''Open-source'' licensing: No free lunch
September 20, 2012

Google's Android operating system is used on an estimated 400 million mobile devices worldwide. Meanwhile, Mozilla's Firefox web browser accounts for about a quarter of web usage worldwide. What do these two pieces of software have in common? Both have achieved their enviable market positions while using "open-source" licences.

However, while open source success stories such as Android and Firefox grow ever more numerous, companies should be aware of the risks associated with open-source licences. This article provides an overview of these licences and highlights some of the associated risks.

What is an open-source licence? In many jurisdictions, including Canada, software is protected under copyright law, which provides copyright owners with exclusive rights to reproduce their software, such as for use or distribution. Copyright owners may grant rights to others to use or distribute software under licences, typically for a fee. In some instances, however, copyright owners may choose to grant rights to others under open-source licences.

The precise definition of "open source" is often hotly debated. Generally speaking, however, an open-source licence provides the right to use, modify and distribute the licensed software to anyone who agrees to be bound by the licence's terms, typically without a fee. To allow others to modify the software, the copyright owner makes the underlying "source" code for the software publicly available.

Those who agree to the licence's terms, i.e., licensees, may greatly benefit from using the copyright owner's code to kick-start or accelerate their own software development. This may dramatically reduce development costs.

However, while rights under an open-source licence may be granted without a fee, the licence's terms typically impose obligations on licensees, which could result in significant costs. These obligations may vary from licence to licence, but in each case merit careful consideration.

Take, for example, the GNU General Public License (commonly referred to as the "GPL"), which is the most widely used standard form open-source licence. The terms of the GPL require licensees who distribute software created using licensed code to adopt the same licensing terms. In other words, a licensee who distributes software created using licensed code must also permit others to use, modify and distribute that software, and must make its own code publicly available, including any improvements.

Therefore, just as the licensee may benefit from using licensed code, others, including the original copyright owner, may also benefit from any improvements made by the licensee. This "quid pro quo" lies at the heart of most open-source licences.

Risks to licensees. While the use of open-source licences may offer benefits to all involved, the obligations imposed on licensees by the terms of open-source licences such as the GPL create certain risks.

One risk faced by licensees is that obligations imposed by an open-source licence may significantly reduce the value of a licensee's intellectual property.

As noted, the GPL requires licensees who distribute software created using GPL-licensed code to publicly disclose the underlying source code to that software. As code is human-readable, it may be studied to extract proprietary algorithms or data. Thus, the required disclosure of code could put a licensee's valuable trade secrets into the public domain, including into the hands of the licensee's competitors. This disclosure may cause the licensee to lose a competitive advantage, which may greatly affect the licensee's bottom line or company valuation. This disclosure could also prevent the licensee from later obtaining patent protection for any inventive features in the code.

Compounding the risk is the troubling fact that the extent of the required disclosure may be uncertain. For example, if a licensee uses code under an open-source licence to create a small component in a large piece of software, it may be difficult to determine exactly how much of its code the licensee must disclose. A licensee may ultimately be required to disclose more than what it bargained for.

Another risk faced by licensees is that they may attract liability for copyright infringement if they fail to meet obligations imposed by an open-source licence.

For example, in 2008, the Free Software Foundation sued Cisco in the United States for copyright infringement. The Free Software Foundation complained that although some of Cisco's router products included software created from code that the Free Software Foundation had made publicly available under the GPL, Cisco had not met certain obligations imposed by the GPL, e.g., by not making source code for its software publicly available. Cisco eventually agreed to make this source code publicly available and to appoint an employee to monitor its compliance with open-source licences.

A different case involved GPL-licensed software called Busybox. The copyright owners of Busybox sued over a dozen consumer electronics companies who allegedly used the code for Busybox in various products, but failed to meet obligations imposed by the GPL. Many of the defendants settled out of court. One of the defendants, however, took the fight to court and lost. This defendant was penalized by triple damages for wilful copyright infringement, and was also ordered to turn over all infringing products.

Given the risks discussed above, companies should exercise caution when dealing with open-source licences.

Companies who develop software may wish to adopt policies and procedures governing the use of code under open-source licences to avoid inadvertent inclusion of such code in their software products. Even inadvertent inclusion may bind the company to obligations imposed on licensees.

When considering whether or not to use someone else's code under an open-source licence, companies should carefully weigh the benefits of using that code against the costs created by the associated risk.

To measure these costs, the terms of the particular open-source licence should be studied, preferably with the aid of legal counsel, to determine the extent of obligations imposed on licensees. When these obligations include disclosure of the company's own code, the company should consider any loss in value of its intellectual property that may result from that disclosure. Companies should also consider the costs of ensuring compliance with the terms of open-source licences to protect itself from copyright infringement liability.

These costs may be significant. But as the sayings goes: there is no such thing as a free lunch.

Jeffrey J. Kang, Toronto

The preceding is intended as a timely update on Canadian intellectual property and technology law. The content is informational only and does not constitute legal or professional advice. To obtain such advice, please communicate with our offices directly.

web design toronto Rebel Trail