Does Using GPL Software Violate Sarbanes-Oxley?

Anonymous Coward writes "eWeek is reporting that The Software Freedom Law Center has published a white paper that dismisses recent publications from embedded systems seller Wasabi Systems. Wasabi recently released statements focusing on alleged GNU General Public License violations in relation to the Sarbanes-Oxley Act of 2002. The white paper, titled "Sarbanes-Oxley and the GPL: No Special Risk," essentially counsels users of the free software license that they have no need to worry."

CSPAN called

they want their boring back.

More info on SOX

[kebes]

In case you have no clue what "Sarbanes-Oxley" is, you can check out official info and the Wikipedia article. Basically it is a set of laws that place limits on what companies (and those working for them, especially upper management) can do. This has mostly to do with declaring assets and transfers of money. It tries to prevent companies from defrauding investors and so on. These laws were enacted after the Enron scandal.

Wasabi's complaint is that under these laws, you have to declare all assets, including intellectual property. Their rationale is that using open-source software, you may be in violation of the law if you do not review and declare that usage.

As was pointed out last time this was discussed on slashdot, a company would only be in trouble if they were already doing something illegal: violating the GPL. If you violate the GPL, then you're misrepresenting your ownership of IP (claiming to have a license you don't), and thus are also violating Sarbanes-Oxley.

So what's the problem? If a company follows the GPL, then everything is fine. They have nothing to worry about. If they violate the GPL, then they're breaking multiple laws. So, as always, companies should make sure that what they are doing is legal. This in no way diminishes the extent to which GPL software can be used in commercial environments. Wasabi acts as if there is some tremendous additional legal burden to using GPL software. However it seems that Sarbanes-Oxley would equally apply if you mis-represented your ownership of non-GPL software. So there's no difference. (You can read the Software Freedom Law Center white paper for a more complete explanation.)

Re:More info on SOX

[booch]

In almost EVERY argument against the GPL, you can substitute any other license for "GPL", and the argument would still hold true.

One of the biggest arguments against the GPL is that if you use it in your own code, you have to agree to its terms. In the case of the GPL, those terms mean that your code must be GPLed. Other licenses set other terms; many licenses don't even ALLOW you to use their code in your code. In any case, if you don't follow the terms, you can be sued for copyright violation. So you always have a choice, no matter what the license -- either follow the license, or get sued.

Re:More info on SOX

[zero1101]

One of the biggest arguments against the GPL is that if you use it in your own code, you have to agree to its terms. In the case of the GPL, those terms mean that your code must be GPLed.

This is an extremely misleading statement, if not outright false. Your code must only be GPLed *if you redistribute it*. There are, unfortunately, plenty of cases where PHB's decide not to use GPL software because they don't understand this. And apparently neither do many Slashdot readers.

The original article says ...

[gregor_b_dramkin]

violators of GPL are violators of Sarbanes-Oxley.

solution: don't violate the GPL.

Coming soon to slashdot:

[endrue]

Does the GPL Violate Sarbanes-Oxley?
[E]ssentially counsels users of the free software license that they have no need to worry.

Coming soon:

Does peanut butter taste like fish?
No

Is water wet?
Yes

Short and informative - this is great stuff!

Re:Coming soon to slashdot:

[General+Alcazar]

In English, water implies liquid state:

Solid H2O: Ice
Liquid H2O: Water
Gaseous H2O: Steam
Plasma H2O: Profit!

Thats no better than what you complain about

[Wizardry+Dragon]

Is this an 'innocent until proven guilty' world or a 'guilty until proven innocent' world?

I tend to take a decidedly buddhist view when it comes to that, nothing to do with the religion (before I get a religious flamewar going here), but I believe in moderation. Completely distrusting everyone is no worse than complete trusting everyone. You have to strike a balance - the way our world works depends upon it. Buisness depend upon trusting that the average consumer is not a theif (someone should tell the RIAA that, before they strangle the music industry), relationships depend upon trusting that the person you are with will be true to you, in whatever way that means to you.

~ Wizardry Dragon

Re:Worded poorly.

[ShieldW0lf]

Situation One: Your company owns the copyright to the software outright, released it under the GPL, and doesn't accept contributions. No problems. Situation Two: Your company distributes GPL software that it didn't write, with or without modifications. Your company recogizes that this is not its intellectual property, and never should have been, being that it wasn't written by them, and doesn't claim it as an asset. No problems. Situation Three: Your company distributes GPL software that it didn't write, with modifications. Your company fails to recognize that part of this software was never theirs in the first place and that the rest of it is not an economic asset because they do not have the ability to control access to it in exchange for money, but you try to pull some bullshit with the numbers to make it seem like an asset. By doing this, you're misleading your investors and committing fraud. You have a problem. But the problem isn't with the law. The law is working exactly as it should. If you're an OEM using open source software that you sourced externally for free and modified, it's not your property, and you shouldn't be listing it at all. If you've built your business around this lie, you're SUPPOSED to be fucked. That's what the law is for.