Tomorrow (Friday, 14 December) the Cyberlaw Centre at the UNSW is holding a day long seminar on OOXML issues. The morning session is devoted to technical issues, while the afternoon reviews legal issues. The key documents are:
Microsoft’s Open Specification Promise (OSP); and
Microsoft’s Covenant Not to Sue (CNS) – except that the covenant doesn’t appear to be there anymore. The URL redirects to a site about the ECMA process. The page mentions the CNS, but doesn’t provide (as far as I can tell) any way to get there. The current URL might be here but who knows?
There are some analyses of the CNS and OSP floating around out there. I don’t intend to repeat the issues here. Rather, I thought I’d approach it from the point of view of the cynical pedant reasonable developer who is considering implementing OOXML or part of it. These are off the top of my head thoughts unsupported by anything in the way of research…. perhaps a better knowledge of US law or ISO rules might clear some of these issues up? So, what are some observations we can make about the CNS and the OSP?
Who Gives?
First, they are both given by Microsoft. Given that “Microsoft” is a number of different companies (and other structures – MS Licensing GP) within a broad corporate group the fact that these are given by “Microsoft” is less than completely illuminating. Presumably they mean Microsoft Corporation? This becomes particularly relevant because the scope of the promise/covenant is limited to the patent claims held or controlled by “Microsoft”. To be meaningful a person relying on these claims would need to be able to assess exactly which patents were held or controlled by Microsoft. The prudent developer at this point would try to identify how patents are held within the Microsoft corporate structure.
[edit 14/12: Conversely neither states that anything will be done to prevent related bodies corporate from bringing actions]
Patents Only?
Second, both the CNS and the OSP are limited to patent claims – which seems to be inadequate. I understand, for example, that “microsoft” appears in part of the OOXML namespace, so presumably trademark issues will arise. It seems hard to believe a decent copyright lawyer could not also construct a copyright case in respect of the specification per se. Perhaps there is some ISO rule which covers these aspects?
When?
Third, both are silent as to the time at which the ownership or control of the relevant patents is to be assessed. If Microsoft controls a patent today, but that control ceases tomorrow, can an implementer breathe easily or not? Is there scope for Microsoft to sell a patent to someone like Acacia Research Corporation and for them to then be able to assert that patent against implementers of the standard?
Licence v Promise?
Fourth, and leading on from the third, neither is expressed as a licence. While Microsoft had the luxury of being able to use words such as “permit” or “license” they specifically chose not to. Rather, they structured the statement as a forebearance from suit. The reason for this is unclear, but it does seem worthy of further thought. What if the effect of this structuring is to preserve the underlying rights including the right to sue? If that were the case, then the right would stay alive if transferred to a third party. The third party, which has not given any such covenant would therefore be at liberty to commence suit.
Can Equities Prevent Sharp Practice?
Fifth, each document has a rider excluding other rights including rights by way of estoppel (the OSP words are “No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise”). You might think that transferring a patent to a third party in order for that party to sue under it was sharp practice and surely there would be an equity that would stop it. Who knows? Could the exclusion wording in the CNS/OSP be used to argued against such an equity? If the CNS/OSP is considered at law to be a licence then a third party would be in a much worse position as the developer could plead a valid permission.
Criminal Law?
Sixth, and also leading on from the third, if the OSP/CNS are not licences within the meaning of the patent law (something I express no view on at the moment other than to return to the observation above that the word “license” could have been used and wasn’t) then they will be inadequate in any jurisdiction which has criminal penalties for patent infringement. The reason being, that a private party cannot waive the commission of a crime. That is something for the State. That is, if the patent is not a licence, then the relevant conduct will be infringing conduct, albeit not actionable in a civil action by virtue of the OSP/CNS. If the conduct is criminal in the absence of a licence, then a promise not to sue will not convert the criminal conduct. That is, there is no way to rectify criminal conduct after the fact. Rather, the conduct must be licensed beforehand so that the conduct does not become criminal.
Third Party Patents?
Seventh, both expressly refrain from making any statement that OOXML is free from third party patents. This is hardly surprising given that both are designed to apply to a number of different specifications rather than just OOXML. However, this raises the issue – what assurance does a developer have that such a large specification is not the subject of third party patent claims? The pedigree of the specification is certainly no reason for hope, Microsoft has been the target of third party patent claims for some time now including some high profile losses in patent suits. The fact that the specification has been developed behind closed doors and on a fast track means that there has been no adequate opportunity to evaluate the likelihood of third party patent claims against the specifications. The sheer size of the document suggests there will be at least a couple hiding in there somewhere.
Where is the Love?
Eighth, both lack any feeling of warmth. Each has been drafted by lawyers, is designed to be used for a number of different specifications and to give rights only over what is absolutely necessary. In short they are clinical documents – not the sort of things which inspire trust.
ISO up to Standard?
Ninth, the ISO is apparently happy, having reviewed the OSP, to sprinkle the holy water on it and absolve OOXML of any IP issues (I understand that this is on the basis that the OSP meets the ISO’s requirements for IP licensing). On this we must give pause to consider exactly when the ISO requirements for IP licensing were last reviewed. If they don’t cover copyright and trademark issues (which, since the OSP is a patent only document, they don’t appear to) surely they must be in need of a refresh?
A Hint of Mystery
Exactly what is the effect of these words: “you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise”. Thoughts?