Open Source Licensing Fundamentals for Financial Services

November 8, 2018Andrew J. Hall

© 2015-present Hall Law. All rights reserved. This presentation may be reproduced and distributed under theterms of the Creative Commons Attribution-NoDerivatives 4.0 (CC BY-ND 4.0) International license published at:https://creativecommons.org/licenses/by-nd/4.0/legalcode.txt

www.thehalllaw.com

Presentation Overview

› What is open-source software?

› Categories of OSS licenses

› OSS license enforcement

› Commercial open-source licensing strategies (making money by giving it away)

Free and Open-Source Software

Free & Open-Source Software Definitions

› Free Software Foundation (fsf.org | gnu.org)

› “Free Software” | the “Four Freedoms”

› Roughly, the license must grant recipients the freedom to run,copy, distribute, and modify the software.

› Open Source Initiative (opensource.org)

› “Open Source” | 10 license criteria

› Roughly, the license must be royalty-free, cover source code,permit copying and distribution, and cannot discriminate againstpersons, groups, uses, or technologies.

Common use of “open source” in software community

“Open source” is often used more generally to refer to any software that is licensed:

1. to the public;

2. in source code form; and

3. under a standard (non-negotiable) royalty-free license.

Perhaps more accurately referred to as “public source” licensing

Common OSS License Requirements

1. Provide OSS recipients with certain OSS notices such as the text of the OS license,notice of OSS use, author attributions, warranty disclaimers, descriptions ofmodifications, or offers for source code.

2. Provide OSS recipients with the “corresponding source code” and other supportingmaterials for OSS distributed in non-source form (binary, bytecode, et cetera).

3. Grant outbound IP licenses covering OSS or derivatives or impose IP enforcementpenalties (such as OSS license termination) for asserting IP against the OSS orcontributors.

4. Grant OSS recipients certain additional use and development rights such as the right toreplace or reverse engineer the OS software or to “crack” any anti-circumventionprotection limiting access to the OS software.

Distinguishing OSS licenses from typical commercial software licensesopen-source Licensing Commercial Software Licensing

Software from many different licensors is licensed to the general public under standard, non-negotiable licenses.

Licensing terms are often negotiable and vary by provider, customer, purchased products and services, and intended use.

Software is delivered in source form and licensed for source or binary use.

Software is typically delivered in binary form and licensed only for binary use.

Licenses generally permit modification, subject to varying obligations and restrictions.

Licenses typically include prohibitions on reverse-engineering and modification of the software.

Licenses generally permit royalty-free redistribution of the software, subject to varying obligations and restrictions.

Licenses typically prohibit or impose royalty fees on redistribution of the licensed software.

Licenses generally include explicit disclaimers of warranty and liability for downstream use of the software.

License may include warranties andindemnification from the licensor.

Ownership interests in the software are often distributed among many contributors.

Ownership interest in the software is typically consolidated in a single entity.

Categories of OSS Licenses

What is Copyleft?

› Copyleft (aka viral, hereditary, reciprocal) licenses require thatcertain software combined with the copyleft software belicensed in source code form under the terms of the samecopyleft license

› The software subject to the license’s copyleft (or “tainting”)requirements varies by license but are often categorizedgenerally as either “strong” or “weak” copyleft.

License Categories and Features

› open-source licenses are often categorized by the scope of their copyleft (or “tainting”) effect:

▪ Strong-copyleft

▪Weak-copyleft (aka “file-level” copyleft)

▪ Permissive (aka “attribution,” “academic”)

› Licenses may also be distinguished by unique restrictions and requirements:

▪GNU

▪ Prohibitive/restricted

▪Network

Strong-Copyleft Licenses

› Copyleft requirements can extend to derivative works of

the OS software which may include certain software

combined with the OS software.

› Which software combinations create derivative works is

debated within legal and software communities and not

clearly delineated under U.S. statutes and case law.

› Examples: ▪ General Public License (GPL)

▪ Affero General Public License (AGPL)

▪ Creative Commons Share-Alike Licenses (CC *-SA-*)

Weak-Copyleft Licenses

› require modifications or enhancements to the weak-copyleft

OSS to be licensed under the terms of the same weak-copyleft

license.

› Whether combined software is considered a “modification” or

“enhancement” usually depends on how the combined software

and open-source software are combined (e.g., separate processes,

linked runtime library, direct source code combination).

› Examples: • Mozilla Public License (MPL)• Eclipse Public License (EPL)• Common Public License (CPL)• Common Development and Distribution License (CDDL)

Permissive Licenses

› Permissive open-source licenses do not have a copyleft

effect, regardless of how the open-source software is

modified or combined with other software

› Sometimes referred to as “attribution” or “academic” licenses.

› Examples: ▪BSD▪MIT▪Apache▪Boost

GNU licenses

› Examples of GNU licenses:

▪ Library/Lesser General Public License (LGPL): weak-copyleft

▪ General Public License (GPL): strong-copyleft

▪ Affero General Public License (AGPL): network strong-copyleft

› Unique user/licensee-focused requirements

▪ Enabling recipients to replace the GNU software included or embedded within products

▪ Permitting reverse engineering or cracking anti-circumvention protections limiting access to the OS software.

Restricted/Prohibitive Licenses

› Restricted/Prohibitive licenses forbid specific uses of the

open-source software

› Examples:

▪ Creative Commons Non-Commercial licenses (CC *-NC-*) prohibits commercialuse

▪ Oracle Binary Code License Agreement prohibits modification or use on dedicatedhardware.

▪ Microsoft Limited Public License (MS-LPL) prohibits use on non-Windowsplatforms (e.g., Linux, Mac open-source).

▪ The JSON license prohibits using the software for evil.

Network Licenses

› Unlike many other open-source licenses, the requirements of

network licenses are triggered by either distribution or certain

hosted uses of the OSS (e.g., SaaS deployments).

› Examples of network copyleft licenses:

▪ GNU Affero General Public License (AGPL)

▪ Creative Commons Share-Alike Licenses (CC *-SA-*)

▪ Open Software License (OSL)

Open-Source License Enforcement

Community OS License Enforcement

› Enforcement primarily driven by the open-source community and OSinterest groups such as the Software Freedom Law Center, SoftwareFreedom Conservancy, Free Software Foundation, and GPL-Violations.org.

› OS software licensed under the General Public License (GPL) hastypically been the focus of enforcement efforts

› Defendants that have settled or lost lawsuits include Cisco, Best Buy,D-Link, Samsung, Skype, TomTom, Westinghouse, Verizon, and JVC.

› Plaintiffs have been successful in U.S., Germany, and France.

Private OS License enforcement

> Dual Licensors: Licensor releases source code under a “dual-licensing”model (licensees select either the OS license or fee-based commerciallicense). Licensors often police and pursue allegedly non-compliantuse of the dual-licensed software.

> Open Trolling: individual copyright holders release software underonly an OS license, police non-compliant use, and offer commerciallicenses to non-compliant users and distributors.

> B2B Software Licensing Disputes: OS license obligations or OS licensenon-compliance relied upon for affirmative defenses, counterclaims,or leverage in commercial software disputes.

19

Commercial Open-Source Licensing Strategies

Common Open-Source Business Strategies

OS business models generally rely upon one or more of thefollowing strategies:

1. Dual-licensing proprietary company software;

2. Providing commercial or enterprise versions orextensions to open-source software or platforms;

3. Offering maintenance, support, consulting or otherservices related to or in support of open-source software

4. Closed-source distributions of open-source softwareincluding proprietary modifications or combinations withproprietary or other open-source software.

1. Dual Licensing

Company offers software for use under either an OS license or apaid commercial license. The OS license often prohibits or limitscommercial use of the OS software. Licensees wishing to avoid suchrestrictions can purchase a commercial license. Commercial licensesmay additionally or alternatively:

▪ provide access to company services (support, maintenance,customization)

▪ include warranties or indemnification not available under the open-source license;

▪ provide early access to updated versions of the software; or

▪ serve to resolve company infringement claims.

› Examples: MySQL, Java EE/SE, MongoDB, Qt

2a. Open Core

› Open Core (Freemium): Company offers a version of its product

under an open-source license while offering enhanced versions (aka

an “enterprise” version) of the software under a commercial license.

› Examples: Sendmail, Java EE/SE, Sourcefire Snort, Qt

2b. Open Platform

› Open Platform: Company releases a software platform under an

open-source license and offers proprietary plug-ins, extensions,

applications, or content through the platform under commercial

licensing terms.

› Examples: Android, Eclipse, Wordpress

3. Providing Related Services

› Company offers services related to OS software that may or

may not be owned by the company.

› Related services can include training, customization,

implementation, maintenance, hosting (SaaS, PaaS, IaaS),

certification, support, or compiling, building, or packaging

services.

› Examples: Red Hat, AWS, MongoDB, IBM, Oracle, and Microsoft.

4. Closed-Source Open Source

› Company releases commercial (closed-source) versions of open-

source originally licensed under a permissive license (e.g.,

Apache 2.0) or offers commercial plugins or extensions to an

open-source project or platform. The distributions are often

specialized for a particular industry or use case.

› Examples: Cloudera, Hortonworks, MapR and AWS (offering

virtual server space incorporating numerous open-source

projects).

Questions, Comments, Thoughts?

Contact:Andrew J. Hallahall thehalllaw.comwww.thehalllaw.com

© 2015-present Hall Law. All rights reserved. This presentation may be reproduced and distributed under theterms of the Creative Commons Attribution-NoDerivatives 4.0 (CC BY-ND 4.0) International license published at:https://creativecommons.org/licenses/by-nd/4.0/legalcode.txt