Advertisement

Free and Open Source Software Litigation in 2016

Experienced Corporate and IP Transaction Lawyer
Jan. 4, 2017
Advertisement

More Related Content

Similar to Free and Open Source Software Litigation in 2016 (20)

Advertisement

Free and Open Source Software Litigation in 2016

  1. Mark Radcliffe, Partner, DLA Piper, Silicon Valley Enforcement of Open Source Licenses PLI December 21, 2016 *This presentation is offered for informational purposes only, and the content should not be construed as legal advice on any matter.
  2. FOSS Compliance: New Players  Traditional FOSS Enforcement: Focus on Compliance  Software Freedom Law Center  Software Freedom Conservancy (“SFC”)  gplviolations  Shift to Commercial Licensors  Continuent v. Tekelec (GPL)  Versata Series of Cases  New Enforcers  McHardy, copyright troll  Fligor: looking for clients  Major Difference in Goals  Shift from compliance to revenue  Focus on injunctive relief  Expansion of Traditional FOSS Enforcement  SFC assists in VMware litigation
  3. Existing Compliance Issues  VMware litigation (SFC)  McHardy litigation  First copyright troll  Versata: focus on hybrid product licensing  Will terminated licensees regularly raise the defense of “integration” with GPLv2 licensed code?  Will warranty claims against licensors arise from poorly drafted licenses become common?
  4. Netfilter Project Suspends McHardy  The netfilter project regrets to have to suspend its core team member Patrick McHardy from the core team. This is a grave step, definitely the first in the projects history, and it is not one we take lightly. Over many months, severe allegations have been brought forward against the style of his license enforcement activities on parts of the netfilter software he wrote. With respect to privacy, we will not publicly disclose the content of those allegations.  Despite many attempts by us to reach him, Patrick has been unable or unwilling to comment on those allegations or defend against the allegations. The netfilter project does not have first-hand evidence. But given the consistent allegations from various trusted sources, and in the absence of any response from Patrick, we feel it is necessary to suspend him until further notice.  We'd like to stress that we do not take any sides, and did not "convict" Patrick of anything. He continues to be welcome in the project as soon as he is be able to address the allegations and/or co-sign the "principles" [1] in terms of any future enforcement activities.
  5. SFC Criticizes GPL Monetizers  These “GPL monetizers”, who trace their roots to nefarious business models that seek to catch users in minor violations in order to sell an alternative proprietary license, stand in stark contrast to the work that Conservancy, FSF and gpl-violations.org have done for years.  Most notably, a Linux developer named Patrick McHardy continues ongoing GPL enforcement actions but has not endorsed the community Principles. When Patrick began his efforts, Conservancy immediately reached out to him. After a promising initial discussion (even contemplating partnership and Patrick joining our coalition) in mid-2014, Patrick ceased answering our emails and text messages, and never cooperated with us. Conservancy has had no contact with Patrick nor his attorney since, other than a somewhat cryptic and off-topic response we received over a year ago. In the last two years, we've heard repeated rumors about Patrick's enforcement activity, as well as some reliable claims by GPL violators that Patrick failed to follow the Principles.  In one of the many attempts we made to contact Patrick, we urged him to join us in co-drafting the Principles, and then invited him to endorse them after their publication. Neither communication received a response. We informed him that we felt the need to make this public statement, and gave him almost three months to respond. He still has not responded.  Patrick's enforcement occurs primarily in Germany. We know well the difficulties of working transparently in that particular legal system, but both gpl-violations.org and Conservancy have done transparent enforcement in that jurisdiction and others. Yet, Patrick's actions are not transparent.  In private and semi-private communications, many have criticized Patrick for his enforcement actions. Patrick McHardy has also been suspended from work on the Netfilter core team. While the Netfilter team itself publicly endorsed Conservancy's principles of enforcement, Patrick has not. Conservancy agrees that Patrick's apparent refusal to endorse the Principles leaves suspicion and concern, since the Principles have been endorsed by so many other Linux copyright holders, including Conservancy.
  6. New Compliance Issues  Harald Welte announcement of an OSS Compliance Company, aggregating developers  Welte: ran gpl violations  Geographic focus not limited to Germany, but could include France and Spain  David Fligor/Progressive LLP: Troll lawyer searching for a project, so far no cases filed  Sound View Innovations: new ASF software patent troll based on Alcatel-Lucent patents  Sound View has sued Facebook  Sound View has sued LinkedIn  Sound View has sued Twitter
  7. German FOSS Enforcement  Community Enforcers  Harald Welte/gpl-violations.org (Linux kernel, iptables)  Returning to compliance based on Barcelona FSFE Conference  Thomas Gleixner (Linux kernel code used in U-Boot)  XviD project  Christoph Hellwig (Linux kernel, this is the VMware case)  Other  Patrick McHardy (Linux kernel, iptables, iproute2)
  8. Community Enforcement  Most cases are settled before they go to court. The agreement for a “declaration to cease and desist" in Germany has to contain a clause about a contractual penalty for a future infringement: if the defendant is caught violating GPLv2 again, then the defendant has to pay the penalty.  Harald Welte (gpl-violations.org) has used these penalties for donations to charities like Chaos Computer Club, Wau Holland Stiftung, Free Software Foundation Europe, etc. because his focus was on process change, compliance and community norms.  gpl-violations.org worked very closely together with Free Software Foundation Europe to get companies to talk about their problems and let them participate in the global discussion about open source compliance and other legal issues.
  9. German Court Procedure - Outline I. Preliminary Injunction Proceedings 1. General 2. Requirements 3. Standard of Proof 4. Possible Remedies 5. Procedural Aspects 6. Enforcement II. Proceedings on the Merits 1. Overview 2. Remedies III. Pre-Litigation Strategies 1. Offense Position 2. Defense Position
  10. German Court Procedure - Preliminary Injunction Proceedings 1. General  Objective: Stop infringement as soon as possible  Often most dangerous threat to infringer, since immediately enforceable (appeal has no suspensory effect!)  "General" time line:  Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte), 2-6 weeks (with oral hearing);  Appeal hearing 2-4 months after decision in first instance
  11. German Court Procedure - Preliminary Injunction Proceedings 2. Requirements  Generally courts issue in cases where  Infringement is very likely  No undue delay in filing an application for PI ("Urgency Requirement")  Plaintiff has to file the application for PI without undue delay  Up to 4 weeks usually not problematic  Up to 8 weeks usually problematic; IP owner has to show exceptional circumstances in determining the infringement / preparation of PI application  Over 8 weeks usually no PI granted!   ACT FAST!
  12. McHardy German Litigation I  Patrick McHardy uses the same enforcement mechanism but is seeking personal monetary gain  Estimate is that McHardy has approached at least 50 companies that have been hit (some companies multiple times).  Wide variety of companies, including retailers, telcos, producers, importers  Best estimate is that he has received significant damages  Wide range of products  physical products (offline distribution)  firmware updates downloadable from a website  Over The Air (OTA) updates
  13. McHardy German Litigation II  Tactics against companies  1. address a (minor) violation and have a company sign a cease and desist with contractual penalty.  2. address another (minor) violation and collect the contractual penalty. Sign a new agreement with a higher penalty.  3. wait some time, then go back to 2  Devices usually have multiple violations of GPLv2 and he only will address one issue at a time to collect the contractual penalty.
  14. McHardy German Litigation III  McHardy's claims largely focus on:  Lack of written offer  Lack of license text in product  Inadequate terms of written offer  Lack of complete corresponding source code in repositories  EULA conflicting with GPL obligations  Written offer must come from last company selling product  More exotic  Written offer should be in German  GPL warranty disclaimers are inadequate under German law  In the past, McHardy did not do a thorough technical analysis, like a rebuild of the source code, but he has started doing so.
  15. McHardy German Litigation IV  Two recent hearings, McHardy lost on procedural issues  Case one: court decided that application was not sufficiently “urgent” for preliminary injunction procedure  Case two: judge found that McHardy’s affidavits were inconsistent and McHardy’s lawyer was not prepared to defend it: McHardy withdrew case  Statement by presiding judge (not required and without precedential value but shows thinking):  If only a tiny bit of the programming works was contained in the litigious product and if that tiny bit was capable of being copyright protected, the arguments of the defendant would not be sufficient to rebut the claim. This might indeed result in Linux not being tradable in Germany. The industry might have to look for other platforms where the chain of rights can be controlled more easily
  16. Solving the McHardy Problem and Copycats  Focus on compliance of your products going into Germany  Understand the McHardy business model  Collaborate on claims and share information  DLA Piper: Developing “Defense in a box”  Working with past litigants to provide information  Facts about McHardy  Summary of McHardy claims  Summary of McHardy arguments  References  Possibility of including actual complaints and other filings but more challenging
  17. Hellwig v. VMware I  VMware is alleged to be using arts of the Linux kernel in their proprietary ESXi product, including the entire SCSI mid-layer, USB support, radix tree and many, many device drivers.  Linux is licensed under GNU GPLv2 with a modification by Linus Torvalds  VMware has modified all the code they took from the Linux kernel and integrated them into something they call vmklinux.  VMware has modified their proprietary virtualization OS kernel vmkernel with specific API/symbol to interact with vmklinux  vmklinux and vmkernel interaction is uncertain
  18. Hellwig v. VMware II  The court did not decide  If vmklinux and vmkernel can be regarded as a uniform work and, if so,  If the use of Hellwig's code in the vmklinux + vmkernel entity qualifies as a modification (requiring a license) or as free use.
  19. Hellwig v. VMware III  Court required that Hellwig prove the following:  which parts of the Linux program he claims to have modified, and in what manner;  to what extent these modifications meet the criteria for adapter's copyright pursuant to Copyright Act § 69c No. 2 clause 2 in conjunction with § 3; and  to what extent the Plaintiff pleads and where necessary proves that the Defendant has in turn adopted (and possibly further modified) those adapted parts of the program that substantiate his claim to protection.  Hellwig failed to meet this standard. He has appealed
  20. Hellwig v. VMware IV  Not sufficient as evidence according to the court:  Copyright notices in header files  Reference to git repository  Provision of source code and git blame files  Increased requirements for demonstrating an infringement:  Exact identification of own contributions  Conditions for copyright protection of those contributions fulfilled  Source code comparison of own contributions and the allegedly infringing code  It is not the job of the court to analyze the source code for elements that might originate from the plaintiff, and to judge to what extent those elements might be protectable.
  21. Linux at 25: Disputes on Compliance  Greg Kroah-Hartman  "I do [want companies to comply], but I don't ever think that suing them is the right way to do it, given that we have been _very_ successful so far without having to do that”  “You value the GPL over Linux, and I value Linux over the GPL. You are willing to risk Linux in order to try to validate the GPL in some manner. I am not willing to risk Linux for anything as foolish as that.”  Linus Torvalds  “Lawsuits destroy community. They destroy trust. They would destroy all the goodwill we've built up over the years by being nice.”  Bradley Kuhn (SFC)  “You said that you "care more about Linux than the GPL". I would probably agree with that. But, I do care about software freedom generally much more than I care about Linux *or* the GPL. I care about Linux because it's the only kernel in the world that brings software freedom to lots of users.”
  22. Linux Foundation  Who owns the contributions in the Linux kernel  Linux kernel analysis to determine the identity of contributors to Linux kernel, software has been completed and analysis will be done this year  Next step: identifying copyright owners  Encouraging statements by kernel.org on community norms for enforcement  Training programs  Core Infrastructure Initiative “Badge Program” (focused on security but includes governance issues)
  23. Summary for Software Distributors More compliance actions seem likely, particularly in Germany Develop a FOSS use (and management) policy to ensure that you understand your obligations and can comply with them (for an overview of FOSS and FOSS governance see https://www.blackducksoftware.com/resources/webinar/introduct ion-open-source-software-and-licensing). Ensure that your policy covers updates and security issues Review your distribution agreements to ensure that they take into account any terms imposed by FOSS in your product and modify those terms as appropriate.
  24. Global platform 24  Largest law firm in the world with 4,200 lawyers in 31 countries and 77 offices throughout the Americas, Asia Pacific, Europe and the Middle East  More than 145 DLA Piper lawyers in IP transactions  Global Open Source Practice  More than 550 DLA Piper lawyers ranked as leaders in their fields
  25. OSS Practice  Worldwide OSS practice group  US Practice led by two partners: Mark Radcliffe & Victoria Lee  Experience  Open sourcing Solaris operating system  FOSS foundations:  OpenStack Foundation  PrPL Foundation  OpenSocial  Open Source Initiative  GPLv3 Drafting Committee Chair (Committee D)  Drafting Project Harmony agreements
  26. Contact Information 26 Mark F. Radcliffe Partner 2000 University Avenue, East Palo Alto, California, 94303-2214, United States T +1 650 833 2266 F +1 650 687 1222 E mark.radcliffe@dlapiper.com Mark Radcliffe concentrates in strategic intellectual property advice, private financing, corporate partnering, software licensing, Internet licensing, cloud computing and copyright and trademark. He is the Chair of the Open Source Industry Group at the firm and has been advising on open source matters for over 15 years. For example, he assisted Sun Microsystems in open sourcing the Solaris operating system and drafting the CDDL. And he represents or has represented other large companies in their software licensing (and, in particular, open source matters) including eBay, Accenture, Adobe, Palm and Sony. He represents many software companies (including open source startups) including SugarCRM, DeviceVM, Revolution Analytics, Funambol and Reductive Labs for intellectual property matters. On a pro bono basis, he serves as outside General Counsel for the Open Source Initiative and on the Legal Committee of the Apache Software Foundation. He was the Chair of Committee C for the Free Software Foundation in reviewing GPLv3 and was the lead drafter for Project Harmony. And in 2012, he became outside general counsel of the Open Stack Foundation and drafted their certificate of incorporation and bylaws as well as advising them on open source matters.
  27. German Court Procedure Appendix
  28. German Court Procedure: - Outline I. Preliminary Injunction Proceedings 1. General 2. Requirements 3. Standard of Proof 4. Possible Remedies 5. Procedural Aspects 6. Enforcement II. Proceedings on the Merits 1. Overview 2. Remedies III. Pre-Litigation Strategies 1. Offense Position 2. Defense Position
  29. German Court Procedure - Preliminary Injunction Proceedings 1. General  Objective: Stop infringement as soon as possible  Often most dangerous threat to infringer, since immediately enforceable (appeal has no suspensory effect!)  "General" time line:  Granted within hours (e.g. re trade fairs), 1-2 days (if ex parte), 2-6 weeks (with oral hearing);  Appeal hearing 2-4 months after decision in first instance
  30. German Court Procedure - Preliminary Injunction Proceedings 2. Requirements  Generally courts issue in cases where  Infringement is very likely  No undue delay in filing an application for PI ("Urgency Requirement")  Plaintiff has to file the application for PI without undue delay  Up to 4 weeks usually not problematic  Up to 8 weeks usually problematic; IP owner has to show exceptional circumstances in determining the infringement / preparation of PI application  Over 8 weeks usually no PI granted!   ACT FAST!
  31. German Court Procedure - Preliminary Injunction Proceedings 3. Standard of Proof  Applicant has to provide proof of infringement  Not complete evidence, but prima facie evidence is sufficient  Possible means of proof:  Documents, sworn affidavits, present witnesses (only in case of oral hearing) 4. Possible Remedies  Cease-and-desist  Disclosure of information (for obvious infringements)  Seizure of infringing goods (with bailiff)  Not possible: Damages, Destruction
  32. German Court Procedure - Preliminary Injunction Proceedings 5. Procedural Aspects  Ex parte injunction  Court order has to be served within one month after issuing (or it will become unenforceable!)  Injunction after oral hearing  Immediately enforceable judgment, no serving necessary 6. Enforcement  In case of violation:  Administrative fine of up to EUR 250,000 possible  Fine for "first violation" usually around EUR 5,000 to 20,000  Imprisonment of CEO of up to 6 months (very unusual)
  33. German Court Procedure - Proceedings on the Merits 1. Overview  Opposed to PI proceedings:  Also final decisions possible (awarding of damages, destruction, recall,…)  Full evidence necessary  Duration: usually 10-18 months until decision in first instance  Expert testimony  Parties can submit written expert opinions on specific issues (regarding match of copyrights works, consumer survey, etc.)  Court may appoint neutral expert  "advisor" of court  Witness testimony  Parties can name witness(es) to prove a statement of fact  No "US style" cross examination
  34. German Court Procedure - Proceedings on the Merits 2. Remedies a) Cease and Desist  Can also be granted before first violation (pre-emptive) b) Information / Rendering of Accounts  To prepare damage claims and identify additional infringers (upstream / downstream) c) Damages  No punitive damages d) Destruction  Principal of proportionality
  35. German Court Procedure - Proceedings on the Merits e) Product Recall  Only goods still in the possession of infringer  But: Obligation to address customers re return  Principle of proportionality f) Publication of Court Decisions  The ruling will determine the medium (internet, newspaper,…)  Legitimate interest (e.g. to inform consumers about dangerous products)  Principle of proportionality
  36. German Court Procedure - Pre-Litigation Strategy I. Offense Position 1. Warning Letter  Request to  Cease and desist from the infringement  Rendering of accounts  Recognize the IP owner's entitlement to damages (incl. costs)  Main purposes:  Achieve out-of-court solution  Avoiding cost risk associated with immediate acknowledgment  No obligation to send a warning letter  Risk of "warning" infringer to take precautions (esp. protective writ or distribution of products)
  37. German Court Procedure - Pre-Litigation Strategy 2. Gathering evidence  Factual preparation of infringement case  Test purchase  Pre-Trial "Discovery"?  No discovery in Germany!  But: Inspection Claim  Possibility to inspect allegedly infringing goods, at premises of infringer  And: Criminal Proceedings  IP infringements may constitute criminal acts  Products seized by state prosecution authorities can be inspected by infringed party to gather evidence for civil proceedings
  38. German Court Procedure - Pre-Litigation Strategy II. Defense Position 1. Protective Writ ("PW")  Anticipatory statement of defense against expected application of preliminary injunction ("PI")  Purposes:  1st best case: Dismissal of PI application  2nd best case: Scheduling of oral hearing  Usually, PI can be granted ex parte if judge is convinced  Protective writ intended to raise reasonable doubts  Risk: Arguments presented in protective writ might make claim coherent
  39. German Court Procedure - Pre-Litigation Strategy 2. Preparations for possible PI:  Check affected products and estimated sales / distribution  Preparations for alternative distribution channels / distribution through other countries  Prepare work around / design around for affected products
Advertisement