities– Ongoing maintenance fees– Warranties and liabilities
• Examples: – IBM, HP, Accenture, etc.
FOSS Business Model 6. Patronage Strategy
• Contribution of time, energy, developers, and code to an open source organization + Propietary add-ons/tools
• Legal issues– Tax benefits– Investment – IPR, licensing– Trademark
• IBM-Eclipse, Apache, Mozilla
FOSS Business Model 7. Hosted Strategy
• They don't sell their software, they let you use it or rent it • Legal issues
– SLAs– Hosting costs– Channel management– Branding – Mass marketing (minimse customisation)
• Amazon, Google, Zimbra providers
FOSS Business Model 8. Badgeware
• The non-removability of visible trademarks or elements from a user interface
• Legal issues– Trademark protection– Licensing terms – Channel management/clients
• Examples: Socialtext, eyeOS Openbravo,
FOSS Business Model 9. Platform providers
• Selection, support, integration and services on a set of projects, collectively forming a tested and verified platform
• Legal issues– IPR/Licensing compatibility– Warranties/liabilities– Branding
• Spikesource, Redhat, Jboss
Who is making money on FOSS
• Oracle/Sun - $7bn acquisition of Sun• IDC – projected $8bn open source revenues
worldwide in 2013 – 22.4% compound annual growth rate
• Red Hat – over $500mn revenue in 2008/9• Google – mkt cap $169bn• etc...
In summary• Revenue generation:
– Licensing fees, warranties v. supporting services and hardware packaging
– Mixed models: subscription/licensing fees – warranties for full features or additional services, with open source core or stack
• Blurring boundaries in development: co-existence of models: – Proprietary application vendors using FOSS stack (lower levels) – Community developers contributing to closed software programs– Commercial developers contributing to FOSS projects
(interoperability, compatibility, platforms). • Overall viability:
– Both Proprietary and FOSS models can offer viable strategy for software providers and advantages of customers
– Depends largely on the needs and circumstances of the users– FOSS provides greater efficiency, user freedom, independence
Main issues
• IP basics• License complexity and compatibility• FOSS project management: licensing• IP infringement and enforcement• Patents
IP Basics• Most FOSS projects are multi authored works:
(collective, joint, ?)– ownership of code
– legitimacy to choose the redistribution license
• Many FOSS projects are composed or derivative works: – scope of definition / country specific interpretation
– impact on copyleft obligations
• Some FOSS projects are based on Interoperability/ reverse engineering– Legislated or contractual right?
– Impact on license obligations
License complexity and compatibility
• License proliferation: – more than 70 OSS-certified licences, +1000 licenses
in Black Duck scanner
• License compatibility:– mixing of software components under various
licenses – particular issue of GPL2 and GPL3
• Licensing of derivative works: – copyleft scope and effect (over 60% FOSS projects
under GPL – high impact)
• Multi-licensing: – software licensed under two or three different OSS
licences (Mozilla)
License/project management
• IP rights – quality assurance – Inbound licenses/assignments– Outbound license (selection) and licensing (compliance)
– NB: tools for license checking
• Supply chain – License compliance up/down the supply chain – End retailer/brander: Compliance policies - procedures
• Enforcement – See next…
FOSS infringement and enforcement
• Infringement scenarios– By end user (difficult + license reinstated) + unlikely to be sued– By redistributor: inclusion of proprietary software in FOSS code, or
breach of FOSS license obligations
• Enforcement cases – German court cases (GPL validity, compliance): Sitecom, Fortinet
(Munich) D-Link (Frankfurt)– SCO v IBM (copyright infringement) – Jacobsen v Katzer (contract formation)– Oracle v Google (Android – alleged patent infringement and
copyright infringement in Android mobile phone operating system)
• Remedial action: – license compliance (release of source code?)– remove product from market
Patent risks• Problems: software patents
– Patent validity, submarine patents– Jurisdiction specific (territorial nature)– Moving target: Bilski (US), Haliburton (UK), EPO caselaw
• Same for FOSS as Proprietary code – But FOSS source code available for review (processes)
• Patent based strategies: prevent FOSS development? – Patents as a lever to scare people away from FOSS (TomTom)
– Trolls (patent portfolios)
• Dealing with patents– FOSS License terms: patent peace– Patent portfolios (Open Innovation Network, Patent Commons)– Peer 2 Patent, Patent busters, Linux defenders…
In summary• Yes, there are some IP issues:
– IP ownership– Licensing and License compatibilities– Enforcement – Patents
• BUT they are the same as any software development and commercialization project
• So in fact, the general IP strategies for deaiing this this
are the same:– Quality IP management “at source” (engineer level)– Due diligence before releasing– Good contracts down the supply chain– Warranties from providers– Insurance … – Documenting...
THANK YOU FOR YOUR ATTENTION
WIPO National Seminar on the Protection of Software and Databases
Beirut – Lebanon, 20-21 December 2012