Is Your Use of Open Source Software in Compliance with the OSS License Terms?
What caused Verizon to send me an open source software (OSS) license disclosure notice with my upgraded FiOS router/modem a few years ago? Are other companies, like yours, being targeted for corrective action for similar alleged OSS license breaches?
About 10 years ago, Verizon was sued by the developers of BusyBox, a set of free, open source software tools that can optimize programs running on certain devices. Verizon’s subcontractor had supplied wireless routers for its FiOS broadband service using BusyBox OSS software under terms of the GNU General Public License (GPL) version 2, which requires that, among other things, the source code for all code in the router, not just the open source software portions, be available to end users. The notice summarized my OSS license rights and how to get the full source code for my new router.
The lawsuit against Verizon was one of twelve filed on behalf of the BusyBox developers by the Software Freedom Law Center (SFLC), an open source advocacy group. SFLC filed similar lawsuits in 2009 in federal court for the southern district of NY (SDNY) against 14 consumer product companies, including Best Buy, JVC, Samsung and Westinghouse. Settlements reportedly required the defendants to: 1) remedy prior violations, 2) ensure future compliance, and 3) financially compensate plaintiffs. Since then, BusyBox has become a common Linux-related component in an expanding number of devices, including those used in the Internet of Things (IoT).
Settlements don’t provide future guidance for resolution of legal issues. However, a California district court recently allowed breach of contract claims to proceed for alleged violations of the GPL and rejected an argument that had been accepted by at last one other court, that such claims are pre-empted by copyright law (Artifex Software, Inc. v. Hancom, Inc, Case No. 16-cv-06982-JSC, N.D.CA. April 25, 2017).
Also earlier this year, CoKinetic Systems filed suit against Panasonic Avionics (PA) in SDNY claiming, in part, $100 million in GPL license violations due to PA’s failure to distribute source code for PA’s modified Linux OSS modules – the source code is allegedly needed for third parties to develop software that interfaces with the relevant PA hardware. Pre-trial motions are pending.
To avoid costly, time-consuming OSS lawsuits, monitor open source software used in products or services distributed by or on behalf of your company – including to contractors, franchisees, customers, mobile app end users and others – to ensure the relevant OSS license is commercially friendly (rather than “share and share alike”/copyleft terms), or otherwise complies with your corporate OSS use policy. And if you receive notice of an alleged breach, work with an OSS knowledgeable attorney on a prompt response to avoid a lawsuit, as the SFLC and other OSS developers would generally prefer compliance to confrontation whenever possible.
Peggy A. Miller is admitted to practice in NY and is a Black Duck® Certified Legal Specialist in open source software. This article is a publication of MWH Law Group LLP and is intended to provide general information regarding legal issues and developments to our clients and other friends. It should not be construed as legal advice or a legal opinion on any specific facts or situations. For further information on your own situation, we encourage you to contact the author of the article or any other member of the firm.
© Peggy A. Miller and MWH Law Group LLP 2017. All rights reserved.
CONTACT ATTORNEY PEGGY A. MILLER