LWN on the Patent Encumbrence of SELinux

Anonymous Coward writes "LWN has a story about patents in SELinux. The article says: "Much of the actual work in the implementation of SELinux was done by Secure Computing Corporation (SCC). SCC, in its implementation of SELinux, used a technology that it calls type enforcement. As it turns out, SCC has a patent on this technology." Sigh.

OpenViolation

[oldstrat]

They had better consider quite carefully, and soon.

If I had one line of code of my opensource in thier distro, I'd be on them like mad.

Re:OpenViolation

[GigsVT]

If I had one line of code of my opensource in thier distro, I'd be on them like mad.

Why? They havn't violated anything.

Re:OpenViolation

[oldstrat]

The commercial restriction is a violation of the GPL.

If they have not enforced it yet, I am not comforted.

As a contributor to thier product (The total distro), I would be a concerned party, and in fairnes would want them to consider my input before violating my agreement to the GPL.

Does anyone know if there is a GPL for patents?

Re:OpenViolation

[GigsVT]

Well, I have to admit, I'm not really familiar enough with the modifications done to comment too much on the specific situation at hand. That said...

It's not against the GPL to aggregate the distribution of GPL and non-GPL, even closed source, or patented components. My original response was to the "one line of code anywhere in their distro".

The way I see it, unless they modified your code specifically, or linked their non-GPL compatible code to your code in a way more than just aggregation, you don't have much reason to complain, and you don't have any legal rights against them either.

Re:OpenViolation

[oldstrat]

GigsVT - It's not against the GPL to aggregate the distribution of GPL and non-GPL, even closed source, or patented components.
My original response was to the "one line of code anywhere in their distro".

The hinge would be on the word aggregate, I won't conceed that a 'secure linux distro' would be considered a simple aggregation. If they were distributing a 'secure linux component' I could see restrictions being allowed.

The following is from the end of the preamble to the GPL, I for one think it is quite clear.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary.
To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

I am becoming increasingly concerned about the rising numbers of 'closed distros' that ride on the backs of folks who have had the courage to free thier work for the benefit of all, only to have a few take the benefit of themselves.
There has been great debate about what free means, but there also appears to be some confusion as to what open means in the GPL.

Your assertion is that nothing was violated, not about 'one line of code'.
I contend that they have at the least violated the spirit of the GPL copyright, even if by chance the didn't violate the law.
They need to find a way out of the box they've put themselves in and soon.

Opposing views

[debrain]

This will be a case of GPL versus Patent law, then. Certainly the patenting and prohibition of distribution and use of SELinux is contrary to the necessity of redistribution and free use stipulated in (and forced adherence to) the GPL.

How does the GPL interact with patents? GPL is a copyright (copyleft) law, whereas patents are an exclusive monopoly. How does one separate them?

Certainly, given the code, we (by "we", I mean "you" the kernel hacker ... heh) could remove all references to this type checking, or better still, extend it into a derivative patent. The power of the GPL, even should it prove impotent in protecting us against unwanted patent license remuneration, still gives us the power to remove that Patented material and continue in our merry way.

Re:Opposing views

From clause 7 at http://www.gnu.org/copyleft/gpl.html

"If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."

Re:Opposing views

[oever]

So according to the license, all GPL code that implements a software patent cannot be distributed when there is a license fee for the patent.

If this is true, free software can easily be damaged by patent lawyers.

Conclusion: abolish software patents.

Re:Opposing views

[Kenshiro]

>This will be a case of GPL versus Patent law, then.

Not necessarily. Maybe more of a case of how much you
can release your rights in a web page, which can be
yanked at any moment? Keep in mind they *did* claim
there would be no restrictions.

Re:Opposing views

[cyborch]

Conclusion: abolish software patents.

...or patent lawyers! or better yet: lawyers in general!

Re:Opposing views

[Marasmus]

Yeah, it's a patent-law versus GPL thing, but (at least to me) it appears to be cut-and-dry. Linux existed, with its use of the (L)GPL as its license. SCC held their patent and chose to modify Linux to make use of their technology. They are a 'consumer' of Linux, and Linux is NOT a consumer of their technology. They are, before any consideration of patent law is considered, required to comply with the GPL in regards to adding anything to Linux.

So they (we assume consciously) chose to work their code into Linux and redistribute it. This action implies intent to comply with the GPL. Considering the specific requirements of the GPL in regards to patents (must be royalty-free for ALL users who can receive the distribution), the only logical conclusion to draw is that SCC aggreed at the moment of distribution to permit use of their patent within Linux as royalty-free to the public (which includes individuals, governments, deities, and businesses alike).

it's a fairly a->b->c sort of thing. The only thing assumed is that SCC had the conscious intent to comply with the GPL... If they never intended to comply with the GPL, then this whole point is moot and they are in violation of the license! This certainly isn't a rocket-science concept to understand.

So what are our outcomes? (1) SCC provides royalty-free use of their patent in SELinux, (2) SCC withdraws their code, (3) SCC tries to play hardball by requiring licensing while violating the GPL and tries to fight the GPL in court. The likelihood of 3 doesn't seem too likely.

Re:Opposing views

[Chris+Johnson]

No, no, no, no, no. Intent is nothing! It's down to the wording of the actual license. Nobody is going to care about the 'since they came to play in our sandbox they must have MEANT to do XYZ'. Treachery is not itself against the law, just certain implementations of it are.

The outcome to watch for is (4) SCC blows away their license to distribute Linux and then shuts down all Linux distribution that involves their patented stuff, until the patented stuff is completely removed. The reason to watch for this is as follows: while destroying your own product (a Linux distribution) is bad business, there is enough outside interest in doing great damage to Linux that it WILL become rewarding to do so, to the extent that the patent becomes indispensable. If the patent becomes completely indispensable to Linux, the value of buying out or subverting the patent holder becomes astronomical to a competitor- some of whom claim to have rather a lot of money.

This holds for ANY patent being licensed into Free software, not just the SCC.

Re:Opposing views

[User+956]

Agreed. Lawyers are the bane of all existence. Much like Boy scouts and Catholic priests.

Patent problem

[oever]

Where is the problem exactly with patents in GPL-ed software?

If a company has a patent on a software technique and writes and distributes GPL code to implement it, anybody can use this code. Or can't they?

And can people modify that code? I guess one cannot write new GPL-ed code that does the same thing.

Or can a company charge you for using the GPL-ed code with patents?

Re:Patent problem

[Raphael]

Where is the problem exactly with patents in GPL-ed software?

You should read the GPL. In the introduction, it states: "We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all." For the details, you should check sections 7 and 8 of the GPL.

If a company has a patent on a software technique and writes and distributes GPL code to implement it, anybody can use this code. Or can't they?

Let's put this in a different way: if a company distributes some code for which they own a patent under the GPL, then the only way for them to comply with section 7 of the GPL is to allow royalty-free usage, redistribution and modification of the code. Otherwise, they would not be allowed to distribute the code under the GPL. They would have to stop distributing it, or change the license.

Re:Patent problem

[johnjones]

yep

its all stupid

patents should be on a process and as such software should not be patentable

its like saying I have copyrighted the ability to write trashy novels

there is no way that you could get away with this

simple because its too wide rangeing people argue that their software patents cover very specific things but unfortunatly you cant have them if you dont allow the wide rangeing

frankly its all a mess

just say no to software patents in europe

write to your MEP if you live in europe

Who is my MEP

regards

John Jones

Re:Patent problem

[kogs]

If a patentee issues software, implementing the patented invention, under the GPL. There must be an implicit patent licence that runs in parallel with the GPL because without the parallel patent licence no one can take advantage of the GPL. It has to be assumed that when the software was issued under the GPL, it was intended that people would be able to use the software as envisioned in the GPL.

However, the patent licence would not cover independently created software implementing the invention. This has two consequences.

Firstly proprietory software would infringe the patent, possibly a good thing.

Secondly, alternative, independent open source implementations would infringe the patent and require a licence. This would enable the patentee to say to Linus, if you want this feature in the kernel, you have to use our code or a derivative thereof, irrespective of whether another implementation was better.

For the Good of the Community

[pryan]

I've been watching this on the Linux Security Module mailing list and have high hopes that SCC sticks to their original promise and not place restrictions on the use of this technology. There are plans to get this into the Linux 2.5 development tree and eventually have it available in 2.6. This is the sort of security technology we desperately need in a popular OS, so let's hope SCC does not prevent its movement towards integration with the main Linux source tree.

Re:For the Good of the Community

I've been watching this on the Linux Security Module mailing list and have high hopes that SCC sticks to their original promise and not place restrictions on the use of this technology.

I haven't checked this out personally, but I think that if a person or company makes a promise, especially a public one, the promise constitutes a legal agreement.

Re:For the Good of the Community

[sofar]

As far as I know we don't have to be afraid of this, any code that goes into the kernel must surely be completely GPL, or at least not have any major catch to it, otherwise Linus and Marcelo will certainly disallow it (I hope!).

Re:For the Good of the Community

[mshiltonj]

I've been watching this on the Linux Security Module mailing list and have high hopes that SCC sticks to their original promise and not place restrictions on the use of this technology.

Either let the technology be public domain, or assign the patent to the FSF. Agreeing to "not place restrictions on the use of this technology" is a shallow promise. The situation needs to be rectified to where SCC *is unable* to place restrictions on the technology, kept promises or broken ones.

Re:For the Good of the Community

[pryan]

This brings up the idea of eminent domain. If this technology were classified as a necessary step in increasing the security of operating systems, could the federal government co-opt SCC's patents in the interest of the public good under the doctrine of eminent domain? Is there a precedent regarding the application eminent domain to intellectual property?

If so, would we want them to do so? Eminent domain can cut both ways, since the federal government can assign ownership to corporations, state or federal government in addition to effectively putting something into the physical analog to public domain.

Re:For the Good of the Community

[liquidsin]

By agreeing to "not place restrictions on the use" are they not effectively granting a license? It was my understanding (disclaimer: IANAL) that if they *allow* you to use the code now, they can't come back a year later and demand licensing fees. But this isn't really my area of expertise...mostly just stuff I've picked up from being here too much ;)

Re:For the Good of the Community

[fw3]

I've been watching this on the Linux Security Module mailing list

SCC, NSA and other interested parties have noted that TE and DTE (domain/type enforcement) are patented respectively by SCC and NAI labs (both of which have contributed substantial code to SELinux.

SCC's statement on their website was vague, simply saying: will be no restrictions on the use of TE by the Linux open source community ... will release source code for all the modifications to the existing kernel and for a general-purpose security policy engine under the GPL

LSM itself does not implement TE or DTE and is not affected by these patents. LSM is a standard framework allowing(many) system security implementations to be used in the linux kernel without needing extensive re-writes for every kernel release.

Things that are not clear (to me and I think to most of the participants in this 'issue' with SELinux) include:

• on what would this patent be restricted / enforced? - closed source?
• exactly who is allowed unrestricted use? Linux? GPL-code? BSD?
• when these and other questions are answered, will the letter (spirit?) of GPL be preserved?
• When THAT has been determined, how will the various contributors to SELinux respond?

These aren't simple answers, I think SCC's original statment was clear about *intent* and I sincerely hope they'll clarify adequately and in a manner that allows development / deployment of SELinux based tools to proceed.

Questions:
At what level of patent-restrictions would GPL be broken?

• restricting use of the patent in proprietary sytems of all types?
• proprietary code incorprating GPL code but not distributed? (this is allowed under GPL)
• Other 'free' software licenses (BSD, public domain, Artistic ...)

Not knowing the details, I don't think there's much to discuss until SCC (and hopefully NAI) clarify their plans wrt these patents and issue clear statements.

My impression is that they're acting in good faith; I'm ok with their taking down the vague statments from the web page while developing something that we can all count on.

The statment quoted on LWN about "needing to negotiate a license to use TE commercially" looks ill-informed. SCC has released GPL'd code which implements TE I believe that limiting that code from commercial use would violate GPL.

I strongly suspect that various folks at SCC weren't communicating adequately (Imagine that! geeks/marketing/etc not having the best communication skills?! :-)).

Got my finger crossed in hopes this works out smoothly.

Re:For the Good of the Community

[greenrd]

This is the #1 most common mistake about patents on /. Trademarks lose their validity if not enforced; copyrights and patents do not.

hmm

[ins0m]

Type enforcement is patented, yet the distro is freely available AFAIK. Plus, even though they retracted a previous FAQ on the source distribution for TE, it seems that they almost would have to keep any kernel modifications public or face down GPL issues. However, it appears that the whole issue is going to get skirted around by modularizing TE and also releasing a security policy config. Thus, without directly applying any hard change to the kernel per se, the license shouldn't be screwed with. It's still shady, but after a once-over it seems like they have enough of a loophole to wriggle through.

My IANAL conclusion

[autocracy]

Basically, patenting something in software and then GPLing it means you're the only one who can write the code that does that, but anyone can modify and redistribute what you've done. Kind of confusing, but basically it means that a certain method of doing something in software can now only be done if it's under the GPL - interesting.

I think that this also falls under the class of submarine patents. Either way, if I'm right in my conclusion, they can't do anything about it - you can't "unlicense" a GPL license; and it's non-exclusive, so anybody that has it can keep it going even after you stop offering it...

Summary: Chill out in the walk-in freezer!

Re:My IANAL conclusion

No.
From clause 7 at http://www.gnu.org/copyleft/gpl.html

"If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."

Re:My IANAL conclusion

[sydb]

Please mod up anonymous coward parent. Or just read it:

Re:My IANAL conclusion
by Anonymous Coward on 14/06/02 11:55 (Score:0) (#3700092)
No.
From clause 7 at http://www.gnu.org/copyleft/gpl.html

"If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."

Re:My IANAL conclusion

[pwagland]

Basically, patenting something in software and then GPLing it means you're the only one who can write the code that does that, but anyone can modify and redistribute what you've done. Kind of confusing, but basically it means that a certain method of doing something in software can now only be done if it's under the GPL - interesting.

Sadly, I believe that you are wrong.

Disclaimer: IANAL

Unisys allowed patented code (LZW) to be used in GPL products. The GIF format was largely scuppered because of this patent. Just being GPL does not protect you from patents.

You claim that they can write the code, which is true. But just placing the code under GPL does not protect you from further patent attacks, unless of course you are claiming prior art, which this is not. It is work based on the patent, you are free to modify it, and to redistribute it, except that they can still come and shut you down as a derivative work, since your work is based on the patent. This is what people are worried about.

Re:My IANAL conclusion

[autocracy]

Yes, but remember that this is in the context of the owner placing that code. The situation is exactly the same as that of Unisys. And I don't think that Unisys would be allowed to undo that action even if they still have a valid patent (do they?). It's still obvious that you can't simply GPL somebody else's patented work unless they permit it...

Re:My IANAL conclusion

[autocracy]

See this reply. It's the same situation as Unisys. I guess the only concern I have is whether they can undo the action of GPLing it - and I don't think they can. It was perfectly legal for them to place it under the GPL (or for whoever contracted them out to do so if that was the agreement) because they own the patent.

Re:My IANAL conclusion

[Raphael]

Basically, patenting something in software and then GPLing it means you're the only one who can write the code that does that, [...]

Sorry, but you are wrong. See my previous comment in this thread. According to section 7 of the GPL, you must distribute your code with a royalty-free license or not distribute it at all (or not under the GPL).

So now Secure Computing Corporation (SCC) can do several things:

• Confirm their previous statement: "There will be no restrictions on the use of TE by the Linux open source community.". TE is the Type Enforcement technology on which they have a patent. Basically, the usage of TE in any GPL code (commercial or not) would be allowed.
• Claim that they did not understand what the GPL implied and say that they never intended to allow a royalty-free usage of their patent in GPL software. They could then try to warn all those who have received a copy of their code and tell them to stop distributing it.

They have no other choice: either they comply with the GPL and allow royalty-free usage in any GPL code, or they cancel their contributions and stop the SELinux project. Given the nature of their contribution, the third option (releasing binary-only drivers under a proprietary license enforcing the patents without modifying the kernel) cannot be applied, so the options are limited for them.

Re:My IANAL conclusion

[autocracy]

Yeah, and mod this dumb fucker down while you're at it - he has no place verbatim copying somebody's post and then reaping karma off it by adding the lines "Please mod up anonymous coward parent. Or just read it." The original post should get the original credit, even if it's anonymous.

Re:My IANAL conclusion

[AVee]

If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations

And since it is there own patent the sure can distibute it, or they should find a way to sue themself for distributing the software royalty-free. (That whould make an interesting case...)

They published the code under GPL they gave away the right to use and modify this code, they cannot withdraw that once given right under the terms of the GPL. Basically, I think they gave as they right to use, at least this implementation, of their patent at the moment the GPL'ed it. (But IANAL.)

Re:My IANAL conclusion

[autocracy]

I think before anybody else replies to my thread here, it would be nice to remember that this is in the context of the patent holder GPLing the code under there own will, or by contract with a customer that says this will be the result. Precedence shows that you can't un-license the GPL either; that's the reason that we have OpenSSH.

Re:My IANAL conclusion

[autocracy]

The GPL is a royalty-free license. The patent basically says that if you want to use their method, you must do it by citing credit to them and using a derivitive of their work. Fairly wierd, but still... It sums to say you just can't generate your own code from the ground up - but you could make a derivitive work that has nothing the same except the result. Either way, it must both remain under the GPL and the patent owner must recieve credit in the code.

Re:My IANAL conclusion

[Lonath]

IANAL, of course, but my reading of the GPL is that if you (the pure thought patent owner) put your pure thought patented code into GPLed code and release it, you've given up control over that implementation of your pure thought patent. And, anyone can take the code covered by the pure thought patent and extend it just as the GPL says they can. Of course, this might mean that you can modify it under the GPL, but you can't run it. If that's the case, then the GPL is worthless, and it needs to be modified to allow execution of code covered by pure thought patents, and of derivatives to that code.

Also, there is something called estoppel, which might apply here. But, basically if you promise something, and people do things based upon that promise, you can't go back and change it later and screw everyone over. I am not sure if it applies here, but companies shouldn't be able to say one thing, then wait a few years then change their minds.

Re:My IANAL conclusion

[cyborch]

No.

Yes.

Again, from clause 7 at http://www.gnu.org/copyleft/gpl.html: "If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations,..."

Read the parent post again, or just the following snippet:

but basically it means that a certain method of doing something in software can now only be done if it's under the GPL - interesting.

What this means is that I can take a software patent and distribute my own patented software under the GPL with the only obligations on my patent that any software that implements my patent must be GPL'ed itself. This would not violate the GPL.

Re:My IANAL conclusion

[MrFredBloggs]

Yeah, but a lot of people dont read anon comments, or browse at a higher rating so would miss it. Relying on moderators doing anything right is a mistake - they only mod up stuff thats posted within minutes of the article appearing.

Re:My IANAL conclusion

[jeffy124]

actually, this issue was brought up in the Viega/Flock OSS security rebuttal to AdTI paper recently. They said that the patent holder can release a royalty-free GPL version of the patented algorithm, software, whatever, but also allow those not wishing to have GPL code in their software to negotiate (ie, pay for) a seperate license for the code.

Basically, in this scenario, if a company wishes to develop an OS based on the ideas in SELinux and market it (as closed source), they would have to get a separate license from SCC on type enforcement before placing it in their code, one where SCC can demand royalties.

Re:My IANAL conclusion

[Zathrus]

Patents are not like any other intellectual property. If you do not protect your trademark or copyright, you can lose it simply through a demonstrated lack of due dillegence.

If you find out someone is infringing on your patent, however, you can ignore them until you decide that you don't want them doing that anymore. And then sue them for patent violation regardless of how long you knew about the issue, whether or not you warned them, etc. It may be different if you told them outright "it's ok", and certainly knowing about it and not acting on it may result in a reduced penalty to the infringing party, but it's still an infringement. And at the very least you could deny them the right to continue infringing.

IANAL, but I took an intellectual property law in college (and the patent/trademark bits are still relevant at least).

Re:My IANAL conclusion

[ReelOddeeo]

Yeah, but a lot of people dont read anon comments, or browse at a higher rating so would miss it.

That's fine if you want to read Slashdot that way. But then, please DON'T moderate!!

Re:My IANAL conclusion

[jsse]

Coincidentally I'm drafting a project proposal which includes GPL'd software and contains some patented component. As they are not going to release the code to anyone else outside their organization, under abovesaid and this, they do not need to worry too much about conflicting of both license as long as they don't distribute their code outside their organization, and at the same time under the protection of patent-law.

I wish I could win the bid but my competitor send some MCSEs to spread FUD that we are using viral licenses and my software is infested with virus. Well that's another story to tell. :(

Re:My IANAL conclusion

[cpaluc]

Clause 7 expressly acknowledges that patent rights may be enforceable inconsistently with some of the rights granted under the GPL. It says that if you can't meet the GPL obligations (because of other obligations) then you can't distribute at all.

So, if a patent holder actually released GPLed code then they must be taken to also be licensing the patent in a manner consistent with the GPL? Otherwise, according to the GPL, they may not distribute the code under the GPL.

Re:My IANAL conclusion

[sydb]

Dumb fucker yourself. I am not interested in the slightest in karma, I hit the cap many moons ago anyway. I posted to raise awareness of the truth of the original post. If I had wanted karma I would just have made the point myself rather than drawing attention to an anonymous coward post.

I'd like to punch you for being unnecessarily abusive. I'm investigating travel arrangements for Androscoggin Valley now.

Re:My IANAL conclusion

[Rogerborg]

• you can't "unlicense" a GPL license; and it's non-exclusive, so anybody that has it can keep it going even after you stop offering it...

We're in agreement about that, but the problem is that copyright law and patent law are different. Me and thee can continue to copy, modify and distribute their GPL'd source as much as we like (as long as we complt with GPL) because the GPL license they chose to put on their copyrighted source gives us an explicit license to do so. However, the GPL isn't as clear as it could be on asserting that licensees must explicitely license all patents in perpetuity.

There's only an implicit licensing of patents, and only as long as they're still distributing the GPL'd source. Now, it seems clear that if they do enforce patents, then they lose the right to distrubute further source derived from or linked with GPL source, but that doesn't effect the source that's already out there.

Rather, it effects it in as much as they (retroactively?) lose the right they had to use other people's copyrighted GPL'd source, so can be sued by the copyright owners on that basis, but that's a separate issue to their patent ownership. They can, effectively, stop releasing their product while at the same time leveraging their patent claim on anyone who keeps using the versions already out there. The GPL doesn't stop them from doing this, it just stops them from releasing further GPL source and perhaps leaves them open to copyright infringement for their past use of GPL'd code. But when they actually copied it it, they were complying with the license terms, so it's going to be a tough call.

Re:My IANAL conclusion

[autocracy]

One piece of software may be licensed more than one way. Take QT for example - it's available under both the GPL and a proprietary license. Take you pick...

Re:My IANAL conclusion

[autocracy]

Please forgive my sucky website then - I just keep it for info, and the host of it just came under my control - the front page REALLY needs to be torn down. Anyhow, you did make the point yourself... word for word...

Of course, the mods should be slapped for not modding up the original one...

Re:My IANAL conclusion

[Lonath]

That's understandable...that if the code remains under a FS license (like GPLed code must) then it's ok. But, if you do a BSD/X license, you can't necessarily use it in commercial code. This came up with the recent Redhat patents also...they conspicuously left the BSD/X licenses off their list of ok licenses.

Re:My IANAL conclusion

[Royster]

That only works if the person who wants to dual-license holds the copyright to the entire work.

SE does not hold a copywrite on the entire kernel they've released so they *can not* dual license it.

They may not even be able to distribute it at all if their patent is an impermissable restriction in violation of the GPL as it appears to be.

Re:My IANAL conclusion

[Royster]

However, the GPL isn't as clear as it could be on asserting that licensees must explicitely license all patents in perpetuity.

Patents only last 17 years. There's no requirement to license patents past that point.

Bringing perpetuities raises a big red flag in courts because they don't like perpetual restrictions. There are no perpetuities here.

Re:My IANAL conclusion

Basically, I think they gave as they right to use, at least this implementation, of their patent at the moment the GPL'ed it. (But IANAL.)

This means that the viral aspect of the GPL affects not only the code merged with the GP

Re:My IANAL conclusion

[autocracy]

Yeah, but the can certainly relicense the code within it that performs their generated functions that happen to be fairly universal. Kernel modules can be non-GPL (think Nvidia drivers). All the do now is include a kernel on the same disk.

Not an issue

By licensing Selinux under the GNU GPL, they've granted users unconditional rights to that patent. This is part of the license.

The GPL

[sirsnork]

Can someone explain for me how this could have happened??

They are modifying the Linux kernel to do this. The kernel is distributed under the GPL. So they can't just add some nice security features and start charging for a licence as that goes against the GPL, doesn't it?

Re:The GPL

[jukal]

> They are modifying the Linux kernel to do this. The kernel is distributed under the GPL. So they can't just add some nice security features and start charging for a licence as that goes against the GPL, doesn't it?

As long as they can get their code in the form of loadable modules, GPLed kernel does not restrict them from anything. I don't know which is the case in this case. And yes, you can patent things that utilize opensource, just see the USPTO archives for reference, try searching with keyword 'linux' for example.

Re:The GPL

Yes, but if you look at the SELinux patches, they strongly recommend that the security components are compiled directly into the kernel, and not used as loadable modules. This means that the GPL must be enforced!

If used well

[bmongar]

If used well the patent could be a good thing, it could prevent any closed source implementations of the technology. Since it is released under the GPL they can't really prevent anyone from using or distributing it openly.

Re:If used well

[perky]

Why would you want to prevent closed source from implementing this? I'd prefer that any and every OS improved its security is the tech is there.

Re:If used well

[o'reor]

If used well the patent could be a good thing, it could prevent any closed source implementations of the technology.
Well, certainly, and I wish the patents on free software could only be used this way. I also think the people in SELinux believed it was the best thing to do, and they may actually have filed the patent with such thoughts on their minds.

However, since software companies come and go, since a patent is to be accounted as part of the goods owned by a company, who is to guarantee that the owner of SELinux won't change ? Who is to guarantee that once the patents are transferred to another company, the attitude of the new owner won't bet totally opposite ?

That's a risky bet...

Two choices under the GPL

[spong]

According to the gpl, they appear to have two choices:

"any patent must be licensed for everyone's free use...
...or not licensed at all"

So if these mods are in the kernel they will either need to licence the code to everyone, or stop distributing SELinux.

Re:Two choices under the GPL

> stop distributing SELinux.

No. The GPL doesn't allow you to "stop" distributing. It disallows you from distributing at all.

Huge difference.

Once you distribute something, you cannot undo the license for copies you've already let go.

The reason is simple. People have predicated tangible actions on the license, in good faith, as it was given. Making any arbitrary change, after the fact, dis-enfranchises these good faith actions. Even under stupidity like UCITA the right to rewrite your license would have to be in that license to start with, and the GPL has no such clause.

Original Message to the list was:

"SELinux includes Type Enforcement technology developed and patented by the Secure Computing Corporation, who still holds rights to all commercial use of the technology. Before a colo company, or anyone else uses the technology commercially, it will be necessary to negotiate a license with Secure Computing. If anyone wants to do so, I can help get the ball rolling with our Legal and BD folks.

--Tom

Dr. Tom Haigh, CTO
Secure Computing Corp."


- Further contact info ommited -

The guy was responding to a question (from Colo) that looked like they were ditributing GPL code without actually understang the GPL itself...

Just another software patent fiasco

[kylus]

I'm pretty sure webpages have very little validity when compared to patents, but my favorite part of this debate is the fact that no one from SCC said anything until the use of SELinux in a commercial package was brought up on the mailing list. Even better is this page, which, after being around for about 2 years, 'magically' disappeared from SCC's website after the debate began on the mailing list. Take a look at Questions 5 & 6, which pretty much spell out that they released the work under the "letter and spirit of the GPL."

This is just another example of software patent BS. Doesn't the GPL forbid/advise against patents anyway? If that's the case then why would SCC bother to say they were releasing the work under the GPL? It looks more like they just noticed that there could be money to be made on this, so now it's time to break out the patents and scream about royalties.

Way to go, SCC. I think you've confused the 'spirit of the GPL' with something else far more ugly.

Because so few people have actually READ the GPL

[Rogerborg]

I'll post the relevant section here:

• 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

The situation that the FSF had in mind was a company taking GPL code, then injecting patented code in a attempt to de-GPL it and make it proprietary. The protection provided by copyright is the leverage that enforces this.

What they didn't apparently consider was a patent owner voluntarily providing code (that they have the copyright to) under the GPL license. However, I think (I hope) the license is clear enough that if the code is GPL, it can't be retracted (even by the copyright holder) or restricted by patents.

IANAL, but I bet this is giving some FSF lawyers pause to consider whether they need an explicit clause in the GPL to cover this.

Re:Patent problem, easy as...

[oliverthered]

Well, the company has already licenced the use of there patent, under the terms of GPL.
Companies either,
Sit on patnets and sue,
Sit on them an hold the market and sue,
License the use of there patents (GPL in this case).

Or have 'open patents', e.g. a group of telcos all have patents in key ares, and to stop all the licensing/sueing problems they aggree to share there patents in an open way.

Legal implications of this ?

[o'reor]

This, along with the RedHat patents in the Linux Kernel, rises a series of good questions :

• how are those patents going to benefit the companies that filed them ? It's mainly a closed-source word out there, how are they to prove that a competitor used the same technology in a closed-source product ?
• it does not appear to harm the free software community for the moment, but what later ? What if those components are no longer distributed under a free license ? SE Linux raises the problem with the explicit mention being removed from their pages, as mentionned by LWN.
• isn't it just a problem with the US patent office, who are overloaded with work, who do not always check the validity of a patent with regards to prior art, and the US legal system which allows lawyers of big companies to blackmail and racket smaller companies on unfair patent claims ? See this site which refers to a previous /. post on the subject. I personnaly think that kind of situation is an incentive for RedHat and SELinux to spend big bucks on patents.

I clearly don't see the free software community benefiting from this situation. Individual programmers will have to face both the possiblity that a rogue company sues them unfairly for patent infringement, and the possibility that another company, owning patents on parts of free software, changes its attitude towards the GPL and decides to un-GPL their code and go proprietary.

Say "thanks" to US lawyers and Powers That Be for allowing that nightmare to come true.

Re:Legal implications of this ?

[Flower]

Say "thanks" to US lawyers and Powers That Be for allowing that nightmare to come true.

I'm going to play Devil's Advocate here for just a moment....

Say "thanks" to US lawyers and Powers That Be for allowing this $350 billion dollar a year industry to come true.

IIRC, it was the Supreme Court that ruled "everything under the sun made by man can be patented." My personal bias aside, it is the argument above that will actually have to be refuted if you want patent reform imho because Congress will be listening to the industry and not to an unorganized group of programmers if and when they even considered the act of congress it would probably take to modify patent law.

Isn't it still free for open source?

From the story:

There will be no restrictions on the use of TE by the Linux open source community
+
Before a colo company, or anyone else uses the technology commercially, it will be necessary to negotiate a license with Secure Computing
=
How does this affect open source users? Granted these are both generalized statements about the license, but it would appear that the "license" is free for non-commercial uses... If you don't intend to sell the product, then you don't have to pay for the license...

Re:Isn't it still free for open source?

Non-commercial means any use / distribution of the product which gives the user monetary gain. For example, if you use Photoshop at home for tweaking picturs of your nephew's birthday party, it's non-commercial. But if you use those pictures on a website as examples of your expertise in Photoshop to sell your services, it's commercial use.

GPL is not an implied patent license

[_|()|\|]

you can't "unlicense" a GPL license

The GNU GPL is not an implied patent license. Its purpose is not "to induce you to infringe any patents or other property right claims or to contest validity of any such claims." However, if I release software under the GPL, but withhold the patent, then the release is a sham. If I don't own the copyright to all the code, then it may be illegal.

The point is, we'll have to look carefully at the patent license for boilerplate lawyerese, like a termination clause, that would be incompatible with the GPL. A GPL-compatible patent license must be written very broadly.

The sky isn't falling.

I find software patents as obtrusive as anybody else, and in most cases they violate the spirit of the GPL. However, if the goal of the GPL is to get the source code out there, a software patent doesn't technically encumber distribution if they aren't charging the distributors or the people receiving the software does it?

I understand that we're still in the process of determining what is and isn't acceptable, but there is a fine line between protecting your rights and shoehorning other people's intellectual property into your project. If nobody is free to use patented algorithms, the progress and acceptance of Free Software is going to be hindered because any programs written under its terms are going to be unnecessarily crippled next to their commercial counterparts. I'd be extremely disappointed if our methodology was perceived to be inferior because of a technicality like that.

Clear policy

`Inflamatory email is unlikely to help'.

Actually I think it is very likely to help.

Let's look at what's going on: we've got a company who is
writing code, and is weaseling out on the licence agreement.

Well, the sooner they make a clear stance the better. Is their patented technology really necessary ? I don't think so. Do they wish to free it ? It looks very unlikely.

In fact, it looks like they want to get away with it, if they can. They will go just as far as they can to get their fingers inside Linux, and not further if they can help it.
Their tactics is obvious, and it's very likely the end result isn't going to be too palatable anyways.

Like, you will end up with a `free' security module,... and all strings attached to any possible extension you may want to get.

So, it's really time to drive a hard bargain.

If that company can't make a straight deal, it's much better to know now, rather than tomorrow, so that truely free alternatives can be developed today.

I recommend patience

[grylnsmn]

I'd recommend that we wait before we panic. Since they have not yet stopped SELinux's distribution (and have even encouraged it), all we can really do is wait and see what they do.

Then, if they decide that it is incompatible with the GPL, we can panic. If we let our fears and emotions run away with this we could just drive them farther away from the Open Source Community. As one poem says:

School thy feelings, O my Brother.
Train thy warm, impulsive soul.
Do not its emotions smother,
but let wisdom's voice control.

What is Type Enforcement?

[tshoppa]

What exactly is SCC's "Type Enforcement"?

I've heard the same phrase applied to capabilitiy-based architectures, but these are systems built around hardware enforcement, and I get the impression that SCC's scheme is software-based.

Re:What is Type Enforcement?

I'm going from memory, as I haven't used "TE" for about 4 years now. Since I'm giving a high level description of it, and I'm no longer an employee of SCC, I shouldn't be breaking any NDAs.

It was a pain to use as a developer as even though you were root, you were limited to what you could do!

The OS is modified to include a "type" in addition to user and group in the filesystem. All of the filesystem tools were modified to use this "type"

For example, for your mail server you would create a mail "type", and associate only mail related files with this mail type.

Even if you are root, but aren't logged into the mail type, you can't do anything with those files.

If a remote root exploit is found on sendmail, the hacker can do *nothing* as they are locked down.

Associate types for different areas of your system and you will have a pain in the ass system to administrate, let alone be able to hack!

Or something like that.

Re:What is Type Enforcement?

Same AC here. To add a further comment, the patent wasn't something done recently, it was 4-5 years ago.

This patent wasn't done intentionally to screw over Linux. It was done to protect SCC from competing products as at the time TE was some pretty kickass (and still is) security.

Linux wasn't as mainstream back then -- even I used it back then, but it wasn't as common as it is now.

Re:What is Type Enforcement?

So it's just one more of {user,group,other}, without a notion of super-user? Wow, what a concept!! ...

Re:What is Type Enforcement?

[Huusker]

Let sigma be the type signature of all operations F on objects O on behalf of subjects S. There exists a type database D that enumerates all valid sigmas - (S,O,F) tuples. Type Enforcement intercepts all functions F and vets them with D.

In the original patent, the TE was done in hardware by a security chip. The chip triggered on all transitions to kernel mode.

The difference between TE and say, the TCB/Orange-book model in Windows NT, is that TE is more mathematically elegant and therefore presumably more amenable to automated validation and verification.

In the real world, TE is performed in software at the kernel transition point. For example for sendmail, it enumerates all of the files and directories that sendmail is allowed to see (/etc/sendmail.cf, /usr/spool/mail, etc.) Objects can include files, directories, /dev/*, sockets, NICs, IP addresses, just about any kernel object.

TE is orthogonal to the super-user concept. So a having root on a TE system doesn't get you anywhere, and in fact will probably trigger all sorts of SACL alarms.

Re:What is Type Enforcement?

[T5]

Type Enforcement is used in SCC's Sidewinder firewall product, IMHO the most secure firewall going bar none. In plainer language than the above, it internally segments the parts of the OS from each other in a way that precludes their access/interference to each other. There is a "root", but it's restricted in its ability to manipulate system services. There are "mini-roots" so to speak that administer the various services such as ftp, www, etc. Each network interface runs in a separate domain, with separate firewall rules for each.

The analogy is that Sidewinder is compartmentalized like a submarine. Breech the hull in one location, and the internal bulkheads contain the damage to just that section. So, for example, if there were a breach or other weakness in the ftp service, this would not automatically lead to a breach in web serving or to any other service on the box.

In practice, this is one tough beast. For a two and a half year period when I managed one of these, we were the only Department of (fill in the blank) site in the area to not be penetrated, including a national laboratory with 25x our budget for computer security. Sidewinder turned away thousands of attacks. The only downside is that it took us about $35K to get the product and the requisite hardware and the basic training necessary to set it up.

SSC has no clue to what Linux is all about!

[MrJerryNormandinSir]

When will people get it?
Linux isn't about patents.
I don't need their close source security.

Re:Because so few people have actually READ the GP

[gerddie]

IANAL, but I bet this is giving some FSF lawyers pause to consider whether they need an explicit clause in the GPL to cover this.

I don't think so. The patent owners set the patent license. If they decide to publish the patented code as GPLed software, then they must comply with the GPL and the software, using the patented techique can be distributed free of charge. Since they certainly can set the patent license, they appearently have choosen to set it to no-cost for usage in the linux kernel and derived works. Therefore, any use of this patented techique in an GPLed software will be possible.
If they would choose to set a license fee > 0 for usage in the linux kernel, then the GPL would force them not to distribute a kernel modified with their patented techique.

As usual IANAL.

GPL Section 7

[Todd+Knarr]

Wouldn't section 7 cover it? If people who receive SELinux directly from SCC could not modify and redistribute the code without paying patent royalties on SCC's stuff, then SCC's stuff would violate the GPL and they lose the right to redistribute a work based on the GPL'd Linux code, no?

Question

[YanceyAI]

It may be a dumb question, but:

Does Linux's license specifically say software, drivers, tools, etc. must be open source as well? Could it be that specific without scaring off developers? Would it be legal?

Re:Question

[(startx)]

*cough* nVidia's binary closed source drivers drivers *cough*

(Do you know how hard it is to get that all out in one cough?)

Re:Question

Read the GPL. It's posted all over this thread.

"In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License."

You may include gpl programs in a collection of software with non-gpl programs; you may run non-gpl programs on gpl operating systems; you may let gpled programs communicate with non-gpl programs. You may not, however, link GPLed software with non-GPLed software and then distribute the results, unless you then bring the non-GPLed software under the scope of the GPL.

Re:Question

[Amazing+Quantum+Man]

That's why they aren't included in any distros, and you need to download them from nVidia.

Licenses dont apply to the copyright owner

Just because the GPL license file is included with the software does not mean that it was distributed under the license. The copyright owner does not need a license and is not bound by the license he includes for you!

Of course if part of his project is other people's GPL'd code (for instance Linux) then this does not apply and you are correct.

My example isnt entirely academic though, for instance Lizardtech released their djvu code supposedly under the GPL but freely admits its patents are only valid when used to implement djvu ... which is in clear contradiction to the GPL making it useless as far as open source is concerned. This is legal for them, but not nice ... the only way to stop it would be for GNU to get a trademark for GPL and have a certification process.

Re:Licenses dont apply to the copyright owner

Actually Im wrong, you could put the necessary restrictions in the license to the license which is also part of the GPL.

If they dont license it for free use under GPL ...

Then they have already committed countless acts of copyright infringement by distributing Linux with their code ...

Re:LNUX on the Path to Delisting

[friedmud]

Actually to me that looks pretty good - they are still in the red but they are steadily climbing out of it. Their one-time expenditures for every year have gone down - meaning they are being more cautious (which is necessary in this market climate).

I don't think it looks ALL that bad - but certainly not great. There are a lot of other companies in worse predicaments than this....

Derek

Re:Because so few people have actually READ the GP

[SWroclawski]

Many of these patent issues have been taken care of in the IBM Public License in several places inluding the secions on "Grant of Rights", "Requirements" and the "General" section. The GPL takes a more hands off stance while the IBM license states the patent issue several times.

I believe that GPL 3 will fold a number of the IBM Public License concepts as they relate to patents into the GNU General Public License.

This is something we need sooner rather than later, and I'm hopeful that the FSF will recongize this need and make a new GPL soon.

Once this hapens, the ambigious situations like this one will be resolved (though the patent issue will still be there).

- Serge Wroclawski

It would not help

The only way to prevent it would be to add a clause to the license to the license ...

Which at the moment goes like this :

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed."

Which should then be :

"Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

When included with software for which you own the copyrights which you intend to be covered by this license you have to comply with all the restrictions in this license needed for distribution by others."

This is because the copyright owner does not need a license to distribute the software, and he can include the GPL without being bound by it (but he is still bound by the license to the license fortunately, allowing my trick).

there's more to free software than GPL

[_|()|\|]

it does not appear to harm the free software community for the moment

Not to start a GPL-free v. BSD-free flamefest, but the Tux, real-time, and secure Linux patents harm BSD, which is part of the free software community.

A patent is least harmful as part of a patent pool, as described in "Mutual Defense Against Software Patents."

Re:Because so few people have actually READ the GP

Actually, it is even a little rosier for Open Source. That company was contracted by NSA to do this work. Thus they were paid already for the use of their patent in this manner.

If they did not want this consequence, they should not have accepted the contract. A typical contract of this nature usually gives the government rights on the source code. That is why the government can make it available.

But its the NSA who is violating the GPL

SCC isnt distributing it so they cant be breaking the GPL ... its the NSA whos doing most of the distributing, and in doing so they are breaking the GPL for the code they do not own (every part of the Linux kernel they did not write themselves or had commissioned).

Would you really want to sue the NSA? :)

Re:But its the NSA who is violating the GPL

[gimpboy]

the nsa got it from scc right? unless the nsa stole the software then the terms and conditions of the gpl apply to the software the nsa recieved from scc. if the gpl applies to the software then the nsa has every right to distribute it. as mentioned in other comments:

For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program


So if indeed there is some gpled and pantened stuff mixed together and the scc distributed it to the nsa, then the nsa is within their rights to do what ever they want with it.

Federal support and public domain

I work for a state government in the development of custom software to support the mission of my agency. We receive federal grants and other monies to fund much of the activity of the agency, including software development and implementation.

It has always been my understanding that any and all software developed using federal funding, even at a layer or two of remove, must and will be available in the public domain. We have obtained software from other states to use in our development projects, which was also developed using federal funding (at least in large part), and that software was obtained at no charge to my agency. Because it was developed with government monies, it was not possible for these other agencies to charge my agency.

Isn't the NSA a government program? Don't these guys now sit in the position of having either moved their patented technology into the GPL space of the public domain? Or else perhaps they broke the terms of their contract (which no one has seen of course, but...) to produce a secure version of an open source OS? If it isn't open source any more...

Also, a promise is a promise...if they once obligated themselves to make the technology available without charge, that's a contract...I know verbal/oral contracts are as enforcable as one written signed and witnessed. One done as publicly as posted on the internet would seem to be pretty enforcable to me...

oh well...all the news is bad, and I'm feeling sad...isn't that a song somewhere? Monday Monday...

Time for a free patents consortium?

[Bazzargh]

In the commercial world, patent wars often end with the formation of a consortium that holds the patents and enforces them (where necessary). Is there such an organisation for open source? If not, why not?

It might seem a bit daft in the current case where SCC have GPL'd their code, but consider this:

1. Company A dual license their product - free under the GPL, and non-free under a closed license. The free version could contain community patches, the non-free version could not, but the non-free version could be licensed by a third party without that third party having to open its source. Patent fees would apply in this case.

2. Company R supports GPL'd product L, Company M makes closed-source product W. R patents several of the changes they have made. They are then sued for patent infringement by M - R countersues, via the umbrella group for infringements in W, not for patents they hold directly, but for patents held by the umbrella group on behalf of members.

This assumes you can GPL license and enforce patents on people who are using the patented invention, rather than a copy of the code, in their product (code copying is obviously covered by the GPL directly). I don't know that this is true - and I doubt that Stallman would approve. However it might increase the sense of safety people have with patents like this and the Red Hat ones waiting in the wings; it may also encourage more companies to GPL, since they retain the ability to chase closed-source competitors who steal their ideas.

Just a thought.

Interesting conflict.

The GPL states (as has been said many times here) that if there are restrictictions you aren't allowed to distribute the code.

Now, because SCC made the code and if they start asking money for the license, wouldn't they have broken copyright law?

Ofcourse I might wrong in the sense that it isn't SCC distributing the code anymore.

Secure Computing Corporation

These folks have a content filter available for the Squid Proxy Cache. When I hired on at my current employer, we were using MS Proxy with the Websense content filter. (Employer wants to block porn access in the workplace.) Anyhow, MS Proxy was requiring too much babysitting, so I investigated, tested, and switched to Squid running on Linux. SCC was the only vendor I could find that had content filter for Squid (on Linux, anyway).

So the first year we were on, our annual cost for filter was around $2000. Renewal time came, and they bumped it up to $4000. This year at renewal time, they bumped it to $7000. I politely explained to SCC that their pricing terms sucked, and that if it were my decision we wouldn't pay them that much to filter in the workplace. Their response was amazing. They said that the price increase was necessary because they were "filtering the entire Internet." Must be very busy people to filter the entire Internet.

Also had a problem with them at renewal time a year ago. We had paid one of their resellers for the annual renewal, and thought all was well. Then suddenly we were cut off from filter updates. When I contacted them to find out why, they said that their reseller had not passed along payment to them for our renewal. They also told me that they subsequently severed relations with the reseller. (Keep in mind that the reseller was an authorized agent of SCC when we purchased the renewal, acting on their behalf to sell the subscriptions.) I explained that we had paid their agent, and were therefore entitled to the service that was promised. After a bit of back-and-forth, they relented and allowed access to the filter update service.

Anyhow, I know this is a bit OT. But the point is that they have shown evidence of being either an immature organization, a greedy organization, or an incompetent organization (or any combination of such). I don't doubt that they think they're helping the world become a better place. But if they have patented software in ANY Linux distro, then good luck getting them to do the right thing. (At least without much kicking and screaming.) I don't trust these folks, and if I had my way we'd dump the content filter in a heartbeat.

Damn, why I haven't thought of it

[jsse]

Applying the following patch to all GPL codes:

+# 0wn j00!!!!!

then patent it. All Your Base Are Belong To Me!

OPEN Patents!

[Compulawyer]

I've said it before, but it seems particularly appropriate in this thread. If Open Source code is novel, then it should be patented. Then a patent license similar to the GPL copyright license can be used to ensure that Open Source users can use the functionality in the code. If an Open Source patent License (OK, I'll coin a term -- the OPL - Open Patent License) is used in conjunction with the GPL, think what a remarkable impact it would have on code development.

All it would take is one killer app license under the OPL to create public demand. Then if anyone wanted to duplicate that functionality, the OPL would allow it -- BUT the corresponding GPL (or the OPL itself if properly worded) would require developers to release source code with their implementation.

I submit that this would have an even GREATER impact than the GPL. Developers would be free to try widely disparate approaches to achieving the patented functionality. The different algorithms and approaches could be compared with the best methods prevailing because the best code would be that actually used. Think of the contribution to computer science possible with widespread comparison of designs. I think the industry-wide effects would result in much higher-quality code in general.

Don't tell me that Open Source cannot get patents. If someone bothered to look, they could find a patent attorney who would be thrilled to get a patent for Open Source code as long as someone paid the filing fees (for small entities, about $350). I am a registered patent attorney and I would be thrilled to prosecute one of these applications. I'm sure I am not alone.

Re:OPEN Patents!

[Phil+Hands]

Patents on software are a moronic idea.

As a lawyer, how would you like to have to check each tactic you were planing to use in defending one of your clients, before actually using it, in order to check that it had not been patented by another lawyer?

That what the patent industry is trying to do to us. They (you?) pretend they're are doing us a favour (chanting "Innovation", "Protection of Property" etc), but in fact you are burdening us with the extra workload of (if anyone could be bothered) having to check every line of code against a patent database, or in the absence of that, getting sued for thinking of an idea after (of sometimes several years before) someone else.

Not only that, but the patents are worded to ensure that they provide almost no information whatsoever to someone interested in the technique they describe, so the claimed goal of driving forward the state of the art is total nonsense (can you cite a single instance of a Computer Scientist referring to patents in order to learn a novel technique? I doubt it).

Software patents are a government authorised tax on the software industry to make monopolistic corporations and patent lawyers rich. They have no positive effect on the state of the art in the field of computing whatsoever.

Unfortunately the patent lawyers are in charge of the patent offices, and those arms of government that are supposed to regulate them, so we're likely to end up as thoroughly shafted in Europe as is the current situation in the USA.

Having said all that, patents on other, material inventions seem totally fine to me, so I'm not saying patents or patent lawyers are evil per se, just the ones that try to take my (software) toolbox away, when I made my toolbox myself.

Re:OPEN Patents!

[Compulawyer]

I'm sorry, but the only thing I can really say is that you appear to have no REAL idea how patents or the law work. Your "criticisms" are nothing but conclusory negative remarks unsupported by facts.

If you had bothered to READ and actually THINK about my post, you would see that what I am advocating with the OPL would provide a GREAT contribution to Computer Science and specifically Software Engineering as a discipline. Show me another potential framework for a large community to examine and critique differing approaches to provide the same functionality.

Calling something "moronic" will not do anything to help you deal with the fact that software patents are here to stay. An OPL is a way to ensure that Open Source software not only survives, but thrives, contributing to the body of knowledge in the area in the process.

If you have specific criticisms about the idea of an OPL, I'd love to hear them. If you want to rant and rave, go on Jerry Springer.

Re:OPEN Patents!

What do you think of Raph Levien's patent license? (http://levien.com/patents.html)

Re:OPEN Patents!

[mr_stark]

If someone bothered to look, they could find a patent attorney who would be thrilled to get a patent for Open Source code as long as someone paid the filing fees (for small entities, about $350). I am a registered patent attorney and I would be thrilled to prosecute one of these applications. I'm sure I am not alone.

Paid the filing fees. Why bother? If the code is released under the GPL it will be in the public domain. No need to patent it, the GPL should stop people taking the code and putting it in their proprietary applications. They can still write their own implementation. As with patents - your a lawyer you should know - they can be dodged (write a function thats achieves the same result but using a different method). Sorry dude, openpatents would only benefit the lawyers.

Re:OPEN Patents!

[Bob9113]

I have been thinking of a similar idea. What would be the potential for taking an HP like approach to Free patents. HP claims patents on some W3C technologies, and requires reciprocal royalty free licenses from all implementers, as mentioned in section 3.4 of the W3C Patent Policy. To what extent could this be used in a similar manner to what Ralph Levian is doing to break the back of software patents altogether?

In particular, I'm thinking of object oriented patterns, which are the building blocks of an enormous portion of modern software. A well documented pattern contains much of the same information as a patent application - motivation, solution, variations, etc. Suppose, for example, a patent on the facade pattern. Require reciprocal RF licenses on any software patent used in conjunction with an implementation of facade. A few dozen powerful patterns could affect an enormous portion of patent encumbered software.

Re:OPEN Patents!

[Phil+Hands]

OK, I shouldn't have dived straight in with the inflammatory language, sorry about that. I'm afraid that software patents have always upset me quite deeply, so I tend to lose my rag about them.

I don't see that patenting Open Source ideas will encourage the discovery of a single algorithm that would not otherwise have been thought of, so all that would occur is that some of the limited monetary resources of the Free Software community would be diverted to propping up the structure of the patent office.

You say that $350 is a small price to pay. How many patentable ideas do you think are contained in the body of Free Software code Debian GNU/Linux (which only integrates a fraction of the software available) currently runs to about 5GB of compressed source code --- there are a lot of ideas in there, and that's only the tip of the iceberg.

Assuming that someone decided to go through that and patent all the as yet unpatented ideas, what purpose would that serve?

How about ideas that were thought up by people in teritories that do not recognise sotware patents?

As a non-lawyer, I'd assume that that fact that all that source has been published would mean that it would act as prior art, but I have a feeling that the USPTO allows after the event registration (feel free to enlighten me).

If it is prior art, haw can one ever register a Free Software idea, given that the publication is inherent in the development process.

If it is not prior art, what is to stop someone else from claiming to have originated these ideas, and patenting them themselves?

Assuming that it turns out that the an was patentable, and what you suggest was done, in what sense would it be more useful that simply publishing the code under the GPL (apart perhaps from the fact of preempting someone else's patenting of the same idea)?

I can see that it would allow one to prevent others from using that idea, but that is pretty much entirely against the principles of Free Software (if someone else wants to use an idea from one of my programs, and they go to the effort of reimplementing it, they're welcome to it).

I can also see that it is likely to be much more difficult to win a case relying on patent law, rather than copyright law, which means that the likelihood is that the party with the deeper pockets has an unfair advantage, which is not likely to be the Free Software developer.

Was that better? (I've calmed down, now that they've given me one of my dried frog tablets :-)

As to your point about the patent system being there to stay, it seems that there are likely to be parts of the world where that will not be the case for some time, and in places like South Africa and India they've been moving in the opposite direction (at least as far as pharmaceuticals are concerned). Reform of the USPTO has even been rumoured, and parts of Europe seem less than keen to get involved in this form of silliness.

Re:OPEN Patents!

[ken_mcneil]

Now, this may be an ideal that doesn't hold up in practice. But, from the limited patent law that I know, doesn't the existence of "prior art" void a patent? Therefore, by putting code in the public doemain all ideas contained within it can never be patented. Assuming that the code is released before the patented application is filed of course.

Re:OPEN Patents!

[Compulawyer]

The GPL is a COPYRIGHT license. Copyright only protects the expression (source code or object code). It does NOT protect the functionality. That's a patent's job.

A good patent cannot be "dodged" as easily as you think. The Doctrine of Equivalents says that you cannot make insubstantial changes and claim you do not infringe the invention. So your "write it with a different function" approach may not work. Sorry "dude" but your conclusion is based on false assumptions.

Re:OPEN Patents!

[Compulawyer]

I'm actually thinking of going beyond that -- my OPL would require the release of source code that performs the patented FUNCTION even though it is not derived. I am NOT trying to break the back of software patents. I believe that they are useful. But I also believe in Open Source principles. Open Source developers should be able to do their thing with the protection of the law and Closed Source developers should be able to continue their thing as well. If a Closed Source company wants to implement patented functionality from the Open Source world, well, then they will have to open their code.

Re:OPEN Patents!

[Compulawyer]

Yes, "prior art" will invalidate a patent. However, there are well-defined rules as to what is considered "prior art." The United States does not have the same rule as most other countries. In most of Europe for example, there is somehting called the "absolute novelty" requirement. If you release information or the product before applying for a patent, you cannot obtain a patent.

In the US, we follow the "first to invent" rule meaning that the first person who can show inventorship gets the patent. The inventor also has one year to file a patent application following public disclosure of the invention. So up to a year of implementation can occur before you lose patent rights.

Of course the MOST important thing is that to get a patent you DO NOT need a working model of your invention. You need a finished CONCEPT, meaning that you have to know what the invention does, how it does it, and be able to describe it in sufficient detail so that someone of ordinary skill in the art can implement the invention from reading your patent. That is the reason why I believe the OPL would promote progress in Software Engineering - you could compare the implementation with the process disclosed in the patent and thereby learn a great deal about the process of software development.

Re:OPEN Patents!

[Compulawyer]

Boy there is a lot to respond to in this one, but here goes ...

Perhaps there would never be a single algorithm "discovered" by patenting. However, if you recall that patents protect functionality and that a good (and valid) patent must disclose the functionality in sufficient detail so that a person of ordinary skill in the art can make the invention by reading the patent, then by comparing the source code that an OPL would require to be disclosed with the functional disclosure from the patent, we can learn a great deal about the process of implementing software, which to me is a goal that is not only worthwhile but critical to efforts to ensure that software development becomes/remains a true engineering discipline. In this context, you should be able to see that a software patent would perform as both a requirements spoecification, a design document, and even perhaps a data flow diagram. Taking that information and implementing it is just good software engineering. I won't presume to speak for David Pressman, but I believe he would agree with me.

I hope that adresses a large chunk of your comments. As for people who are in territories that do not recognize software patents, they can get the patents in the United States. A US patent is then prior art that will prevent a patent from issuing in other countries (and vice-versa).

For an explanation about the publication problem, that does not exist in the same way in the US. See my other post on that.

The OPL I am advocating would be an OPEN license. The GPL can be used to prevent people from using code as well as to open it up. You either comply with the terms of the GPL or you can't use the code. Why? IT DOESN'T BELONG TO YOU (unless you wrote the base code and are the GPL licensor). You are using it with PERMISSION. I don't have time to look it up, but I know I have seen at least 1 story here about a lawsuit to require a company to comply with the GPL's terms. The same concept applies to patents. But -- think of the possibility of a closed-source company liking an Open Source idea so much that they put resources into implementing the patented idea. The OPL would require them to then release the source. Think it won't happen? I think it could. Apple is moving into a mixed closed/open source model with Chimera as one of the latest examples of it's cooperation with the Open Source community.

if someone else wants to use an idea from one of my programs, and they go to the effort of reimplementing it, they're welcome to it

This wouldn't change that at all except that someone reimplementing your "idea" a/k/a invention (because at that point it is no longer a bare idea) would have to release the source. Under the GPL if someone "reimplementing" did not use your code base, they are under no obligation to release their code.

Re:OPEN Patents!

[Mark+Shewmaker]

Then you might want to look at www.openpatents.org.

(And do email me, if you would--I admit that I've not put as much work into the project recently as I've meant, but it would be great to be able to talk with a patent attorney about a number of issues involved.)

Re:OPEN Patents!

[Lonath]

What could happen if the company decides to stop letting the code be distributed under the GPL?

Can a government agency (like the NSA) distribute source code for a patented software invention without the consent of the patent holder?

Is the government immune from the rules on not distributing source code?

Re:OPEN Patents!

[ShinyLiquidMetal]

Show me another potential framework for a large community to examine and critique differing approaches to provide the same functionality.

Well, how about peer-reviewed journals?

Re:OPEN Patents!

[cdn-programmer]

In general I do NOT agree with patents as they apply to software. The biggest issue I have is that patents are suppose to apply to "inovative" idea embodied into a machine or something one can build or employ - as in the case of a chemical process.

Most software patents are issued for rather trivial things and it becomes a landmine that smaller devlopers cannot afford to litigate.

Notwithstanding my sentiments towards patents, I would like your email and phone number so that I can use your services (for hire - I have attorneys in 2 countries now and am looking for US representation as well)

As far as patents on GPL software, as I understand it there is NOTHING that precludes this and in fact perhaps it is a good idea. Is there anything that would preclude "our side" patenting some features in the open source software we develope and use so that closed source shops are prevented from taking our technology? I can think of a couple innovations that _might_ qualify and I'd be happy to set up a patent so that opensource people can use them for free while close source shops can't use them!!!

Re:OPEN Patents!

So, you're claiming we should first pay money to file the patent (somehow, i'm doubting that $350 will cover the search for prior art, the translation into legalese, and all the other random crap, just the part about getting a lawyer to mail in into the patent office). Then we should pay more money to attempt to sue anyone using the parent without proper license, keeping in mind that whoever we're suing is likely to have lots of money and herds of lawyers to throw at the problem.

How about instead of trying to make more money for you and other laywers, why not advocate fixing the patent system so it's not so near-impossible to overturn a patent once prior art is discovered? And maybe have someone explain to the patent office just what is obvious to a skilled programmer?

Re:OPEN Patents!

[Phil+Hands]

Boy there is a lot to respond to in this one, but here goes ...

Oops, I think I just did it again, sorry. Hope you're not getting too bored.

However, if you recall that patents protect functionality and that a good (and valid) patent must disclose the functionality in sufficient detail so that a person of ordinary skill in the art can make the invention by reading the patent,

I do recall that, but I am yet to see a patent that is both comprehensible, and not for something blindingly obvious.

That is from the point of view of someone with a Computing Science degree (including a minor module on UK IP law) with 16 years subsequent professional experience as a programmer.

I'm yet to see a good software patent. That being the case, it's difficult to be sympathetic with arguments that assume that good patents are the norm, or even likely.

An example of a "good" software patent would be really helpful, to contrast with the legion of bad patents that have been widely aired.

The point I was trying to make about non-patenting territories is that if I live in such a territory (which I sort of do, but probably not for much longer), and if I don't care if people use my ideas, as long as they don't try to stop me using theirs (which I may or may not have arrived at independently) then I've got no reason to be interested in the patent system, have I?

Let's say I come up with something very clever, and I don't bother to patent it. Someone in the US downloads my implementation of my idea, writes it up as a patent, and applies for it, and then starts enforcing it, possibly even pursuing people that are using my implementation. Is that a realistic scenario? What should I then do to rectify the situation? Attempt to overturn the patent, by showing prior art? Am I right in thinking that overturning a bad patent costs about $1.5M these days? Don't you think that scenario highlights some fundamental problems with the US patent system?

But -- think of the possibility of a closed-source company liking an Open Source idea so much that they put resources into implementing the patented idea. The OPL would require them to then release the source.

You're thinking like a Patent Lawyer, while I'm thinking like a Computer Scientist. I don't think anyone should have the right to stop me using the best solution to a problem that I can think of, even if they thought of it first, because I consider algorithms to be equivalent to mathematical formulae, and as such discoveries, not inventions. Equally, I don't care if I thought of something first, I don't feel I have the right to stop other people using that idea. I certainly don't want to think of something only to discover I'm not allowed to use it because some government decided to issue a patent on it. I REALLY don't want to have to cross-check every idea I have and then have to choose between licensing the patent or producing a (possibly technically inferior) alternative solution, just because someone else thinks like me, but was quicker at getting to the patent office.

The current law in Europe states something like "programs for computers are not patenable as such", which the folks at the EPO cheerfully ignore and go ahead and issue software patents all the same (BTW, you couldn't explain what "as such" actually means there could you?). What nobody has succeeded in explaining to me is why we should contemplate allowing Software Patents at all. Obviously some (but not all) Lawyers like the idea, but the patent system is supposed to be for the benefit of society, or the industry, or something, but we Eurpean computer scientists have been cheerfully innovating without them, so why burden us with them now?

Re:OPEN Patents!

[Compulawyer]

You can send email to me at compulawyer-at-netscape-dot-com and from there I can give you contact information if you would like to speak further.

Re:OPEN Patents!

[Compulawyer]

Ok, here goes....

I'm yet to see a good software patent. That being the case, it's difficult to be sympathetic with arguments that assume that good patents are the norm, or even likely.

I'm the first to admit that there are problems with many patents, both in software and other technologies. I'll even admit that it is probably more pronounced in software. In the US that is partly because of the lack of good examiners. The USPTO can't hire good people at the rates they paid, especially during the dot-com explosion here recently. To make matters worse, Congress siphons off user fees for pork-barrel projects instead of allowing the PTO to use the money for its intended purpose: to sustain and improve the PTO.

If you live in a region where software is not patentable and you don't care about patents, you are right -- you have no reason to be interested. As long as you aren't doing anything in the United States, that is.

You're thinking like a Patent Lawyer, while I'm thinking like a Computer Scientist. I don't think anyone should have the right to stop me using the best solution to a problem that I can think of, even if they thought of it first, because I consider algorithms to be equivalent to mathematical formulae, and as such discoveries, not inventions.

No, I'm also a Computer Scientist. I'm just a scientist with a legal background as well. Computer algorithms are NOT the same as mathematical formulae. Somewhere you have to acknowledge that software is unique and nothing like it has ever existed before. Mathematical formulae are just ways of communicating ideas. Algorithms are a subset of those ideas that tell you how to make a machine perform a useful function.

Let's say I come up with something very clever, and I don't bother to patent it. Someone in the US downloads my implementation of my idea, writes it up as a patent, and applies for it, and then starts enforcing it, possibly even pursuing people that are using my implementation. Is that a realistic scenario?

Possible, yes. Realistic? I don't know and I tend to think not.

What should I then do to rectify the situation? Attempt to overturn the patent, by showing prior art?

Yes, and no. Yes, you show your code as the prior art. But more than that, you show that you are the actual inventor. The US has a first to invent rule -- only the first inventor can get a patent. If you invented first and did not hide or abandon your invention, YOU are then the one who is entitled to get a patent. If someone stole your code, they are said to have "derived" the invention and the patent is invalid.

Am I right in thinking that overturning a bad patent costs about $1.5M these days? Don't you think that scenario highlights some fundamental problems with the US patent system?

No. It can cost that much in intense litigation, but it is not necessarily so. Anyone can submit prior art to the USPTO and request that an examiner consider the submission. Cost: whatever it costs you to photocopy the submission materials and postage. Or telephone fees if you fax it. By the way, if you think the US system is flawed, try one of your Euro counterparts -- Belgium. They have NO EXAMINATION -- the patent just issues essentially. As for litigation, try another Euro nation, Germany. There, you have to bring infringement suits, opposition proceedings and nullification proceedings in THREE DIFFERENT COURTS. Imagine having to defend an infringement action in one court for a patent that you know is invalid while bringing a separate nullification (invalidity) proceeding. It is possible to be declared a patent infringer months before you find out if the patent is even valid. Talk about wasted time and money....

I certainly don't want to think of something only to discover I'm not allowed to use it because some government decided to issue a patent on it. I REALLY don't want to have to cross-check every idea I have and then have to choose between licensing the patent or producing a (possibly technically inferior) alternative solution, just because someone else thinks like me, but was quicker at getting to the patent office.

People usually hate this answer, but I still give it: Every other industry in the world has had to do exactly this. The software industry is no different. In software, people are up in arms because there are so many independent developers who write code people actually use. They are the equivalent to mom and pop shops in other industries. But even small manufacturing shops get sued for patent infringement.

What nobody has succeeded in explaining to me is why we should contemplate allowing Software Patents at all.

In the US, the law is that "anything under the sun created by man" is patentable. That includes software. Other nations have to make their own policy decisions.

Re:OPEN Patents!

[Compulawyer]

How about actually READING THE POST so you don't have to post as an AC? That is NOT what I said.

Re:OPEN Patents!

[Compulawyer]

I think that it is almost exactly what I was trying to describe. (See -- I'm not the first inventor). And I also think this is where I acknowledge I was not even the first to coin the phrase "Open Patent License" the way I thought in my initial post. Someone else steered me here.

Re:OPEN Patents!

[FattMattP]

This already exists: http://www.openpatents.org/

Re:OPEN Patents!

[Phil+Hands]

Every other industry in the world has had to do exactly this. The software industry is no different.

You have just decided to call software creation an industry, and thereby lump it together with other aspects of human endeavour covered by patents.

How about if we decide that programmers are a profession, like lawyers? I would say that you could draw fairly close parallels between the behaviours, and working conditions of both professions.

Perhaps you should consider what patents would do to the practice of law, if the originators of new legal tactics were allowed to patent and license them to lawyers who wished to use them in future.

Computer algorithms are NOT the same as mathematical formulae.

That looks suspiciously like an unsupported assertion to me. Progarmming languages are a form of mathemetical notation. That's why people go to the effort of proving various things, like Turing Completeness, about them, using mathematical techniques.

Somewhere you have to acknowledge that software is unique and nothing like it has ever existed before.

Before when? Before Ada Byron, Lady Lovelace, wrote programs for a Babbage's analytical engine? How about the Russian Peasant Multiplication Method (as used in most RSA implementations) which you can probably guess was originally used by Russian peasants, before they'd even considered the possibility of computers? Do the poems used by Ancient Chinese abacus operators to perform complex calculations, count as programs? (I'd say yes)

In other words, no I don't think I have to acknowledge anything of the sort.

Mathematical formulae are just ways of communicating ideas. Algorithms are a subset of those ideas that tell you how to make a machine perform a useful function.

Glad we managed to agree on that at least. "Algorithms are a form of mathatical formula."

Are you therefore saying that mathematics should be patentable as long as it's useful? In other words "Only useless mathematics should be exempt" ?

Do you think that patenting large primes is a reasonable thing to do? How about small primes?

To sumarise, I don't think mathematics should be subject to patents, and I think computer programs can be considered to be a branch of mathematics.

[P.S. you don't seem to have come up with a "good software patent" yet]

Re:OPEN Patents!

[cdn-programmer]

email address is bad. Unknown recipent.

Please eamil me at terr-at-terralogic-dot-net.

thanx.

Re:OPEN Patents!

[Ian+Peon]

I'd like to thank both of you (Phil Hands and Compulawer) for debating this. I had heard something similar to this concept (OPL) previously, but had not yet formed an opinion on this subject.

...Probably should have patented it as a business method ;)

No brainer

[Spazmania]

This one should be a no-brainer. Just sic ESR on 'em.

Re:No brainer

Hey, that's not fair. ESR does so have a brain! He hasn't accidentally shot it yet...

Re:No brainer

[Spazmania]

Yeah, and what's worse: I got the wrong three letters. I was trying to criticize the, ah, zealousness of a certain individual at the Free Software Foundation.

ESR- if you read this, my apologies.

That was better

Than my ANAL solution...

free for non-commercial uses == non-free

[Phil+Hands]

There will be no restrictions on the use of TE by the Linux open source community
Before a colo company, or anyone else uses the technology commercially, it will be necessary to negotiate a license with Secure Computing

Those two statements are incompatible.

If there are no restrictions for the open source community then that includes there being no restriction on subsequently using the software for commercial use.

I make my living out of selling support on Free Software, but I'm a Debian Developer, so is my usage restricted (commercial use) or unrestricted (member of the community)?

If they decide to try to enforce this patent, they will reap the whirlwind.

Reading section 7 of the GPL:

For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

[emphasis mine]

As I see it, if they give me a copy of their patched code under the GPL, as a member of the community, and I pass it on to a commercial entity that they were trying to talk into paying for the patent, they lose, becasue they are only allowed to distribute Linux as long as they abide by the GPL.

I'm pretty certain that that means that if they attempt to restrict some people's (i.e. commerce's) right to use their code with their patent, they lose the right to distribute Linux (and any other GPLed code they've patched, with or without their code), permanently, until they repent and are then forgiven by all the relevant copyright holders.

Seeking that forgiveness may take a little time (say, forever) during which period they my find their precious Intellectual Property will be worth a little less than they had hoped, given that it will have become a patch looking for a kernel to be applied to.

Re:free for non-commercial uses == non-free

> I'm pretty certain that that means that if they attempt to restrict some people's (i.e. commerce's) right to use their code with their patent, they lose the right to distribute Linux...

I expect their problem goes the other way. They don't lose the right to distribute Linux, but have already waived their right to enforce the patent over Linux (and all other GPLed code derived from the source they've already relased.)

Re:free for non-commercial uses == non-free

[sallen]

There will be no restrictions on the use of TE by the Linux open source community Before a colo company, or anyone else uses the technology commercially, it will be necessary to negotiate a license with Secure Computing

Those two statements are incompatible.

I agree they are incompatible. It MAY just be a poor choice of words by the person responding. IF he meant that before the technology can be utilized in a commercial product FOR SALE (ie a non-linux type system, remeber we're talking patent/concept) THEN it may be required that a license be obtained. The confusion may be around what's meant by using the techonology 'commercially' in his response ie, whether it means someone using Linux in a commercial/business shop vs. personal use OR to incorporate the technology in a different COMMERCIAL product for sale other than Linux.

That does need to be cleared up immediately. If they go back on their initial statements about a GPL and source provided distribution, then it'd seem (though IANAL) that if they go back on their statements that some deception is involved. I wouldn't want to do that against the NSA, who was clear up front about the intent to distribute a product with the same licensing as the original code. Forget that the NSA is this mystic organization to some, it is part of the federal government. They DO have the 'deep pockets', unlike others, to pursue a case if an attempt is made to circumvent the original intent of the resulting code/product for which they were contracted, if they were indeed contracted as others have stipulated.

Re:Patent problem (legal perspective)

[Gleef]

oever asks:

Where is the problem exactly with patents in GPL-ed software?

Worst case scenario: a patent could make it illegal to use a particular software package, even one licensed under the GPL. Depending on patent laws, it could also interfere with redistributing GPL code.

If a company has a patent on a software technique and writes and distributes GPL code to implement it, anybody can use this code. Or can't they?

Potentially not. The GPL is a copyright license, it gives people the right to distribute the software. It is not a patent license, it does not grant people the right to use any patents.

A patent holder who is friendly to the Free software community will provide, seperately from the GPL, a license permitting anyone to use, for free, the patent within the context of software licensed under a Free Software license. The DFSG makes a good set of guidelines for this purpose. Generally such licenses are void if you sue the patent holder over their use of your own patents. These are called Royalty-Free patents (or RF Patents). Some companies, whose patents are purely defensive, give a royalty-free license to everyone who isn't suing them.

To my knowledge, SCC has not done this for the patents connected to SELinux. This is why people are upset.

And can people modify that code? I guess one cannot write new GPL-ed code that does the same thing.

You can modify existing code or write new code if and only if you do so within the bounds of the above discussed patent licenses.

Or can a company charge you for using the GPL-ed code with patents?

Yes they can. Let's say the ACME Software company comes up with a great streaming video codec, they post the specifications online and encourage people to use it. A group of people take those specifications and make programs to make, broadcast and view ACME video, the program gets distributed widely. Two years later we find that prior to publishing the spec, ACME quietly filed for a patent, and it has come through.

My understanding is that ACME would have the legal right (though not the moral right, IMHO) to charge everyone who uses that software, or who has used it in the two year period while the patent is pending, for each time they use the software, or distribute files that were made with that software. This scenario is not that different from what Unisys did with LZW encryption, and GIF files.

Note: I am not a lawyer, none of the above should be construed as legal advice.

Bad Faith?

First of all: IANAL, but I do know a bit about IP law (just enough to make me dangerous)

I belive that the work that Secure Computing did on SELinux was under a contract with the NSA. My guess is that the terms of their contract required them to release the results of their work under the GPL, as this has been NSA's position all along. If SCC wants to come back now and talk about how people have to license their technology before they can use their GPL'd software, it seems like they may have entered into their contract with NSA under bad faith (never intending to fully comply with the contract). From what others have said it looks like it is impossible to distribute GPL'd code that includes non-free patents. If that is the case then NSA won't be able to distribute SELinux under the GPL. [This line of logic relies on a couple of ifs, but I think the general idea is sound.]

Regardless, this is a stupid, messy situation and hopefully it will be resolved in a FSF/GPL-friendly manner. I think that SELinux is a very interesting project that will help push Linux farther into the enterprise, and I'd hate to see all of the hard work go to waste.

The patent looks like a rename for mandatory acc

The patent description sure looks like another wording to describe mandatory access controls. Any implementations of that technology are prior art and the whole concept was published in late 1970s. This kind of access enforcement, moreover, was published some years ago as an OS add-in for VMS, sources were published, but with different wording. Seems the patent office can't tell when something is public domain. Attempts to enforce this patent are going to wind up hitting lots of prior art, done by the real pioneers of the field, not these Johhnie-come-latelies.

Way Too Late

[johnos]

A company cannot release a program (or distro) free for all, and then retroactivly demand licensing licensing agreements. This has nothing to do with the GPL. Existing case law can handle it.

The only reason the GPL is important here because it is clear that SCC intended the code they released to be open in the spirit and practice of the GPL. They are within their rights to change the license, but they cannot enforce that change retroactively. The publication by SCC and use by others governed by the GPL constitutes a contract. A contract is a contract. Unless both parties consent to a change, the contract stands.

But let's not jump to conclusions (he said stupidly, because after-all, it was slashdot). The tone of the company's comments points to confusion rather than conspiracy. Can't remember who said it, but: Never attribute to malice that which can be explained by incompetence.

Two wrongs dont make a right

SCC might have committed copyright infringement by distributing it to NSA, but that neither grants the NSA a patent license nor the right to give others such a license ... its merely copyright infringement, and SCC only committed the one act. If the patents arent freely licensed for GPL the NSA committed many more acts of copyright infringement than SCC and is continuing in doing so.

Re:Two wrongs dont make a right

[sealawyer]

I think the real situation is much more complicated.

While I don't know the terms of NSA's agreement with SCC, it's possible that NSA contracted with SCC to come up with a distribution that they could distribute. If SCC asserts their patent rights then the contract isn't fulfilled. SCC probably is responsible for the resulting damages and would have to indemnify the NSA for any copyright infringement that results.

But the GPL is the gift that keeps on giving. I don't know who is reponsible for the infringement that results when people continue to circulate copies that are not directly from NSA.

I suspect that no one will care about any infringement other than that amount which can be pinned on SCC.

SCC may find that some courts aren't going to view their actions favorably if they attempt to sue users for violating their patents; particularly if it looks like they pulled some shenanigans on the NSA.

Re:Because so few people have actually READ the GP

[Rogerborg]

• If they decide to publish the patented code as GPLed software, then they must comply with the GPL

OK, but what I'm interested in is what happens to the source that's already out there, with a GPL license on it. If they now try and enforce their patent, they void their GPL compliance, and lose the right to continue distributing code based on or linked with GPL code. But it's already out there. So what happens to their (copyrighted) source that was distributed under the GPL and which is now in the hands of many individuals?

They can't retroactively remove the GPL granted rights from that source, but on the other hand, they can't apply the GPL to it now or continue to distribute it. So if I have a copy of it (and I do), can I continue to modify and distribute their source? I didn't violate the GPL, and I'm not applying patent restrictions, so why should I (and the potential recipients) suffer from their patent lockdown? But then it means that I can keep distributing their source with a GPL license on it, but they can't, which gives me more powers. But heck, they can still sue me for patent infringement, because patent law is separate from copyright law. The GPL gives me the right to copy, modify and distribute their source, but their patent stops me from using it!

This looks like a bit of a legal minefield. I'm usually fairly clear on where the GPL leaves me, but in this case I'm stumped.

We Have Already Seen Patents in Linux Distros

[lak3rs]

FSMLabs has a patent on running Linux as a thread within a real-time operating system that is used in their RTLinux distribution. If you develop a real-time module under the GPL, you are automatically covered by their patent license. If you want to release a real-time module under a different license than the GPL, you need to get a commercial patent license from FSMLabs.

In this usenet posting Linus states that neither he nor the FSF have a problem with the FSMLabs patent.

Type Enforcement Patent

Well, I hauled my ancient bones downstairs and checked the plaque on the wall. The relevant patent is 4,713,753, filed 21 Feb 85 and awarded 15 Dec 87, so time will cure the problem soon.

Earl Boebert
Who no longer has a thing to do with SCC.

I'll have to ask any gov't clients to Classify it.

[jabbo]

This sucks, I'm bummed that SCC would be cheese-dicks about this. (If in fact that's what they're planning on) However, if you deal with gov't clients that want SELinux-based solutions, at least some of them do have the option of making the project classified and screwing over (sort of) the patent holder. I feel bad for you guys with private clients who actually have to obey all laws, although I'd be just as happy to negotiate a royalty agreement with SCC if we *had* to.

This does disappoint me, though. I hope SCC will behave as they originally claimed (in the SELinux FAQ document), but there's no law AFAIK (and no, I am Not A Lawyer) that can stop them from being Bad People.

Bummer.

don't over react

[frovingslosh]

We need a statement from SELinux on this. Having a patent in itself isn't necessarily evil; enforcing it is. Having the patent itself can be good, it prevents some patent whore from seeing what was done and then patenting ti and claiming he owns the idea [Not that such a thing would ever be done ;-) ]. What needs to happen now is for SELinux to make it clear that this patent will not be enforced against the Linux community. Or, if they want a fight, ......

Cat out of bag already.

They've agreed to release the patent when they bundled their patent with GPL'ed code and distributed it. Under terms of the GPL, the intent is clear, a license to the patent is bundled with all GPL code that inherits from the existing distribution.

NSA did and still does most of the work

[AIXadmin]

I know the guys who did the work at the NSA on SE-Linux.
The press is constantly making it sounds like the NSA outsourced the whole effort. They didn't the folks at the NSA did a huge part (majority) of the work. It would be nice if the articles started reflecting that.
No one goes to work at the NSA for the glory. But, they still deserve more credit then they get.

Re:Because so few people have actually READ the GP

[JohnKrasnay]

It's not really that complicated. The patent applies to the method, not the code. So if they in future decide to require a license for their patent, you can't distribute any code that implements the method, whether it's the previously released GPL'd code or something you wrote from scratch, without their license.

(I might be a lawyer, but you shouldn't trust me anyway)

jk

Look to the US. Govt. (Also stinks of Rambus)

[AIXadmin]

The NSA has funded the a huge portion of the work on Trusted Systems. (even before SE-Linux) Doesn't Federal law say any patents derived from Federal funding must be licensed to the Govt. on a royalty free basis?

Plus, this stinks of Rambus. I expect the NSA to get pretty pissed about this. They funded SE-Linux to help promote Trusted OS's into the mainstream. Not for someone to Rambus everyone.

Doesn't this also apply to TrustedBSD, and co.

[AIXadmin]

This goes beyond Linux, doesn't this also apply to TrustedBSD, and SE-Darwin?

Cheers,
Thomas Vincent

Patent and GPL

[hhawk]

i assume this is straight forward...

The patent is free to all using Linux under GPL. Everyone else pays.

That is to say, If you want to use the patent under some other system or with other software that isn't GPL'd or if you wish to develop a commerical product that isnt' based on GPL'd code, then you have to license and pay for the patent.

What does the patent have to do with this?

[rew]

IANAL... but,

Maybe I'm stupid (Well, feel free to call me stupid: I just read the slashdot header and not the referenced articles), but as I see it, they also used patented techology from Seagate on their harddisks during the development. Does that mean that Seagate can claim a licence fee on distributing Linux? No!

Same here. They used a patented technology in the process of improving the Linux code. So that doesn't make the Linux code fall under the patent....

Now, "Type enforcement" is a technology that dates back from at least the early seventies (Pascal, algol). Those patents are either expired, or there is prior art. Or maybe they patented something like "type enforcement in relation to computer security". Well, that was invented in the sixties.....

Roger.

How did they get this patent?

[TheLastUser]

Doesn't a Java vm do the same thing as their patented "technology" ?

A Java vm is stongly type checked to prevent buffer overruns. The use of a vm also enforces a security policy, commonly used to prevent applets from writing to disk etc., but can be fine tuned to disallow almost any system resource. In this way code that executes in the vm is isolated from the OS.

Seems to me that there is plenty of prior art here.

BTW, I believe that there is some code in the Solaris kernel that also trys to prevent buffer overruns.

GPL grants the right to copy, modify, redistribute

[SiliconEntity]

Just to point out the obvious, in releasing the software under the GPL, the original creator grants you, the recipient, a license to copy, modify and redistribute the software. If he has a patent on techniques used in that software then he is thereby giving you a license to utilize the patent in those specific ways.

He, the creator, is the only one who has the power to do that. And if he puts a notice in the software saying that it is released under the GPL, thereby granting you the rights to copy, modify and distribute it, he can't sue you later if you take him at his word.

Re:Because so few people have actually READ the GP

[Chris+Johnson]

That sounds plausible. So basically, they get to have a Doomsday switch: under the GPL they can only distribute if they haven't made use of patent restrictions. However, the patent restrictions are independent of the GPL. So, at any point, these guys can bring legal firepower with the intent of shutting down unauthorised use of their patents, and I think they can argue that they retain that capacity.

In so doing, they will blow away their own ability to distribute Linux (possibly permanently). However, they will also be setting up a situation where nobody else is free to distribute (or use?) their patented stuff either. Those people will then be unable to distribute Linux either- to the extent that it depends on the patented stuff. They'd be able to distribute OTHER Linux dists that did not contain the patents.

So it's a doomsday switch: having anything patented in Linux provides a chance for the patent holder to blow themselves away and also take out everybody else, to the extent that the patented stuff is indispensable. If there was a patented thing that was absolutely indispensable to Linux, it would be a tactic that could shut down the whole movement (causing it to be GNU/ with nothing after it ;) ). It would require that the patent holder blow away their own work and, as someone else said, be a 'patch looking for a kernel', which is simply a measuring of relative value: is the financial hit of ruining the value of this IP less than, say, 40 billion dollars from MS for killing off Linux and making everyone start over with the Hurd?

For these reasons I'd say, totally reject patents in the context of free software. Any patents, even 'defensive' ones, can potentially cause this situation, and I would have thought the technolibertarian 'let's make our own patent pool and fight it out rather than ask that the rules be changed' types would be the FIRST to accept that, if offered enough money, anybody'll crack. In a perfect idealistic world, maybe 'open source patent pools' would be safe, but we don't live in one, and in practice it's more like stockpiling dynamite and using it as barricades. Stupid!

Real security does not lie in Linux

[John+Whitley]

For those who are interested in moving towards a truly secure kernel, and getting to understand the inherent flaws and lack of rigor in the security models of popular operating systems (Lin, Win, *nix, etc) I suggest reading up on EROS, the Extremely Reliable Operating System.

This work is extremely promising, in that it represents a well architechted, principle-driven design that can make guarantees about its security model (e.g. it provably enforces the confinement principle). Not only does EROS achieve significant security goals, but it does so while mantaining excellent performance.

Other bells and whistles of interest include transparent persistence. EROS' memory model does not include an explicit disk/filesystem layer. Instead, it uses a single-level store model, wherein the memory model is extended all the way down to disk. Periodically, a consistent system state is checkpointed down to disk. This includes not only conventional end-user data, but processes, IPC state, etc. Everything. Perhaps counter-intuitively, this is actually *more* efficient than conventional designs.

As a parting note, this kernel is still in research phases, and wasn't quite to the point where it's ready for major external application-level software authoring... but it's been making steady and impressive progress both in technology and implementation.

Too late

[Grax]

IANAL

Once SCC approved the use of Type Enforcement under the GPL they cannot revoke that use or change the terms of use same as if you purchased a product and they later raised the price retroactively and sent you a bill.

SCC approved use of the patented technology under the GPL so they cannot legally stop others from using it under the GPL. One of the advantages to this for them is that they still retain full legal rights to prevent their technology from being used in closed source apps without a legal agreement with SCC.

So if Microsoft wanted this technology embedded into Windows XXP they have to either pay up or GPL their OS.

Slashdot Reaction

[BaldingByMicrosoft]

I just hope that this doesn't cause a barrage of nastiness from Slashdot readers. If they hold the patent, the best way to get the distro opened up is to play nice. If you want to insure bad results, consult RMS.

Perhaps, however... Re:OpenViolation

[fw3]

If I had one line of code of my opensource in thier distro,
One line would not very likely qualify as copyright (copyright applies to 'substantive works'). As GPL is enforceable only via copyright, one line could not be used to claim GPL violation.

I'd be on them like mad.
Folks who've contributed substantial code already have more or less been "on 'them' like mad". Which is neither surprising, nor hard to understand.

Meanwhile, a fair number of folks involved in SELinux development are cooling their heels, waiting to see what the directly responsible parties come up with.

This discussion was opened on Jun 3rd, and SCC notified the LSM list on the 7th that they are trying to hammer out the issues. SCC had a (vaguely worded) statement as reported by LWN about how linux/opensource would be free to apply the practice this patent and noting the GPL status of the code they have produced.

It looked pretty clear (my reading) that this statment was put out in good faith, but not at all solid enough to determine the details (see my other post below on this subject)

This statement was made in '00, notably the middle of the dotcom 'boom'. No surprise that folks in the midst of that craziness put things out that may have not been fully baked.

The issues aren't simple and for my part I prefer that SCC take their time and get out a statment which is clear and detailed. Then developers and the many people who're using this will hopefully be clear on the details of SCC's promise to allow opensource use of thier patent.

filtering the entire Internet

[cpeterso]

If SCC can truly "filter the entire Internet", that would be a HUGE increase in office productivity. That is worth at least $7000.

Implications for MP3+V?

[yerricde]

What this means is that I can take a software patent and distribute my own patented software under the GPL with the only obligations on my patent that any software that implements my patent must be GPL'ed itself. This would not violate the GPL.

What would the implications of this be for something like PlusV? According to PlusV's patent license: "In addition to the other terms and conditions of this License, use of the Patented Process is permitted, without fee or royalty, when used by software licensed under the GPL. Free use in mass production audio playback devices is explicitly not approved within this license" (emphasis by yerricde). Given that Free firmware for pocket audio players is now available, how is this restriction legal?

Re:Because so few people have actually READ the GP

[GryMor]

Ok, maybe I'm crazy, but wouldn't any attempt to to enforce the patent against anyone using it in code derived from theirs via the GPL mean that they NEVER were compliant with the GPL to begin with and can be sued for copyright infringement by anyone who owns the copyright to the work they derived their version of Linux from? Part of clause 7 is "For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.", so, in order to be compliant with the GPL they must 'permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly', so, if they later decide to change the royalty free nature of their patent (with regards to the Program) that then they NEVER had the right to distribute it in the first place.

A short lecture on Type Enforcement

Motivation:

Type Enforcement arose primarily from considerations of assurance. I know, nobody does assurance anymore, it being so much more profitable to let the general public find your vulnerabilities and then boast of your prowess in patching. Nevertheless, there was a time when people worried about such stuff.

Consider a node on an encrypted net, where the encryption is done by software on the node. There are two conclusions one would like to be able to make about such a system: that the crypto is done properly, and that the crypto is always invoked. Type enforcement is intended to provide assurance that the second properly holds, through a structure called "assured pipelines." You can look it up :-)

Mechanism

The Lampson Access Matrix, organized by equivalence classes for efficiency.

Uses

Too restrictive for a general purpose computing environment. Best used to lock down a special-purpose box, like a Web server.

Earl Boebert
-----
No longer associated with SCC in any way, shape, or form

GPL even more viral (was: Re:My IANAL conclusion)

Basically, I think they gave as they right to use, at least this implementation, of their patent at the moment the GPL'ed it. (But IANAL.)

So it means, that the viral aspect of GPL affects not only the code merged with the GPL'ed one, but also the patents concerning the merged code.
Interesting...

Circumventing the type enforcement patent:

[KlausB]

Here's an easy alternate way of type enforcement:

rm -rf /usr/bin/X11R6

All the type enforcment you'll ever want !

But then, how about prior art ?

Re:Because so few people have actually READ the GP

[Rogerborg]

Nice summary. I think we're beginning to understand just how badly patents and the GPL mix. I'm sure there's a bunch of guys out there tearing out their hair and screaming "I told you so! Why did nobody listen?". Sorry, guys, we should have listened.

As an addenda to your point about defensive patents and anyone cracking if they're offered enough money, let's not forget that if (e.g.) Red Hat go Chapter 11, then administrators will step in and just flat out sell their assets, including their patents, to the highest bidder. And we've always said that Microsoft couldn't kill the GPL code base by assimilation...

A fundamental error in the report

Much of the actual work in the implementation of SELinux was done by Secure Computing Corporation (SCC).

This is what happens when I don't read for a few days. The report is in error: Secure Computing did almost none of the implementation of SELinux, and none of the code that enforces the policy was done by them.

SE Linux is a pretty decent effort, and it would be a shame if it were scuttled by FUD.