Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Legal risks of open source under scrutiny

The legal risks of adopting open source software may not be confined to intellectual property problems of the SCO-IBM type.

Apart from issues such as copyright claims over Unix code in Linux, problems could also arise through the application of the open systems’ general public licence (GPL) to software derived from an open source product but which includes elements the developer wants to protect, says a lawyer.

David McGuinness, of law firm Simpson Grierson, told an audience at New Zealand's GOVIS conference of government IT managers that the unique and “non-legalistic” nature of the open source licence and the lack of specific legal test cases create uncertainty.

The GPL states that the user of an open source program “must cause any work that you publish or distribute that in whole or [in part] contains or is derived from the program or any part thereof to be licensed as a whole, at no charge, to all third parties under the terms of the licence”.

This raises the spectre of a large enterprise application founded on a relatively small amount of open source code being open for all-comers, including potential competitors, to acquire and use at no charge.

There is certainly “confusion and concern” on this front, McGuinness says.

The meaning of the term “derived” is not clear, and the pertinent clause is, he says, inconsistent with other parts of the GPL licence.

Conversely, some “flaws” in the open source licensing model may allow users to escape providing for general consumption derived products such as Linux utilities, which the open source community would consider should be so distributed.

The GPL is not typically enforced by a physical act of consent such as a signature or a tick on an online form. This may make agreement to the conditions subject to legal dispute.

Also, bearing in mind the zero or nominal fee attached to the acquisition of OSS, a question mark exists over whether a “valuable consideration” has actually been transferred, as required by contract law.

That could cast doubt on the need to abide by any of the terms of the licence.

McGuinness updated his audience on the still unresolved SCO dispute, “As I understand it, SCO’s evidence [for breach of copyright] is far from convincing,” he said; but, in any case, users of open source have been “put on notice” about the IP risk.

It appears unreasonable, he says, for one buyer of an open source software product to take on full responsibility for any intellectual property infringement committed by the developer of any part of the system, but this may well be the case.

Commercial software licences contain assurances protecting the buyer from action for any “upstream” IP breach, but the GPL contains no such assurances and is very loosely worded, McGuinness notes.

He also referred to the lack of user remedy for failure or inefficiency of performance under an open source licence.

His risk summary at Govis brought a reply from Chris Hegan of open source developer Asterisk, pointing out that there have been at least as many actions against proprietary software for IP breaches as there have been against open source software.

With the latter, the user can at least examine the code and check any allegations of inclusion of “ripped off code” from another’s product.

With proprietary software it is far more difficult to check the veracity of any allegation.

“We can all talk about risk,” Hegan says. “It’s risky to drive, we know that too.”

But both motor vehicles and open source software have been around for a long time and users take the risks on board as acceptably low, he says.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: IBM, Simpson Grierson

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Lower Your IT Costs When You Standardize on Oracle Database 11g
    As business operations become more complex, the demand for change in IT increases, along with the associated risks that must be mitigated. Today’s IT professionals are asked to manage more information and deliver it to their users in a timely manner with ever-increasing quality of service. And in today’s economic climate, IT must also reduce budgets and derive greater value out of existing investments.
    Learn more »
  • Top Reasons to Implement an SOA Governance Strategy: A List for IT Executives
    Service-oriented architecture (SOA) has moved beyond hype to widespread acceptance as an IT strategy for delivering business value. SOA promotes the notion of modularity, providing overwhelming flexibility and superior economics for addressing business demands. However, undertaking the transformation to SOA is not without its challenges. If left unchecked, your inventory of SOA assets will become unmanageable; the reuse of services will diminish in favor of custom development; or even worse, modifications will be made to your existing services that break other business processes. The purpose of SOA governance is to help you ensure that this does not happen. This paper outlines the most compelling reasons for you to establish SOA governance within your organization.
    Learn more »
  • Consolidating Applications with Oracle Solaris Containers
    The main focus in IT departments today is increasing service levels while reducing the cost of the IT infrastructure. To reduce costs, businesses are eager to consolidate applications onto fewer servers, but they must be careful to isolate these applications to provide adequate resources and security. Read on
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments