The (not so) secret source

In 2011 famed Silicon Valley venture capitalist Marc Andreessen explained in a Wall Street Journal article “why software is eating the world”. Crucially, he argued that this voracious appetite had been made possible, in large part, by the rise of open source. Since it emerged in the 1980s as a way of developing software code away from the proprietorial grip of big business, the popularity of open source platforms such as Linux, the various Apache projects and OpenStack has transformed the building blocks of much of the world’s technology.

In the process, operating companies – many of which were initially sceptical – have embraced open source, contributing vast reams of code, actively supporting numerous platforms and adhering to a community-led principle which can occasionally look out of place among the tenets of private commerce. It appears that the days when executives from industry behemoths actively machinated against open source platforms are over.

“When I started, open source was the province of people who were a little bit out there,” recalls Mark Radcliffe, a partner at DLA Piper who also serves as general counsel of the Open Source Initiative. What changed was that software became so ubiquitous, that it increasingly made sense for companies to use open source as a way of keeping development costs down. “Today, if you’re writing all of your own code 100% yourself then you’re doing something wrong,” comments Qualcomm legal counsel David Marr. “You’re not leveraging the best practice of modern software development.”

Mark Radcliffe

General counsel of the Open Source Initiative and partner of DLA Piper

“Cloud computing and outsourcing have made people more comfortable with having less control over their IT infrastructure”

At the same time, the rise of the cloud has opened up access to computing power which would have once been prohibitively expensive for smaller businesses, essentially levelling the playing field for tech start-ups. “The rise of cloud computing and outsourcing have made people more comfortable about having less control of their IT infrastructure,” Radcliffe points out.

However, the success and growth of open source also presents challenges. The proliferation of different types of open source licence means that users face a complex web of requirements to which they must adhere. In addition, as the sector becomes more motivated by commercial interests there has been a rise in so-called ‘trolls’ looking to extract a return from developers who are not always completely up to speed with the finer points of open source compliance. Open source might be the leading software success story of the last two decades, but it is not all plain sailing.

Born again

Perhaps nothing highlights the extent to which views of open source have changed than Microsoft’s shift in attitude. In 2001 former CEO Steve Ballmer referred to Linux as a “cancer that attaches itself in an intellectual property sense to everything that it touches”. That the head of the world’s leading software business, which at the time was jealously guarding its own proprietary platforms, saw the pioneering open source platform as a competitive threat was perhaps unsurprising. What was less predictable was that the tech giant was also prepared to highlight the reach of its patent portfolio as it looked for leverage over the open source world.

In a 2007 Fortune article, then-general counsel (now company president) Brad Smith and IP head Horacio Gutierrez detailed how free and open source software violated more than 200 of Microsoft’s patents. The Linux kernel, the essential core of the platform, infringed 42 grants, while the platform’s graphical user interfaces infringed a further 65. “This is not a case of some accidental, unknowing infringement,” Gutierrez told Fortune. “There is an overwhelming number of patents being infringed.”

Since then the change has been profound. “Microsoft is the poster child for a complete about-face on open source software,” points out Van Lindberg, formerly associate general counsel at Rackspace and now a senior counsel at law firm Dykema Gossett. “The company ships a lot of proprietary software, as they will for a long time, but their approach to open source has moved from an acceptance to an embrace.”

Van Lindberg

Senior counsel, Dykema

“Open source is a powerful weapon for neutralising the advantages of leaders in the software sector”

That embrace has become all-encompassing in recent years as Microsoft has completed open source acquisitions such as its 2015 purchase of Revolution Analytics, a leading commercial provider of software and services for R, an open source programming language for statistical computing and predictive analytics. It has also demonstrated its support for platforms such as open source programming language Python and for Linux on Microsoft’s Azure cloud platform.

Earlier this year the software giant also launched Microsoft Azure IP Advantage, a new indemnity program designed to help drive development of the cloud and to help guard against what the company described as the growing risk of IP lawsuits in the space. As part of the initiative Microsoft extended its IP protection – including uncapped indemnification coverage – to any open source technology that powers Azure services. It also gave Azure customers access to 10,000 of the company’s patents to help defend themselves against any patent lawsuits related to Azure services.

Although Microsoft’s move towards open source was happening even under Ballmer (he announced last year that he had changed his tune) the pace has really picked up under his successor, Satya Nadella. Nadella’s mantra around transforming the company into a cloud and mobile first business fits perfectly with a more open source ethos. At an event in 2014 – in stark contrast to the Ballmer era – the CEO stood in front of an image which used a heart symbol to describe how Microsoft felt about Linux as he announced that a number of open source services were being added to Azure.

As the company’s business model has shifted under Nadella and open source has become even more widely supported, so Microsoft’s IP strategy has also evolved. The Azure IP Advantage is perhaps the best example of an approach that is driven far more by collaboration rather than straight patent licensing revenues.

Jule Sigall

Associate general counsel IP policy and strategy, Microsoft

“Microsoft’s focus now is on looking for where patents can add value in open source”

“From my perspective, we see both elements to be integral parts of our overall, comprehensive IP strategy,” comments Microsoft’s Jule Sigall, associate general counsel IP policy and strategy. “We’ve evolved from a traditional IP licensing model to explore different ways on how the value of our intellectual property can be exchanged. Azure IP Advantage is a great example of our perspective here. For this program, we leveraged our cloud technology patents and extended our expertise in indemnification to open source in order to give Azure customers a set of IP risk mitigation tools and added protection in the cloud. Overall, we see value developing a beneficial ecosystem that respects IP and open source, which are not mutually exclusive.”

He stresses that this does not mean that Microsoft is suddenly abandoning its support for the patent system or looking to winnow down its own stockpile of IP assets. “I certainly don’t see any change in our desire to continue to build our patent portfolio,” he insists. What has changed is the way that they use that portfolio.

“We don’t look at open source as a threat anymore,” reflects Sigall. “The new area is trying to figure out how to use patents for value in that space and we think there’s plenty of opportunity to do that, you just look at it as a different way of monetising your services.”

Playing defence

Microsoft is by no means alone in exploring ways in which it can use its patent portfolio to support open source and ultimately benefit its own business. In April this year, Google launched PAX a cross-licence agreement for the search giant’s Android operating system, which is distributed under open source licences. Under the terms of the agreement, members – which include Samsung, LG, Foxconn, HMD Global, HTC, Coolpad, BQ and Allview – grant each other royalty-free patent licences covering Android and some Google applications on qualified devices. In 2013 Google also launched the Open Patent Non-assertion Pledge, in which it promised not to sue developers or users of open source which make use of the company’s patents unless it is attacked first.

Perhaps the leading example of patents being used to protect open source is the Open Invention Network which is designed specifically to protect Linux from litigation threats. Launched in 2005, the network is effectively a defensive patent pool supported by the likes of Google, Philips, IBM and open source pioneer Red Hat, and is open to membership, free of charge, for anyone using Linux or Linux-related software.

Between them Google and Microsoft have portfolios that stretch into the tens of thousands. However, it is not just the biggest patent players who are using their grants for the benefits of open source. Mozilla, the open source business behind the Firefox web browser, has also issued a pledge around how it will use its patent portfolio for the benefit of its customers. This has come despite what Mozilla commercial counsel Elvin Lee admits can be a complicated relationship between the open source and patent worlds.

There is still a culture, he says, that rebels against the closed, proprietorial nature of patents. “There is also a lot less understanding, I think, in the open source community in general about patent laws versus copyright,” he adds

Copyright covers large parts of the software universe and open source developers are far more familiar with a typical copyleft licence or a permissive licence than they are navigating patent claims. “It’s far clearer when you’re dealing with copyright what the copyrighted matter is,” Lee points out. “With patents that’s not always clear and that can be a tremendous challenge, especially when it comes to independent implementation or interoperability.”

Despite what Lee describes as a head-in-the-sand approach to patents by some in the open source community, Mozilla has opted for a different strategy. “One of the most important changes was that we began to understand that for all its flaws there was value in Mozilla engaging in the patent system,” he explains. “Patents are challenging for us because in some ways they are directly at odds with a lot of what our mission is about – which is openness and ensuring that everybody can have can access on equal ground.”

Following along the same lines as Google and others, two years ago Mozilla launched its own open software patent initiative, as well as an open software patent licence. The company committed to selectively building its own portfolio to protect the development of open source code and then to license it out, royalty free, to open source developers as long as they agree not to sue others for infringing on their own software patents and agree to grant a royalty-free patent licence to other open source projects. “It was a solution to make sure that the patents that we acquired would not then be locked up and used to ever harm those ecosystems,” Lee enthuses.

Stepping up

The growing number of non-assertion pledges and the use of patents to protect open source developers show how companies are looking to extract value from their intellectual property rather than simply licensing it out for royalty revenues. However, they also point to the very real IP threats facing open source developers.

Open source is not an IP-free zone but it can be a sector where small companies with limited resources are ill-equipped to navigate an increasingly complex environment. As some in the community point out, problems are emerging because of the explosive growth of open source. ”What used to be a very robust community with strong internal cultures has now become too diffuse,” warns DLA Piper’s Radcliffe. He points to the traditionally consensual, community-based approach to governance as increasingly ill-suited to modern-day realities.

As in the patent space – which over the last two decades has seen the emergence of bad actors, typically referred to as ‘patent trolls’, who use the threat of litigation to extract licensing revenues from alleged infringers – so open source has started to see its own kind of nuisance behaviour. Perhaps the leading example is Patrick McHardy, an early contributor to Linux, who – according to a blog post from Radcliffe – has approached more than 80 companies in relation to his licence enforcement activities. In July last year the Software Freedom Conservancy labelled McHardy and others like him ‘GPL monetisers’, referring to the GNU General Public Licence – the original open source licensing agreement.

Heather Meeker

Partner, O’Melveny & Myers

“Enforcers are going after easy targets whether they’re profiteers or not – we’re still on easy target mode in open source”

“I think we’re just seeing the tip of iceberg,” claims Heather Meeker, an open source expert with O’Melveny & Myers. “For years there really wasn’t anything, but trolls are now starting to pop up.” Part of the problem, Meeker explains, is that developers typically make small mistakes when trying to conform to all aspects of a licensing agreement, such as not including licensing notices in all of their products. That means that many of the disputes which subsequently arise are easily avoided – a world away from the headline-grabbing brawl between Google and Oracle over the former’s use of Java for its Android platform. “Enforcers are going after easy targets whether they’re profiteers or not,” Meeker maintains.

A recent survey by Black Duck Software’s Centre for Open Source Research and Innovation on security and risk in the sector found that over 85% of the applications which were analysed contained components with licences out of compliance. It also found that 53% of the applications had unknown licences, meaning that no one had permission from the creator of the software to use, modify or share it.

Black Duck’s survey analysed more than 1,000 commercial applications and found that they contained an average of 147 open source components which, as the survey points out, is a daunting number of licence obligations to keep track of.

To many open source observers, McHardy’s approach is simply not part of the prevailing culture. However, as they argue and as Black Duck’s analysis suggests, it is symptomatic of a bigger problem. “The battle over open source has been won,” Radcliffe maintains. “But we’re now discovering that there’s a whole bunch of stuff we didn’t think through or dealt with on an ad hoc basis.”

By its very nature open source avoids over-bearing central control. However, that in itself can lead to uncertainty, or at least opportunities which can be exploited by the very kind of monetisers that much of the open source community abhors. According to Radcliffe, some platforms are now starting to look at how they might tighten up their governance.

The Software Freedom Conservancy has shouldered some of the responsibility of identifying and pursuing bad actors. The group recently backed a case in Germany brought by a local open source developer which accused VMware of breaching the GPL and including some of his contributions to the Linux kernel in the company’s proprietary software. The Hamburg court ruled in favour of VMware, saying that the plaintiff was insufficiently clear about which aspects of the company’s software breached the copyright.

For the most part, the large operating companies which have come to dominate open source have the kind of depth of IP expertise that helps to ensure they do not run afoul of relatively basic licensing rules. But this may not be the case for smaller companies, for which open source is their ticket to competing on a more even playing field. Plus, as in the patent world, legal grey areas mean there is plenty of scope for even the largest companies to become embroiled in open source disputes. That is clear from Google’s high-profile spat with Oracle, concerning the search giant’s use of the Java application programming interface in its Android operating system.

Closed shop

However, it is not just open source’s widespread acceptance that is throwing up challenges to the community. In China, where many companies have become widespread users of open source, questions are being raised over an IP system which is not necessarily compatible with some of open source’s philosophies and rules.

At the moment conditions are relatively benign – Chinese companies have tended to be widespread adopters rather than big contributors to open source platforms, although that might change as the country increases its level of involvement. In 2014 China’s Ministry of Industry and Information Technology announced its support for OpenStack, an open source operating system for the cloud, for state-owned enterprises. Last year domestic internet giant Baidu confirmed that it was open sourcing its key machine learning tool PaddlePaddle.

That Chinese entities and companies will become even bigger players in open source seems assured. However, this raises questions over just how compatible a relatively closed IP system is with some of the basic tenets of open source.

According to former Red Hat in-house attorney Erick Robinson – now a lawyer with Beijing East IP Law Firm – one area of uncertainty relates to China’s technology import export regulation. This essentially gives a Chinese licensee a huge amount of control in any licensing agreement (eg, all indemnity risks are placed on the foreign licensor) – to Robinson this could spell problems for open source, as an open source developer is either “breaking Chinese law or the open source licence,” given that a typical licence prohibits that kind of indemnification. Robinson explains that the laws made sense 15 years ago when China’s tech companies were trying to catch up with the rest of the world but now that some of them are competing head on with Western rivals, the laws look increasingly out of place. He claims that the local authorities are aware of the problem but have so far chosen not to fix it. “Open source is an important facet of any software platform and these regulations are holding China back,” Robinson asserts. However, rapid development in China underlines the degree to which open source has become accepted on a worldwide basis. Exactly how it might evolve next, particularly in relation to proprietorial platforms, is not clear. Many see the two systems continuing to coexist, with perhaps a dash of competitive friction.

“I don’t think that proprietary software will ever die out,” Dykema’s Lindberg argues. “There are frequently times and situations where a company can develop something that provides differentiating value over what is available at a more cooperative, commodity level. However, simple economics dictates that new entrants to a market will seek to neutralise the advantage of the leader. Open source is a powerful weapon for neutralising advantages, and so it will be used to put pressure on proprietary software stacks.”

Given this, it looks nearly certain that open source will continue to dominate a world where the appetite for software shows little sign of waning.