As-Is Software
Open-source software is commonly defined by the 10 criteria listed on the website of Open Source Initiative at http://opensource.org/docs/osd (last visited May 25, 2011), but it boils down to just what the name implies—an opening of the source code to one and all, allowing distribution and redistribution that includes, in most instances, modifications and derivations under the same terms as the original license. The relatively free-ranging distribution mechanism—which allows users to adopt source code under an existing license that was created without any input from current or potential users for code that may or may not have been modified and software that the user can implement alongside other applications—is problematic from the standpoint of intellectual-property protection because the very freedom of this "free" software breeds legal uncertainty that can cause headaches for the user long after adoption.
While open-source software licenses come in all shapes and sizes, they share at least one thing in common. Using software developed by another brings exposure to potential allegations of intellectual-property infringement, which increasingly involve patent-infringement claims relating to e-commerce activities. While any software license—proprietary or open source—carries with it some risk of an infringement claims, open-source licenses more frequently come packaged "as is" with respect to indemnification for third-party claims and warranties of title. For instance, both Red Hat, Inc., and the Apache Software Foundation, two of the major players in the open-source field, include disclaimers of warranties strongly suggesting that, should a patent owner come calling with a demand letter or complaint of infringement, it is the licensee who may be left to answer the door and the patent owner's questions.
Red Hat's Enterprise Agreement contains not only a limitation of liability and disclaimer of damages, but also a disclaimer of warranty that reads, in relevant part, as follows:
10.2 Disclaimer of Warranty. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 10.1 OR BY A THIRD PARTY VENDOR DIRECTLY TO CLIENT UNDER A SEPARATE AGREEMENT, THE SERVICES, SOFTWARE AND ANY HARDWARE ARE PROVIDED BY RED HAT "AS IS" AND WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON–INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. RED HAT DOES NOT GUARANTEE OR WARRANT THAT THE USE OF THE SERVICES, SOFTWARE OR HARDWARE WILL BE UNINTERRUPTED, COMPLY WITH REGULATORY REQUIREMENTS, BE ERROR FREE OR THAT RED HAT WILL CORRECT ALL SOFTWARE ERRORS.
Red Hat, Red Hat Enterprise Agreement (last visited May 25, 2011).
Apache's current license is only slightly less emphatic:
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON–INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
Apache Software Foundation, Apache License, Version 2.0 (last visited May 25, 2011).
With such take-it-as-it-comes language governing the incorporation of open-source products and services into a business, it is worth a moment's pause prior to implementation to consider that the thriving e-commerce operation or other web-based operation of a business may someday be confronted with a patent-infringement lawsuit based on its use of an Apache HTTP server or a Red Hat Linux operating system. What's more, there is a distinct possibility that neither Apache nor Red Hat will ride to the rescue of a user with whom they may never have had any direct contact. It appears that open-source providers are becoming aware of this concern, as Red Hat now offers customers with valid subscriptions an "Open Source Assurance"—including a promise that it will defend and indemnify such customers—which it makes available to subscribers under a separate "Open Source Assurance Agreement." Red Hat, Open Source Assurance (last visited August 11, 2011).
Because software modification by the end user is not only possible but encouraged by the nature of open-source licensing and use, and because open-source products will likely be used along with a host of other software or computer products, there is a strong likelihood that, when it comes time to figure out who will be responsible for the costs of defense, damages, or both, the buck will stop with the e-commerce business. As demonstrated by a recent Supreme Court opinion and two recent orders of the Federal Circuit Court of Appeals, the law of patent infringement based on the conduct of multiple actors is evolving rapidly, which leaves businesses that are contemplating open-source software in a double bind. By choosing an open-source solution, they may be "purchasing" potential patent infringement liability without vendor protection in a legal landscape that is changing by the minute and in not entirely predictable ways. See Global-Tech Appliances, Inc. v. SEB S.A. [PDF], No. 10–6 (May 31, 2011) (induced infringement); Order, Akamai Techs., Inc. v. Limelight Networks, Inc. [PDF], 2009-1372, -1380, -1416, -1417 (Fed. Cir. Apr. 20, 2011) (ordering rehearing en banc on joint infringement standard); Order, McKesson Techs., Inc. v. Epic Sys. Corp. [PDF], 2010–1291 (Fed. Cir. May 26, 2011) (same).
Of course, a proprietary license is no saving grace. But with a provider of proprietary software, at least the customer may have a better chance of negotiating a license face-to-face with a vendor and securing more favorable indemnification language up front as part of the purchase and sale process, especially if the customer is a business with some size or clout in its industry. Unlike the decentralized open-source software, where there is often no single authority or locus of responsibility for any given product, proprietary software usually has a clearer ownership structure and pedigree, as well as a client representative designated to take the customer's calls when a demand letter or lawsuit falls into the customer's lap. That said, depending on the size of the business or the type of product it is purchasing, the business may have no more leverage in negotiating a proprietary software license than it would an open-source license. The only way a business can reach an informed decision on this point is to consider the issue beforesigning up for the software or service.
Case Study
In 2004, in connection with its consideration of insurance for open-source products, the insurance firm Open Source Risk Management (OSRM) conducted an analysis of the risks posed by Linux and concluded that it potentially infringed 283 patents. Press Release, Open Source Risk Mgmt., Results of First-Ever Linux Patent Review Announced, Patent Insurance Offered by Open Source Risk Management [PDF] (Aug. 2, 2004). At the time, the identified patents had not been litigated and the claims within them not yet tested against Linux end users. Seven years later, however, the insurance industry's cries seem more prescient than pessimistic. One month before this article was written, a jury in a federal court in the Eastern District of Texas awarded Bedrock Computer Technologies, Inc., millions in damages for Google's infringement of a Linux kernel patent. Bedrock has sued Linux users, from AOL to Yahoo!, and there are fears that the Google verdict will have reverberations for other Linux end users. This is not to say that distributor Red Hat has sat on its hands while its flagship product has been maligned; indeed, it has sued Bedrock seeking to invalidate the patent in suit. But, as in similar e-commerce disputes, patent holders are demonstrating a willingness to target the successful users of open-source software, and there is no certainty that open-source distributors can or will step up to defend their products in every case or in cases involving software that has undergone a set of transformations over time.
Sunnier Skies
As noted at the outset of this article, however, we have not come to bury the open-source model but rather to point out a potentially hidden cost of the freedom that comes with such a model. For the enterprising business looking to adopt open-source software yet is still concerned about the risks of intellectual-property-infringement actions, all is not doom and gloom. Careful examination and assessment as well as pre-adoption of the likely risks of any particular open-source product under consideration (such as the Apache web server or Linux operating system) will help any business make an informed decision about which software products to integrate into its operations.
And should a company find itself with an open-source solution on hand that arrived prepackaged with a hidden, and unwelcome, side of litigation, the first avenue of potential relief may still be the specific vendor or distributor of the product. Assuming there are deep enough pockets and a strong enough motive, such a vendor may be prevailed upon to step forward and defend its product (à la Red Hat in the Bedrock litigation). Open-source purveyors have a strong business interest in defending their business model and in showing the business world that they have nothing to fear from opening their operations to open-source software or services. Customers of sufficient size or in sufficient numbers may be able to make a strong case to open-source firms that defending customers is good business in a market where less tech-savvy businesses might otherwise see proprietary software licensing as a safer bet.
Furthermore, open-source software customers have the option of purchasing intellectual-property insurance through third-party vendors. For example, OSRM claims on its website that it is "the exclusive risk assessor on the world's first insurance facility to cover the specialized risks faced by enterprises that include or rely upon elements of Linux and other Open Source software in their commercial products or IT infrastructure." See Open Source Insurance, Open Source Risk Management (last visited May 31, 2011).
Finally, it is worth noting that the very factor that makes open source so difficult to pin down when it comes to warranties—its mutable and modifiable source code—may be useful in permitting (or even encouraging) design-arounds of patent-infringement claims, thereby minimizing damages in cases in which litigation is inescapable.
Conclusion
Like everything else, open-source software carries both pros and cons; and the extent to which a business decides to integrate or use open-source products in its operation remains, in essence, a business assessment. With up-front consideration of the potential negative intellectual-property ramifications of adoption—including analysis of license terms and product risk, assessment of the vendor in question, and consideration of whether or not to purchase insurance—a business can be sure that it is walking into a licensing decision regarding the merits of open-source software with open eyes.
Keywords: litigation, intellectual property, open-source software, patent infringement