What In-house Counsel Should Know about the Use of Open Source Software in Their Organizations? -...
-
Upload
marcus-evans -
Category
Law
-
view
144 -
download
1
description
Transcript of What In-house Counsel Should Know about the Use of Open Source Software in Their Organizations? -...
APPROVED FOR RELEASE
Boeing Defense, Space & Security
What In-House Counsel Should KnowWhat In House Counsel Should Know About the Use of Open Source Software
in Their Organizationsin Their Organizations
Colin RauferIntellectual Property CounselMarch 20 2014
APPROVED FOR RELEASE 1
March 20, 2014
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
• DISCLAIMER: The following information is being• DISCLAIMER: The following information is being provided for educational purposes only, and is not intended to constitute legal advice. The views
d th f th P t d d texpressed are those of the Presenter and do not necessarily represent the views of The Boeing Company.p y
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 2
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
“Things to think about“Things to think about before your download thatbefore your download that open source compression algorithm from the Internet”Internet
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 3
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
BE PRECISE WITH YOUR LANGUAGE
• Open Source• Shareware• Shareware• Freeware• Public Domain
P i t• Proprietary
THE LEGAL DIFFERENCES CAN BE SIGNIFICANT !
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 4
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 5
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
Open Source Software is generally defined to be p g ysoftware whose source code is available for licensees to modify and improve freely
LINUX Software may be the most popular open source software program, and it is made available under the GNU G l P bli Li (GPL) it ibli thGNU General Public License (GPL), or its sibling, the GNU Library or “Lesser” General Public License (LGPL)
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 6
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
OPEN STANDARDS
Open Standards and Open Specifications, which promote interoperability are not the same as Open Source Softwareinteroperability, are not the same as Open Source Software (OSS)
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 7
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
LEGAL TITLE TO THE CODE
Have others patented or copyrighted the software?
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 8
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
HOW WELL DO YOU KNOW THIS CODE ?
• Malicious code• Viruses bugs worms• Viruses, bugs, worms• Trojan horses• Back doors
B t• Bots, spyware
Are you creating security flaws for yourself or your y g y y ycustomers?
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 9
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
CAN YOU COMPLY WITH THE REQUIREMENTS OF THE LICENSE?
*Copyright Legends shall be reproducedCopyright Legends shall be reproduced
*Use of the software may be audited
Do you have the procedures in place to ensure compliance?
Are you documenting your modifications and improvements?
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 10
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
VIRAL INFECTION
• Any derivative work must be released as open source• Is there a Publication Requirement?• Is there a Publication Requirement?• Source Code must be provided or made available to all
requestorsS C d t b t d• Source Code must be posted
• Your proprietary code is now open source !• You have just infected your customer !j y
GREATEST RISK FROM AN IP PERSPECTIVE.
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 11
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
INFRINGEMENT INDEMNIFICATION
Beware of signing up to provide legal indemnification in the open source software license agreementopen source software license agreement
You warrant against patent infringement and copyright i f i tinfringement
Do not take on legal riskg
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 12
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
Example from an End User License Agreement (EULA):p g ( )
COMMERCIAL DISTRIBUTION
“If a Contributor includes the Program in a commercial product offering, such Contributor (“Commercial Contributor”) hereby agrees to defend and indemnify every other Contributor (“Indemnified Contributor”)and indemnify every other Contributor ( Indemnified Contributor ) against any losses, damages and costs (collectively “Losses”) arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts oragainst the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering”
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 13
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
INTELLECTUAL PROPERTY OBLIGATION IN THE LICENSE
If you have knowledge that a party claims an intellectualIf you have knowledge that a party claims an intellectual property right in a particular functionality or code (or its utilization under this license), you MUST include a text file
ith th d di t ib ti titl d “LEGAL” hi hwith the source code distribution titled “LEGAL” which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact.p
THIS AFFIRMATIVE OBLIGATION IS PROBLEMATIC.
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 14
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
PATENT STRATEGY
Do you intend to seek patent protection for your work?
Be Careful !
Y i d t t b th l b fYour issued patent may be worth less because of an express or implied license affiliated with the open source software
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 15
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
PATENT STRATEGY
Example of Grant of Rights in General Public License (GPL):(GPL):
“Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive worldwide royalty-free patent license underRecipient a non exclusive, worldwide, royalty free patent license under Licensed Patents to make, use, sell, offer to sell, import, and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form.”
OR
“You agree not to use any information derived from your review of the
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 16
ou ag ee ot to use a y o at o de ed o you e e o t eCovered Code … for the purposes of asserting any of your patent rights.”
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
LINKING TO LIBRARIES AND DATABASES
Static vs. Dynamic Linking
Static Linking may be deemed to be a derivative work and thus loss of proprietary status
Dynamic Linking arguably allows you to maintain proprietary status
The current state of the Law is very much unsettled
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 17
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
EXPLORE NON OPEN SOURCE OPTIONS
“The link encouraged me to contact the software companyThe link encouraged me to contact the software company and arrange for a commercial license…..but I clicked anyway.”
“Many offerings are for a 30-Day Trial Demonstration.”
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 18
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
EXPORT COMPLIANCE
Posting mods (a requirement of the license) can create an export issueexport issue
Does the website require that you first interact with someone t dd ifi ti i li ti d ito address specification issues, applications, or designs, prior to recommending a solution?
Even correspondences with the Computer Science Dept. at a university, can land you in hot water!
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 19
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
POSTING OF MODIFICATIONS
Regardless of the legal obligation to do so, my Software Programmers and Engineers want to post modifications andProgrammers and Engineers want to post modifications and improvements to a University web-site, in order to show their expertise
Not recommended
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 20
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
WHEN DO “OPEN SOURCE ISSUES” TYPICALLY ARRISE ???
When you acquire or sell off individual contracts programsWhen you acquire or sell off individual contracts, programs or businesses via mergers & acquisitions or divestitures
T iti f f d l t t d tiTransition of programs from development to production
First Commercial Sale
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 21
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
OPEN SOURCE INSURANCE
A consulting outfit called Open Source Risk Management has partnered with Lloyds of London underwriter Kiln andhas partnered with Lloyds of London underwriter Kiln and broker Miller Insurance Services to offer insurance against open-source liability
Other consulting firms offer open source software scanning technologygy
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 22
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
TYPICAL CORPORATE MISCONCEPTION
Company X appears to be under the impression that making the source code available to customers is at Company’sthe source code available to customers is at Company s option, when it is in fact a requirement of the license under which Company obtained the original source code
“They are only getting object code, but they may be entitled to source code” (look at license & contract)( )
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 23
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
WHAT TO DO ???
1. Establish and Use a Corporate Due Diligence Process. Preferably electronically on the Corporate IntranetPreferably electronically on the Corporate Intranet.
2. Extract the open source code, and insert a proprietary l treplacement.
3. Company must clearly identify the existence of any open p y y y y psource in its products and inform customers of their rights to use, modify and distribute such open source.
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 24
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
WHAT TO DO???
4. Read, Read, Read the documents. Cut through the legalese and boilerplate to try and understand whatlegalese and boilerplate to try and understand what obligations the Company is undertaking.
5 A k i t d ti5. Ask pointed questions :What to you plan to do with this software?Internal use only or distribution? (the answer may y ( ydetermine if the license even applies)Widely disseminated or closely held?
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 25
6. Keep a meticulous record of open source content.
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Boeing Technology | Boeing Defense, Space & Security
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 26
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
PRACTICAL ADVICE FOR SUPPLIER MANAGEMENT CONTRACTS:
Recognize that open source software is coming “in the door” inRecognize that open source software is coming in the door in software that is “licensed-in”
Recognize that open source software is provided essentially “asRecognize that open source software is provided essentially as is” with no warranties or legal protection
Do not pass through non-existent warranties !!!Do not pass through non-existent warranties !!!
Make open source issues grounds for termination of a subcontract thereby creating contractual and licensing remedies
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 27
subcontract, thereby creating contractual and licensing remedies.
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
Example of T’s & C’s addressing OSS:p g26.PROHIBITED SOFTWARE(a) This clause only applies to Work that includes the delivery of software.(b) As used herein, “Prohibited License” means the General Public License (“GPL”) or
Lesser/Library GPL, the Artistic License (e.g., PERL), the Mozilla Public License, the Netscape Public License, the Sun Community Source License, the Sun Industry Standards License, or variations thereof, including without limitation licenses referred to as “GPL-Compatible, Free Software License.” (c) As used herein, “Prohibited Software” means software that incorporates or embeds software in, or uses software in connection with as part of bundled with or alongside any (1) open source publiclyconnection with, as part of, bundled with, or alongside any (1) open source, publicly available, or “free” software, library or documentation, or (2) software that is licensed under a Prohibited License, or (3) software provided under a license that (a) subjects the delivered software to any Prohibited License, or (b) requires the delivered software to be licensed for the purpose of making derivative works or be redistributable at no charge, or
(c) Obligates BUYER to sell, loan, distribute, disclose or otherwise make available or accessible to any third party (i) the delivered software, or any portion thereof, in object code and/or source code formats, or (ii) any products incorporating the delivered software or any portion thereof in object code and/or source code formats
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 28
software, or any portion thereof, in object code and/or source code formats.(d) Unless SELLER has obtained BUYER’s prior written consent, which BUYER may
withhold in its sole discretion, SELLER shall not use in connection with this Contract, or deliver to BUYER, any Prohibited Software.
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
JACOBSON V. KATZER
Federal Circuit Opinion concerning the Artistic License, a fact specific interpretationfact specific interpretation
The provisions requiring distribution to support an open i t d d diti f th li tenvironment were deemed conditions of the license grant,
and not mere covenants
As such, breach of these provisions subjected the Licensee to a copyright infringement claim (preliminary injunction), not merely a breach of contract claim
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 29
merely a breach of contract claim
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
TRENDS IN OSS:
More widely embraced
More code subject to OSS terms
M liti tiMore litigation
More risk to Corporate Users when mixed with Proprietary p p yCode
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 30
Boeing Technology | Boeing Defense Space & Security
APPROVED FOR RELEASE
Open Source SoftwareBoeing Technology | Boeing Defense, Space & Security
CONCLUSION
IGNORING THE ISSUE WILL NOT MAKE IT GO AWAY:
“If you are using software that you did not write yourself, you are either a Licensee or an Infringer!”
APPROVED FOR RELEASE SD08.23.04_Raufer.ppt | 31