Posted by Matt Jacobs on May 12, 2017
In February I wrote a post exploring dual licensing. Part of my message was to call out that open source license enforcement is steadily going through a dramatic shift. Historically, open source licenses such as the GNU General Public License were enforced primarily by groups such as the Free Software Foundation or the Software Freedom Law Center.
These not-for-profit groups encouraged everyone to “play by the rules” and occasionally took action, including appropriate legal action, against those who didn’t. And while there have been a handful of high profile cases arising out of the enforcement activities of these groups, most users of open source, even those who arguably skirted the rules, were unlikely to concern themselves with the possibility of being caught in the cross hairs of a GPL enforcement action.
85% of applications analyzed contained components with license conflicts
The shift in enforcement underway now is from “community” based actions to what I’ll refer to as “private” enforcement actions. These actions are undertaken by a copyright holder against an alleged infringer, fueled by the pursuit of significant monetary claims. As more and more companies deploy open source-based strategies to drive growth of their operations and sales, this trend is likely to accelerate.
The cases I’ve been aware of over the years, many similar to the the Artifex Software, Inc. v. Hancom, Inc. case discussed in my dual licensing post, involve a copyright holder learning that some competitor or high profile user is making use of that copyright holder’s GPL licensed code in violation of the GPL. Breach of the GPL and in particular the GPLv2, which has no possibility of “cure,” immediately terminates that license — leaving the non-compliant user a copyright infringer. Actions that follow typically seek injunctive relief, lost revenue and applicable statutory damages.
A recently filed complaint by CoKinetic Systems against Panasonic Avionics takes a very different tack. In their complaint, CoKinetic claims that Panasonic has made extensive re-use of Linux based open source components, including the use of those open source components in Panasonic products distributed into the market in which they compete with CoKinetic. CoKinetic goes on to assert that Panasonic has violated a cornerstone element of the GPLv2, the open source license governing these Linux open source components, by “deliberately refusing to distribute the source code to the Linux-Based Panasonic Core Software in accordance with its GPL obligations…”1
Importantly, CoKinetic is not a copyright holder in this matter and hence not claiming that Panasonic’s alleged failure to adhere to the GPL is resulting in some copyright claim that CoKinetic may have against Panasonic. Rather, CoKinetic is claiming that Panasonic, by failing to play by the rules that everyone else is adhering to, is engaging in anti-competitive behavior and that this conduct has directly injured CoKinetic’s business and that, more generally, as a member of the public CoKinetic is an intended third-party beneficiary of the GPL. For this CoKinetic asks the court to require Panasonic to publicly disclose the Panasonic code distributed with the Linux based open source components.
Most cases of this nature settle, so we may never know what the ultimate judicial resolution to this claim will be. Issues of standing and other procedural hurdles aside, this claim does raise the specter that the class of potential plaintiffs in open source license compliance actions is much larger than traditionally held — with competitors now keeping a close and critical eye on each other’s compliance, or lack thereof, of applicable open source licenses.
Get the latest Software Integrity news, thought leadership, and more.