free and open source software litigation in 2016
TRANSCRIPT
Mark Radcliffe, Partner, DLA Piper, Silicon Valley
Enforcement of Open Source Licenses
PLIDecember 21, 2016
*This presentation is offered for informational purposes only, and the content should not be construed as legal advice on any matter.
FOSS Compliance: New Players
Traditional FOSS Enforcement: Focus on Compliance
Software Freedom Law Center
Software Freedom Conservancy (“SFC”)
gplviolations
Shift to Commercial Licensors
Continuent v. Tekelec (GPL)
Versata Series of Cases
New Enforcers
McHardy, copyright troll
Fligor: looking for clients
Major Difference in Goals
Shift from compliance to revenue
Focus on injunctive relief
Expansion of Traditional FOSS Enforcement
SFC assists in VMware litigation
Existing Compliance Issues
VMware litigation (SFC)
McHardy litigation
First copyright troll
Versata: focus on hybrid product licensing
Will terminated licensees regularly raise the defense of“integration” with GPLv2 licensed code?
Will warranty claims against licensors arise from poorly draftedlicenses become common?
Netfilter Project Suspends McHardy
The netfilter project regrets to have to suspend its core team member PatrickMcHardy from the core team. This is a grave step, definitely the first in theprojects history, and it is not one we take lightly. Over many months, severeallegations have been brought forward against the style of his licenseenforcement activities on parts of the netfilter software he wrote. Withrespect to privacy, we will not publicly disclose the content of thoseallegations.
Despite many attempts by us to reach him, Patrick has been unable orunwilling to comment on those allegations or defend against the allegations.The netfilter project does not have first-hand evidence. But giventhe consistent allegations from various trusted sources, and in the absenceof any response from Patrick, we feel it is necessary to suspend him untilfurther notice.
We'd like to stress that we do not take any sides, and did not "convict"Patrick of anything. He continues to be welcome in the project as soon as heis be able to address the allegations and/or co-sign the "principles" [1] in
terms of any future enforcement activities.
SFC Criticizes GPL Monetizers
These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minorviolations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy,FSF and gpl-violations.org have done for years.
Most notably, a Linux developer named Patrick McHardy continues ongoing GPL enforcement actions but has notendorsed the community Principles. When Patrick began his efforts, Conservancy immediately reached out to him.After a promising initial discussion (even contemplating partnership and Patrick joining our coalition) in mid-2014,Patrick ceased answering our emails and text messages, and never cooperated with us. Conservancy has had nocontact with Patrick nor his attorney since, other than a somewhat cryptic and off-topic response we received over ayear ago. In the last two years, we've heard repeated rumors about Patrick's enforcement activity, as well as somereliable claims by GPL violators that Patrick failed to follow the Principles.
In one of the many attempts we made to contact Patrick, we urged him to join us in co-drafting the Principles, andthen invited him to endorse them after their publication. Neither communication received a response. We informedhim that we felt the need to make this public statement, and gave him almost three months to respond. He still hasnot responded.
Patrick's enforcement occurs primarily in Germany. We know well the difficulties of working transparently in thatparticular legal system, but both gpl-violations.org and Conservancy have done transparent enforcement in thatjurisdiction and others. Yet, Patrick's actions are not transparent.
In private and semi-private communications, many have criticized Patrick for his enforcement actions. PatrickMcHardy has also been suspended from work on the Netfilter core team. While the Netfilter team itself publiclyendorsed Conservancy's principles of enforcement, Patrick has not. Conservancy agrees that Patrick's apparentrefusal to endorse the Principles leaves suspicion and concern, since the Principles have been endorsed by so
many other Linux copyright holders, including Conservancy.
New Compliance Issues
Harald Welte announcement of an OSS ComplianceCompany, aggregating developers
Welte: ran gpl violations
Geographic focus not limited to Germany, but could includeFrance and Spain
David Fligor/Progressive LLP: Troll lawyer searching for aproject, so far no cases filed
Sound View Innovations: new ASF software patent troll basedon Alcatel-Lucent patents
Sound View has sued Facebook
Sound View has sued LinkedIn
Sound View has sued Twitter
German FOSS Enforcement
Community Enforcers
Harald Welte/gpl-violations.org (Linux kernel, iptables)
Returning to compliance based on Barcelona FSFE Conference
Thomas Gleixner (Linux kernel code used in U-Boot)
XviD project
Christoph Hellwig (Linux kernel, this is the VMware case)
Other
Patrick McHardy (Linux kernel, iptables, iproute2)
Community Enforcement
Most cases are settled before they go to court. The agreementfor a “declaration to cease and desist" in Germany has tocontain a clause about a contractual penalty for a futureinfringement: if the defendant is caught violating GPLv2 again,then the defendant has to pay the penalty.
Harald Welte (gpl-violations.org) has used these penalties fordonations to charities like Chaos Computer Club, Wau HollandStiftung, Free Software Foundation Europe, etc. because hisfocus was on process change, compliance and communitynorms.
gpl-violations.org worked very closely together with FreeSoftware Foundation Europe to get companies to talk abouttheir problems and let them participate in the global discussionabout open source compliance and other legal issues.
German Court Procedure
- Outline
I. Preliminary Injunction Proceedings
1. General
2. Requirements
3. Standard of Proof
4. Possible Remedies
5. Procedural Aspects
6. Enforcement
II. Proceedings on the Merits
1. Overview
2. Remedies
III. Pre-Litigation Strategies
1. Offense Position
2. Defense Position
German Court Procedure
- Preliminary Injunction Proceedings
1. General
Objective: Stop infringement as soon as possible
Often most dangerous threat to infringer, since immediatelyenforceable (appeal has no suspensory effect!)
"General" time line:
Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte),2-6 weeks (with oral hearing);
Appeal hearing 2-4 months after decision in first instance
German Court Procedure
- Preliminary Injunction Proceedings
2. Requirements
Generally courts issue in cases where
Infringement is very likely
No undue delay in filing an application for PI ("UrgencyRequirement")
Plaintiff has to file the application for PI without undue delay
Up to 4 weeks usually not problematic
Up to 8 weeks usually problematic; IP owner has to show exceptionalcircumstances in determining the infringement / preparation of PIapplication
Over 8 weeks usually no PI granted!
ACT FAST!
McHardy German Litigation I
Patrick McHardy uses the same enforcement mechanism butis seeking personal monetary gain
Estimate is that McHardy has approached at least 50companies that have been hit (some companies multipletimes).
Wide variety of companies, including retailers, telcos,producers, importers
Best estimate is that he has received significant damages
Wide range of products
physical products (offline distribution)
firmware updates downloadable from a website
Over The Air (OTA) updates
McHardy German Litigation II
Tactics against companies
1. address a (minor) violation and have a company sign a ceaseand desist with contractual penalty.
2. address another (minor) violation and collect the contractualpenalty. Sign a new agreement with a higher penalty.
3. wait some time, then go back to 2
Devices usually have multiple violations of GPLv2 and he onlywill address one issue at a time to collect the contractualpenalty.
McHardy German Litigation III
McHardy's claims largely focus on:
Lack of written offer
Lack of license text in product
Inadequate terms of written offer
Lack of complete corresponding source code in repositories
EULA conflicting with GPL obligations
Written offer must come from last company selling product
More exotic
Written offer should be in German
GPL warranty disclaimers are inadequate under German law
In the past, McHardy did not do a thorough technical analysis,like a rebuild of the source code, but he has started doing so.
McHardy German Litigation IV
Two recent hearings, McHardy lost on procedural issues
Case one: court decided that application was not sufficiently“urgent” for preliminary injunction procedure
Case two: judge found that McHardy’s affidavits wereinconsistent and McHardy’s lawyer was not prepared to defendit: McHardy withdrew case
Statement by presiding judge (not required and withoutprecedential value but shows thinking):
If only a tiny bit of the programming works was contained in thelitigious product and if that tiny bit was capable of being copyrightprotected, the arguments of the defendant would not be sufficientto rebut the claim. This might indeed result in Linux not beingtradable in Germany. The industry might have to look for otherplatforms where the chain of rights can be controlled more easily
Solving the McHardy Problem and Copycats
Focus on compliance of your products going into Germany
Understand the McHardy business model
Collaborate on claims and share information
DLA Piper: Developing “Defense in a box”
Working with past litigants to provide information
Facts about McHardy
Summary of McHardy claims
Summary of McHardy arguments
References
Possibility of including actual complaints and other filings but morechallenging
Hellwig v. VMware I
VMware is alleged to be using arts of the Linux kernel in theirproprietary ESXi product, including the entire SCSI mid-layer,USB support, radix tree and many, many device drivers.
Linux is licensed under GNU GPLv2 with a modification byLinus Torvalds
VMware has modified all the code they took from the Linuxkernel and integrated them into something they call vmklinux.
VMware has modified their proprietary virtualization OS kernelvmkernel with specific API/symbol to interact with vmklinux
vmklinux and vmkernel interaction is uncertain
Hellwig v. VMware II
The court did not decide
If vmklinux and vmkernel can be regarded as a uniform work and,if so,
If the use of Hellwig's code in the vmklinux + vmkernel entityqualifies as a modification (requiring a license) or as free use.
Hellwig v. VMware III
Court required that Hellwig prove the following:
which parts of the Linux program he claims to have modified, andin what manner;
to what extent these modifications meet the criteria for adapter'scopyright pursuant to Copyright Act § 69c No. 2 clause 2 inconjunction with § 3; and
to what extent the Plaintiff pleads and where necessary provesthat the Defendant has in turn adopted (and possibly furthermodified) those adapted parts of the program that substantiate hisclaim to protection.
Hellwig failed to meet this standard. He has appealed
Hellwig v. VMware IV
Not sufficient as evidence according to the court:
Copyright notices in header files
Reference to git repository
Provision of source code and git blame files
Increased requirements for demonstrating an infringement:
Exact identification of own contributions
Conditions for copyright protection of those contributions fulfilled
Source code comparison of own contributions and the allegedlyinfringing code
It is not the job of the court to analyze the source code forelements that might originate from the plaintiff, and to judge towhat extent those elements might be protectable.
Linux at 25: Disputes on Compliance
Greg Kroah-Hartman
"I do [want companies to comply], but I don't ever think that suing them isthe right way to do it, given that we have been _very_ successful so farwithout having to do that”
“You value the GPL over Linux, and I value Linux over the GPL. You arewilling to risk Linux in order to try to validate the GPL in some manner. Iam not willing to risk Linux for anything as foolish as that.”
Linus Torvalds
“Lawsuits destroy community. They destroy trust. They would destroy allthe goodwill we've built up over the years by being nice.”
Bradley Kuhn (SFC)
“You said that you "care more about Linux than the GPL". I wouldprobably agree with that. But, I do care about software freedom generallymuch more than I care about Linux *or* the GPL. I care about Linuxbecause it's the only kernel in the world that brings software freedom tolots of users.”
Linux Foundation
Who owns the contributions in the Linux kernel
Linux kernel analysis to determine the identity of contributors toLinux kernel, software has been completed and analysis will be donethis year
Next step: identifying copyright owners
Encouraging statements by kernel.org on communitynorms for enforcement
Training programs
Core Infrastructure Initiative “Badge Program” (focusedon security but includes governance issues)
Summary for Software Distributors
More compliance actions seem likely, particularly in Germany
Develop a FOSS use (and management) policy to ensure that youunderstand your obligations and can comply with them (for anoverview of FOSS and FOSS governance seehttps://www.blackducksoftware.com/resources/webinar/introduction-open-source-software-and-licensing).
Ensure that your policy covers updates and security issues
Review your distribution agreements to ensure that they take intoaccount any terms imposed by FOSS in your product and modifythose terms as appropriate.
Global platform
24
Largest law firm in theworld with 4,200 lawyersin 31 countries and 77offices throughout theAmericas, Asia Pacific,Europe and the MiddleEast
More than 145 DLAPiper lawyers in IPtransactions
Global Open SourcePractice
More than 550 DLAPiper lawyers ranked asleaders in their fields
OSS Practice
Worldwide OSS practice group
US Practice led by two partners: Mark Radcliffe & Victoria Lee
Experience
Open sourcing Solaris operating system
FOSS foundations:
OpenStack Foundation
PrPL Foundation
OpenSocial
Open Source Initiative
GPLv3 Drafting Committee Chair (Committee D)
Drafting Project Harmony agreements
Contact Information
26
Mark F. RadcliffePartner2000 University Avenue, East PaloAlto, California, 94303-2214, UnitedStates
T +1 650 833 2266F +1 650 687 1222E [email protected]
Mark Radcliffe concentrates in strategic intellectual propertyadvice, private financing, corporate partnering, softwarelicensing, Internet licensing, cloud computing and copyright andtrademark.
He is the Chair of the Open Source Industry Group at the firmand has been advising on open source matters for over 15years. For example, he assisted Sun Microsystems in opensourcing the Solaris operating system and drafting the CDDL.And he represents or has represented other large companies intheir software licensing (and, in particular, open source matters)including eBay, Accenture, Adobe, Palm and Sony. Herepresents many software companies (including open sourcestartups) including SugarCRM, DeviceVM, RevolutionAnalytics, Funambol and Reductive Labs for intellectualproperty matters. On a pro bono basis, he serves as outsideGeneral Counsel for the Open Source Initiative and on theLegal Committee of the Apache Software Foundation. He wasthe Chair of Committee C for the Free Software Foundation inreviewing GPLv3 and was the lead drafter for Project Harmony.And in 2012, he became outside general counsel of the OpenStack Foundation and drafted their certificate of incorporationand bylaws as well as advising them on open source matters.
German Court Procedure Appendix
German Court Procedure:
- Outline
I. Preliminary Injunction Proceedings
1. General
2. Requirements
3. Standard of Proof
4. Possible Remedies
5. Procedural Aspects
6. Enforcement
II. Proceedings on the Merits
1. Overview
2. Remedies
III. Pre-Litigation Strategies
1. Offense Position
2. Defense Position
German Court Procedure
- Preliminary Injunction Proceedings
1. General
Objective: Stop infringement as soon as possible
Often most dangerous threat to infringer, since immediatelyenforceable (appeal has no suspensory effect!)
"General" time line:
Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte),2-6 weeks (with oral hearing);
Appeal hearing 2-4 months after decision in first instance
German Court Procedure
- Preliminary Injunction Proceedings
2. Requirements
Generally courts issue in cases where
Infringement is very likely
No undue delay in filing an application for PI ("UrgencyRequirement")
Plaintiff has to file the application for PI without undue delay
Up to 4 weeks usually not problematic
Up to 8 weeks usually problematic; IP owner has to show exceptionalcircumstances in determining the infringement / preparation of PIapplication
Over 8 weeks usually no PI granted!
ACT FAST!
German Court Procedure
- Preliminary Injunction Proceedings
3. Standard of Proof
Applicant has to provide proof of infringement
Not complete evidence, but prima facie evidence is sufficient
Possible means of proof:
Documents, sworn affidavits, present witnesses (only in case oforal hearing)
4. Possible Remedies
Cease-and-desist
Disclosure of information (for obvious infringements)
Seizure of infringing goods (with bailiff)
Not possible: Damages, Destruction
German Court Procedure
- Preliminary Injunction Proceedings
5. Procedural Aspects
Ex parte injunction
Court order has to be served within one month after issuing (or itwill become unenforceable!)
Injunction after oral hearing
Immediately enforceable judgment, no serving necessary
6. Enforcement
In case of violation:
Administrative fine of up to EUR 250,000 possible
Fine for "first violation" usually around EUR 5,000 to 20,000
Imprisonment of CEO of up to 6 months (very unusual)
German Court Procedure
- Proceedings on the Merits
1. Overview
Opposed to PI proceedings:
Also final decisions possible (awarding of damages, destruction,recall,…)
Full evidence necessary
Duration: usually 10-18 months until decision in first instance
Expert testimony
Parties can submit written expert opinions on specific issues (regardingmatch of copyrights works, consumer survey, etc.)
Court may appoint neutral expert "advisor" of court
Witness testimony
Parties can name witness(es) to prove a statement of fact
No "US style" cross examination
German Court Procedure
- Proceedings on the Merits
2. Remedies
a) Cease and Desist
Can also be granted before first violation (pre-emptive)
b) Information / Rendering of Accounts
To prepare damage claims and identify additional infringers(upstream / downstream)
c) Damages
No punitive damages
d) Destruction
Principal of proportionality
German Court Procedure
- Proceedings on the Merits
e) Product Recall
Only goods still in the possession of infringer
But: Obligation to address customers re return
Principle of proportionality
f) Publication of Court Decisions
The ruling will determine the medium (internet, newspaper,…)
Legitimate interest (e.g. to inform consumers about dangerousproducts)
Principle of proportionality
German Court Procedure
- Pre-Litigation Strategy
I. Offense Position
1. Warning Letter
Request to
Cease and desist from the infringement
Rendering of accounts
Recognize the IP owner's entitlement to damages (incl. costs)
Main purposes:
Achieve out-of-court solution
Avoiding cost risk associated with immediate acknowledgment
No obligation to send a warning letter
Risk of "warning" infringer to take precautions (esp. protective writor distribution of products)
German Court Procedure
- Pre-Litigation Strategy
2. Gathering evidence
Factual preparation of infringement case
Test purchase
Pre-Trial "Discovery"?
No discovery in Germany!
But: Inspection Claim
Possibility to inspect allegedly infringing goods,at premises of infringer
And: Criminal Proceedings
IP infringements may constitute criminal acts
Products seized by state prosecution authorities can be inspectedby infringed party to gather evidence for civil proceedings
German Court Procedure
- Pre-Litigation Strategy
II. Defense Position
1. Protective Writ ("PW")
Anticipatory statement of defense againstexpected application of preliminary injunction ("PI")
Purposes:
1st best case: Dismissal of PI application
2nd best case: Scheduling of oral hearing
Usually, PI can be granted ex parte if judge is convinced
Protective writ intended to raise reasonable doubts
Risk: Arguments presented in protective writ might makeclaim coherent
German Court Procedure
- Pre-Litigation Strategy
2. Preparations for possible PI:
Check affected products and estimated sales / distribution
Preparations for alternative distribution channels / distributionthrough other countries
Prepare work around / design around for affected products