Conspiracy Theories

Some people see larger forces at work behind the blizzard of SCO-related lawsuitsMicrosoft is behind SCO.

When SCO began claiming ownership of the Unix System V source code, Linux advocates started whispering that the owner of Windows, Microsoft, wanted the Linux market to stall, and was, in effect, financing SCO.

SCO officials have acknowledged that Microsoft is a "significant customer", accounting for 25 percent of SCO's $US79 million in revenue (and $US5.4 million in income) in 2003.

BayStar Capital, a private investment firm, also invested $US20 million in SCO (in a preferred stock purchase) in late 2003, and then recruited Royal Bank of Canada to invest another $US30 million. Shortly thereafter, a memo from a consultant to SCO executives became public, claiming that BayStar invested in SCO on the recommendation of Microsoft, and that Microsoft would like to use "BayStar-like entities to help [SCO] get significantly more money".

SCO spokesman Blake Stowell responded in a statement: "We believe the e-mail was simply a misunderstanding of the facts by an outside consultant. Contrary to the speculation, Microsoft did not orchestrate or participate in the BayStar transaction." Microsoft similarly denies orchestrating the deal.

BayStar considered pulling its investment in March 2004. After negotiations, SCO gave BayStar $US13 million in cash and let it convert its preferred shares to common stock, which Royal Bank of Canada had already done.

No, Sun Microsystems is behind SCO.

After Microsoft, SCO's next largest customer is Sun, which accounted for 15 percent of SCO revenue in 2003. (SCO notes in public documents that no other vendor besides Sun and Microsoft accounted for more than 10 percent of its total revenue.) But why would Microsoft's archrival help SCO?

The answer is Solaris, Sun's Unix operating system, which has suffered severely - arguably more so than Windows - due to the rise of Linux as an alternative. Linux is the enemy of Solaris. SCO is the enemy of Linux. The enemy of my enemy, the saying goes, is my friend.

And IBM is behind Red Hat.

SCO Senior VP Chris Sontag suggested in an interview with CIO (US) last year that IBM uses Red Hat to distribute Linux in order to shield Big Blue from liability issues.

In fact, IBM's Linux guru Karl-Heinz Strassemeyer was quoted in The Register saying: "We don't want to take the risk of being sued for a patent infringement. That's why we have distributors."

"In the meantime, they benefit on hardware and services sales," Sontag said, calling it "a great scam".

SIDEBAR: What About Australia?

Know your rights: the legal implications of using open source software

TCO arguments aside, the idea of having a pool of freely-distributable, open source software to deploy is enough to excite even the most conservative of today's cost-vigilant CIOs.

Software utopia perhaps, but since The SCO Group's very public accusations of intellectual property violations being harboured by projects such as Linux, the open source ecosystem will no longer be seen as immune to the legal battles that scar the proprietary vendor landscape. To make matters more harrowing, SCO has demonstrated its willingness to take legal action against end-user organizations for deploying "unlicensed" copies of Linux on the grounds that it infringes its Unix IP.

Director of Australian technology law firm Open Source Law Brendan Scott says open source is proving itself to be an easy target of perceived IP issues by ill-informed software vendors and end users alike.

"Most of the risks associated with deploying open source are identical to the risks of deploying closed source," Scott says. "However, organizations have typically internalized the risk profile for closed source and don't necessarily realise their risks. For example, one of the risks common to both open source and closed source is that the vendor doesn't have the right to grant the licence they purport to grant. In each case this is resolved essentially by making an assessment of whether or not you can trust the vendor."

Having worked for IT vendors, Scott believes in his experience they would be "hard pressed to prove good title to the things they are selling".

On the user side, Scott says it is the "freeness" of open source that could introduce a certain risk into the organization by stealth, particularly if staff are ignorant of any legal ramifications of its use. Scott defines this as "people risks".

"As open source isn't subject to a licence fee, it may fly underneath the radar of corporate acquisitions policies," Scott says. "This may mean that it is not properly evaluated, is not given appropriate consideration as part of an overall corporate ICT strategy, or is not subject to an adequate legal review of licence terms. Proper people management is a crucial element of an open source strategy."

With the risks associated with using open source and commercial software about even, Scott says mitigating such risks is all about assessing how much the supplier can be trusted. Questions like: Is it a substantial organization? Does it follow established procedures? and Is the software being offered well established? - all should be considered.

"Projects such as Apache and the Linux kernel are long established projects, are broadly implemented, have been adopted by many major players and follow extensive code management and review procedures," Scott says. "Therefore their comparative risk would be similar to that involved in buying a closed source product from a vendor with a similar market reputation. In neither case can the risk be eliminated, but it can be managed by what is essentially a vendor qualification process."

To deal with risk associated with open source software end users have the primary options of IP infringement insurance - which Scott concedes is still in its infancy - and warranty and indemnity provisions secured from a supplier. "A warranty is only worth the assets backing it, and if you are contracting with a small entity a broad warranty may be nice to look at, but be of little practical value," Scott says.

With the borderless Internet being the medium for open source software distribution, it is important not to disregard the location of SCO's litigious activities - the US courts. Although any declarations of copyright infringement are likely to apply equally here, Scott says a judgment in the US is not the same as a judgment in an Australian court and may or may not be enforceable here depending on cross-recognition treaties.

"Most of our IT industry comes from branch offices or multinational organizations, which typically have global policies which their branches follow," Scott says. "Therefore US decisions are likely to have a practical impact on Australia."

Dan Ravicher, founder and executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation, disagrees by saying if the business activities are wholly within Australia, US law does not apply.

"US intellectual property rights are only applicable within the US - they cannot restrain activities wholly outside the US," Ravicher says. "However, any Australian user doing business in the US, such as by having a Web site that people in the US interact with, can be hauled into court and have US IP rights asserted against them. Further, it is possible that the holder of US IP rights also has similar rights in other jurisdictions, such as Australia, that they can enforce against users in those jurisdictions."