Should Governments Specify Licence Conditions?

I have been made aware of a meme passing around Government purchasing circles to the effect that Government ought not to be dictating licence terms in the course of procurement.  This has two variants, a strong variant that Government ought not be specifying, for example, a class of licence that ought to apply to the procurement and a less strong variant to the effect that Government ought not be specifying particular licence terms. Of course, the underlying aim of this meme is that if a Government can’t dictate licence terms then it can’t require open source.

To argue these positions requires a complete lack of understanding of the role that a licence plays in an acquisition.  I will take software as an example, but any procurement involving a licence would serve as well.   When anyone “acquires” a piece of software they, primarily, acquire two things.  The first, is a copy of the software being acquired.  The second is a licence in relation to that software.  Neither is useful without the other.  A copy, even legitimately acquired, can’t be used* without a licence and a licence can’t be exercised without a copy.   However, of these two components – the licence and the copy, the licence is by far the more important because it demarcates the whole of the uses to which the copy can be put.  If your licence is good enough, you can dispense with the provision of a copy because you can acquire the copy from elsewhere.   The acquisition of the licence, and the terms of the licence are the greater part of the substance of the procurement.

To take a practical example, if I were to buy a copy of Office from Microsoft I can choose from Office Home and Student 2013 or Office Home and Business 2013.   Microsoft provides a comparison chart which discloses that the main difference between these two packages is that the first can only be used for “Home Use” while the second can be used for “Home or Business Use”.  Now, the purpose for which I might use Microsoft Office is not a function of the copy of the software I acquire.  It is wholly derived from the licence terms which apply to that copy.  To argue that the Government is not able to specify the characteristics of a licence is to literally prohibit Government from discriminating between a licence which permits only home use (which would be useless to the Government) and one which permits use in the course of business.

For a public servant to even entertain the possibility of a broad based limitation on specifying licence characteristics would be to demonstrate a total failure to understand the subject matter.  The licence is the substance of any software acquisition.  To not be able to specify licence characteristics is equivalent to not being able to include technical specifications in any other sort of acquisition.  It is a nonsense.

The only time where specifying a licence ought to be prohibited is where the licence terms effect an exclusionary dealing.  So, if the licence terms permitted use only by persons who had signed up for some form of online service being offered by a third party, that would be anticompetitive because it would require bidder’s  customers to be funneled through to the a third party.  Open source licences do not have these dependencies.

* technically, some uses may be permitted if they do not involve an infringement.  However, the scope of things which count as an infringement these days is so broad that in any practical scenario the use of software will involve performing an activity which would, in the absence of a licence, infringe copyright.

Corporate Structures for Free Software Projects

Corporate Structures for Free Software Projects

Q: I have some software which I would like to form the basis of a GPL project.   Should I set up an organisation and vest the copyright in that organisation.  Would it make enforcement easier?

A: This is basically a difficult question and a lot depends on the circumstances.  Some quick comments are:
* in theory, anyone who has contributed code, the copyright in which they hold, to a GPL project has standing to sue.  The damages they can recover may be small if their contribution is small.  However, the Act has provision for an award of additional damages where an infringer has been flagrant (etc) in their infringement.  So there is still scope for recovering damages where actual damages are small.

* if an individual takes action they are exposed to the possibility of having to pay the other side’s legal costs.

* vesting copyright in an organisation makes the copyright an asset of the organisation.  If the organisation is ever bankrupted (eg having to pay some other party’s legal costs), it would be one of the assets distributed among the organisation’s creditors.

* having assignments in favour of a single aggregating organisation will allow the organisation more flexibility in dealing with the material.

* having a separate entity will bring with it an additional administrative overhead and involve tax consequences.

* an organisation might be required by potential contributors or, equally, might not be acceptable to potential contributors.

* managing the assignment process and record keeping involve effort.  It may discourage contributions.

 

 

2011: The Year of the Linux Desktop

2011 is the Year of the Linux Desktop

Hah! Not really.  I’ve been reading two posts, the first by Robert Strohmeyer, the second by Steven J. Vaughan-Nichols.  Both raise arguments about Linux on the Desktop and both point to mobile computing as being the future.

Ever since Android has come out I have assumed the growth path of Linux (and the ultimate strategy of Google) will be Android on phones -> Android on desktops.  My take on the Netbook episode is that, where customers returned Linux netbooks they returned them because they were unfamiliar.  With Android now in everyone’s pocket they won’t bat an eyelid at Android powered tablets (which I doubt were in Google’s game plan, but given that Android is open, others are  now able to fill that void), then Android netbooks and laptops and finally desktops.  With penetration of Android will come mobile developers and with them will come a large application suite.  Those applications will automatically run on an Android desktop.

On the mobile side of the world, I can’t see a mobile device replacing my desktop anytime soon.  However I wouldn’t be averse to a high level of integration between my mobile device and my desktop.   Indeed, as a user, and particularly as an IT Manager, I will probably see the benefit of having a consistent user interface across all my devices.  For this to happen either my mobile device could become Windows or my desktop could become Android.   I think the latter will be the easier transition, given that it is easier to move from an interface designed to cope with device limitations to a more capable device than to move in the other direction.    It is for this reason that I think it’s too early to write off Linux on the Desktop (LotD for Dohn Joe’s benefit ;-) [1].

The LotD Play is not one which anyone is used to.  There is no company betting it as a make or break decision, and even if there is (Canonical?), if they are broken, they are just part of the ecosystem, others will take their place.  That is to say, there is no lynchpin in the LotD ecosystem, without which it will fail.  This is what makes it different to the other operating system plays which have been out there.  If the guiding company couldn’t make its profit targets or satisfy its shareholders/investors/bank managers, it was curtains for the company, and by extension the technology.  Not so  LotD.  Like Obi Wan, should Vader strike it down, it will only become more powerful than he can possibly imagine (Linux on netbooks, for example, has become Android on phones, and need anyone forget the SCO debacle?).   If any LotD player falters others can take their place.  Moreover, they can take the benefit of the work already done and do not have to reinvent the wheel.

Finally, I think that another of the main difficulties faced by LotD is the lack of a level playing field.  The world over, legislatures (and history will judge them harshly for this) have been happy to pass laws which make people fearful of sharing.  Equally, governments have been particularly biased against open source offerings, although that bias is typically implicit in that they fail to implement open standards, or require open source to work within a procurement framework designed for closed source acquisitions.  Despite these obstacles the ecosystem which has the Linux kernel at its center continues to grow.  Governments are slowly removing bias from their procurement practices (some as a result of the pain of the GFC), and more and more agencies are independently implementing open source solutions.   LotD is the logical endpoint.

As I have argued elsewhere, I think there is a shift in the undercurrent which is pushing computing towards LotD.  I wouldn’t write it off now.  I wouldn’t write it off ever.

[Update (1 Nov): Overheard in a coffee shop this morning:

P1 (on phone, but to P2): What’s it called?

P2 (Beside P1): “HCC Desire”

P1 (to caller): “HCC Desire.  H… C… C…”

P2 (getting HTC Desire out of pocket): “Oh, H Tee C”

P1 (to caller): “Sorry, H Tee C – T for Tom.  It’s like an iPhone only better.  Can you get one? Ta.”

Notes:

1. Although after watching 10 years of such predictions I am wary of saying it will happen in the immediate future.

Open Source Licence Non-Compliance == Legal Trouble

Open Source Licence Non-Compliance == Legal Trouble

Brendan Scott, September MMX

For those of you who haven’t seen it, I have recently released the results of some research work conducted into the Trade Practices Implications of Infringing Copies of Open Source Software.   Linux Australia has agreed to contribute some funding towards this research note.  This is Australian law specific.

The main finding of the research is that a corporate vendor selling an infringing copy of open source software is likely to be in breach of at least one section of Part V the Trade Practices Act 1974 (Cth) relating to misleading or deceptive statements or conduct, and likely more than one. There are many cases in which such breaches have been found in relation to infringing copies of software. Even where a vendor only offers to sell (as opposed to actually selling) an infringing copy they are still likely to be in breach of the Act.

The Research Note is available here: Research Note on Trade Practices Implications of Infringing Copies of Open Source Software and also from the publications section at opensourcelaw.biz.

Bilski (on sware patents in the US) is out

Bilski (on sware patents in the US) is out

After weeks of “still no Bilski decision today again” stories in the press, they’ve handed down judgment and apparently software patents aren’t in as bad shape as they might have been.  Although from a look at secondary sources, they aren’t necessarily in good shape either with the Court pretty much avoiding the real question.

Decision

Wikipedia

SFLC

Luis Villa

Release of IFOSSLR Vol 2, Issue 1

Release of IFOSSLR Vol 2, Issue 1

The next edition of the International Free and Open Source Software Law Review is out [disclosure, I’m on the editorial committee] and it’s a great read.  I can wholeheartedly recommend the articles in this edition.  I wasn’t a reviewer of any of them for this edition so the first time I saw them was when I downloaded this edition.  They’re good.  It’s pretty rare I pick up a legal journal and add pretty much every article to my ‘to read’ list.

Moreover, even if you’re not a lawyer, this edition has some things which will be of practical interest to you.

Get it here.

Free Software is Principled

Free Software is Principled

I recall, several years back now, being in some sort of forum somewhere arguing over the implementation of anti-circumvention legislation in Australia.  I recall Rusty Russell talking about ghostscript’s [?] handling of pdf documents at the time and how it respected restrictions settings in the pdf documents.  That is, despite being able to ignore them, ghostscript’s authors decided to respect them.   In practice that would mean that most ghostscript users would also respect those settings.

By way of contrast, today, looking for information about pdf to text conversion tools I came across closed source software whose primary purpose is apparently to remove restrictions from pdf files.  In my experience free software is typically more principled than its closed source counterparts – perhaps stupidly so.

LA Funds Important Legal Research on Free Software Compliance

LA Funds Important Legal Research on Free Software Compliance

Over the past twelve months or so I’ve noticed an upswing in enquiries about free software compliance.  For example, someone might be seeking access to source code for embedded devices with Linux and/or Busybox on them.   One of the key problems for pursuing compliance is the legal concept of  “standing”.   That is, does the court think you have a right to press the claim in question?   So for example, if you see someone (A) breach a contract with someone else (B), a court will probably not let you sue A, basically because that is B’s business [1].  B might not be concerned about the breach, or B might have a relationship with A (or someone else) that might be jeopardised by suing A, so it should be up to B to make the decision about whether to proceed with a suit.  Moreover, A has not infringed a right that you have, so why should you be able to sue?  You’ve not suffered damage, so why should you be able to sue? In short, a court seeks to limit the people bringing actions to only those people whose rights have been infringed.  So,  if you, not holding copyright, see someone breaching the GPL, you can’t sue them in copyright to enforce compliance.

The term “free software compliance” is a short form of compliance with the licence terms for the free software.   In this case, the relevant person whose rights are infringed is the person who granted the licence.  That is, the person who holds the copyright in the software.  Therefore, to bring a court case would require the copyright holders to be parties to the case.  Given that copyright holders are largely concentrated overseas this presents problems for compliance within Australia.  While it is possible for foreign copyright holders to initiate and/or participate in Australian proceedings, it is not simple as the mere distance presents logistical problems.   There are other practical problems that a foreign copyright holder faces.  For example, they may be required to be present in Australia in order to give evidence.   Even where the copyright holder is in Australia they may be reluctant to pursue proceedings.  For example, they may not think it justifies the time commitment they would need to make, or they may not want to be exposed to the possibility of the award of legal costs if they are unsuccessful. I have spoken with some foreign copyright holders and generally they are happy to help, but can’t commit to spend much time helping.

This is where the Trade Practices Act (TPA) is relevant.  The TPA has a very wide concept of standing.  Practically anyone has standing to sue for a breach of the TPA.  If a competitor puts on a misleading advertisement you don’t need to have been misled in order to have it corrected.  You don’t need to show that you (or indeed anyone) suffered a loss.  The mere fact of a breach is usually enough for anyone in the community to enforce compliance with the TPA.   The TPA is therefore particularly relevant for free software compliance.  If a breach of the terms of a licence are also a breach of the TPA, then you don’t need the copyright holders in order to take action.  You can leave them out of it entirely and, instead, rely on your rights as a consumer.

Enforcement under the TPA has other benefits.  First, courts have tended to interpret the Act in a way which favours consumers (not surprising as this is the point of the legislation).  Second, the consumer protections set out in the TPA are pretty straight forward.   You may have heard of “section 52”, which provides that a person must not engage in misleading or deceptive conduct in the course of trade.   In the case of section 52 intention or knowledge is not relevant.  If someone is unintentionally misleading, they will still be caught by the section.   Finally, the TPA comes with an administrative structure for enforcing consumers’ rights in the form of the ACCC and its State and Territory equivalents.  That is, you need not even go to court in order to enforce compliance.  You can, instead, rely on consumer rights procedures (at least in the first instance – if all else fails you may still end up in court,[2] and even then the consumer body may assist you with the case – as happened up to the Federal Court in the groundbreaking Stevens v Sony case).   This may involve some education of the consumer protection people, but, ultimately it’s their job to protect consumers so they must come around sooner or later.  Essentially, vendors who do not (for example) supply source code when they are obliged to are depriving consumers of a legal entitlement.  Imagine how they would react to a vendor selling a car with a wheel missing.

Last year, I was contacted about a potential compliance issue for a router product in which Busybox was embedded (the company in question has since gone into administration).   As  is often the case, the person contacting me did not have a lot of money to spend on legal advice or drafting.   In these cases people don’t tend to contact me until they have first tried to get through to the relevant vendor, so it is usually at at least the first level of escalation.   It seemed that the best way to deal with these cases, at least initially, was to try to create some “self help” materials for people to pursue themselves, without having to engage a lawyer.   To do this, however, would mean that the initial issue of standing needed to be overcome, so I turned to the TPA.  After a short consideration I came to the view that there were profitable lines of inquiry in the TPA, but the mapping of free software to the TPA is not straight forward.  How would the research be  funded?

I was told about the Linux Australia grants system and discussed with one of the then LA committee members whether a “compliance how to” might be worth doing.   I put together two proposals to put some materials together:

http://lists.linux.org.au/pipermail/linux-aus/2009-December/017823.html
http://lists.linux.org.au/pipermail/linux-aus/2009-December/017822.html

Initially, the committee wasn’t convinced that this work would be of value to the community – see after item 5 of this post:

http://lists.linux.org.au/pipermail/linux-aus/2010-February/017896.html

In their next meeting, (last night, 3 March), the Linux Australia committee decided to go ahead and fund the first proposal I submitted (I am making a 1:1 in kind contribution of my time).  This is important research into what arguments might be raised under the TPA if someone is not complying with a free software licence (a decision on the second proposal has been deferred), so the decision is excellent news.  Only yesterday I received another referral – via the SFLC.    They wanted to be able to take it to the next stage and send something more formal to a vendor they’d contacted, but didn’t think it worth spending much money on.  Once the research phase is done, producing notices such as this will be substantially easier (because the background of what is to be said is already set out).   The outputs of the research will be public.

If you know of devices sold in Australia that you think are non compliant, send them to me, because I may as well start a list.

[apologies if you saw a draft of this up – the autosave put it up by mistake]

Notes:

[1] This is talking only about civil actions.  If there is a crime involved different issues come into play.

[2] The minority of cases end up in court.  By and large things are resolved without recourse to courts.

Jacobsen v Katzer settling?

A birdy tells me this is the case.

Stay tuned.

More Busybox Suits

More Busybox Suits

Received an email from the SFLC today.  It seems that Best Buy, Samsung, Westinghouse, JVC and Western Digital are all defendants to a busybox based lawsuit initiated through the SFLC.  Complaint is here.