Open-Source Insurance

← Back to Stories (view on slashdot.org)

Posted by ScuttleMonkey on Monday October 31, 2005 @08:31PM from the scheming-and-racketeering dept.

* * Beatles-Beatles writes to tell us that several insurance agencies have formed a partnership to offer open-source compliance insurance. From the article: " The insurance will cover up to $10 million in damages, including profit losses related to noncompliance with an open-source software license. The policy could, in some cases, cover the cost of repairing code that was found to infringe on open-source licenses such as the General Public License, which is used with the Linux operating system."

22 of 110 comments (clear)

Min score:

Reason:

Sort:

Cost? by DraconPern · 2005-10-31 20:37 · Score: 4, Insightful

So, just like other policies, how much will it cost? $100? $1 million? It's kind of point less to talk about the $10 million coverage when you don't know how much it will cost...
1. Re:Cost? by bogado · 2005-10-31 22:20 · Score: 4, Insightful
  
  In efect, why not making an insurance to people who do illegal trading in the stock market? It is high risk business, and can be very lucrative. Or maybe another illegal trade, the drug market suffer from losses from aprehensions by the police, maybe there should be a insurance to help those people also.
  
  I for one want a insurance aggainst the RIAA, MPIAA. They are known to make scapegoates and fine them for the loss of "millions of dollars". This insurance would be highly lucrative, since only a very small fraction of people do get to be fine and the market for it is huge (or at least RIAA and MPIAA have been saing so).
  
  --
  []'s Victor Bogado da Silva Lins
  ^[:wq
2. Re:Cost? by 4of12 · 2005-11-01 03:42 · Score: 2, Insightful
  how much it will cost
  Indeed, how much?
  
  I've always felt that indemnification against inadvertent use of someone else's "Intellectual Property" in free or open source software was a response to what amounted to a FUD campaign to discourage potential users from migrating away from a perfectly functional cash cow.
  
  If I'm right, the price the market will bear for this sort of insurance won't be very high.
  
  OTOH, I could envision a scenario where:
  
  Large enterprises embarking on a larger scale rollouts of FOSS in their environments are spooked into buying insurance after a headline-grabbing suit is filed against other users (eg, Daimler, Autozone).
  
  Other enterprises decide to forgo the insurance and stay within the known discomfort of vendor lock-in costs.
  
  Very small operations, one-man consulting firms, go with FOSS and are so small they fly under the radar.
  
  Small and medium-sized businesses would like the cost-savings, control, and security of FOSS solutions but can't afford the insurance.
  
  The price of this insurance seems like it could fluctuate dramatically, depending on suits being filed.
  The initiators of litigation could, of course, come from the ranks of those who stand to lose the most by more widespread adoption of FOSS, or from agents acting on their behalf.
  
  But another possible scenario is for purveyors of such insurance to demonstrate the need for their product or for its premium price. Just speculation; but it represents a potential conflict of interest reminiscent of the computer/network security marketplace.
  --
  "Provided by the management for your protection."
GPL devel needs insurance? by ejito · 2005-10-31 20:39 · Score: 4, Insightful

Is the GPL (or other open source licenses) that complicated that you just can't hire (or task) someone to review your development practices to be in accordance?

Well, it's Lloyd's of London subdivision offering this (the same people who insure body parts), so it's probably more publicity than anything.
1. Re:GPL devel needs insurance? by Crouty · 2005-10-31 21:22 · Score: 3, Insightful
  
  Mod parent up, ejito got the point.
  Maybe it is targetted at people who absolutely want to keep any risks down to a minimum, including the risk of not reading / translating correctly / obeying the license.
  
  --
  On se Internetz nobody noes your German.
2. Re:GPL devel needs insurance? by Kjella · 2005-10-31 21:32 · Score: 3, Insightful
  
  I think it's more of an "employer vs company" problem. Employer lifts GPL code without license, company includes it in their code base, company gets sued by copyright holders. Statutory damages get nasty fast, so this is more like malpractice insurance for a clinic.
  
  The moment it becomes willful and for commercial gain, it is a criminal offense. So if any company wants to try to use this to get away with copyright infringement, they'd better hide their tracks good because now they have an insurance company looking to get out of a claim.
  
  Anyway, I'm sure there's the odd case of some minor penalties here and there, but I think this one is way ahead of the market. Why would you insure yourself against something that I don't know a single big case with millions in damages over an OSS product. Do you?
  
  --
  Live today, because you never know what tomorrow brings
3. Re:GPL devel needs insurance? by ejito · 2005-10-31 21:53 · Score: 2, Insightful
  
  Hmm, I would think that an employer competent enough to be able to sort through and understand a large open-sourced project would be competent enough to program (or at least switch around) their own code. It would also mean that either the programmer is making the design, or that the open source project has a very similar design to his/her own project. It becomes increasingly harder to prove code was stolen for smaller pieces of projects.
  
  On top of that, assuming these projects aren't open-source themselves -- how are OSS groups able to know that companies are stealing their code if OSS groups can't review the code itself?
  
  You also gotta ask the question, "Why just open-source?" There's plenty of proprietary code to be stolen too.
4. Re:GPL devel needs insurance? by LordNightwalker · 2005-10-31 23:06 · Score: 5, Insightful
  
  On top of that, assuming these projects aren't open-source themselves -- how are OSS groups able to know that companies are stealing their code if OSS groups can't review the code itself?
  
  Sometimes it's possible to deduce this from looking at the compiled code. Especially with libraries. Now I'm not an expert on the issue, but cases of closed source vendors getting caught in the act of including opensource portions in their product have been discussed often enough here on slashdot, so I find it odd that you seem to be unaware of this.
  
  --
  Install windows on my workstation? You crazy? Got any idea how much I paid for the damn thing?
5. Re:GPL devel needs insurance? by indifferent+children · 2005-11-01 00:54 · Score: 2, Insightful
  
  There is such a thing as 'Criminal Copyright Infringement". You can go to jail for copyright infringement (5yrs per incident IIRC). Anytime the penalty can include jail time, you have left the world of civil law.
  
  --
  Censorship is telling a man he can't have a steak just because a baby can't chew it. --Mark Twain
Accidental? by Anne+Thwacks · 2005-10-31 20:50 · Score: 4, Insightful

Do they also offer insurance against "accidentally" selling your soul to the devil?
Any person in any corporation buying this should be subjet to instant dismissal. If you are a shareholder in a company that buys this, then you should sell your shares immediately, as it is clear proof that the management is corrupt or incompetent.
The Institute of Chartered Accountants should be expected to recognise it as a symptom of malpractice, and if auditors fail to recognise it as such, then the auditors are also guilty of malpractice.

--
Sent from my ASR33 using ASCII
1. Re:Accidental? by Zog+The+Undeniable · 2005-10-31 21:15 · Score: 5, Insightful
  
  It's common to take out indemnity policies against the possibility of future legal action where all steps have been taken to try and resolve the issue beforehand. A real estate example would be where a new access road crosses a strip of land, the owner of which is unknown and cannot be traced after an exhaustive search. A policy is put in place to pay $m if the owner ever appears and wants paying for the "ransom strip" or threatens to build a wall along it.
  
  Now if the buyers of the policy KNEW there was copyright SCO code in the software then no, they shouldn't expect the policy to cover them and I'm sure the T&Cs make that clear.
  
  And yes, I am an auditor.
  
  --
  When I am king, you will be first against the wall.
2. Re:Accidental? by bit01 · 2005-10-31 23:51 · Score: 2, Insightful
  
  There are several ways where GPL code can enter a company against the intent of the company. ...
  
  There are several ways where any licensed code can enter a company against the intent of the company. ...
  
  ---
  
  Marketing talk is not just cheap, it has negative value. Free speech can be compromised just as much by too much noise as too little signal.
Re:Arabian Camel Trains by mumblestheclown · 2005-10-31 20:58 · Score: 3, Insightful

Sigh. Today's insurance companies also have to pay more if everybody's camel dies.
Insurance is about tranferrance of risk. You pay the insurance company to assume the risk for you.
Now that that's covered, tomorrow, we'll learn "how to tie your shoes" and "eating with a spoon."
Re:Then and now by PSVMOrnot · 2005-10-31 20:58 · Score: 4, Insightful

"Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore."

I think you need to add a line in there between Now and In The End. something like this:

Next: Someone finally sues Big company over the infringement, and Big company finds that due to some small print they aren't covered. (ie: a clause saying they can't knowingly be involved in infringing activity)

Insurance companies will try to avoid any sort of payout, even^H^H^H^Hespecially if they know they are blatently in the wrong.
(IANAL, but I was in insurance briefly)
Re:Silly by BrainInAJar · 2005-10-31 21:07 · Score: 3, Insightful

Yeah you can...

There are only a limited number of ways of solving certain problems, so if entire functions look pretty much the same, it wouldn't be too surprising (unless comments are the same too... then it's fishy)
Re:Then and now by Crouty · 2005-10-31 21:29 · Score: 2, Insightful

Authors of GPL'ed software won every license trial so far AFAIK. Either this insurance company insures companies that don't need an insurance or it will pay. I don't think this insurance company is going to last very long.

--
On se Internetz nobody noes your German.
bad idea by Schwarzgerat · 2005-10-31 21:34 · Score: 2, Insightful

Insurance works on the *cough* law *cough* of averages, different shocks affect different people so a single shock can be covered by the insurance company for far less than the cost of said shock. There is not enough diversification in something like this. If there are developments against the GPL or a very popular software pack gets into strife (openoffice or such like), then their are huge liabilities that the insurance company can't meet and everyone sinks. Just how does one determine the profit losses from the time spent compliancing software etc?
How about EULA licence-violations? by zcat_NZ · 2005-10-31 21:37 · Score: 5, Insightful

What businesses REALLY need is insurance against Microsoft (and other BSA member companies) licence violations.

SERIOUSLY

Because for any reasonable-sized organisation it is very expensive to do a license audit, and almost impossible to be sure that you're completely in compliance. Many businesses have found that it's easier and cheaper to just buy a completely new set of licenses than try and figure out if the ones they already have cover everything they're running.

And because if you're not in compliance, even by just a little bit, you _will_ get hit with substantial fines which cost a LOT of money to fight that in court.

--
455fe10422ca29c4933f95052b792ab2
Not as dumb as it sounds... by Max+Nugget · 2005-10-31 22:10 · Score: 5, Insightful

There is indeed such a thing as "accidentally" infringing on open-source code licenses. You see, while the individual developer who copies the code is usually aware of its legal incumberances, it would be quite easy for the corporation's management, board of directors, and shareholders to be unaware of the legal deathtrap the lowly developer employee is leading the company into. And lest we remember, it is the CORPORATION that would be found to have infringed the copyright, not the employee. The corporation would face responsibility for what its employee did. From this perspective, having insurance against such things might not be such a bad idea.

And by the way, I would wager to bet that a non-trivial percentage of employed developers are unfamiliar with the specifics (or fundamentals) of the GPL and other common licenses. Also, there are many scenarios in which miscommunication between employees and management could lead to unintentional use of open-source code. Who knows, maybe an employee is even deliberately trying to get the company into hot water.

Someone else here mentioned that this kind of insurance would make it easier for bigger companies to violate open-source licenses, since they'd be shielded from any legal damages. In response to that, allow me to introduce you to the phrase "Insurance fraud." Don't think for a second that these insurance companies won't be carefully pouring over company documents, correspondences, etc, to make sure the infringement was indeed "accidental" in whatever sense the word becomes defined as.

As someone else said, probably the only question is whether these companies can speculate the open-source-infringement-lawsuits world accurately enough to stay profitable. It seems to me that's easier said than done, but I do think the idea makes sense in theory at least.
1. Re:Not as dumb as it sounds... by Max+Nugget · 2005-10-31 22:35 · Score: 3, Insightful
  
  A correction: I misinterpreted the point of a previous post, which said: (sorry for not replying directly to the thread, but my original post only mentioned the OP in passing)
  
  Now: Big company tajes insurance and starts stealing open source code, because they feel there is no legal risk anymore.
  
  In the end: Open source developers get screwed once again and the only people getting rich over it are the lawyers. Nothing new here.
  
  I still disagree with that, though.
  
  Firstly, if they intend to trick the insurance company into footing the bill for an intentional infringement, there is certainly a legal risk to a company in engaging in insurance fraud. If they intend to admit intentional infringement to the insurance company, then there was no point in purchasing the insurance, as it will be worthless.
  
  Second, that the lawyers make more money as a result is insignificant in this case. Whatever the added lawyers' fees would be as a result of having this insurance package is presumably less than the amount of the infringement damages they would face without insurance, otherwise they'd have no incentive to buy the insurance. And it goes without saying that it's not a profit burden to the insurance companies, otherwise they wouldn't be in the business.
  
  And I also don't see how this hurts open source developers. You assert that this insurance plan works in part because the insurance companies know open-source developers don't have the money to sue. Well, if they didn't have the money before the big company got this insurance, they don't have it now either. Nothing's changed from the OSD's point of view. I also doubt the presence of the insurance company would make it more expensive for the OSD to sue, in fact, it's more likely to lower the costs somewhat, and any infighting between the insurance company and the infringing company (over insurance fraud or other concerns) probably wouldn't cost the OSD much, since they wouldn't need to participate in that.
  
  I don't see how this results in any change to the life of the open-source developers. It's just a safety net for the infringing businesses, and it won't give them carte blanche to start infringing anymore than they've already had/not had.
Re:Silly? by bit01 · 2005-11-01 01:46 · Score: 4, Insightful

True however keep in mind that there are just as many ways to infringe on closed source software licenses.

Whether a license is for open source or closed source is irrelevant to the question of legality.

Some people might argue that because open source software is easier to get then infringement is much more likely. Other people might argue that because closed source software licenses are generally much more restrictive then infringement is easier and much more likely. Either is true to a certain degree so if you're going to argue for the need for insurance you should be arguing the need for insurance for all software licenses, and not just open source.

The fact that the insurance company is only offering the insurance for open source suggests to me that, apart from it being trendy, they think that they can maximise their profits. In other words their costs in this area, as compared to closed source insurance, are lower and is evidence for lower monetary risk when using open source software.

---

I'm not worried about the use of DRM. I'm worried about the abuse.
Re:Silly by Delphiki · 2005-11-01 02:12 · Score: 2, Insightful

If I had never seen Linux source code and independently wrote the exact same code, it would not be copyright infringment for me to sell it as closed source. So if entire functions look pretty much the same, unless you looked at the other source code first, you still aren't violating someone's copyright.
Copyright law unlike patent law, does not penalize people who independently come up with something similar/identical.

--
Feel free to mod me "-1 - Angry Jerk".