IP Issues with OOXML (DIS 29500)

Who’s Afraid of the GPL?

Out of all the free and open source licences which are available, there are two which are disproportionately chosen by FOSS developers when licensing their software. Those two are the GPL and the LGPL. Of these, the GPL is disproportionately favoured over the LGPL.* If there are issues with GPL implementations then there are IP issues with OOXML. Any assurance that excludes implementation under these licences is just cause for the FOSS community to voice concern.

The FAQ on the OSP has this to say about the GPL:

Q: Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specification(s) without any concerns about Microsoft patents?

A: The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s). We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a GPL environment. Because the General Public License (GPL) is not universally interpreted the same way by everyone, we can’t give anyone a legal opinion about how our language relates to the GPL or other OSS licenses, but based on feedback from the open source community we believe that a broad audience of developers can implement the specification(s).**

Imagine if you were standing next to someone’s land and there was a sign with the details of an open access promise (OAP), setting out when you are allowed to enter the land. It just so happens that the owner of the land is standing right beside you. You turn and say to them “So, this OAP, I’m here you can check me out, can I enter or not?”. They reply, “Well, I can’t really help you on that, you’ll have to read the OAP. It’s expressed in a simple and clear way – oh, and talk to your lawyer”.

If one thing is certain from that conversation it is that there are issues with you entering the land.

Similarly it is clear that there are issues with GPL implementations of DIS 29500. If there weren’t the answer would be phrased “A: Yes”. In fact, they still can. Microsoft can change the OSP right now by adding “and by the way any GPL implementation is permitted”. But they haven’t and I suspect they won’t.

If there are issues with GPL implementations then there are IP issues with OOXML. Microsoft implicitly concedes there are issues with GPL implementations.

Notes

* These figures are based on data from Sourceforge and relate to the numbers of projects licensed, without being weighted by popularity or maturity of the project.

** This FAQ indicates that those writing the FAQ believe that the OSP clearly permits implementation by some developers but not others based on the licence chosen by the developer. This raises the question of whether or not the OSP is really “non discriminatory” in effect.

DIS29500: BRM Process Unfair for SMEs?

The Issue

The fact that ECMA dispositions on National Body comments are only being made available through a password protected website has been widely reported (one example of many). The BRM convenor notes that this is due to the confidential nature of National Body comments (scroll down to the heading ECMA secrecy). While I had been aware of this before it has only occurred to me this week (while preparing for an informal working group meeting on DIS29500 arranged by Standards Australia – I am an OSIA representative) how difficult this makes it for small organisations to participate sensibly.

The reason is that, during the first phase leading up to the vote, it was easy to leverage off those parts of the specification that other people had commented on publicly. This, in effect, meant that everyone could take the benefit of everyone else’s work. Small organisations could therefore identify relevant issues from those identified by others. Not only did it allow taking the benefit of others’ work it also permitted the incremental improvement of it.

BRM Process Makes Review Much Harder

The BRM process radically changes that dynamic. Now the documents are confidential and, if they are confidential it is hard to comment on them publicly. As such each organisation which is pariticipating in a National Body consultation process is on its own.  With each prevented from interacting with others – collaboration is, in effect, banned. Each is left to trawl through the large number of dispositions to try to make what sense it can out of them. Without seeing other people’s views on the various dispositions it is very difficult to know which are significant and why (and which are insignificant and why not) – or even which dispositions relate to important issues identified in the lead up to the initial vote. The comparatively short time between the availability of the dispositions and the BRM (about 6 weeks or so) compounds this difficulty.

Of course, this gets back to the size of the document. A document one tenth of the size would probably be manageable under this process – even by a small organisation although it wouldn’t necessarily be pleasant. DIS29500 simply inspires despair. Presumably National Bodies will also be in a similar situation. Unless they have a substantial team that they can devote to the process how can they hope to adequately parse the dispositions – and any regressions that they create?

Is this Process Unfair to SMEs?

This creates the additional complication of whether a National Body, if it is required to take into account the interests of small and medium businesses and/or consumers, can reasonably fulfill that obligation under this process (for example, in Australia, the Productivity Commission’s November 2006 Research Report on Standard Setting and Laboratory Accreditation recommended that Standards Australia should “improve the balance of interests represented on technical committees by… increasing the participation of small business,…and other community interests“). If SMEs cannot parse the disposition in the time available, they cannot adequately understand its consequences and cannot therefore adequately represent their own interests to their National Body.

More on the OSP

I have not seen any official document summarising the outcome of the OOXML seminar at UNSW last year. However, the main thing that I have heard unofficially in relation to the open specification promise is that pains were taken to compare its wording to the wording of similar promises made by IBM.

To make such a comparison presupposes that when two people say the same thing they ought to receive the same reception. Is this justified?

Microsoft on Patents

Microsoft’s recent history on patents (particularly since the Novell deal in November 06) has a particularly public persona:

Microsoft General Counsel Brad Smith and licensing chief Horacio Gutierrez sat down with Fortune recently to map out their strategy for getting FOSS users to pay royalties. – Fortune

“Novell pays us some money for the right to tell customers that anybody who uses SuSE Linux is appropriately covered,” Ballmer said. “This is important to us, because [otherwise] we believe every Linux customer basically has an undisclosed balance-sheet liability.” Techworld

“We’ve had an issue, a problem that we’ve had to confront, which is because of the way the GPL (General Public License) works, and because open-source Linux does not come from a company — Linux comes from the community — the fact that that product uses our patented intellectual property is a problem for our shareholders. We spend $7 billion a year on R&D, our shareholders expect us to protect or license or get economic benefit from our patented innovations. …
“… we agreed on … essentially an arrangement under which they pay us some money for the right to tell the customer that anybody who uses Suse Linux is appropriately covered… They’ve appropriately compensated Microsoft for our intellectual property, which is important to us. In a sense you could say anybody who has got Linux in their data center today sort of has an undisclosed balance sheet liability, because it’s not just Microsoft patents.”

Steve Ballmer on SeattlePI Blog

Microsoft’s latest licensing push stems from its claim that FOSS infringes on 235 of its patents, and that those patents are intellectual property that should result in fair compensation to Microsoft in the form of licensing fees. LinuxInsider

Microsoft chief executive Steve Ballmer has warned users of Red Hat Linux that they will have to pay Microsoft for its intellectual property.
“People who use Red Hat, at least with respect to our intellectual property, in a sense have an obligation to compensate us,” Ballmer said last week at a company event in London discussing online services in the UK. VUNet

Mr. Ballmer once called Linux a form of intellectual-property cancer. While he has since dialed back the rhetoric, the subtext remains in nearly all Microsoft discussions of Linux: Use it, and you run the risk that Microsoft will sue you [for patent infringement]. Post-Gazette

So the two top level points [about the Novell-MS deal], as Ron whispered to me, technical interoperability and patent peace of mind, and we’re trying to provide both of those things to our customers in a way that works for the business interest of the open source development community, and the Microsoft development community. – Steve Ballmer at the Press Conference announcing the Novell-MS Deal.

… Steve Ballmer has claimed that Microsoft signed its patent peace deal with Novell because Linux “uses our patented intellectual property” and Microsoft wanted to be “appropriately compensated.” Business Review Online

The efforts of Microsoft to pressure the Linux community over alleged and unspecified patents is akin to “patent terrorism”, according to an executive for Sun. ZDNet

Microsoft’s patent push is stimulated by a number of factors. One is competition and trying to make sure that Microsoft’s rivals don’t get access to key innovations. However, the company also began a broad intellectual-property licensing push several years ago, under which it licenses technology to many companies big and small. The company has signed a slew of patent cross-licensing deals since then, the most recent being Tuesday’s deal with Japan’s JVC. CNet News.com

For those who have access to Google, there are others in a similar vein. Perhaps those who are not in the open source community will not be as aware of this history.

IBM on Patents

IBM’s public history in respect of patents is a little different (I have not included any references to IBM’s patent promise from last year):

IBM is playing a pioneering role in the World Business Council for Sustainable Development’s program to open environmentally-responsible patents to the general community. IT-Wire

Following up on a promise last August to not use its vast patent portfolio against Linux users, IBM pledged in January to give 500 patents to open source developers. Linux-Mag

The Open Invention Network was formed with undisclosed investments from IBM Corp. [and others] …When the Open Invention Network acquires patents they will be available to any company, institution or individual that agrees not to assert its patents against the Linux OS or certain Linux-related applications, it said in a statement. PC-Welt

The Nub

My guess is that the Open Source Community would see it in roughly these terms:

Two people want to come onto your land but you’re concerned that they don’t fish in your lagoon. The first one has spent the last 18 months talking about how he has rights over those fish and he’s mapped out a strategy to get them and if you want peace of mind you’d better give him some of those fish. The second one has made some non specific noises about fish and some off hand comments to the effect that fish ought to be left alone. Both of them tell you if they come on your land they won’t fish in the lagoon.

Should you take each of them at their word equally or should you be more cautious with one of them?

[edit 20/1/08 adding three headings]

Cyberlaw OOXML Seminar 14 December

Tomorrow (Friday, 14 December) the Cyberlaw Centre at the UNSW is holding a day long seminar on OOXML issues. The morning session is devoted to technical issues, while the afternoon reviews legal issues. The key documents are:

Microsoft’s Open Specification Promise (OSP); and

Microsoft’s Covenant Not to Sue (CNS) – except that the covenant doesn’t appear to be there anymore. The URL redirects to a site about the ECMA process. The page mentions the CNS, but doesn’t provide (as far as I can tell) any way to get there. The current URL might be here but who knows?

There are some analyses of the CNS and OSP floating around out there. I don’t intend to repeat the issues here. Rather, I thought I’d approach it from the point of view of the cynical pedant reasonable developer who is considering implementing OOXML or part of it. These are off the top of my head thoughts unsupported by anything in the way of research…. perhaps a better knowledge of US law or ISO rules might clear some of these issues up? So, what are some observations we can make about the CNS and the OSP?

Who Gives?
First, they are both given by Microsoft. Given that “Microsoft” is a number of different companies (and other structures – MS Licensing GP) within a broad corporate group the fact that these are given by “Microsoft” is less than completely illuminating. Presumably they mean Microsoft Corporation? This becomes particularly relevant because the scope of the promise/covenant is limited to the patent claims held or controlled by “Microsoft”. To be meaningful a person relying on these claims would need to be able to assess exactly which patents were held or controlled by Microsoft. The prudent developer at this point would try to identify how patents are held within the Microsoft corporate structure.

[edit 14/12: Conversely neither states that anything will be done to prevent related bodies corporate from bringing actions]

Patents Only?
Second, both the CNS and the OSP are limited to patent claims – which seems to be inadequate. I understand, for example, that “microsoft” appears in part of the OOXML namespace, so presumably trademark issues will arise. It seems hard to believe a decent copyright lawyer could not also construct a copyright case in respect of the specification per se. Perhaps there is some ISO rule which covers these aspects?

When?
Third, both are silent as to the time at which the ownership or control of the relevant patents is to be assessed. If Microsoft controls a patent today, but that control ceases tomorrow, can an implementer breathe easily or not? Is there scope for Microsoft to sell a patent to someone like Acacia Research Corporation and for them to then be able to assert that patent against implementers of the standard?

Licence v Promise?
Fourth, and leading on from the third, neither is expressed as a licence. While Microsoft had the luxury of being able to use words such as “permit” or “license” they specifically chose not to. Rather, they structured the statement as a forebearance from suit. The reason for this is unclear, but it does seem worthy of further thought. What if the effect of this structuring is to preserve the underlying rights including the right to sue? If that were the case, then the right would stay alive if transferred to a third party. The third party, which has not given any such covenant would therefore be at liberty to commence suit.

Can Equities Prevent Sharp Practice?
Fifth, each document has a rider excluding other rights including rights by way of estoppel (the OSP words are “No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise”). You might think that transferring a patent to a third party in order for that party to sue under it was sharp practice and surely there would be an equity that would stop it. Who knows? Could the exclusion wording in the CNS/OSP be used to argued against such an equity? If the CNS/OSP is considered at law to be a licence then a third party would be in a much worse position as the developer could plead a valid permission.

Criminal Law?
Sixth, and also leading on from the third, if the OSP/CNS are not licences within the meaning of the patent law (something I express no view on at the moment other than to return to the observation above that the word “license” could have been used and wasn’t) then they will be inadequate in any jurisdiction which has criminal penalties for patent infringement. The reason being, that a private party cannot waive the commission of a crime. That is something for the State. That is, if the patent is not a licence, then the relevant conduct will be infringing conduct, albeit not actionable in a civil action by virtue of the OSP/CNS. If the conduct is criminal in the absence of a licence, then a promise not to sue will not convert the criminal conduct. That is, there is no way to rectify criminal conduct after the fact. Rather, the conduct must be licensed beforehand so that the conduct does not become criminal.

Third Party Patents?
Seventh, both expressly refrain from making any statement that OOXML is free from third party patents. This is hardly surprising given that both are designed to apply to a number of different specifications rather than just OOXML. However, this raises the issue – what assurance does a developer have that such a large specification is not the subject of third party patent claims? The pedigree of the specification is certainly no reason for hope, Microsoft has been the target of third party patent claims for some time now including some high profile losses in patent suits. The fact that the specification has been developed behind closed doors and on a fast track means that there has been no adequate opportunity to evaluate the likelihood of third party patent claims against the specifications. The sheer size of the document suggests there will be at least a couple hiding in there somewhere.

Where is the Love?
Eighth, both lack any feeling of warmth. Each has been drafted by lawyers, is designed to be used for a number of different specifications and to give rights only over what is absolutely necessary. In short they are clinical documents – not the sort of things which inspire trust.

ISO up to Standard?
Ninth, the ISO is apparently happy, having reviewed the OSP, to sprinkle the holy water on it and absolve OOXML of any IP issues (I understand that this is on the basis that the OSP meets the ISO’s requirements for IP licensing). On this we must give pause to consider exactly when the ISO requirements for IP licensing were last reviewed. If they don’t cover copyright and trademark issues (which, since the OSP is a patent only document, they don’t appear to) surely they must be in need of a refresh?

A Hint of Mystery
Exactly what is the effect of these words: “you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise”. Thoughts?