Domain: osriskmanagement.com
Stories and comments across the archive that link to osriskmanagement.com.
Stories · 4
-
Patent Pools and Pledges - Panacea or Placebo?
Commentary by Florian Mueller - Last year, a lot of noise was made by OSRM, the city of Munich, and Steve Ballmer about the risk posed to open source by software patents. This year, we've seen a variety of initiatives by companies that "donated" patents to "protect" open source, and organizations like the OSDL and the Open Invention Network now try to pool such patent pledges.I've been wary of those patent pledges and pools from the beginning. There's an awful lot of dishonesty in these all-too-obvious attempts to curry favor with the community and reassure customers. While the jury is still out on some of those projects, none of them has so far delivered a single compelling reason for me to believe that they're really going to be more than a placebo. Some make it sound like these pools are a bulletproof vest for open source, but it's more like you have a coin in your pocket and hope that a bullet will be deflected by it. Too bad the coin isn't even in a place where someone would usually shoot you.
While I do agree that open source should protect itself as best as possible within the legal framework that exists, cheap PR plays are not a substitute for a real solution. The pledges that I've seen so far had all sorts of shortcomings:
- Some pledged patents are of little or no value. Among IBM's 500 patents "contributed" in January, there were some that had nothing to do withsoftware, and many were up for renewal soon, with no guarantee that they'd actually be renewed.
- The pledges typically just relate to particular open source licenses (sometimes rarely-used ones) or projects, such as the Linux kernel (which is only a small part of a standard Linux configuration).
- Some pledges are revocable or haveloopholes such as vague conditions under which the patent holder can sue you anyhow.
- So far the quantities of patents involved have been negligible compared to the total number of issued software patents, and even to the number held by the "generous donors." Even in the long run, there'll be hundreds of thousands of software patents in the world that aren't subject to any pledge. In his speeches, Richard Stallman likens software patents to mines in a park: If there are 90,000 mines in the park instead of 100,000, it's still far from being a safe place to walk.
Even if you don't look the gift-horse in the mouth, there are fundamental problems that even the best pledges can't solve:
- You can't practically go about your programming job by always looking up a patent pledge database whether it contains just the algorithms you need. I don't think any programmer would seriously do that! And even if algorithms A and B are covered by patents in a pool, there may be a patent C that covers your particular combination of A and B, and that patent C may not be in the pool.
- Pledges which exclusively relate to open source aren't too valuable. Software under the BSD license is used in closed-source projects all the time. A project like PostgreSQL, which already felt forced to replace a caching algorithm due to an IBM patent, couldn't just base its development decisions on open source considerations alone. Then there are dual-licensing models for GPL software (MySQL is a well-known example) and companies that sell closed source software to finance their open source development efforts.
- These pledges are only made by organizations that don't intend to sue open source projects anyway. Patent holders who are potentially hostile, be it for strategic or purely financial motivations, won't pledge anything. It's nice to firm up the commitment of your allies not to act against you, but it doesn't reduce the number of enemies.
- If a company promises not to sue open source projects over a certain set of patents, it still doesn't mean that those patents can be used by open source projects for retaliatory purposes. However, the patent game is one of mutually assured destruction, like in the Cold War. If NATO hadn't had a single nuclear weapon, and the Soviet Union had promised not to use something like 5% of its nuclear arsenal, then we probably wouldn't live in freedom now.
- Companies usually can't even make their patents available for the purpose of building a counterthreat because those patents are already subject to existing cross-licensing agreements. If a new entity (such as the Open Invention Network) started acquiring unencumbered patents, then one day they might be able to grant a license to a company like Microsoft in exchange for a covenant not to sue Linux with its own patents. That could indeed make a major difference (even if only for Linux), yet it wouldn't help against trolls that have no products of their own. And a strategic aggressor could secretly arrange for such a troll to do the job.
No matter how you look at it, the only way to reliably solve the problem is at the political level: through legislation that excludes pure program logic from the scope of patentable subject matter. Sure, there's no shortage of people out there who say this can't be done, but they're all wrong. We've been toldmany times that the European software patent directive would come one way or the other -- until we got the European Parliament to reject it by a landslide of 648-32. The German Bundestag and Spanish Senado unanimously backed our central demands. The new German government has just vowed to counter, at the international level, "the trend to seal off markets, among other things by means of patent law." The time is ripe for legislative action.
Some members of the legal profession claim that software patents are an unalterable fate because theyhave a vested interest in sustaining the system. It's a tall order, but definitely possible, to change the legislative framework in our favor. In every parliamentary democracy.
Especially in the field of software, the patent regime no longer serves the public interest. In a perfect democracy, software patents would already be history. In the suboptimal democracies in which we live, there are special interests that oppose changes. Those have influence and deep pockets, but at the end of the day the most valuable currency in politics is voter popularity.
If all the companies who have pledged patents to open source, or who have contributed to those pools, decided to seriously campaign for legislation that abolishes software patents, then the problem could be solved for good. As long as they don't do that, they're not for real. Some may even have a hidden agenda of creating patent pools to gain effective control over the open source universe. We've got to watch out.
Florian founded the NoSoftwarePatents.com campaign. For his political efforts against software patents, he has been named as one of the "top 50 most influential people in intellectual property" according to Managing Intellectual Property magazine and is a candidate for the title of European of the Year.
-
Linux Violates 283 Patents, says Insurance Company
Apro+im writes "According to this article over at ZDNet: 'Linux potentially infringes 283 patents, including 27 held by Microsoft but none that have been validated by court judgments, according to a group that sells insurance to protect those using or selling Linux against intellectual-property litigation.' Dan Ravicher, founder and executive director of the Public Patent Foundation, conducted the analysis for Open Source Risk Management. OSRM is like an insurance company, selling legal protection against Linux copyright-infringement claims. It plans to expand the program to patent protections." -
Perens Talks About Open Source Risk Management
Big Sav writes "Here is a quick but good interview with Bruce Perens. It also raises the topic of indemnification vis a vis the SCO court case " Interesting interview - talks about Peren's new Open Source Risk Management company. -
Insuring Linux, Thanks to SCO
jtheory writes "There's an interesting article on Salon.com (free daypass available, ads, etc.) about the counter-reaction to SCO's attacks on Linux, and how SCO may actually be one of the best things to happen to Linux lately, because their attacks have turned a lot of attention to the possible Achilles' heel in the code contribution process. Includes some good detail on OSRM, a company offering insurance against lawsuits like SCO's, who notably hired Bruce Perens and PJ of Groklaw fame, and is doing their own extremely thorough analysis of the code and any possibility of improperly included code. The founder of OSRM also wrote a story called Why the Linux Community Needs Open Source Insurance on LinuxWorld." We've mentioned risk insurance before.