The (not so) secret source

The (not so) secret source

Open source software has come to dominate the underlying infrastructure of much of the world’s technology. But with success have come the inevitable growing pains

In 2011 famed Silicon Valley venture capitalist Marc Andreessen explained in a Wall Street Journal article “why software is eating the world”. Crucially, he argued that this voracious appetite had been made possible, in large part, by the rise of open source. Since it emerged in the 1980s as a way of developing software code away from the proprietorial grip of big business, the popularity of open source platforms such as Linux, the various Apache projects and OpenStack has transformed the building blocks of much of the world’s technology.

In the process, operating companies – many of which were initially sceptical – have embraced open source, contributing vast reams of code, actively supporting numerous platforms and adhering to a community-led principle which can occasionally look out of place among the tenets of private commerce. It appears that the days when executives from industry behemoths actively machinated against open source platforms are over.

“When I started, open source was the province of people who were a little bit out there,” recalls Mark Radcliffe, a partner at DLA Piper who also serves as general counsel of the Open Source Initiative. What changed was that software became so ubiquitous, that it increasingly made sense for companies to use open source as a way of keeping development costs down. “Today, if you’re writing all of your own code 100% yourself then you’re doing something wrong,” comments Qualcomm legal counsel David Marr. “You’re not leveraging the best practice of modern software development.”

Mark Radcliffe

General counsel of the Open Source Initiative and partner of DLA Piper

“Cloud computing and outsourcing have made people more comfortable with having less control over their IT infrastructure”

At the same time, the rise of the cloud has opened up access to computing power which would have once been prohibitively expensive for smaller businesses, essentially levelling the playing field for tech start-ups. “The rise of cloud computing and outsourcing have made people more comfortable about having less control of their IT infrastructure,” Radcliffe points out.

However, the success and growth of open source also presents challenges. The proliferation of different types of open source licence means that users face a complex web of requirements to which they must adhere. In addition, as the sector becomes more motivated by commercial interests there has been a rise in so-called ‘trolls’ looking to extract a return from developers who are not always completely up to speed with the finer points of open source compliance. Open source might be the leading software success story of the last two decades, but it is not all plain sailing.

Born again

Perhaps nothing highlights the extent to which views of open source have changed than Microsoft’s shift in attitude. In 2001 former CEO Steve Ballmer referred to Linux as a “cancer that attaches itself in an intellectual property sense to everything that it touches”. That the head of the world’s leading software business, which at the time was jealously guarding its own proprietary platforms, saw the pioneering open source platform as a competitive threat was perhaps unsurprising. What was less predictable was that the tech giant was also prepared to highlight the reach of its patent portfolio as it looked for leverage over the open source world.

In a 2007 Fortune article, then-general counsel (now company president) Brad Smith and IP head Horacio Gutierrez detailed how free and open source software violated more than 200 of Microsoft’s patents. The Linux kernel, the essential core of the platform, infringed 42 grants, while the platform’s graphical user interfaces infringed a further 65. “This is not a case of some accidental, unknowing infringement,” Gutierrez told Fortune. “There is an overwhelming number of patents being infringed.”

Since then the change has been profound. “Microsoft is the poster child for a complete about-face on open source software,” points out Van Lindberg, formerly associate general counsel at Rackspace and now a senior counsel at law firm Dykema Gossett. “The company ships a lot of proprietary software, as they will for a long time, but their approach to open source has moved from an acceptance to an embrace.”

Van Lindberg

Senior counsel, Dykema

“Open source is a powerful weapon for neutralising the advantages of leaders in the software sector”

That embrace has become all-encompassing in recent years as Microsoft has completed open source acquisitions such as its 2015 purchase of Revolution Analytics, a leading commercial provider of software and services for R, an open source programming language for statistical computing and predictive analytics. It has also demonstrated its support for platforms such as open source programming language Python and for Linux on Microsoft’s Azure cloud platform.

Earlier this year the software giant also launched Microsoft Azure IP Advantage, a new indemnity program designed to help drive development of the cloud and to help guard against what the company described as the growing risk of IP lawsuits in the space. As part of the initiative Microsoft extended its IP protection – including uncapped indemnification coverage – to any open source technology that powers Azure services. It also gave Azure customers access to 10,000 of the company’s patents to help defend themselves against any patent lawsuits related to Azure services.

Although Microsoft’s move towards open source was happening even under Ballmer (he announced last year that he had changed his tune) the pace has really picked up under his successor, Satya Nadella. Nadella’s mantra around transforming the company into a cloud and mobile first business fits perfectly with a more open source ethos. At an event in 2014 – in stark contrast to the Ballmer era – the CEO stood in front of an image which used a heart symbol to describe how Microsoft felt about Linux as he announced that a number of open source services were being added to Azure.

As the company’s business model has shifted under Nadella and open source has become even more widely supported, so Microsoft’s IP strategy has also evolved. The Azure IP Advantage is perhaps the best example of an approach that is driven far more by collaboration rather than straight patent licensing revenues.

Jule Sigall

Associate general counsel IP policy and strategy, Microsoft

“Microsoft’s focus now is on looking for where patents can add value in open source”

“From my perspective, we see both elements to be integral parts of our overall, comprehensive IP strategy,” comments Microsoft’s Jule Sigall, associate general counsel IP policy and strategy. “We’ve evolved from a traditional IP licensing model to explore different ways on how the value of our intellectual property can be exchanged. Azure IP Advantage is a great example of our perspective here. For this program, we leveraged our cloud technology patents and extended our expertise in indemnification to open source in order to give Azure customers a set of IP risk mitigation tools and added protection in the cloud. Overall, we see value developing a beneficial ecosystem that respects IP and open source, which are not mutually exclusive.”

He stresses that this does not mean that Microsoft is suddenly abandoning its support for the patent system or looking to winnow down its own stockpile of IP assets. “I certainly don’t see any change in our desire to continue to build our patent portfolio,” he insists. What has changed is the way that they use that portfolio.

“We don’t look at open source as a threat anymore,” reflects Sigall. “The new area is trying to figure out how to use patents for value in that space and we think there’s plenty of opportunity to do that, you just look at it as a different way of monetising your services.”

Best form of attack

In recent years a growing band of companies has been proving that IP value creation is about more than just licensing royalties. In the open source space that means using their patent portfolios to protect communities and their customers from the possible threat of infringement litigation. Here is a selection of some of the leading examples.

Mozilla, the Mozilla Open Software Patent Initiative and the Open Software Patent Licence

Patents can appear at odds with the ethos of open source. In late 2015 Mozilla’s solution was to offer the innovations covered by its own patents for use by anyone who agreed to not pursue others for software patent infringement and to license out their own patents under royalty-free terms to other open source projects.

Google, PAX and the Open Patent Non-assertion Pledge

Of all the tech behemoths, Google has been perhaps the most active in using IP strategy to minimise the risk from patents. From an open source perspective, this started with its 2013 Open Patent Non-assertion Pledge, a commitment to make a selection of the company’s portfolio available to open source developers so as to give them some protection from possible infringement suits.

The company has followed that up with PAX, a collaborative approach to ring-fencing Google’s wildly popular Android operating system.

Microsoft, Azure IP Advantage

In the highly competitive cloud sector, Microsoft has turned to its intellectual property for leverage in winning new customers. In February 2017 it launched Azure IP Advantage to extend its IP protection, offering uncapped indemnification coverage to any open source technology that powers Azure. The programme also gave Azure customers access to 10,000 Microsoft patents in order to help them defend against patent suits. The software giant also pledged to Azure customers that if it ever transferred patents to a non-practising entity, these could not be asserted against them.

Open Invention Network

One of the original defensive patent networks, Open Invention Network was established in 2005 to protect the trail-blazing Linux platform. Since then it has become a bona fide success, with support from companies such as Google, IBM, Red Hat, Sony and Toyota. The network looks to protect developers who are working on any Linux-related platform by offering a royalty-free licence to the network’s own IP portfolio and by cross-licensing Linux patents between members. In return, licensees agree not to assert their own patents against the Linux community.

Playing defence

Microsoft is by no means alone in exploring ways in which it can use its patent portfolio to support open source and ultimately benefit its own business. In April this year, Google launched PAX a cross-licence agreement for the search giant’s Android operating system, which is distributed under open source licences. Under the terms of the agreement, members – which include Samsung, LG, Foxconn, HMD Global, HTC, Coolpad, BQ and Allview – grant each other royalty-free patent licences covering Android and some Google applications on qualified devices. In 2013 Google also launched the Open Patent Non-assertion Pledge, in which it promised not to sue developers or users of open source which make use of the company’s patents unless it is attacked first.

Perhaps the leading example of patents being used to protect open source is the Open Invention Network which is designed specifically to protect Linux from litigation threats. Launched in 2005, the network is effectively a defensive patent pool supported by the likes of Google, Philips, IBM and open source pioneer Red Hat, and is open to membership, free of charge, for anyone using Linux or Linux-related software.

Between them Google and Microsoft have portfolios that stretch into the tens of thousands. However, it is not just the biggest patent players who are using their grants for the benefits of open source. Mozilla, the open source business behind the Firefox web browser, has also issued a pledge around how it will use its patent portfolio for the benefit of its customers. This has come despite what Mozilla commercial counsel Elvin Lee admits can be a complicated relationship between the open source and patent worlds.

There is still a culture, he says, that rebels against the closed, proprietorial nature of patents. “There is also a lot less understanding, I think, in the open source community in general about patent laws versus copyright,” he adds

Copyright covers large parts of the software universe and open source developers are far more familiar with a typical copyleft licence or a permissive licence than they are navigating patent claims. “It’s far clearer when you’re dealing with copyright what the copyrighted matter is,” Lee points out. “With patents that’s not always clear and that can be a tremendous challenge, especially when it comes to independent implementation or interoperability.”

Despite what Lee describes as a head-in-the-sand approach to patents by some in the open source community, Mozilla has opted for a different strategy. “One of the most important changes was that we began to understand that for all its flaws there was value in Mozilla engaging in the patent system,” he explains. “Patents are challenging for us because in some ways they are directly at odds with a lot of what our mission is about – which is openness and ensuring that everybody can have can access on equal ground.”

Following along the same lines as Google and others, two years ago Mozilla launched its own open software patent initiative, as well as an open software patent licence. The company committed to selectively building its own portfolio to protect the development of open source code and then to license it out, royalty free, to open source developers as long as they agree not to sue others for infringing on their own software patents and agree to grant a royalty-free patent licence to other open source projects. “It was a solution to make sure that the patents that we acquired would not then be locked up and used to ever harm those ecosystems,” Lee enthuses.

Licensing leaders

Such has been the growth in popularity of open source that insiders now wearily refer to the proliferation of different licensing agreements. Licences fall into two camps:

  • copyleft, which allows developers to use another person’s code provided that they agree to release their changes to the rest of the market; and
  • permissive, which allows users to adopt another programmer’s code while not requiring them to release their additions freely back to the market.

“From an IP perspective, licence compatibility is often a complex issue,” comments Oracle associate general counsel Matt Sarboraria. “It requires careful consideration as you’re developing the larger product or project, particularly if you’re licensing-in open source software and you plan to combine that with other open source software or with your own proprietary code.”

Perhaps unsurprisingly given that a permissive licence gives a user much more control over its code, these have grown in popularity as more companies look to open source for commercial advantage. That means that the most popular licence is the MIT Licence, a permissive variant developed at the Massachusetts Institute of Technology. According to open source services provider Black Duck Software, it recently overtook the second version of the GNU General Public Licence as the most widely used. Here is a rundown of the top 10.

Licence

Share of open source projects

MIT Licence

32%

GNU General Public Licence 2.0

18%

Apache Licence 2.0

14%

GNU General Public Licence 3.0

7%

BSD Licence 2.0

6%

ISC Licence

5%

Artistic Licence (Perl)

4%

GNU Lesser General Public Licence 2.1

4%

GNU Lesser General Public Licence 3.0

2%

Eclipse Public Licence

1%

Source: Black Duck KnowledgeBase

Stepping up

The growing number of non-assertion pledges and the use of patents to protect open source developers show how companies are looking to extract value from their intellectual property rather than simply licensing it out for royalty revenues. However, they also point to the very real IP threats facing open source developers.

Open source is not an IP-free zone but it can be a sector where small companies with limited resources are ill-equipped to navigate an increasingly complex environment. As some in the community point out, problems are emerging because of the explosive growth of open source. ”What used to be a very robust community with strong internal cultures has now become too diffuse,” warns DLA Piper’s Radcliffe. He points to the traditionally consensual, community-based approach to governance as increasingly ill-suited to modern-day realities.

As in the patent space – which over the last two decades has seen the emergence of bad actors, typically referred to as ‘patent trolls’, who use the threat of litigation to extract licensing revenues from alleged infringers – so open source has started to see its own kind of nuisance behaviour. Perhaps the leading example is Patrick McHardy, an early contributor to Linux, who – according to a blog post from Radcliffe – has approached more than 80 companies in relation to his licence enforcement activities. In July last year the Software Freedom Conservancy labelled McHardy and others like him ‘GPL monetisers’, referring to the GNU General Public Licence – the original open source licensing agreement.

Heather Meeker

Partner, O’Melveny & Myers

“Enforcers are going after easy targets whether they’re profiteers or not – we’re still on easy target mode in open source”

“I think we’re just seeing the tip of iceberg,” claims Heather Meeker, an open source expert with O’Melveny & Myers. “For years there really wasn’t anything, but trolls are now starting to pop up.” Part of the problem, Meeker explains, is that developers typically make small mistakes when trying to conform to all aspects of a licensing agreement, such as not including licensing notices in all of their products. That means that many of the disputes which subsequently arise are easily avoided – a world away from the headline-grabbing brawl between Google and Oracle over the former’s use of Java for its Android platform. “Enforcers are going after easy targets whether they’re profiteers or not,” Meeker maintains.

A recent survey by Black Duck Software’s Centre for Open Source Research and Innovation on security and risk in the sector found that over 85% of the applications which were analysed contained components with licences out of compliance. It also found that 53% of the applications had unknown licences, meaning that no one had permission from the creator of the software to use, modify or share it.

Black Duck’s survey analysed more than 1,000 commercial applications and found that they contained an average of 147 open source components which, as the survey points out, is a daunting number of licence obligations to keep track of.

To many open source observers, McHardy’s approach is simply not part of the prevailing culture. However, as they argue and as Black Duck’s analysis suggests, it is symptomatic of a bigger problem. “The battle over open source has been won,” Radcliffe maintains. “But we’re now discovering that there’s a whole bunch of stuff we didn’t think through or dealt with on an ad hoc basis.”

By its very nature open source avoids over-bearing central control. However, that in itself can lead to uncertainty, or at least opportunities which can be exploited by the very kind of monetisers that much of the open source community abhors. According to Radcliffe, some platforms are now starting to look at how they might tighten up their governance.

The Software Freedom Conservancy has shouldered some of the responsibility of identifying and pursuing bad actors. The group recently backed a case in Germany brought by a local open source developer which accused VMware of breaching the GPL and including some of his contributions to the Linux kernel in the company’s proprietary software. The Hamburg court ruled in favour of VMware, saying that the plaintiff was insufficiently clear about which aspects of the company’s software breached the copyright.

For the most part, the large operating companies which have come to dominate open source have the kind of depth of IP expertise that helps to ensure they do not run afoul of relatively basic licensing rules. But this may not be the case for smaller companies, for which open source is their ticket to competing on a more even playing field. Plus, as in the patent world, legal grey areas mean there is plenty of scope for even the largest companies to become embroiled in open source disputes. That is clear from Google’s high-profile spat with Oracle, concerning the search giant’s use of the Java application programming interface in its Android operating system.

Closed shop

However, it is not just open source’s widespread acceptance that is throwing up challenges to the community. In China, where many companies have become widespread users of open source, questions are being raised over an IP system which is not necessarily compatible with some of open source’s philosophies and rules.

At the moment conditions are relatively benign – Chinese companies have tended to be widespread adopters rather than big contributors to open source platforms, although that might change as the country increases its level of involvement. In 2014 China’s Ministry of Industry and Information Technology announced its support for OpenStack, an open source operating system for the cloud, for state-owned enterprises. Last year domestic internet giant Baidu confirmed that it was open sourcing its key machine learning tool PaddlePaddle.

That Chinese entities and companies will become even bigger players in open source seems assured. However, this raises questions over just how compatible a relatively closed IP system is with some of the basic tenets of open source.

According to former Red Hat in-house attorney Erick Robinson – now a lawyer with Beijing East IP Law Firm – one area of uncertainty relates to China’s technology import export regulation. This essentially gives a Chinese licensee a huge amount of control in any licensing agreement (eg, all indemnity risks are placed on the foreign licensor) – to Robinson this could spell problems for open source, as an open source developer is either “breaking Chinese law or the open source licence,” given that a typical licence prohibits that kind of indemnification. Robinson explains that the laws made sense 15 years ago when China’s tech companies were trying to catch up with the rest of the world but now that some of them are competing head on with Western rivals, the laws look increasingly out of place. He claims that the local authorities are aware of the problem but have so far chosen not to fix it. “Open source is an important facet of any software platform and these regulations are holding China back,” Robinson asserts. However, rapid development in China underlines the degree to which open source has become accepted on a worldwide basis. Exactly how it might evolve next, particularly in relation to proprietorial platforms, is not clear. Many see the two systems continuing to coexist, with perhaps a dash of competitive friction.

“I don’t think that proprietary software will ever die out,” Dykema’s Lindberg argues. “There are frequently times and situations where a company can develop something that provides differentiating value over what is available at a more cooperative, commodity level. However, simple economics dictates that new entrants to a market will seek to neutralise the advantage of the leader. Open source is a powerful weapon for neutralising advantages, and so it will be used to put pressure on proprietary software stacks.”

Given this, it looks nearly certain that open source will continue to dominate a world where the appetite for software shows little sign of waning.

Action plan

Over the last 20 years open source has come to dominate software as big business has embraced it and programmers have fostered its unique culture. But challenges are emerging on the back of that success.

  • Companies are increasingly using their patent portfolios to protect open source communities and their customers.
  • The emergence of so-called ‘trolls’, along with some high-profile disputes, highlights the growing litigation threat.
  • China looks set to be a huge driver of open source platforms but questions remain over how its IP system might cope.
Richard Lloyd is the North America editor of IAM, based in Washington DC, United States

Unlock unlimited access to all IAM content