- Related Articles:
- Patent v. Copyright
This article addresses the question of whether and how much the so-called "patent risk" should concern parties that are deciding between open source and proprietary software offerings. The patent risk is the danger that a particular software system adopted by an end-user infringes an existing patent.
Patent Law Background
This module does not intend to provide a legal primer for understanding patent law. For a refresher, please visit some of the helpful, online resources collected in the "References and Further Reading" section, below. For our purposes, it is enough to say that computer software qualifies as patentable subject matter. And if computer software passes the novelty, non-obviousness, and usefulness tests, a patent may issue to the inventor. The patent claims describe and define the bounds of the invention. Any person who later develops software that reads on patent claims may be sued for infringement by the patent holder. Courts can award money damages as well as injunctions to the successful plaintiff in an infringement suit. Treble damages and attorney fees may be awarded for willful infringement.
Free and open source software advocates have long expressed hostility towards software patents. As early as 1991, the authors of GNU GPL v2.0 wrote, "...any free program is threatened constantly by software patents." Because a patent gives its holder a right to stop anyone from practicing (making, using, selling) a particular embodiment of an idea, they are viewed as enclosing the commons of ideas and knowledge. And with respect to computer software, they are seen to be counter to the project of assuring the freedom of software and the ideas it expresses. This debate, interesting as it is, is not the focus of this module, and will be left to law professors and policy experts.
From the perspective of a small or medium-sized business, what matters is that software is patentable and that software patents are being issued at a seemingly ever-increasing rate. Does this growing universe of patents pose a legal risk to the company because it uses software that may infringe the patent? The answer to this question is obviously yes, but the real key is to attempt to get a handle on the size of the risk. Legal risk must be understood by analyzing two factors: the likelihood of legal action together with the cost to the defendant should legal action ensue.
As for the first factor - likelihood of legal action - company size may not matter. Patent holders follow money, so it would appear that the likelihood of suit should grow with the size of the company. Of course, it is inexpensive to fire off demand letters to a large number of potential infringers, hoping to obtain a quick and easy settlement. Therefore, even small companies may not be immune to legal threat by virtue of their size or the shallowness of their pockets. Furthermore, given the notorious lock-in problems associated with adoption software systems, what might seem like a cheap solution for a small company may turn out to be a costly decision later on if the company decides that it has to switch to a different, non-infringing software system.
Can a company reduce the likelihood of legal action through the clever choice of software system? In other words, when choosing between options, can the company make the choice on the basis of which system is less likely to infringe? The answer to this question is "not really." First, without access to source code (as in proprietary offerings) the end-user has no real way of understanding whether or not the particular software reads on existing patents or not. Second, even with access to the source code, the universe of patents is sufficiently large that the cost of performing an exhaustive search is prohibitively high. And even if such a search could be undertaken, the searcher will only learn that yes, there are probably patents that - if valid (and many are not) - would be infringed. Finally, the provision for treble damages for willful infringement actually creates a perverse incentive not to know about patents that might be infringed. If a search is undertaken and knowledge of potential infringement is obtained, then the willfulness provision will be triggered and the infringer may be liable for treble damages. On the other hand, without a search there can be no knowledge, and no willful infringement.
Finally, can we make general assertions about the relative risks of open source and proprietary solutions? This has become a hot topic of late. There are at least three issues hiding inside of this question. The first relates to an assertion that proprietary software, because it is somehow more "mature" in its development (no "rag tag" team of hackers here), is less likely to infringe intellectual property rights. We are given the image of careful code "auditors," checking to assure that the code is not tainted by copyrighted code or code that reads on patent claims. At least with respect to patent infringement, this image is probably misleading, for the simple reasons stated above: software vendors have a strong incentive not to know about potential infringement problems because of the willful infringement provision to understand whether or not their software infringes existing patents. And even if they wanted to, performing such a search would be very expensive and not really tell them anything that they didn't already know: that their software probably reads on all sorts of patent claims. For example, Open Source Risk Management recently commissioned a study which determined that the Linux kernel potentially infringes 283 patents. Some of those patents are held by open source friendly companies, such as IBM, but at least a third belong to open source hostiles, including Microsoft. These patents haven't been tested in court, and it is estimated that as many as 50% of patents are ultimately held invalid.
On the other hand, deep pocket companies (such as IBM and Microsoft) are prime targets for patent holders. Therefore, the products offered by such firms have already been "shaken down" and one could expect that they are relatively less likely to be infringing. Also, because open source software makes its source code readily available, it seems more prone to attack, because patent holders can more easily determine whether a given software system actually reads on the claims of their patent(s).
The second issue relates to the power of the community response to patent infringement suits against users of open source software. First, large companies that have a vested interest in open source software (e.g. IBM) should have an interest in joining the fight when infringement actions are threatened against customers who use open source software they distribute. Second, the open source community has a strong interest in responding to infringement actions by either designing around patent claims or by finding prior art that can be used to invalidate patents. In other words, users of open source software appear to have a larger and better set of friends than do users of proprietary systems, who have only the vendor to turn to for indemnification or other assistance or relief. Of course, none of this really helps the little guy who must suffer through the costs of a legal action in the short term, but it does appear to bode well for the ability of the open source enterprise to resist attacks from patent holders.
The third issue relates to indemnification. Microsoft has been using it as a boogeyman to drive potential customers away from open source offerings, by promising to indemnify its customers against all intellectual property claims. On the other side, opponents of software patents have been using the story as support for their doomsday predictions. In the end, the issue of indemnification is really orthogonal to the general question of whether open source or proprietary software is inherently more risky. Indemnification is just a way to allocate legal risk, and it is not clear that open source vendors or third parties could not offer the same for open source software, assuming that there are customers who are willing to pay the price. In fact, various open source vendors have responded by offering a variety of (at this time, generally more limited) forms of indemnification. And at least one organization (Open Source Risk Management) has expressed an interest in offering open source risk management insurance.
The threat of patent lawsuits against companies using open source software is a real one. However, the problem is not unique to open source software. In the short run, a variety of strategies are available for companies to mitigate the risk, including indemnification and insurance. In the long run, open source software, as a worldwide, community project supported by mature technology vendors appears to be well positioned to respond to the threat.
References and Further Reading
The Open Source Patent Risk Debate
- Ravicher, Daniel B. (2005), Patents: Why Free/Open Source Software Might Have Less To Fear Than Non-Free Software, Intellectual Property and Technology Summit, April 22-24, 2005. Available at: http://www.actonline.org/iptechsummit/Documents/Panel%202/Software%20Patents/Ravicher%20IP%20Summitt%20Materials.PDF.
- Microsoft's "Get the Facts" Campaign. Available at http://www.microsoft.com/windowsserversystem/facts/topics/ipi.mspx.
- Microsoft Study: Indemnification Becomes Open Source's Nightmare and Microsoft's Blessing. Available at http://www.microsoft.com/windowsserversystem/facts/analyses/indemwp.mspx.
- Open Source Risk Management (OSRM). Available at http://www.osriskmanagement.com/.
- OSRM's Press Release regarding the Linux Kernel Patent Review. Available at http://www.osriskmanagement.com/press_releases/press_release_080204.pdf.
Software Patent Law References
- The BitLaw Website. Available at http://www.bitlaw.com/software-patent/index.html.
- Hollaar, Lee A. (2002), Legal Protection of Digital Information. Available at http://digital-law-online.info/lpdi1.0/index.html.
- The GrokLaw Website. Available at http://www.groklaw.net/. Provides exhaustive coverage of the SCO v IBM litigation, as well as much useful background on computer law in general.