GPL May Not Work In German Legal System

erbse2 writes "It may be that the (L)GPL can not be (fully) enforced under German jurisdiction. This is at least the conclusion professor Gerald Spindler of the jurisprudential faculty of the University of Goettingen came to when he examines the Legal questions of the open source software (It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer). Heise News has the article in German, however, the fish may be with you. IANAL, however, as one can put some of the legal problems aside, most of the concerns mentioned in there should provoke at least some thought by brave men around RMS."

No problem!

[jsse]

It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer

We'd not read it even when it's short, simple and in English, so how hard could it be. :)

Re:No problem!

[AndrewRUK]

By "true anglo-saxon," I presume you mean Old English, the language spoken in Anglo-Saxon England prior to the Norman conquest of 1066. There's no shortage of Old English texts available, for example, the Lord's Prayer in Old English (10th century):

"fæder, u e on heofonum eardast,
geweorðad wuldres dreame. Sy inum weorcum halgad
noma nia bearnum; u eart nergend wera.
Cyme in rice wide, ond in rædfæst willa
aræred under rodores hrofe, eac on on rumre foldan.
Syle us to dæge domfæstne blæd,
hlaf userne, helpend wera,
one singalan, soðfæst meotod.
Ne læt usic costunga cnyssan to swiðe,
ac u us freodom gief, folca waldend,
from yfla gewham, a to widan feore."

(from http://www.georgetown.edu/faculty/ballc/oe/pater_n oster.html, which also has Middle English ["Oure fader that art in heuenis..."] early Modern English ["Our Father which art in heauen..."] and modern English ["Our Father, who art in heaven..."])
For other examples of Old English text, google is your friend.

In other news

[borgdows]

SCO's CEO, Darl Mac Bride, has just declared that the SCO company will move to Frankfurt, Germany, and will be renamed FGO (Frankfurt Germany Operation).

Re:In other news

[73939133]

Actually, I believe SCO is under a restraining order in Germany that prohibits them from making the kinds of outrageous claims about Linux that they have been making in the US.

Translation

[Renegade+Lisp]

Here's a rough, carbon-based translation of the Heise news article. Please don't hold me liable for it :-)

The Organization of German Software Industries (VSI) considers its view reinforced that using Open-Source-Software leads to jurisdictional uncertainties. On behalf of VSI, Professor Gerald Spindler of the law faculty at the University of Goettingen examined "Jurisdictional Questions of Open Source Software". In more than 100 pages he examines the situation from different perspectives: Author's Rights (Urheberrecht), Usage Rights (Verwertungsrecht), and Liability Rights (??, Haftungsrecht).

Spindler spots jurisdictional uncertainties for all parties involved: Developers may be held liable if software does not work as expected, even if they only participated marginally in the development, rather than being a lead developer. Employers could walk on thin ice if they pay employees for writing Open Source Software. And buyers of such software must be prepared that liability is limited to the criteria common for items given away for free, i.e. severe negligence only.

Although one could argue about one or the other detail of the study, it spells out many problems. The license that is probably most popular for free software, the GPL, is hardly considered to be fully enforceable in the German maze of laws. For VSI, the results are probably most welcome, in order to spread uncertainty among people interested in Open Source, who are currently watching the actions of SCO against IBM eagerly.

Re:Translation

The question is, does this professor have any constructive suggestions on how fix the license? Or is Open Source as a concept really verboten in the German legal system?

Re:Translation

[Sique]

Spindler spots jurisdictional uncertainties for all parties involved: Developers may be held liable if software does not work as expected, even if they only participated marginally in the development, rather than being a lead developer. Employers could walk on thin ice if they pay employees for writing Open Source Software. And buyers of such software must be prepared that liability is limited to the criteria common for items given away for free, i.e. severe negligence only.

But the same is valid for all commercial software in Germany too. EULAs have repeatedly been denied validity because of the german contract law. EULAs are a contract between you and the author of the software. But because you didn't buy the software directly from the author, but from a third party (the reseller, the company bundling the software with a computer etc.pp.), EULAs can't be enforced. All the author can impose on you is the priviledges he gains from the Author's Right (Urheberrecht).

This makes software under GPL in no way different than any commercial software you buy in Germany from a liability point of view.

Re:Translation

[BlueWonder]

So this guy is saying that the 'ABSOLUTELY NO WARRANTY' part has no effect in Germany?

If you give something away without compensation, your liability is very limited under German law, anyway. In particular, you can only be held liable in case of gross negligence or premeditation. So, for software authors who just offer their software for download, this is not a problem.

People who sell open source/free software (either written by themselves or someone else) might be held liable to a certain extent. In that, they're no different from people who sell propietary software.

Re:Translation

[jkrise]

" does this professor have any constructive suggestions on how fix the license?"

Why should the license be fixed? Do idiotic clauses in MS EULAs get fixed based on user feedback? Does Munich decide to buy 14,000 licenses of GPL s/w based on this sponsored study about GPL licensing? Are Germans nuts to believe such propoganda?

For your info, Germany has huge tech giants in IT - SAP, Siemens, SuSE - just to name a few. And ALL of them have stakes in Unix/Linux/OpenSource and cellphone segments.

LinuxTag's protest against SCO was direct and stinging - compare that to the farce in Utah. Advice: Don't mess with Germans - they're known to be merciless and ruthless, despite their appearances.

Re:Translation

[Random+Walk]

There is a group of German lawyers who have founded IFROSS, a private institution to study legal problems with open source in Germany. They have quite a few publication on this issue, including a detailed study of the GPL.

They conclude that under German law, the authors liability is most probably limited to intentional damage and gross negligence.

Also, they argue that clause 2 (allowing modifications) and clause 9 ("and any later version") may be problematic. The problem with clause 2 is that modifications of a program may (e.g.) tarnish the reputation of the author, and legally one cannot waive one's right to sue for that (at least in Germany). Also, apparently the author may claim that modifications violate the artistic integrity of her work. However, the analysis foresees problems mainly for works of art, rather than utility programs. Clause 9 is problematic because here the author waives rights for future usage modes that she cannot yet foresee. But licences can only apply to usage modes presently known.

The baseline of problems with the GPL seems to be that in Germany (and, I think, also in other european states), waiving or selling of basic personal rights is usually not possible.

Re:Translation

[Narcissus]

But there is no need to agree to anything on installation: the basis of the GPL is that there are no USE limitations. DISTRIBUTION, yes, but just because you didn't read the licence does not make you allowed to distribute, because you need permission to do so in any other case.

The only way you are allowed to distribute the application is by agreeing to the GPL. Don't like it? Don't distribute it, but that will not stop you in ANY way from being allowed to use it.

Re:Translation

[ajs]

Just to review the core strength of the GPL, while the GPL may have many satellite weaknesses in many legal systems, it will always fall back on revocation.

That is, if you cannot apply the GPL, you MUST NOT apply it. As soon as you are without the GPL, you have source code and binaries for something that you are now not allowed to distribute without getting permission from the author, except as allowed by your country's take on fair use.

The GPL is a voluntary license, and you never HAVE to apply it if you don't want to. The fact that, in some legal systems, it may not be possible to apply it in some or all situations, simply means that you have what you are given, and you may not use it in ways that you are not allowed to by law.

The GPL doesn't apply to you unless you want it to.

good babel quotes

[I+Want+GNU!]

I don't generally understand long, complex, legal arguments in German, but the astounding Fish translates it perfectly. Here are a couple quotes:

"Employers could go on thin ice, if they pay coworkers for the letter of open SOURCE often commodity."

"Even if one can argue perhaps over or other detail the study, then she calls many problems nevertheless with the name."

finally

...a reason to learn German. And finally a real reason to post b4 reading the FA.

babelfish translation

ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!

ehh.. I think babelfish has been on the crack pipe again

Re:Actually, the GPL hasn't exactly worked..

[prockcore]

The SCO cases is supposed to be the first test, but that might not happen anyway.

No, SCO is not challenging the GPL, SCO really has little to do with linux.. it is about two things, one, a contract dispute with IBM, two, ownership of derivatives (they claim that if you write code and license it to SCO for use in SysV, then SCO owns all rights to that code and you cannot take that same code and use it elsewhere).

Translation of page 2 of the study

[BlueWonder]

im Auftrag des Verbandes der Softwareindustrie Deutschlands e.V. (VSI) means that the study was paid for by the German association of proprietary software makers.

Re:Translation of page 2 of the study

[slimme]

If you give a lawyer (or a professor) the task to examine a contract and make a list of all possible weak spots in the contract, he (or she) will do so. Of course this lawyer might find very strong elements, but he (or she) is not being paid to list them ;)

So here you got a list with all things that might go wrong with the GPL in Germany. The same thing could be done with any contract (most contracts are dubious and open for interpretation).

You should thank the opposition (VSI) for giving their money to investigate your contract. Read it wisely and improve where necessary.

Re:Actually, the GPL hasn't exactly worked..

[pe1rxq]

Well it might turn out to be a gpl test.
Consider the following argument from IBM:

"We have copied code we think is ours into linux, however SCO then also distributed the same code under the GPL. If the code ever was questionable they have granted permission to use it at that moment. And thus set a precedent for more copying"

At that moment SCO would have to kill the GPL in order to have any case (or a substantial case) at all.

Jeroen

that doesn't make much sense

[73939133]

The article says that even minor contributors to an open source software project might incur substantial liability if the software doesn't perform correctly, employers might be liable if they permit their employees to develop open source software, and yet users of open source software might not be able to get much protection if the software malfunctions. The whole thing sounds like scare tactics to me.

This is not surprising, since the study was commissioned by the VSI, an alliance of closed source software development companies, whose members are the usual suspects: Microsoft, Sun, Autodesk, and others. I suspect that if the BSA commissioned something similar in the US, they could find a "legal expert" giving the same kind of opinion.

In any case, if this really is the legal situation in Germany (or any other nation), the logical next step is to fix the laws. There is no reason to leave any legal uncertainty around BSD or GPL-like licenses: they are clearly one valuable and valid way of licensing software, and they are an important component of a free market in software.

Re:that doesn't make much sense

[SmallFurryCreature]

Well, the whole things smells of FUD anyway. Since when are software makers liable for damages anyway? I can think only of virus writers who are held accountable for the actions of the code they written. Oh and that poor guy who made DeCCS(?).

If you buy and run product X be it linux/windows/aix/????? and it destoys youre data, sleeps with youre cat and sets fire to youre wife then though luck. Sure some special contracts exist wich rememdy this but these are little more then extremely expensive insurance policies such as you could buy from any insurance agency.

But the VSI can't really be blamed for this FUD. Suse is right there in germany stealing their contracts. Damn commies must be stopped or else what did they tear down the wall for!!!! :)

Really europe makes some extremely dence laws, netherlands introduced a .5 to 1 euro tax on dvd recordables, but opensource here is pretty hot. Well compared to the us goverment. Anything to stick it to the yanks!

Hourra!

[borgdows]

It's long, it's complex and it's in German and it's written by a professor, so don't expect to understand anything, if you are not a German lawyer

I AM a German lawyer and it is the FIRST article I have understood on Slashdot!

shold be a problem in brazil too...

[protomala]

It's just a matter that the laws where not made to allow such a thing, not that the country is against the license (and I belive this is the case in Germany). For what a friend told me (he participated of a law-software-class), in Brazil you can't give away a software you made, there isn't such a thing as a company owning code in Brazil, only the people who created a software own it and can't simply say: "ok, it's not mine anymore". How this work with derivative work is a questions I have no answer, but I belive that most contries will have on one or another way problems with GPL. This dosen't mean that a judge can accept the license, just that the law by itself wasn't made with GPL in mind.

WARNING: THIS STUDY IS F.U.D. !!!!

[quigonn]

The study mentioned in the Heise article was commisioned by VSI ("Verband der deutschen Softwareindustrie", roughly translated "association of the german software industry"), and the VSI chairman is also the CEO of Microsoft Germany.

The responsibility for the product?

[kompiluj]

As I have skimmed through the professor's analysis (exactly 64 pages, not 100) I have noticed one single important point he tries to make: you cannot depend on OSS in case of some damage. The OSS (L)GPL goes against the german law voiding the guarantee of compensating damages. But what the hell guarantee you have using prioprietary software? Has anyone been compensated for loss due to Windows misbehaviour or, say, Oracle DB bug?
The conclusion from this study IMHO is that generally software providers should compensate damages that software bugs cause, it should not only be the problem of the Open Source Community. From that point of view commercial licences are equally flawed.

He's right, kinda

This VSI page in English lists Rudolf Gallist as "chairperson" and this page in English shows that Rudolf Gallist was a "business leader of Microsoft Germany" from 1991-2000. So he hasn't worked officially for Microsoft in 3 years, but still, there is a connection...

IANAL but I'm German

[Advocadus+Diaboli]

and besides the fact that this study is just a big piece of FUD sponsored by the VSI (which is practically equal to Microsoft) you should know that also the EULA is invalid according to the german laws.

The only problem is that justice is not a matter of laws and "being right" anymore, actually (thanks to the lawyers) its more a matter of money. And sadly money is the resource that Microsoft has in big ammounts.

interesting point: language

[73939133]

The paper makes an interesting point: the only official version of the GPL is in English, but contracts in Germany generally need to be in German in order to be enforceable.

That may not matter for US projects put under the GPL and downloaded from US sites, where US law might apply even to German users. But it does matter for GPL'ed software re-distributed within Germany, and in particular for GPL'ed software created inside Germany (KDE?).

VSI intended this study to be a vehicle for putting down free and open source software. But the money they spent on it (it probably wasn't cheap) may actually help German free software efforts sharpening up any legal loose ends. Maybe one should get the BSA and Microsoft to invest in a similar effort in the US--it saves legal expenses for organizations like the FSF.

Re:Slam SCO, now GPL?

[Stephan+Schulz]

German courts are playing both sides, now?

Well, first of all I hope that German courts (indead, all courts) decide cases based on their merits and current law, not on wether they like one side better. It's the task of the legislative power to make laws that prefer the side we like better ;-).

Secondly, no court was involved, but a German Professor of Law wrote a study.

And thirdly, the study was commissioned by a trade association of proprietary software companies -- what do you expect? Even without suspecting the author of willful misinterpretation, you can be sure that the sponsor carefully picked somebody who shared their vision or something to that effect.

Re:Actually, the GPL hasn't exactly worked..

[tony_gardner]

I don't understand this logic. Lets say I work for a company making widget subcomponents. I also retail widgets made by a range of companies. One of those companies stole one of my widget subcomponents and without my knowledge incorporated it into their widget, which was subsequently retailed by my company.

How exactly is the retail of the dodgy widget an excuse for the thief?

Re:Actually, the GPL hasn't exactly worked..

[pe1rxq]

It might not be an excuse for the first theft...
But in this case it is not without SCO's knowledge...or atleast they had the opportunity to examine the source before distributing it.
By not doing it (and thus taking a risk) they forfitted the right to complain later. SCO's argument that nobody checks before shipping is nonsense. Just because everybody takes risks does not mean that they don't have to face the consequences of their actions.

Once the first 'widget' gets through the offending company might use your apparent approval as a sign for subsequent 'theft'.
In the case of IBM vs SCO not even the theft has been proven...

Jeroen

The study is not about the GPL at all

[heironymouscoward]

Raising the GPL as "exposing companies to legal risks" is playing games with concepts. The GPL defines what can and can't be done with software written under that license. It does not, and cannot, define commercial conditions and liabilities for using the software. This is firstly a matter for national legal systems, and secondly a matter for contracts between parties.

Let us imagine for a second that this is actually a fault in the GPL. Now, what about public domain software (not GPL), such as software freely provided by computer manufacturers, or by individuals or groups. Exactly the same issues apply: writing such software can expose the programmer and company to liability, and using such software means you have to accept that no-one is liable.

Now how about commercial software. Is this any different? No, it can be criticised for exactly the same reasons.

So, it's clear that the so-called study is a misdirection. The GPL is about ownership and freedom, the study is about legal liabilities. No matter who owns the software, the legal liabilities remain shared between the author and the user, as defined by contracts and legislation.

That the study was paid for by a group representing commercial software vendors suggests that the deep pockets of interested parties lie behind it. Why Frankfurt, Germany? Because Germany is at the fore-front of the OSS revolution. (Note that my company has been distributing OSS products since 1997 and a steady 9-10% of all downloads have been from Germany, against 40-50% from the USA and 30-40% from the rest of the world).

The study is bunkum and can be dismissed easily, since taken to its logical conclusion, no-one should write software at all, and no company should use any product whatsoever if they are not able and willing to sue the person making it.

Summary starts on p. 104

[Get+Behind+the+Mule]

If you can read German (and this is heavily legal German, the hardest kind of language to work through), you might want to start with the three-page summary on page 104, rather than plow through all 100+ pages.

I don't have a lot of time, but here's my first impression. IANAL, etc., etc. The summary raises three categories of legal problems, involving (1) the copyright holder, (2) contract law, and (3) liability. Actually, it seems to me that everything boils down to the issue of liabiliy: who has to pay if the software is defective in some way. Identifying the copyright holder and clarifying the contract are all means to the end of deciding who has to pay up. Incidentally, the text occasionally mentions open source software in general, but it appears that the only license analyzed in detail is the GPL (at least in the summary).

The section about the copyright holder strikes me as a tremendous struggle with what should be an easy question. Prof. Spindler or whatever says that since so many people may have contributed to the development of GPL'd software, in so many different countries, there may be huge problems identifying the copyright holder. This is the longest and most complicated part of the summary, and I'm not into working it all through right now, especially since I don't see the problem. Isn't this a moot issue with the GPL, since there is always exactly one copyright holder, regardless of who else contributed? That is, if the distributor of GPL'd software elects to include someone else's contribution, they nevertheless distribute it under their own copyright?

There are other issues in this section: if a company pays employees to contribute to GPL'd software, they might not be able to let the company be the copyright holder, because they do it for money, and the GPL allegedly says you can only do this free of charge. (Is that right?) It also raises the problem that the GPL as a business contract (one business allows another to use software under the conditions of the GPL) may be problematic since it's only in English. And that it is difficult to know when the GPL applies to new development, since the criteria for determining whether one software is derivative of another are unclear.

The second part contains what I think is the most critical claim: That the exclusion of warranty and liability in GPL sections 11 and 12 is not valid under German law. Open source software is legally regarded as a gift, and even for gifts, German law requires certain minimal standards of consumer protection, for example against deliberate or gravely negligent defects.

And so in the third section, Prof. Spindler claims that there are liability issues related to open source software, for the aforementioned cases of deliberate or gravely negligent failures of the software. He specifically mentions that distributors may be liable for viruses distributed in the software. Also, third-party-users may have stronger liability claims if they suffer damages caused by GPL'd software. For example, if a provider uses GPL'd software that is used in turn by its customers, and the software has some kind of defect that harms the customers, then the provider itself may be limited with respect to liability claims against the software authors, but the customers might be able to make stronger claims against the provider. "Download centers" or software distributors (such as SuSE, I guess) may be liable for distributing defective open source software. And if a provider or distributor does not hire support or consultants to help them ensure that the software is not defective, they may be exposed to liability claims because they were insufficiently diligent.

As I said, this summary reflects a superficial read-through and I'd be surprised if I've really understood it all. Hope it helps, but don't sue me if my summary/translation is defective. %^)

Re:Actually, the GPL hasn't exactly worked..

[jodo]

Your's is a good analogy. But SCO distributed Linux under the GPL. They knowingly participated in this arrangement for years. The code was open for all to see. Right?
Let's say SCO writes a song. I write a new verse and new vamp for the song. It's a hit. We go on tour together. SCO and I perform the song for years on tour. We sell concert cd's of the song with my verse and music included to our adoring fans. We make money. Suddenly (overtaken by an evil spirit) SCO says, "it's all mine now." Pay me! Or don't sing the song.
In the end, I think it was SCO's responsibilty to know what they were doing with the GPL.

Other problems with GPL vs. german law

[__past__]

One thing that hasn't been mentioned yet:

As far as I understand, german "Urheberrecht" (not quite the same as copyright, more like "author's right") is basically inalienable. You can't just give away or sell your rights.

One consequence of this is that germans cannot put their software or whatever in the public domain (well, they can, but it would involve dying, and even then it takes some years). Another thing I wonder about is the FSF policy of only accepting patches when the author transfers copyright to the FSF (fun question: why is the GPL not good enough for them?). A german developer cannot meaningfully do that. How can they accept contributions from german developers?

Re:Slam SCO, now GPL?

[dirkx]

In germany (and in fact in most countries visited by Napoleon) the broad 'as-is' disclaimer generally is quite an issue.

In the US it is very normal that two 'grown up' parties agree to something fair reaching; such as waiving certain rights or liabilties with respect of each other.

In most of (continental) europe that is not quite so easy; and the contract or agreemnt which two parties may have with each other may simply be overclassed by national law or 'common sense' in that respect.

The national law dictates that there are certain minimal levels and that disowning it all is simply not an option.

So regardless of what the developer (dis)claims with respect to warranty; the court may well held him liable to a certain extend.

At the same time, there is also a bright side; those liabilities are generally much more limited and 'capped' than in the US; and hardly ever exceed a small multiple of the resonable sum/economic value of the good (and not what can be done with that good). And they also put very reasonable demands on the 'user'. Willy nilly risking 5 million of lost production on a bit of untested free software is not going to ring true with the judge. He expects (more) resonable caution than generally in the US.

Also note that the scope of damages is very propotional to the purchace/gains of the developer/transaction. Sor 'free' (as in gratis') software those amounts are obviously not going to be very large.

Except if there is a bit more blame; i.e. someone knowingly dropping the ball. And unlike the US, where that waiver is going to help you - it may do little or nothing in most of Europe. Whereas in the US you are fairly secure.

On the other hand - any secondary damages issues are not nearly as much of a problem in europe, and virtually unheard of. Plus bear in mind that cost recovery and legal assistance is on an entirely different level in germany compared to the US. This making the issue of frivolous lawsuits by a megacorp which cripples a small developer virtually unheard of in most of the EU.

So in short; yes - you are bit more open to exposure in Europe - but as long as you behave resonably and are not vandalizing the hight of that exposure is very limited; and proportional to your fairly direct and clear cut gains from that software. And with open source / gratis - that is not going to make you go bust.

Dw