[CS-FSLUG] Fwd: When are you going to sue your customers? (IP risk with OSS)
Leon Brooks
xtiansrc at leon.brooks.fdns.net
Wed Jan 26 19:38:59 CST 2005
Top article, must read.
---------- Fwd; orig to <osia-discuss lists.osia.net.au> ----------
Date: Thursday 27 January 2005 08:59
From: Arjen Lentz <arjen mysql.com>
(an interesting article, I think - quite sensible)
When are you going to sue your customers?
By Stephen R. Walli
stephen.walli gmail.com
http://stephesblog.blogs.com/essays/CustomersIP.html
A lot of noise is made about open source software (OSS) and
intellectual property (IP) and the risk inherent in large enterprises
using OSS. The high tech headlines are full of news of the SCO Group
suit against IBM1, large vendors like Microsoft offering unlimited
indemnifications against IP suits while claiming people will likely be
sued over OSS2, and the like.
The rhetoric follows the logic:
* OSS developers may be trespassing on all sorts of patents.
* OSS developers obviously (sic) don't care about property.
* Customers using OSS therefore run the risk of patent infringement
suits.
Intellectual property is distinct from the asset it protects, so lets
establish a few definitions. Intellectual property (IP) refers to a set
of legal tools that one uses to protect an asset. IP law typically
covers the ground of trade secret (how you legally protect an idea as
a secret), patent (how you publish an idea in a legally protected way
so others cannot build it), copyright (how you control the use of the
"written" representation), and trademark (protecting the way you
identify the asset). Companies develop assets that are packaged into
products for sale to customers. These assets may be real works of
invention and innovation, or merely represent some subjectively
"better" level of business execution, packaging, and service to the
customer. Not every idea, process, and asset a company owns or
develops is necessarily "property" in a legal sense.
Some vendors are very advanced in their IP strategy. It is not simply
the case where "more patents faster" is a rule. Patents can be a
little pricey when you add up patent attorney fees and the defense of
the patent over its life. So one might want to choose how one is going
to apply patent protection to exactly which assets that make up a
product for sale. Indeed one might choose to aggressively publish some
ideas to ensure no one else patents in that space. In the end, it is a
business decision not a technical issue. The top ten list of patent
award winners was published for 2004 from the U.S. Patent and
Trademark Office (USPTO)3. IBM tops the list again with more than 3000
patents. If you guesstimate US$15,000 per patent for the application
and legal fees, this means they spent more than US$45,000,000 just
obtaining the patents. This is the same company that also recently
"released" 500 patents for open source use4. It's a business decision.
The lag between application and issue of the patent in the U.S. is now
on the order of 18 months to two years. This means it is quite
possible to ship a product and not know for quite some time whether or
not you are infringing the claims of someone else's patents. If you're
small, no one will probably pay attention even if you are infringing.
But if you're successful with your product, you become visible and a
potential target. The patent holder may want their fair cut of the
proceeds, or if the patent holder is a competitor, they may want to
simply prevent you from "making" and "distributing" your wares.
Software products certainly fall into this window of risk with the
speed that concept to shipping product happens in the computing
industry.
The interesting idea that may force patent reform isn't the fact that
the software industry with its time to market is in jeopardy, but that
other industries start to feel this pain. As the
design-to-manufacturing time for large items like automobiles shrinks
within the window of lag time for patents, other very large ticket
items are going to begin to ship and have to deal with the post
distribution infringement problem.
Every day developers may be infringing the claims of other people's
patents. This has nothing to do with open source development methods
or licensing. No developer can actually be aware of it. Developers
read the news and trade journals, and then go to work. There are
seldom warnings in articles about pending patents. Debate rages on
whether or not developers should ever attempt to understand the patent
infringement risk for the code they write. With patents written in
legal language and targeted as broadly as possible (semantic shotguns
instead of rifles) it would be almost impossible for a developer to
track the patents relevant to their work. And of course the lag
problem still exists, meaning even if the developer had the time and
training to review patents in their area of expertise, they cannot
know whether or not their work infringes someone's patent claims in
any meaningful time frame. And if it looks like a developer may have
attempted to study the problem, and perhaps misread or misinterpreted
a patent's claims, then they may be construed as having "willfully"
infringed a patent's claims by the court and that brings additional
financial damages.
So when Linus Torvalds suggests that developers ignore patents5, he is
not some OSS mongering communist that believes intellectual property
has no value, but rather he's simply working with the reality the
system presents to him. Large software development companies shipping
proprietary closed source products also tell their developers to not
investigate the patent space for the same reasons. It would be
interesting for the large vendors to come forward to discuss their
practices for developers around patent investigation, rather than
slinging useless rhetoric.
A number of vendors want customers to believe "intellectual property"
is important, especially things like patents. While most people have a
schoolyard understanding that plagiarism is "bad" which covers
copyright issues, patents are a different kettle of fish entirely
which brings us to the title of the essay. The question in the title
is not a rhetorical one. It is meant as a real question to the chief
executives of the major vendors to help customers best assess their
business risk and to best understand exactly what sort of relationship
they have with their suppliers.
Legal IP tools are important for vendors and certainly relevant in
vendor-to-vendor discussions. The idea that customers care about
patents, however, would seem counter-intuitive. Consider the
following: when you last bought an automobile, did you pick the
"Honda" over the "Toyota" because the Honda had more patents in it, or
more patents per ton of vehicle, or maybe because Honda's intellectual
property practices were "better" some how? Of course not. You bought
the product that met your needs. It may well have even been the more
innovative product by your own subjective measure, but whether or not
the manufacturer chose any number of legal tools to protect the
innovation wasn't part of your buying consideration. How the vendor's
business process works is of no interest to the customer beyond the
actual customer-vendor interface so to speak. Whether the vendor has a
mature IP strategy, applying for patents, trademarks, and copyrights
appropriately, choosing to keep some ideas trade secret protected,
sharing selected IP with partners or competitors through patent pools
and cross licenses, or aggressively publishing some ideas in the face
of their competition is of little interest to the customer. The
customer only cares that the product serves their needs and provides
the value they paid for it.
Next scenario: you are happily driving your Honda when you receive a
letter from Toyota one day telling you that you're infringing their
patents6. They give you the choice to (a.) cease driving your Honda,
or (b.) pay them a license to their patents. You can essentially "pay
twice" for the privilege of driving your car, and for some small sum
you can feel free of any concerns that you are infringing Toyota's
patent claims ever again. On this vehicle. Or for your household. Or
maybe it will be offered to you the customer as an annual license
calculated by the number of drivers in the house and the number of
Honda vehicles you own, pro-rated over certain uses, unless the patent
applies to certain other manufacturers as well. What do you do? Do you
even waste time calling your lawyer to figure this one out? Or do you
call the Honda dealership and tell them quite simply to "fix this." Of
course this assumes you don't also receive letters from General Motors
for their patents (frustrated that North Americans are buying foreign
vehicles), Daimler-Chrysler, and Hyundai, so you have the opportunity
to "license" your Honda vehicle from many companies and pay for it
numerous times.
The reality, however, is that Toyota is not going to threaten to sue
Honda's customers. They would like the opportunity to switch those
Honda customers to Toyota's products, not upset them to the point that
no Toyota dealership ever gets a chance at that Honda customer again.
Toyota would have the infringement discussion with Honda directly if it
existed, indeed, it is their responsibility as the patent holder to
defend it appropriately. Vendors sue vendors over intellectual
property claims. Customers have even been known to sue their vendors
in specific situations when the vendor fails to deliver on the promise
in a contract. Oddly enough vendors never sue customers in any sort of
broadly applicable way. There is a really simple rationale behind
this. Once a vendor sues a customer, they have essentially told that
customer they never want that customer's business again. That might
even be appropriate in a narrow situation where there exists some sort
of explicit dispute between exactly the two parties. If however the
dispute is over something like "patent infringement" that can easily
be applied broadly to many customers, then all the vendor's other
customers are put on notice that this vendor does not care about the
relationship and continued business. New potential customers can see
that this is a vendor that may attach law suits to the relationship,
and will quickly factor that into the risk analysis on the potential
purchase. The vendor's top salespeople will discover their phone calls
stop getting returned.
Intellectual property is important - but between vendors. Cross
licenses, patent pools, and simple licenses exist and are business as
usual. "Litigation is just another means of discussion."7
This of course leads to the discussion of enterprise indemnifications
and insurance. Open Source Risk Management, Inc. has a detailed white
paper covering ideas on risk mitigation and insurance, but more
focused on developers that modify the source and vendors, rather than
enterprises that simply use products based on the OSS projects.8 The
major vendors are coming forward with various sorts of
indemnifications.
The idea that as an enterprise (not a vendor or developer) one might
want to buy insurance against such risk is interesting. One insures
ones assets, not one's liabilities. I insure my life and health as it
relates to earning power for the household. As my salary goes up over
time, I might increase that insurance. Likewise I insure my car, but
as the value of the car depreciates over time, I remove insurance from
the vehicle as it relates to replacement of the devalued "old
clunker." I don't insure my children.
So what is the real risk of a vendor suing an enterprise customer? How
should one consider the risk of such a suit against the depreciating
capital cost of the computer systems investment made several years
ago? Does the vendor rhetoric around indemnification help or hinder
the discussion? This is one of those situations where Robert Lefkowitz
may be right in his statement that it's the accountants we need to
fear in the OSS community, and not the lawyers.9
In the Fall 2004, Microsoft made a very public promise of
indemnification to Microsoft customers for patent infringement cases
against their products10. This follows in the wake of the Fall 2003
Novell11 and HP12 indemnifications against various IP infringement
suits against Linux if you purchase the systems from them. The Novell
and HP statements were in reaction to the SCO Group suit against IBM.
When you think about it, the Microsoft promise of indemnification to
customers is a legal statement of business reality. Would any vendor
in the situation where a customer is sued by another company for
infringement for using the vendor's products not name themselves to
the suit as a co-defendant? Would the product vendor trust that a
customer (and likely an angry one at that) was the first line of
defense against building precedent in a court for the infringement?
While in some cases a customer may even have more money than the
vendor as a legal target, one can bet that the mainstream vendors (HP,
Novell, Microsoft, etc.) will be more than interested in running their
own defense case. They might be subtle enough to approach the customer
on the receiving end of the suit to request the customer goes it alone
for other considerations, but even then, their image as customer
defender is probably more valuable. They would likely do whatever it
took to be named co-defendant in a real hurry. They want to be primary
defense for their own patents. The press value is high to be seen as
the defender of customers. They value that particular relationship and
probably want to continue to sell to that customer.
It's not that these corporate indemnification promises aren't good -
but they are redundant to any vendor worth its customers. You can bet
the corporate accountants and lawyers did the analysis against the
value of the company to its shareholders before making "open ended"
promises.
But what about SCO Group? Isn't this a case where a vendor is suing
customers? I think logically they have declared themselves. Santa Cruz
Operation was a company with a product it sold to customers. They are
no more. Through all the business acquisitions and deals they have
been acquired by the Canopy Group and renamed to the SCO Group. The
SCO Group appears to be a litigious engine that is designed to sue
another vendor for damages, not unlike previous legal forays of some
Canopy Group companies.13 SCO Group appears not to be in business to
sell to customers, indeed they can "sue a customer" to appear to put
pressure on the primary lawsuit. The Daimler-Chrysler and Autozone
suits hit the news in March 2004.14 So far the tactic has failed in
relation to the primary suit. This is not a business with customers,
but a legal play to siphon money out of the system.
So as OSS continues to deploy and grow in enterprises, those companies
will need to consider the source of the technology they use, and their
vendor relationships, which is no different than any other technology
shift in the past decades. As for OSS developers and vendors
themselves, David McGowan may have said it best:
"If the F/OSS community wants to be in commercial space, community
members will have to learn to deal calmly with IP litigation. The
F/OSS production model will work where it makes sense, and it will not
work where it doesn't. It's really just that simple. Particular claims
in individual suits-even one against a flagship program such as the
GNU/Linux OS-will not determine the fate of the community. Such cases
present factual issues that will get resolved one way or another; they
do not represent a crisis for F/OSS production as a whole. Norm
entrepreneurial rhetoric that plays off such cases should be treated
as entertainment. Enjoy it if you like it, take inspiration from it if
you must, but don't confuse it with the way things actually get
done."15
Notes
1 Cnet's archive over the past two years is at:
http://news.search.com/search?q=SCO+IBM&search.x=0&search.y=0
2 http://www.internetnews.com/ent-news/article.php/3438191, confirmed
20 January, 2005.
3 http://www.uspto.gov/main/homepagenews/bak11jan2005.htm, confirmed 20
January, 2005.
4 http://www.ibm.com/ibm/licensing/patents/pledgedpatents.pdf,
confirmed 20 January, 2005.
5 http://lwn.net/Articles/7636/, confirmed 20 January, 2005.
6 My apologies to Toyota. Someone needed to be the "bad guy" in the
example. Our household has been and remains happy Toyota and Honda
customers. The example also holds true regardless of whether one is a
simple household or a company with a fleet of vehicles.
7 McGowan, David, "SCO What? Rhetoric, Law, and the Future of F/OSS
Production", Version 1.2: 6/12/04, p.3, available at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=555851, 20 January,
2005. A thoroughly enjoyable paper on the subject of rhetoric as a
tool for norm entrepreneurs.
8 http://www.osriskmanagement.com/pdf_articles/linuxpatentpaper.pdf,
confirmed 20 Jan, 2005.
9 Lefkowitz, Robert, "The Semasiology of Open Source", O'Reilly Open
Source Conference, Portland, OR, 28 July, 2004.
10
http://www.microsoft.com/mscorp/execmail/2004/10-27platformvalue.asp,
confirmed 20 January, 2005.
11 http://www.novell.com/licensing/indemnity/register/index.html,
confirmed 20 January, 2005
12 http://www.hp.com/hpinfo/newsroom/press/2003/030924a.html, confirmed
20 January, 2005.
13 http://www.forbes.com/2003/06/18/cz_dl_0618linux.html, confirmed 27
January, 2005.
14
http://news.com.com/SCO+suits+target+two+big+Linux+users/2100-1014_3-51
68921 .html
15McGowan, David, "SCO What? Rhetoric, Law, and the Future of F/OSS
Production", Version 1.2: 6/12/04, p.26, available at
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=555851, 20 January,
2005.
[end of forwarded item]
--
Arjen Lentz, Community Relations Manager
MySQL AB, www.mysql.com
MySQL Users Conference (Santa Clara CA, 18-21 April 2005)
Early registration until February 28: www.mysqluc.com
-------------------------------------------------------
Cheers; Leon
--
Ye are our epistle written in our hearts, known and read of all men:
Forasmuch as ye are manifestly declared to be
the epistle of Christ ministered by us,
written not with ink, but with the Spirit of the living God;
not in tables of stone, but in fleshy tables of the heart.
-- 2 Corinthians 3:2-3, KJV
More information about the Christiansource
mailing list