close search bar

Sorry, not available in this language yet

close language selection

Dramatic shifts in open source license enforcement

We’ve seen dramatic shifts in open source license enforcement, from “community” based actions to “private” enforcement actions. How does it affect you?

Dramatic shifts in open source license enforcement

In February I wrote a post exploring dual licensing. Part of my message was to call out that open source license enforcement is steadily going through a dramatic shift. Historically, open source licenses such as the GNU General Public License were enforced primarily by groups such as the Free Software Foundation or the Software Freedom Law Center.

These not-for-profit groups encouraged everyone to “play by the rules” and occasionally took action, including appropriate legal action, against those who didn’t. And while there have been a handful of high profile cases arising out of the enforcement activities of these groups, most users of open source, even those who arguably skirted the rules, were unlikely to concern themselves with the possibility of being caught in the cross hairs of a GPL enforcement action.

The shift in enforcement underway now is from “community” based actions to what I’ll refer to as “private” enforcement actions. These actions are undertaken by a copyright holder against an alleged infringer, fueled by the pursuit of significant monetary claims. As more and more companies deploy open source-based strategies to drive growth of their operations and sales, this trend is likely to accelerate.

The cases I’ve been aware of over the years, many similar to the the Artifex Software, Inc. v. Hancom, Inc. case discussed in my dual licensing post, involve a copyright holder learning that some competitor or high profile user is making use of that copyright holder’s GPL licensed code in violation of the GPL. Breach of the GPL and in particular the GPLv2, which has no possibility of “cure,” immediately terminates that license—leaving the non-compliant user a copyright infringer. Actions that follow typically seek injunctive relief, lost revenue and applicable statutory damages.

A recently filed complaint by CoKinetic Systems against Panasonic Avionics takes a very different tack. In their complaint, CoKinetic claims that Panasonic has made extensive re-use of Linux based open source components, including the use of those open source components in Panasonic products distributed into the market in which they compete with CoKinetic. CoKinetic goes on to assert that Panasonic has violated a cornerstone element of the GPLv2, the open source license governing these Linux open source components, by “deliberately refusing to distribute the source code to the Linux-Based Panasonic Core Software in accordance with its GPL obligations…”

Importantly, CoKinetic is not a copyright holder in this matter and hence not claiming that Panasonic’s alleged failure to adhere to the GPL is resulting in some copyright claim that CoKinetic may have against Panasonic. Rather, CoKinetic is claiming that Panasonic, by failing to play by the rules that everyone else is adhering to, is engaging in anti-competitive behavior and that this conduct has directly injured CoKinetic’s business and that, more generally, as a member of the public CoKinetic is an intended third-party beneficiary of the GPL. For this CoKinetic asks the court to require Panasonic to publicly disclose the Panasonic code distributed with the Linux based open source components.

Most cases of this nature settle, so we may never know what the ultimate judicial resolution to this claim will be. Issues of standing and other procedural hurdles aside, this claim does raise the specter that the class of potential plaintiffs in open source license compliance actions is much larger than traditionally held—with competitors now keeping a close and critical eye on each other’s compliance, or lack thereof, of applicable open source licenses.

Matt Jacobs

Posted by

Matt Jacobs

Matt Jacobs

Matthew Jacobs was Vice President and General Counsel at Black Duck Software, Inc., recently acquired by Synopsys, Inc. He is now a director with the legal group at Synopsys. Organizations worldwide use Synopsys’ industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance, and operational risk. Matt’s work at Synopsys includes managing licensing and contract negotiation and advising senior management on day-to-day legal affairs. In addition to being a frequent speaker on open source–related topics, Matt routinely advises Synopsys’ customers with respect to leading-edge open source adoption, use, and compliance matters. Prior to joining Black Duck in 2009, Matt was with Bernstein Shur, where he counseled companies on a variety of intellectual property matters, including open source compliance. Before that, he held in-house positions with Cabletron Systems and Standex International. Matt earned his law degree from the University of New Hampshire School of Law and holds a master’s degree in business from Plymouth State University.

More from Open source and software supply chain risks