Thursday, May 04, 2006
(Continued blogging of the iTechLaw Open Source Software panel, after a mid-morning break). Chris Nadan (Director, Software Legal/Associate GC, Sun) is up next. Impossible to know what will exactly will constitute a "distribution" under the GPL. The Free Software Foundation has a broad reading of the term; there's no guarantee that just because you're an end user you're not engaged in some form of "distribution" as the term is used in the license; words like "distribute" and "derived from" as used by lay developers should be interpreted consistently with the way they have been under copyright law, but there's no way to know for certain that they will be. (This is relevant because if you're "distributing" the licensed work in some way, you also have to make the source available under GPL.) Nadan says it's a myth that the GPL only affects "derivative" works. Professor Nimmer thinks of the derivative work as the work that has both the new (GPL) and old code in it. There's alot of case law that says just because software is copyrightable doesn't mean every line of code is copyrightable expression. Stephen Davidson adds that if you add the right two lines of GPL code to a much larger thing, the whole thing may become derivative.
Steve Mutkoski had an aside about the collision of mindsets between engineers, for whom ones and ones and zeros are zeros, and lawyers, whose definition of one can change to zero at any time and vice versa.
Sherman Chu (Director, Technology Licensing, Cisco) spoke next on developer best practices. It's best to think about open source as a software quality issue. In connection with acquisitions, though you might require representations and warranties of a company being acquired, as a practical matter they don't do much for you. Case study: Cisco and Linksys. Linksys acquired about three years ago by Cisco. Some Linksys products were OEMed from a company in Taiwan, and there was yet another level of derivation; Cisco was three levels removed. Yet, there was "open source contamination" in the code, and as a result Cisco was demanded to release the source code; didn't even have the source code. Because of the relative unimportance of the particular product, it wound up not being a big IP issue for Cisco, but the situation might have been otherwise and this is a cautionary tale. Even so, it was a bad PR and an unnecessary distraction. Sherman and Cisco follow a similar due diligence process in hope of avoiding these kinds of situations as the one Steve Mutkoski described for Microsoft. Due to the slippery nature of the issues involved, training becomes key; the message has to be broadly communicated. You also have to build processes to scale. Engineers just aren't going to come to a lawyer on open source issues if they think it'll take two weeks to get an answer. Cisco automates the approval process. Another tip is to get to know your organization's open source gurus, they're an invaluable resource as to how the community is likely to respond. Along these lines, it not just about the law. Community norms and actions can have just as big an impact (or bigger) than legal actions.
Closing out the session was Todd Nelson (Vice President of Legal and General Counsel for Fortinet) on the draft, in process v3.0 of the GPL. Trick is to keep proprietary bits proprietary and open bits open. The Free Software Foundation take on v3.0 is that it's not really a change but really the appropriate interpretation of v2.0, so the draft out for comment is at minimum instructive on the Foundation's take on 2.0. Discussion of the very different views of the GPL adopted by Richard Stallman and Linus Torvalds (who released Linux under 2.0 but has said he's unwilling to release it under 3.0). Key new thinks in 3.0 are the DRM exclusion and patent retaliation provision. Steve Mutkoski observes that 3.0 seems to be routing around the dispute about what's a derivative work. Todd Nelson responds that what 3.0 does is take a sledgehammer approach with a very broad definition. Under 3.0, DRM refers to anything that restricts your use, not just copy restrictions. Anything used to enforcde pre-defined policies controlling access. Upshot is that if anything contains GPL licensed materials all the DRM keys (as DRM just defined) must be provided. Todd had to unfortunately rush through alot of his material because they ran over time, and with that, we're breaking for lunch.
Unless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.