The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued.
That’s the stark warning from Mark Radcliffe, a licensing expert and partner at law firm DLA Piper.
“We are entering a different era for open source, shifting from a special universe where people were cooperative and collaborative to a more hard-nosed commercial one,” he explains. “Now people are applying the same criteria for the enforcement of their open source software rights as for proprietary software, and looking at how they can use them strategically in their business.”
[Related: 7 Communities Driving Open Source Development ]
He says the days when people were concerned about what a lawsuit would do to the open source community are now gone. “Now it’s more a matter of, ‘Hey, I have contributed to a project and I can use that as leverage against my competitors.'”
Versata v. Ameriprise: GPLv2 Licensing
Radcliffe says this shift is only just beginning, but for evidence he points to the case of Versata v. Ameriprise. In summary, Versata’s proprietary software product, Distribution Channel Management (DCM), used an open source XML parsing utility that was licensed under GPLv2 from a company called XimpleWare. (XimpleWare also offers its utility with a commercial license to companies that don’t want to be subject to an open source license, but Versata did not use that commercial license.)
[Related: Debunking the Top Open Source Myths ]
The problem came when Versata licensed its DCM software to financial services company Ameriprise, and subsequently sued Ameriprise for allowing a subcontractor to decompile Versata’s software — a move Versata contended was a breach of license.
Ameriprise then countersued. Because Versata’s software included open source software licensed under the GPLv2 and was a derivative work, Ameriprise alleged, the whole of Versata’s DCM product came under the GPLv2 license, and therefore Ameriprise or its subcontractor could decompile and modify the software at will.
[ Related: 10 Reasons Why Open Source Is Eating the World ]
“Essentially they said, ‘Your proprietary software is licensed under GPLv2 so you have to make the source code available.’ And this is everyone’s concern,” says Radcliffe.
It turns out that the text of the GPLv2 license, the required copyright notices and a copy of the source code — all of which should normally be included with GPLv2 software — had been stripped out of the open source portion of DCM somewhere along the line, Radcliffe says. It is not clear who did it or why, or whether it was done inadvertently. “The point is that Versata did not appear to have a process for managing open source software. They ignored it, and their contracts were not set up for it,” he says.
Radcliffe recommends that companies have an internal process for managing open source software — not just from internal developers, but also from software that comes with acquisitions or from consultants.
Now here’s how the open source software universe is starting to change. On discovering Versata’s alleged licensing violation of its open source parser, XimpleWare started legal action of its own, suing Versata, Ameriprise and, crucially, other Versata customers for copyright and patent infringement.
This is an important turn of events for users of open source software. Whereas in the past a license infringement may have resulted in a knock on the door from an open source software foundation pointing out that things were not being done right, XimpleWare has made itself a commercial enforcer.
“XimpleWare, the company that makes the open source parser, is going after people and saying we want damages, we want injunctive relief,” says Radcliffe. “And that is the change that is happening now. Versata’s customers are being sued [by XimpleWare] for copyright or patent infringement, and that is a nightmare for Versata.”
Versata can update its software in due course to remove the GPLv2 components, but Radcliffe points out that in other cases it might not be so easy to correct the problem. “Imagine if the software was in a car or a cellphone or something that may not be easy or even possible to update,” he says. “The GPLv2 has never really been interpreted before, so we don’t know if you violate it if it’s a matter of damages, or if the license is terminated, or if can you get injunctive relief to stop the product being distributed.”
Oracle v. Google: Copyright Protection for APIs
The Versata cases aren’t the only ones worth watching from an open source point of view. Another one that anyone involved in open source software should be concerned about (and that means just about everyone) is the lawsuit between Oracle and Google over copyright protection for APIs.
The story in this case is that some years ago Google held discussions with Sun (the original developer of Java) about how to implement Java APIs in the open source Android mobile operating system. An agreement wasn’t reached, but Google decided to go ahead and implement the APIs in a way that it believed didn’t violate any Sun copyrights.
But after Oracle acquired Sun, the company decided to sue Google for breach of copyright: Google had allegedly copied API names and other elements such as header lines.
Although a district court held that APIs are not protectable under copyright, a federal appeals court later overturned this, concluding that “the declaring code and the structure, sequence and organization of the API packages are entitled to copyright protection.”
“If APIs are protectable, then life is much more complicated and this adds complexities to the GPLv2,” says Radcliffe. But he adds that even if Java APIs are protectable, simpler APIs may not be. It raises the possibility of the need for API licenses so users can use an API however they want.
So what can be learned from all this? There is no doubt that open source software is here to stay, and an increasingly important part of many enterprise software portfolios. But the Versata and Oracle lawsuits may prove to be key to determining what sort of animal the open source model matures into.