Open or shut?

With the $3bn SCO-IBM litigation in full swing, is the free ticket that was open source finally coming to an end? Andrew Dunlop reports

In March 2003, the SCO Group filed a lawsuit against IBM in the US for $3bn (£1.74bn) in damages – a sum that made even the giant of the industry rush to its lawyers. The claim is that intellectual property (IP) rights proprietary to SCO were infringed by IBM’s development, promotion and distribution of the free operating system Linux.

In addition to suing IBM, SCO noted that each user of Linux around the world would also be liable in damages for infringement of IP rights, as well as future licence fees, should its claim against IBM be well-founded. SCO sent letters to many of the world’s larger corporations putting them on notice of the potential exposure, effectively inviting them to formalise a proprietary licence with SCO at a reduced royalty rather than risk escalated damages and licence fees at a later date.

Microsoft agreed to formalise a proprietary licence with SCO with a reported royalty fee costing in excess of $10m (£5.8m). This might be seen either as cautionary or as supportive of the proprietary licence model in preference to the open source principle, depending on one’s perspective.

Infringement of copyright in computer operating systems is a criminal offence. It also gives rise to monetary compensation. Sanctions range from damages, search orders, seizure of goods, unlimited fines and custodial sentences of up to 10 years. It is not surprising that the vast number of businesses that have enjoyed the open source revolution in their use and development of software are now feeling decidedly uneasy when faced with the spectre of copyright infringement looming large. A successful claim for infringement of copyright in computer operating systems under US law should, in theory, give rise to an equivalent claim in other countries around the world.

At this stage, SCO is not required to disclose full details of its US case against IBM, but it is worth noting that the case has not been dismissed out of hand. Both SCO and Canopy Group, the holding company with a majority interest in SCO, have previously been involved in successful exploitation of IP rights through claims of infringement.

At least one major software house has suggested a new licence clause in the US that would invalidate the ongoing use of proprietary software if integrated with open source. That adds a commercial angst to the possible exposure to legal action driven by infringement of IP rights now facing open source users.

So what action should companies take in Europe? The temptation may be to sit back and wait for a verdict to come from the US before taking action. This is perhaps equivalent to the problem posed by Y2K in the lead-up to the date change in 2000; should one wait to see what happens and deal with any fall-out after the event, or should one plan to mitigate any possible exposure by identifying steps that can be taken in advance?

Reaction in the commercial world to the legal proceedings initially seemed to lean towards sitting tight, but as the months have elapsed, US businesses – especially those larger corporations with worldwide operations – have started to realise that the risk of possible exposure needs to be managed. But how can this be achieved?

Use of open source is widespread, so all of the IT operations of an organisation need to be reviewed to understand the extent of that use. The review would need to check each open source product by reference to the relevant open source licence, taking into account the ways in which the product was made available, the supplier and the terms of the licence. The relationship with each supplier of open source is also key. For example, at least one major supplier is currently offering a limited form of protection to customers designed to protect against the possibility of a successful claim for copyright infringement made by SCO against the customers in respect of their use of open source. The results of a review would also need to form the basis of a separate risk management matrix, covering significant issues and actions for each open source product. The analysis would have the benefit of auditing the extent of the open source software used by the organisation, enabling isolation of any potential issue or disruption that could occur if legal proceedings became threatened or likely. This would spare the organisational businesses from trying to work out what is being used and where at the point of a legal gun, when control over timetable and strategic options is reduced or lost.

The alternative of waiting to see what happens could court disaster, as there will be very little time available to manoeuvre and develop available options should a claim from SCO arrive on the desk, and SCO may not necessarily wait for judicial resolution of its claim against IBM before initiating proceedings against others.

Andrew Dunlop is a technology and communications partner at Burges Salmon

Unix – a brief history
The Unix operating system is now part of computing mythology. It was created in the late 1960s/early 1970s, but as its popularity grew, developers began to write programs that acted like Unix. These are called Linux and they are made freely available to anyone wanting to use and develop them – the open source principle. Certain conditions apply depending on which of more than 75 separate open source licence formats are used. This contrasts with the proprietary approach offered traditionally by ownership of intellectual property rights in computer programs (including Unix), which permits product owners to charge a licence fee.

With open source, the payment for free access to developed code is, in effect, the requirement that any further developments made are also made available to the open market free of charge. Risky development programmes can be shared without the need for formality, licence budgets can be re-allocated to development activity and increasing take-up of open source enables continuous honing and evolution of source codes by parties with diverse commercial requirements.

The original Unix developer sold its Unix rights to Novell Inc in 1993, which in turn sold them to the SCO Group in 1995. Before ownership was taken over by SCO, Unix had been licensed to IBM, which developed its own variant called AIX and promoted both AIX and Linux as alternative computer operating systems under the open source principle.