Can the Open Source Community Slay the Patent and Copyright Trolls?

November 8, 2017 David Thompson

If there’s one thing that unites development teams big and small — besides open source software — it’s fear and loathing of patent trolls.

Every once in awhile, a story of a multi-multimillion dollar patent infringement lawsuit will hit the news, and send a collective shiver down everyone’s spine. From the youngest of software development entrepreneurs to the biggest big wigs at Facebook, Microsoft or IBM, no one is ever fully immune.

Patent Trolling & the Giants: The Open Source Community vs. Facebook’s Open Source License Patent Clause

This past summer, the open source community once again questioned the motives behind Facebook’s unusual BSD + Patents open source license when the Apache Foundation decided to disallow the Facebook open source license in all Apache projects. Developers voiced concern that this clause allowed Facebook to initiate patent lawsuits while restricting defensive lawsuits against them. Many in the open source community were wary of  the legal-savvy tech giant using a hatchet to deal with fears of patent trolls when a scalpel approach would have sufficed.

While Facebook stood firmly behind their unique open source license for years, insisting that the patent clause is necessary in order to avoid “meritless lawsuits”, they finally caved at the end of this summer, and replaced their BSD + Patents license with a standard MIT license, and order was restored.

The Apache Foundation’s ban caused a domino effect throughout the community and finally drove Facebook into adopting an open source license that was more permissive, easier to understand, and ultimately more developer friendly. Many in the open source community put this down as a win over the corporates, securing the developer’s ability to write software without fear of being ensnared in messy lawsuits, or signing off their patents to the Man.

Does this mean that open source software projects are the last safe haven for developers that want to create software without the looming threat of patent infringement lawsuits, where the community can come together to affect change?

Download our free guide – Learn all you’ve ever wanted to know about open source licenses!

Copyright Trolls: The Shady Cousin of the Patent Troll

The  mean-spirited mutation of the patent troll — the copyright troll — has reared its ugly head in one of the biggest and most established open source projects.

This October, the Linux Community Technical Advisory Board published a “Linux Kernel Community Enforcement Statement” to be included in Linux documentation, in order to ensure that contributions to the kernel aren’t exploited for copyright litigation.  

But why was this necessary in a community founded on principles of freedom and collaboration? Aren’t they supposed to know how to play nice with each other?

The story behind this move is a dark mark in the open source history. Linux leaders felt the need to call out to Patrick McHardy, the former chair of the Netfilter core development team — who has been actively pursuing litigation around alleged copyright infringement, winning “at least a few million Euros.”

The Netfilter community suspended McHardy from contributing to the project for violations of their principles of enforcement, and published their own FAQ which stated that they “fear that the enforcement actions of Patrick McHardy have caused considerable harm to the reputation of the netfilter project. There are serious allegations that his GPL enforcement activities are prioritizing personal financial gain over compliance.”

For Every Action, there is a Reaction

Senior members of the Linux community explained in a blog post that they believe that the statement was needed “to help clarify what the majority of Linux kernel community members feel is the correct way to enforce our license,” because not all contributors to the kernel understand the obligations in the GNU Public License 2.0 (GPL 2.0).

It’s understandable why Linux community leaders took this step to address the growing apprehension around McHardy’s actions As they see it, his lawsuits for personal gain go against everything the open source software movement believes, and could deter developers from using GPL 2.0 Licensed software.

Lawyer and open source software licensing expert Heather Meeker addressed McHardy’s shenanigans in a blog post, stating that, “Because the ownership of large projects like the Linux kernel is often spread out among many authors, individual owners can take enforcement actions that are inconsistent with the objectives of the community. While the community may have a range of views on how best to encourage adherence to the GPL’s terms, most agree that enforcement should be informal (not via lawsuits) and that the primary goal should be compliance (rather than penalties).”

The outcry around Facebook’s open source licensing patent clause and the efforts that the Linux community made to clarify GPL terms and enforcement policies, show us that even open source projects can be leveraged for personal gain.

This raises some troubling questions moving forward for developers who depend on open source components for building their products.

Can the open source development community ensure that the licenses they produce allow users to develop and innovate without fear that the lawyers will come popping out of the woodwork with frivolous yet devastating lawsuits over licensing issues?

From our vantage point, the path forward will likely be tricky, filled with plenty of curves. Some bad apples will continue to look for ways to enrich themselves off the backs of the community, making unfair claims on projects if they think that they can use it to get ahead. They are simply a part of the scenery and need to be taken into account.

At the same time, there is a consciousness that some level of self policing is necessary if we want open source to continue to be the building block of how we develop software. When the community does come together to take decisions to remove those bad apples, they help to maintain a better ecosystem that allows for freer development, and hopefully less politics.

Developers and organizations need to keep track of their open source licenses, and keep compliance high on their list of priorities if they want to starve the trolls.

The main question moving forward is whether the Linux community’s reaction to McHardy’s behavior be enough to promise that other developers don’t adopt the same practices? Linux’s leadership deserves recognition for showing a zero-tolerance policy for McHardy’s transgression.

With any luck, would-be patent trolls will take notice and the fear of being banned will be enough to keep them on their best behavior.



Previous Article
Shifting Security Left: 3 DevSecOps Challenges & How to Overcome Them
Shifting Security Left: 3 DevSecOps Challenges & How to Overcome Them

Software organizations are under tremendous pressure to deliver innovative products and ship updates fast. ...

Next Article
How to Navigate Migrating to Cloud in a Regulated Environment
How to Navigate Migrating to Cloud in a Regulated Environment

Making the move to public clouds can seem like a Sisyphean task for many financial and healthcare organizat...