Enforcement of Open Source Licenses in Germany

Mark Radcliffe, Partner, DLA Piper, Silicon Valley
Enforcement of Open Source Licenses
PLI
December 21, 2016
*This presentation is offered for informational purposes only, and the content should not be construed as legal advice on any matter.

FOSS Compliance: New Players
 Traditional FOSS Enforcement: Focus on Compliance
 Software Freedom Law Center
 Software Freedom Conservancy (“SFC”)
 gplviolations
 Shift to Commercial Licensors
 Continuent v. Tekelec (GPL)
 Versata Series of Cases
 New Enforcers
 McHardy, copyright troll
 Fligor: looking for clients
 Major Difference in Goals
 Shift from compliance to revenue
 Focus on injunctive relief
 Expansion of Traditional FOSS Enforcement
 SFC assists in VMware litigation

Existing Compliance Issues
 VMware litigation (SFC)
 McHardy litigation
 First copyright troll
 Versata: focus on hybrid product licensing
 Will terminated licensees regularly raise the defense of
“integration” with GPLv2 licensed code?
 Will warranty claims against licensors arise from poorly drafted
licenses become common?

Netfilter Project Suspends McHardy
 The netfilter project regrets to have to suspend its core team member Patrick
McHardy from the core team. This is a grave step, definitely the first in the
projects history, and it is not one we take lightly. Over many months, severe
allegations have been brought forward against the style of his license
enforcement activities on parts of the netfilter software he wrote. With
respect to privacy, we will not publicly disclose the content of those
allegations.
 Despite many attempts by us to reach him, Patrick has been unable or
unwilling to comment on those allegations or defend against the allegations.
The netfilter project does not have first-hand evidence. But given
the consistent allegations from various trusted sources, and in the absence
of any response from Patrick, we feel it is necessary to suspend him until
further notice.
 We'd like to stress that we do not take any sides, and did not "convict"
Patrick of anything. He continues to be welcome in the project as soon as he
is be able to address the allegations and/or co-sign the "principles" [1] in
terms of any future enforcement activities.

SFC Criticizes GPL Monetizers
 These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor
violations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy,
FSF and gpl-violations.org have done for years.
 Most notably, a Linux developer named Patrick McHardy continues ongoing GPL enforcement actions but has not
endorsed the community Principles. When Patrick began his efforts, Conservancy immediately reached out to him.
After a promising initial discussion (even contemplating partnership and Patrick joining our coalition) in mid-2014,
Patrick ceased answering our emails and text messages, and never cooperated with us. Conservancy has had no
contact with Patrick nor his attorney since, other than a somewhat cryptic and off-topic response we received over a
year ago. In the last two years, we've heard repeated rumors about Patrick's enforcement activity, as well as some
reliable claims by GPL violators that Patrick failed to follow the Principles.
 In one of the many attempts we made to contact Patrick, we urged him to join us in co-drafting the Principles, and
then invited him to endorse them after their publication. Neither communication received a response. We informed
him that we felt the need to make this public statement, and gave him almost three months to respond. He still has
not responded.
 Patrick's enforcement occurs primarily in Germany. We know well the difficulties of working transparently in that
particular legal system, but both gpl-violations.org and Conservancy have done transparent enforcement in that
jurisdiction and others. Yet, Patrick's actions are not transparent.
 In private and semi-private communications, many have criticized Patrick for his enforcement actions. Patrick
McHardy has also been suspended from work on the Netfilter core team. While the Netfilter team itself publicly
endorsed Conservancy's principles of enforcement, Patrick has not. Conservancy agrees that Patrick's apparent
refusal to endorse the Principles leaves suspicion and concern, since the Principles have been endorsed by so
many other Linux copyright holders, including Conservancy.

New Compliance Issues
 Harald Welte announcement of an OSS Compliance
Company, aggregating developers
 Welte: ran gpl violations
 Geographic focus not limited to Germany, but could include
France and Spain
 David Fligor/Progressive LLP: Troll lawyer searching for a
project, so far no cases filed
 Sound View Innovations: new ASF software patent troll based
on Alcatel-Lucent patents
 Sound View has sued Facebook
 Sound View has sued LinkedIn
 Sound View has sued Twitter

German FOSS Enforcement
 Community Enforcers
 Harald Welte/gpl-violations.org (Linux kernel, iptables)
 Returning to compliance based on Barcelona FSFE Conference
 Thomas Gleixner (Linux kernel code used in U-Boot)
 XviD project
 Christoph Hellwig (Linux kernel, this is the VMware case)
 Other
 Patrick McHardy (Linux kernel, iptables, iproute2)

Community Enforcement
 Most cases are settled before they go to court. The agreement
for a “declaration to cease and desist" in Germany has to
contain a clause about a contractual penalty for a future
infringement: if the defendant is caught violating GPLv2 again,
then the defendant has to pay the penalty.
 Harald Welte (gpl-violations.org) has used these penalties for
donations to charities like Chaos Computer Club, Wau Holland
Stiftung, Free Software Foundation Europe, etc. because his
focus was on process change, compliance and community
norms.
 gpl-violations.org worked very closely together with Free
Software Foundation Europe to get companies to talk about
their problems and let them participate in the global discussion
about open source compliance and other legal issues.

German Court Procedure
- Outline
I. Preliminary Injunction Proceedings
1. General
2. Requirements
3. Standard of Proof
4. Possible Remedies
5. Procedural Aspects
6. Enforcement
II. Proceedings on the Merits
1. Overview
2. Remedies
III. Pre-Litigation Strategies
1. Offense Position
2. Defense Position

- Preliminary Injunction Proceedings
1. General
 Objective: Stop infringement as soon as possible
 Often most dangerous threat to infringer, since immediately
enforceable (appeal has no suspensory effect!)
 "General" time line:
 Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte),
2-6 weeks (with oral hearing);
 Appeal hearing 2-4 months after decision in first instance

2. Requirements
 Generally courts issue in cases where
 Infringement is very likely
 No undue delay in filing an application for PI ("Urgency
Requirement")
 Plaintiff has to file the application for PI without undue delay
 Up to 4 weeks usually not problematic
 Up to 8 weeks usually problematic; IP owner has to show exceptional
circumstances in determining the infringement / preparation of PI
application
 Over 8 weeks usually no PI granted!
  ACT FAST!

McHardy German Litigation I
 Patrick McHardy uses the same enforcement mechanism but
is seeking personal monetary gain
 Estimate is that McHardy has approached at least 50
companies that have been hit (some companies multiple
times).
 Wide variety of companies, including retailers, telcos,
producers, importers
 Best estimate is that he has received significant damages
 Wide range of products
 physical products (offline distribution)
 firmware updates downloadable from a website
 Over The Air (OTA) updates

McHardy German Litigation II
 Tactics against companies
 1. address a (minor) violation and have a company sign a cease
and desist with contractual penalty.
 2. address another (minor) violation and collect the contractual
penalty. Sign a new agreement with a higher penalty.
 3. wait some time, then go back to 2
 Devices usually have multiple violations of GPLv2 and he only
will address one issue at a time to collect the contractual
penalty.

McHardy German Litigation III
 McHardy's claims largely focus on:
 Lack of written offer
 Lack of license text in product
 Inadequate terms of written offer
 Lack of complete corresponding source code in repositories
 EULA conflicting with GPL obligations
 Written offer must come from last company selling product
 More exotic
 Written offer should be in German
 GPL warranty disclaimers are inadequate under German law
 In the past, McHardy did not do a thorough technical analysis,
like a rebuild of the source code, but he has started doing so.

McHardy German Litigation IV
 Two recent hearings, McHardy lost on procedural issues
 Case one: court decided that application was not sufficiently
“urgent” for preliminary injunction procedure
 Case two: judge found that McHardy’s affidavits were
inconsistent and McHardy’s lawyer was not prepared to defend
it: McHardy withdrew case
 Statement by presiding judge (not required and without
precedential value but shows thinking):
 If only a tiny bit of the programming works was contained in the
litigious product and if that tiny bit was capable of being copyright
protected, the arguments of the defendant would not be sufficient
to rebut the claim. This might indeed result in Linux not being
tradable in Germany. The industry might have to look for other
platforms where the chain of rights can be controlled more easily

Solving the McHardy Problem and Copycats
 Focus on compliance of your products going into Germany
 Understand the McHardy business model
 Collaborate on claims and share information
 DLA Piper: Developing “Defense in a box”
 Working with past litigants to provide information
 Facts about McHardy
 Summary of McHardy claims
 Summary of McHardy arguments
 References
 Possibility of including actual complaints and other filings but more
challenging

Hellwig v. VMware I
 VMware is alleged to be using arts of the Linux kernel in their
proprietary ESXi product, including the entire SCSI mid-layer,
USB support, radix tree and many, many device drivers.
 Linux is licensed under GNU GPLv2 with a modification by
Linus Torvalds
 VMware has modified all the code they took from the Linux
kernel and integrated them into something they call vmklinux.
 VMware has modified their proprietary virtualization OS kernel
vmkernel with specific API/symbol to interact with vmklinux
 vmklinux and vmkernel interaction is uncertain

Hellwig v. VMware II
 The court did not decide
 If vmklinux and vmkernel can be regarded as a uniform work and,
if so,
 If the use of Hellwig's code in the vmklinux + vmkernel entity
qualifies as a modification (requiring a license) or as free use.

Hellwig v. VMware III
 Court required that Hellwig prove the following:
 which parts of the Linux program he claims to have modified, and
in what manner;
 to what extent these modifications meet the criteria for adapter's
copyright pursuant to Copyright Act § 69c No. 2 clause 2 in
conjunction with § 3; and
 to what extent the Plaintiff pleads and where necessary proves
that the Defendant has in turn adopted (and possibly further
modified) those adapted parts of the program that substantiate his
claim to protection.
 Hellwig failed to meet this standard. He has appealed

Hellwig v. VMware IV
 Not sufficient as evidence according to the court:
 Copyright notices in header files
 Reference to git repository
 Provision of source code and git blame files
 Increased requirements for demonstrating an infringement:
 Exact identification of own contributions
 Conditions for copyright protection of those contributions fulfilled
 Source code comparison of own contributions and the allegedly
infringing code
 It is not the job of the court to analyze the source code for
elements that might originate from the plaintiff, and to judge to
what extent those elements might be protectable.

Linux at 25: Disputes on Compliance
 Greg Kroah-Hartman
 "I do [want companies to comply], but I don't ever think that suing them is
the right way to do it, given that we have been _very_ successful so far
without having to do that”
 “You value the GPL over Linux, and I value Linux over the GPL. You are
willing to risk Linux in order to try to validate the GPL in some manner. I
am not willing to risk Linux for anything as foolish as that.”
 Linus Torvalds
 “Lawsuits destroy community. They destroy trust. They would destroy all
the goodwill we've built up over the years by being nice.”
 Bradley Kuhn (SFC)
 “You said that you "care more about Linux than the GPL". I would
probably agree with that. But, I do care about software freedom generally
much more than I care about Linux *or* the GPL. I care about Linux
because it's the only kernel in the world that brings software freedom to
lots of users.”

Linux Foundation
 Who owns the contributions in the Linux kernel
 Linux kernel analysis to determine the identity of contributors to
Linux kernel, software has been completed and analysis will be done
this year
 Next step: identifying copyright owners
 Encouraging statements by kernel.org on community
norms for enforcement
 Training programs
 Core Infrastructure Initiative “Badge Program” (focused
on security but includes governance issues)

Summary for Software Distributors
More compliance actions seem likely, particularly in Germany
Develop a FOSS use (and management) policy to ensure that you
understand your obligations and can comply with them (for an
overview of FOSS and FOSS governance see
https://www.blackducksoftware.com/resources/webinar/introduct
ion-open-source-software-and-licensing).
Ensure that your policy covers updates and security issues
Review your distribution agreements to ensure that they take into
account any terms imposed by FOSS in your product and modify
those terms as appropriate.

Global platform
24
 Largest law firm in the
world with 4,200 lawyers
in 31 countries and 77
offices throughout the
Americas, Asia Pacific,
Europe and the Middle
East
 More than 145 DLA
Piper lawyers in IP
transactions
 Global Open Source
Practice
 More than 550 DLA
Piper lawyers ranked as
leaders in their fields

OSS Practice
 Worldwide OSS practice group
 US Practice led by two partners: Mark Radcliffe & Victoria Lee
 Experience
 Open sourcing Solaris operating system
 FOSS foundations:
 OpenStack Foundation
 PrPL Foundation
 OpenSocial
 Open Source Initiative
 GPLv3 Drafting Committee Chair (Committee D)
 Drafting Project Harmony agreements

Contact Information
26
Mark F. Radcliffe
Partner
2000 University Avenue, East Palo
Alto, California, 94303-2214, United
States
T +1 650 833 2266
F +1 650 687 1222
E mark.radcliffe@dlapiper.com
Mark Radcliffe concentrates in strategic intellectual property
advice, private financing, corporate partnering, software
licensing, Internet licensing, cloud computing and copyright and
trademark.
He is the Chair of the Open Source Industry Group at the firm
and has been advising on open source matters for over 15
years. For example, he assisted Sun Microsystems in open
sourcing the Solaris operating system and drafting the CDDL.
And he represents or has represented other large companies in
their software licensing (and, in particular, open source matters)
including eBay, Accenture, Adobe, Palm and Sony. He
represents many software companies (including open source
startups) including SugarCRM, DeviceVM, Revolution
Analytics, Funambol and Reductive Labs for intellectual
property matters. On a pro bono basis, he serves as outside
General Counsel for the Open Source Initiative and on the
Legal Committee of the Apache Software Foundation. He was
the Chair of Committee C for the Free Software Foundation in
reviewing GPLv3 and was the lead drafter for Project Harmony.
And in 2012, he became outside general counsel of the Open
Stack Foundation and drafted their certificate of incorporation
and bylaws as well as advising them on open source matters.

German Court Procedure Appendix

German Court Procedure:
- Outline
I. Preliminary Injunction Proceedings
1. General
2. Requirements
6. Enforcement
II. Proceedings on the Merits
1. Overview
2. Remedies
III. Pre-Litigation Strategies
1. Offense Position
2. Defense Position

 Applicant has to provide proof of infringement
 Not complete evidence, but prima facie evidence is sufficient
 Possible means of proof:
 Documents, sworn affidavits, present witnesses (only in case of
oral hearing)
 Cease-and-desist
 Disclosure of information (for obvious infringements)
 Seizure of infringing goods (with bailiff)
 Not possible: Damages, Destruction

 Ex parte injunction
 Court order has to be served within one month after issuing (or it
will become unenforceable!)
 Injunction after oral hearing
 Immediately enforceable judgment, no serving necessary
6. Enforcement
 In case of violation:
 Administrative fine of up to EUR 250,000 possible
 Fine for "first violation" usually around EUR 5,000 to 20,000
 Imprisonment of CEO of up to 6 months (very unusual)

- Proceedings on the Merits
1. Overview
 Opposed to PI proceedings:
 Also final decisions possible (awarding of damages, destruction,
recall,…)
 Full evidence necessary
 Duration: usually 10-18 months until decision in first instance
 Expert testimony
 Parties can submit written expert opinions on specific issues (regarding
match of copyrights works, consumer survey, etc.)
 Court may appoint neutral expert  "advisor" of court
 Witness testimony
 Parties can name witness(es) to prove a statement of fact
 No "US style" cross examination

2. Remedies
a) Cease and Desist
 Can also be granted before first violation (pre-emptive)
b) Information / Rendering of Accounts
 To prepare damage claims and identify additional infringers
(upstream / downstream)
c) Damages
 No punitive damages
d) Destruction
 Principal of proportionality

e) Product Recall
 Only goods still in the possession of infringer
 But: Obligation to address customers re return
 Principle of proportionality
f) Publication of Court Decisions
 The ruling will determine the medium (internet, newspaper,…)
 Legitimate interest (e.g. to inform consumers about dangerous
products)
 Principle of proportionality

- Pre-Litigation Strategy
I. Offense Position
1. Warning Letter
 Request to
 Cease and desist from the infringement
 Rendering of accounts
 Recognize the IP owner's entitlement to damages (incl. costs)
 Main purposes:
 Achieve out-of-court solution
 Avoiding cost risk associated with immediate acknowledgment
 No obligation to send a warning letter
 Risk of "warning" infringer to take precautions (esp. protective writ
or distribution of products)

2. Gathering evidence
 Factual preparation of infringement case
 Test purchase
 Pre-Trial "Discovery"?
 No discovery in Germany!
 But: Inspection Claim
 Possibility to inspect allegedly infringing goods,
at premises of infringer
 And: Criminal Proceedings
 IP infringements may constitute criminal acts
 Products seized by state prosecution authorities can be inspected
by infringed party to gather evidence for civil proceedings

II. Defense Position
1. Protective Writ ("PW")
 Anticipatory statement of defense against
expected application of preliminary injunction ("PI")
 Purposes:
 1st best case: Dismissal of PI application
 2nd best case: Scheduling of oral hearing
 Usually, PI can be granted ex parte if judge is convinced
 Protective writ intended to raise reasonable doubts
 Risk: Arguments presented in protective writ might make
claim coherent

2. Preparations for possible PI:
 Check affected products and estimated sales / distribution
 Preparations for alternative distribution channels / distribution
through other countries
 Prepare work around / design around for affected products

Enforcement of Open Source Licenses in Germany

Recommended

Recommended

More Related Content

Similar to Enforcement of Open Source Licenses in Germany

Similar to Enforcement of Open Source Licenses in Germany (20)

More from Mark Radcliffe

More from Mark Radcliffe (18)

Recently uploaded

Recently uploaded (20)

Enforcement of Open Source Licenses in Germany