Category Archives: law

FOSS licenses upheld!

After a five-year struggle in US Federal District Court, Robert Jacobson recently prevailed in his copyright infringement claim against Matthew Katzer as a result of Katzer’s alleged misappropriation of open source code from Jacobson’s Java Model Railroad Interface project.

You can read all of the story in more detail at ConsortiumInfo.org.  The end result is a huge win for open source developers as a result of three key findings by the District Court:

  1. Violation of an open source software license constitutes copyright infringement, not just breach of contract (this was first upheld by the Federal Appeals Court in 2008 in this case).
  2. Use of open source code without attribution is a violation of the Digital Millennium Copyright Act.
  3. These violations entitle the Plaintiff (Jacobson) to monetary damages – which, as they’re based on violations of copyright law, are potentially much more substantial than those which may have been limited by contract law.

There are some mitigating circumstances in that the results in this case are not yet dispositive of all future violations, as the ruling of a US District Court is limited to absolute applicability only in its geographic district.  The concern is that a Federal Appellate Court (including the US Supreme Court) could overrule or otherwise reverse this decision.  Worse yet would be another US District Court coming to a different conclusion with a similar set of facts.

But for now, FOSS developers can rest a little easier knowing that their creations are protected by copyright law.

Things that shouldn’t count as force majeure

Define the term “force majeure” for me.  Looking online, there are several:

  • it’s French for “superior force”
  • act of God: a natural and unavoidable catastrophe that interrupts the expected course of events  (WordNet)
  • a common clause in contract which essentially frees both parties from liability or obligation when an extraordinary event or circumstance beyond the control of the parties (Wikipedia)
  • an unavoidable catastrophe (Wiktionary)

So what’s the common theme?  It’s the ability to AVOID a particular set of actions.  In other words, force majeure events are those which are unavoidable or unforeseeable.  If you only click one link above, do the one for Wikipedia and learn about the three-part test in French and international law for what constitutes a force majure event.  UCC Section 2-615, “Excuse by Failure of Presupposed Conditions” and the Restatement of Contracts 2d, Section 261 “Excused Nonperformance” also include multi-part tests.

But we’ve gotten lax in contract drafting in the US and folks have assumed that force majeure clauses (those that allow a party to not perform as a result of one of these types of events) were continually written with actual unavoidable events listed.  In fact, almost every force majeure clause I now see contains at least one, if not more, of the following things as force majeure events:

  • strikes/labor disputes
  • telecommunication difficulties
  • supply chain problems
  • terrorism and war (sometimes even phrased as “acts of the public enemy”)
  • riots
  • government regulation

Unfortunately, these are not force majeure events.  Why?  Because most of them can be planned for… and even something like terrorism and war (especially when they’re happening right now), should be planned for.  If you can plan for them, they’re foreseeable.  And if they’re foreseeable, they’re not unforeseeable.  See where I’m going with this?  🙂

So when you strike these items out of the force majure event clause, you’re going to get push back because people don’t want to be responsible for planning in all eventualities.  You’re not asking them to do it.  Rather, you’re asking that contract performance not be hindered or halted as a result of things that are capable of having a backup plan.  Which means that you could, if you were so inclined, draft language which allows for these items to be force majeure only if they were part of a backup plan that still was impeded.  In other words, you’ll give these items force majure weight if the party claiming force majeure can show that they had planned for them properly, but still ran into trouble.

Oh, and by the way, force majeure also isn’t one-size-fits-all.  Would you EVER list telecommunication difficulties in a contract with your telephone service provider?  Additionally, force majeure protections should benefit BOTH parties, even if one party’s sole obligation is to cut a check.  Payment can be made quite difficult by floods and hurricanes, just ask the good people in Louisiana, Alabama and Mississippi about business deals during Katrina.

Third Party Providers

Happy New Year!

I saw an interesting article today that high-tech vehicles were posing problems to some mechanics.  The mechanics claim that they can’t afford the thousands of dollars that are necessary for them to obtain the specialized diagnostic tools for each auto manufacturer.  The manufacturers are claiming that they’re trying to protect their intellectual property.

Sound familiar?  Yup, it’s exactly like the issues Frank Scavo and Ray Wang have written about with regards to third-party software providers being blocked from performing various maintenance/implementation tasks by the contracts and software licenses and services agreements of certain primary vendors.

On the automotive side, it’s apparently gotten to be such an issue that there’s a congressional bill called the Motor Vehicle Owners Right to Repair Act of 2009.  The stated purpose of this Bill is to “protect the rights of consumers to diagnose, service, maintain, and repair their motor vehicles”.  What’s really interesting are the Bill’s findings, among which say that:

  • Motor vehicle owners are entitled to choose which service provider will diagnose, service, maintain, or repair their motor vehicles.
  • Promoting competition in price and quality… will benefit consumers.
  • Only service technician with the necessary tools and information can access the computers to perform diagnosis, service, maintenance and repair…

And the requirements of the Bill, specifically:

  • Duty to Make Tools Available:  The manufacturer of a motor vehicle sold, leases or otherwise introduced into commerce in the United States must offer for sale to the motor vehicle owner and to all service providers on a reasonable and non-discriminatory basis, any tool for the diagnosis, service, maintenance, or repair of a motor vehicle, and provide all information that enables aftermarket tool companies to manufacture tools with the same functional characteristics as those tools made available by the manufacturers to authorized dealers.
  • Replacement Equipment: The manufacturer of a motor vehicle sold, leased, or otherwise introduced into commerce in the United States must offer for sale to motor vehicle owners, and to all service providers on reasonable and non-discriminatory terms, all equipment for diagnosis, service, maintenance, or repair of a motor vehicle.

The only thing the Bill protects for the manufacturer are things that are actual trade secrets.

Wow.  Of course, there are a LOT of people (and more specifically, a lot of trade association and advocacy groups) behind this Bill.

Could you imagine what would happen if this passes and someone realizes that software in cars isn’t that dissimilar to plain old enterprise software?  If only there was a trade association group for buyers of enterprise software apps.  😉

But let’s talk about the other side of the issue for a moment.  Do consumers have a right to have third-party companies provide service?  A right?  No.  I don’t think there’s a right to be able to have third-party providers.  [Keep in mind, when we’re talking about rights, we’re talking about things equal to “life, liberty and the pursuit of happiness…”.]

Absent a right, should third-party providers still be allowed/encouraged?  I’m really torn on this.  On one hand, I’m all in favor of things that inspire commerce.  I like behaviors that create business, allow more people to work… and of course, things that drive down costs and dissipate apparent monopolies.  On the other hand, an individual or organization who creates something should be able to protect their idea/invention and not have to give up the secret sauce simply so that other people can benefit.  But there seems to be a line somewhere that once you cross it should allow for third-party companies to fill available niches.  Maybe it’s where the original vendor is no longer able to provide a quality-level of service.  Maybe it’s a situation where the original vendor is charging exorbitant rates.  I’m not sure.

Anyone have a solution?

Updating Contract Language for the 21st Century

Holly Towle wrote an excellent article on the boilerplate contract language issues that might now exist in your contract language.  Read the article… consider the issues… review your templates.  Make some changes.  Of course, you can always just call me and I’d be happy to review your contracts for you.  😉

GPL, WordPress and Themes

I saw an intriguing post the other day by Jennifer Schiffer on WordPress, themes and the GPL.  She linked to a video of Matt Mullenweg (one of WordPress’ lead developers) who was talking about why WordPress was a GPL product (short answer: they didn’t really have a choice because WP is based on b2, which was GPL) and, more specifically, was talking about why themes and plugins are also then GPL.

The truth of the matter is that the GPLv3 is a very restrictive license, in as much as it’s also a harbinger of freedom.  The GPL was written in a way to specifically retain the freedoms it grants through successive iterations of a particular product, or its add-ons.  This means that if you like a GPL product, develop a derivative work, a modification, a plug-in or any other type of add-on, the resulting work is also going to be covered by the GPL (you do not have a choice in this).

“You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.” – Section 10 of the GPL

This means that unless the WordPress GPL (yes, they’re specific by product… you can ADD restrictions if you want… so no 2 GPL’d products are necessarily identically licensed – we’ll talk about this in a minute) allowed for a theme developer to restrict the distribution of a theme, a theme developer isn’t allowed to add that restriction on their own.  Your development on a GPL product inherits the license of the original product.

Inheritance is a powerful concept because it creates license congruity, ad infinitum, for all downstream works of the original code.  It would be extremely difficult to manage license compliance if WordPress had one license, but a plug-in had a different one.

But there’s apparently a wonderful new theme available for WordPress called Thesis.  Its developer sells two several different versions of the theme (selling under the GPL is fine).  The problem comes to light when you look at the options:

  1. Personal:  one site only; footer link must remain intact; can’t re-sell theme or modifications
  2. Developer:  can create multiple sites and must pay Thesis developer for each site deployed; can remove footer link; can’t re-sell theme or modifications

And these options are problematic because they violate the GPL v2 under which WordPress is licensed.  Specifically, Section 2, which states, in part:

“You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.”

and Section 6:

“Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.”

(Note that v2 and v3 of the GPL are vastly different animals… and v2 was actually more in the realm of “free as in free beer” than v3, which touts freedom as “free as in free speech, not free beer”.)

So, in fact, the Thesis theme, as a WordPress derivative work, is bound to the GPLv2 license that WordPress is licensed under.  As such, even the sale of the theme is a problem, as are the one-site-only restrictions and the “can’t re-sell” restrictions.  Note: the footer link restriction is probably fine, as it could qualify as the attribution allowed under the GPL.  Additionally, it could be argued that the fee charged is for the “physical act of transferring a copy” as allowed by Section 1 of GPLv2, but even then, the remainder of the unauthorized restrictions are still problematic.

But who is going to do anything about this violation?  Who has the right to enforce the license?  WordPress?  The folks at b2 (WordPress’ predecessor)?  Any particular end user?  Technically, it’s the folks at WordPress who have the right to enforce their license upon theme and plug-in developers.  They have the ability to potentially even sue to prevent a rogue developer from violating their license with WordPress [though I’m guessing that a theme developer is going to try to argue that a theme isn’t a derivative work or a modification].  But this is inherently difficult.  So instead, WordPress is taking a slightly different tack.  They’re going to create a Theme Page on the main WordPress website which only lists themes that follow the GPL (by the way, all derivatives have to be GPLv2 licensed, as the WordPress license doesn’t allow for newer versions of the GPL to apply).  I’m guessing that Thesis won’t be listed.

Who can audit?

I posted the question on Twitter the other day: “How does the SPA have the authority to audit software license use?  In thousands of licenses I’ve never given them that right.”

I was looking for some insight that I might have missed.  In the world of contracts, your license actually will specifically state who has the ability to audit your license usage (if they have the right at all).  And in the world of law, the term “standing” is used to show who actually is allowed to raise a particular issue (via the courts, etc).  So the SPA/BSA/SIIA (SIIA is their current incarnation) (or any other third-party “enforcer”) wouldn’t have the legal right to ever come in and audit your software license use unless there’s language in the license that allows for such audit.

Even general audit language is probably safe to prevent the SIIA from knocking on your door one day.  Typical audit provisions include:

  • explanation of who can come to audit (it usually says that the vendor has the right to audit)
  • time-frame of any audits (I typically am very clear to limit audits to 1 time per calendar year)
  • notice for audits (even bad audit language usually says that the vendor has to notify the licensee of the intent for an audit)
  • who besides the vendor can come audit (if 3rd parties are allowed, I limit to a “big-four” accounting firm and have NEVER been challenged on this limit)

The result is that even with not-so-favorable audit language, I simply don’t see how the SIIA has any right to come and perform an audit, let alone try to sue a licensee for license violations (again, any license that has “no third-party beneficiary” language in it could be used to very clearly show that the SIIA doesn’t have any rights with respects to the license).

Additionally, it’s been suggested that there are two other routes to allow such an audit: the “source” (the licensee’s employee who reports a violation) and the potential for an assignment of audit rights.  As for the source person, unless they’re also the person in the company who can allow someone to come in, that individual probably doesn’t have internal authorization to allow the audit to happen – so I find this unlikely.  The assignment of audit rights potential does exist, and contracts that have poor assignment language could potentially allow the vendor to assign their rights to someone else (and, in fact, it appears that the SIIA attempts to use an assignment of rights in this manner).  So it’s conceivable, but I’ve never seen the language used in that way.

At the end of the day, the lesson is this:

  1. Have strong audit language which clearly states who can perform the audit, on what time basis they can audit and what the results would mean (ie: usually you don’t have to pay any form of penalty unless usage exceeds 10% of the licensed quantity – but you’ll always have to pay for the difference in usage).  Include notice provisions and be very clear about whether the vendor can outsource their auditing… many will use large auditors, which is fine, but you don’t want Andy’s Audit Shack to be performing the audit.  Lastly, if you’re maintaining any kind of uber-confidential information (like SSN’s, bank account numbers, etc), then I would also be clear about what kinds of auditing tools can be used to complete the audit, as many vendors like to install their own auditing software onto your network.
  2. Have clear assignment language which prevents EITHER party from assigning the agreement without the other party’s consent (not to be unreasonably withheld, if you so choose): “Neither party may assign or otherwise transfer this Agreement or any of the rights hereunder, without the prior written consent of the other, which consent will not be unreasonably withheld or delayed.”.

OK – so you’ve done the prior two things and the SIIA comes knocking (physically or with a letter requesting/demanding an audit).  What do you do?  Simple.  Deny them access – in writing.  They’ll threaten, similar to the Big Bad Wolf, to huff and puff and to blow your house down.  But if you’ve got things properly documented, the SIIA simply doesn’t have the legal right to audit.  It doesn’t matter whether the vendor they’re supposedly auditing for is a SIIA member.  It doesn’t matter if they claim to have permission.  (Oh, and interestingly enough, if they name names and tell you which vendor sent them to you, I would check your license agreement with that vendor because many vendors like to include confidentiality restrictions which prohibit either party from even identifying the other.)

Now, regardless of everything I’ve just told you, I also firmly believe that you should always be 100% compliant with your contractual obligations.  So use some form of license management tool to know that you’re only using what you’re licensed to use.

This Week on The Web 2009-10-11

These are the discussions that happened around the web this week – maybe you already read about them, maybe you need to again.  Come join the party on twitter (follow me here and you’ll participate in the conversation live.)

I also realized that many of you might have no idea what you’re seeing below.  Sorry.  These are “tweets”, 140 maximum character messages sent via Twitter.  Within the Twitterverse individual users follow others and have followers (think of it like overlapping Venn diagram circles).  To read a tweet, you have to wade through a bit of jargon used to make the most of the 140 character limitation.  “RT” for example, is shorthand for “Re-tweet” and the @____ is the username of some other individual on Twitter.  Combined together, then, “RT @_____” means that someone else wrote a tweet that I found important and I now want to forward along to my followers.  The URL’s are then also shortened by shortening services like bit.ly to make the most of the character limitation, too.  Lastly, you might see “hash” identifiers “#______” which are ways to tag tweets of a particular flavor for easy searching later and “<” which means that I am commenting on what came before it.