Seven Notable Legal Developments In Open Source In 2016

Richard Fontana,a

(a) Senior Commercial Counsel,  Red Hat.

DOI: 10.5033/ifosslr.v8i1.113

Abstract

Several noteworthy open source-related legal developments took place in 2016. These concerned the fair use trial in Oracle v. Google, the reaction to the GPL enforcement lawsuits of Patrick McHardy, the dismissal of the Hellwig case, the U.S. Federal Source Code Policy, the end of Eben Moglen's tenure as Free Software Foundation general counsel, the distribution of ZFS by Linux distributions, and the banning of the JSON license by the Apache Software Foundation.

Keywords

Law; information technology; Free and Open Source Software; Developments;

 

 

A number of interesting and notable legal developments in open source took place in 2016. The following seven stories stood out:

1. Victory for Google on fair use in Oracle v. Google

In 2012 the jury in the first Oracle v. Google trial found that Google’s inclusion of Java core library APIs in Android infringed Oracle’s copyright. The district court overturned1 the verdict, holding that the APIs as such were not copyrightable (either as individual method declarations or their “structure, sequence and organization” [SSO]). The Court of Appeals for the Federal Circuit, applying 9th Circuit law, reversed2, holding that the “declaring code and the [SSO] of the 37 Java API packages are entitled to copyright protection.” The U.S. Supreme Court declined to review the case, and in 2016 a closely watched second trial was held on Google’s defence of fair use. In May 2016 the jury returned a unanimous verdict in favour of Google.
As Jeffrey Kaufman explains3, the verdict does not change the appellate ruling concerning API copyrightability, which, however, has limited precedential significance. Fair use involves a highly fact-specific determination, and the verdict has no obvious broader legal significance. Nonetheless the result was a clear victory for Google. Oracle has filed an appeal.
Although Oracle v. Google is not a “case about open source” per se, it is notable that both sides are stewards of relevant open source platforms centred around Java development. Oracle leads the OpenJDK project, in which the APIs at issue in this case, if we regard them as copyrightable, are licensed under GPLv2 along with the Classpath Exception4. The Android platform, which does not implement all Java core library APIs, is licensed mostly under the Apache License 2.0. Its Java core library API implementations were generally taken from the Apache Harmony5 project, which began as a pre-OpenJDK effort to develop an open source Java runtime. Late last year Google confirmed6 that Android Nougat would use GPL-licensed7 class library code from OpenJDK in place of the Apache Harmony code.

2. Censure of Patrick McHardy

Since 2014 there have been rumours of GPL enforcement lawsuits being brought against many companies in Germany by Patrick McHardy, a Linux kernel developer who was formerly the chair of the Netfilter8 core team. There is some discussion of the McHardy litigation in a recent Black Duck/DLA Piper slide deck9.
Until 2016 there had been something of a taboo on open discussion of the McHardy lawsuits. This ended on July 18th, when the Netfilter project announced10 that it would “suspend” McHardy from the Netfilter core team, the first such action it had ever taken, because “severe allegations have been brought forward against the style of his license enforcement activities.” Although the core team had no first-hand evidence for the allegations, which were consistent and came from “trusted sources,” they noted that despite many attempts to reach McHardy he did not respond. The announcement was made in the name of the core team members, including emeritus member Harald Welte, who is well known for bringing a series of successful GPL enforcement lawsuits in Germany.
A few weeks earlier, the Netfilter core team published a statement11 officially endorsing the Principles of Community-Oriented GPL Enforcement12, which were released by the Software Freedom Conservancy and the Free Software Foundation in 2015. The core team stated that “license enforcement is a necessary tool to ensure all parties adhere to the same set of fair rules as set forth by the license,” but then, presumably alluding to McHardy, declared that “any enforcement action should always be focused on compliance, never prioritize financial gain, never settle for less than compliance and consider legal action in court only as a last resort.” In the July 18th announcement of McHardy’s suspension, the core team said that McHardy “continues to be welcome in the project as soon as he is able to address the allegations and/or co-sign the [Conservancy/FSF Principles] in terms of any future enforcement activities.”
The next day, Karen Sandler and Bradley Kuhn of the Software Freedom Conservancy published a blog post13 addressing the subject of McHardy. They revealed that Conservancy had engaged in largely unsuccessful attempted communications with McHardy for two years. Conservancy encouraged McHardy to co-draft the Principles with them and later invited him to endorse the Principles after they were published, but received no response from him. Sandler and Kuhn denounced McHardy for apparently refusing to endorse the Principles and failing to publicly justify his conduct of GPL enforcement.

3. Hellwig lawsuit dismissed

In 2015 Linux kernel developer Christoph Hellwig brought a copyright infringement suit against VMware in a German district court, alleging violation of the GPL in VMware’s ESXi product. Hellwig’s legal expenses were funded by the Software Freedom Conservancy. The Hellwig lawsuit attracted significant attention because it is apparently the first litigated GPL compliance case that centres on the scope of the GPL’s copyleft requirement, sometimes thought of as the “derivative work” issue.

In July 2016, as Scott Peterson has reported14, the court dismissed the case, concluding that Hellwig had failed to identify in the VMware product the specific lines of code in which he owned copyright. The court discussed the GPL issue, but it did not address the merits. The ruling has no precedential significance for other cases. In a brief statement, Hellwig announced that he would appeal the ruling.

4. U.S. government announces Federal Source Code Policy

In August the U.S. government’s Office of Management and Budget announced the Federal Source Code Policy15. The policy is aimed at reducing the problem of duplicative acquisition of substantially similar code by agencies and ensuring that new custom-developed federal source code be made broadly available for reuse across the federal government. Mark Bohannon has written an article16 on the policy.
The Federal Source Code Policy establishes a three-year pilot program that requires agencies (with some exclusions) to release at least 20% of new custom-developed software as open source each year. The policy recognizes open source as a means of enabling continual improvement resulting from improvements to the software by the broader community. The policy also announced the launch of code.gov17, a “discoverability portal” for custom-developed code, including code released as open source under the policy.

The Federal Source Code Policy is notable for placing emphasis on adhering to proper standards for open development as well as open source licensing. Agencies releasing open source code are directed to do so in a manner that encourages engagement with existing communities, fosters growth of new communities, and facilitates contribution both by the community to the federal code and by federal employees and contractors to upstream projects. Agencies must also ensure that their open source repositories include enough information to enable reuse and participation by third parties, including details on licensing.

5. Moglen steps down as FSF general counsel

The Free Software Foundation announced18 in October 2016 that Eben Moglen had “stepped down” as general counsel to the FSF. Moglen, who is president of the Software Freedom Law Center and a law professor at Columbia, has been one of the most influential lawyers in free software. His career in free software has been closely associated in the public mind with the FSF, for which he provided pro bono legal representation for 23 years. I expect both Moglen and the FSF to remain as engaged as ever in matters of free software legal policy, but likely with more instances of public disagreement or conflicting opinions.

6. Debian and Ubuntu ship ZFS

In the mid-2000s Sun Microsystems released its ZFS filesystem as part of OpenSolaris, licensed under the weak copyleft CDDL19. Efforts to port ZFS to Linux were inhibited for many years by legal concerns, including concerns about license conflicts between GPLv2 and CDDL. In recent years the “ZFS on Linux20” project has encouraged Linux distributions to package its ZFS kernel module.
Although packaging of ZFS in Debian was held up for some time by licensing concerns, in 2015 Debian Project Leader Lucas Nussbaum revealed21 that Debian had received legal advice from the Software Freedom Law Center concerning inclusion of ZFS in Debian, which he said “should unblock the situation … and enable us to ship [ZFS] in Debian soon.” In January 2016, Nussbaum’s successor, Neil McGovern, said22 that ZFS would be included in Debian as a DKMS package in source code form only, and would be segregated in the “contrib” archive, which contains packages that are not considered to be official Debian.
Ubuntu had included a source-only DKMS ZFS package for some time before Debian began doing so. In a blog post in February, Canonical’s Dustin Kirkland announced23 that Ubuntu would begin shipping a binary ZFS kernel module. Following a flurry of debate over the GPL/CDDL issue, Kirkland said24 in another blog post that Canonical had discussed the legal issues with Eben Moglen (president of SFLC) and had concluded that distribution of the binary kernel module would be compliant with both GPLv2 and CDDL. Kirkland stressed that the ZFS module was “self contained” and was not a derivative work of the kernel, and the kernel was not a derivative work of ZFS. Kirkland also argued that “[e]quivalent exceptions have existed for many years, for various other stand-alone, self-contained, non-GPL kernel modules.”
Shortly after Kirkland’s second blog post, the Software Freedom Conservancy and SFLC, which are independent of one another, published conflicting analyses25 26 of the legality of Canonical’s distribution.  They agreed, however, on two basic points: (1) Debian’s distribution of a source-only module in contrib was license compliant, and (2) loadable kernel modules generally fall within the scope of the GPL copyleft on the kernel.
Conservancy claimed to be speaking on its own behalf as a Linux kernel copyright assignee as well as on behalf of kernel copyright holders participating in its GPL Compliance Project for Linux Developers27. In Conservancy’s view, Canonical’s distribution of the binary kernel module violates GPLv2 and thus infringes copyright on the kernel. Conservancy believes that derivative works involving GPL license incompatibilities with other free software licenses should be subjected to the same legal analysis as GPL/proprietary combinations.

According to SFLC, Canonical’s binary ZFS module must be regarded as licensed under GPLv2, since CDDL allows binaries to be under any license and any other interpretation would assume that Canonical was noncompliant with the GPL. Therefore, distribution of the ZFS binary module itself would not violate GPLv2; however, Canonical’s otherwise compliant distribution of corresponding source code for the ZFS kernel module and the Ubuntu kernel would “literally” violate GPLv2, because Canonical would be providing the ZFS filesystem source code under CDDL. There are good reasons for a community of copyright holders of a GPL project not to object to this literal GPLv2 violation, because the conduct falls within the spirit or the “equity” of the license.

In SFLC’s view, given the tension between the literal and equitable interpretations of GPLv2, “the consensus of the kernel copyright holders’ intention … determines which mode of interpretation is to be employed.” Here, there was no conclusive or convincing evidence of what type of interpretation the kernel copyright holders intend. SFLC argued that for as long as the kernel copyright holders choose not to object to Canonical’s distribution, it should be assumed that the consensus of the kernel licensors is to support the equitable interpretation. SFLC also pointed out that Canonical’s potential liability exposure was negligible.

Neil McGovern discussed his experience of the ZFS topic as Debian Project Leader in a talk28 at DebConf. Other noteworthy statements on the ZFS issue were made by Richard Stallman29 and by Linux kernel developer James Bottomley30. Little has been said about the issue in recent months.

7. Apache Software Foundation bans JSON license

For some of us involved in open source legal matters, Douglas Crockford’s31 JSON license32 keeps turning up like a bad penny. The JSON license famously modifies the MIT license by adding a sentence before the warranty disclaimer: “The Software shall be used for Good, not Evil.” It is not clear whether Crockford intended the license purely as a joke, or as an oblique political statement, or both. Many who care about having a principled basis for classifying licenses as free, or open source, see the “Good, not Evil” clause as conflicting with basic definitional norms that disallow field of use restrictions and discrimination based on field of endeavour. Some have argued that the clause is not enforceable and thus should not be taken seriously; however, the FSF, which classifies the JSON license as non-free, argues33 that it cannot be presumed that the restriction is unenforceable. Another objection to the license is that “Good” and “Evil” are undefined and thus the scope of conduct that is allowed and prohibited is highly uncertain.
The reason the JSON license is not a matter of complete obscurity is that Crockford has applied it to software that happens to have been widely adopted, including the tools JSLint34 and JSMin35 and the JSON Java36 library (“JSON-java”). Over the years Crockford has refused many requests from developers to change the license, although he has boasted37 of having granted special permission to IBM and “its customers, partners, and minions, to use JSLint for evil.”
For many years the Apache Software Foundation, known for strict rules on licensing under which, for example, the GPL and LGPL are relegated to a forbidden “Category X38,” treated JSON-java as though it were in its most favoured “Category A39” (which contains noncopyleft licenses, such as the Apache License 2.0 itself). Today several ASF projects have dependencies under the JSON license. In October 2016, in a posting40 to the ASF’s legal-discuss mailing list, Ted Dunning called on the ASF to revisit its decision, noting that the JSON license was “substantially hindering downstream adoption.” After some discussion, Jim Jagielski, VP of Legal Affairs for the ASF, declared41 that “the license is NOT CatA and is NOT approved,” placing the JSON license in Category X. Jagielski later clarified42 that no new use of the JSON license by an ASF project would be allowed, but some projects already using code under the license would have a grace period of several months to transition to a replacement. The issue was covered in a November 2016 LWN.net article43.
Because so many ASF projects have been widely adopted, the JSON license prohibition seems likely to have a significant community impact in encouraging use of open source alternatives to JSON-licensed software.44

About the author

Richard Fontana is Senior Commercial Counsel, Products and Technologies  at Red Hat. Most of his work focuses on open source-related legal issues. Richard  is a past member of the Editorial Committee of the Review.

Licence and Attribution

This paper was published in the International Free and Open Source Software Law Review, Volume 8, Issue 1 (December 2016). It originally appeared online at http://www.ifosslr.org.

This article should be cited as follows:

Fontana, Richard (2016) '7 Notable Legal Developments In Open Source In 2016', International Free and Open Source Software Law Review, 8(1), pp 5965
DOI: 10.5033/ifosslr.v8i1.113

Copyright © 2016 Richard Fontana

This article is licensed under a Creative Commons Attribution 4.0 CC-BY-SA
available at

https://creativecommons.org/licenses/by-sa/4.0/

 
 

This article was first published as a blog post at https://opensource.com/article/17/1/yearbook-7-notable-legal-developments-2016. The version published in this review is modified to correct format and typographical issues.

1https://opensource.com/law/12/6/oracle-v-google-and-api-copyrightability

2http://www.cafc.uscourts.gov/content/oracle-america-inc-v-google-inc-opinion

3https://opensource.com/law/16/6/outcome-google-v-oracle-good-open-source

4http://openjdk.java.net/legal/gplv2+ce.html

5https://harmony.apache.org/

6http://venturebeat.com/2015/12/29/google-confirms-next-android-version-wont-use-oracles-proprietary-java-apis/

7https://android.googlesource.com/platform/libcore/+/29c2a3a52980b18ab26f860e9cc712487881b081%5E%21/#F0

8http://netfilter.org/

9http://www.slideshare.net/blackducksoftware/litigation-and-compliance-in-the-open-source-ecosystem

10https://marc.info/?l=netfilter-devel&m=146887464512702

11https://www.netfilter.org/files/statement.pdf

12https://sfconservancy.org/copyleft-compliance/principles.html

13https://sfconservancy.org/blog/2016/jul/19/patrick-mchardy-gpl-enforcement/

14https://opensource.com/law/16/8/gpl-enforcement-action-hellwig-v-vmware

15https://sourcecode.cio.gov/

16https://opensource.com/government/16/8/us-government-releases-new-policy-free-code

17https://www.code.gov/

18https://www.fsf.org/news/fsf-announces-change-in-general-counsel

19https://opensource.org/licenses/CDDL-1.0

20http://zfsonlinux.org/

21https://lists.debian.org/debian-devel-announce/2015/04/msg00006.html

22http://blog.halon.org.uk/2016/01/on-zfs-in-debian/

23http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-in-ubuntu-1604.html

24http://blog.dustinkirkland.com/2016/02/zfs-licensing-and-linux.html

25https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

26https://www.softwarefreedom.org/resources/2016/linux-kernel-cddl.html

27https://sfconservancy.org/linux-compliance/

28http://caesar.acc.umu.se/pub/debian-meetings/2016/debconf16/A_year_in_the_life_of_a_DPL.webm#t=495

29https://www.fsf.org/licensing/zfs-and-linux

30http://blog.hansenpartnership.com/are-gplv2-and-cddl-incompatible/

31https://en.wikipedia.org/wiki/Douglas_Crockford

32http://www.json.org/license.html

33https://www.gnu.org/licenses/license-list.en.html#JSON

34https://github.com/douglascrockford/JSLint/blob/master/jslint.js#L15

35https://github.com/douglascrockford/JSMin/blob/master/jsmin.c#L16

36https://github.com/stleary/JSON-java/blob/master/LICENSE#L13

37http://dev.hasenj.org/post/3272592502/ibm-and-its-minions

38https://www.apache.org/legal/resolved#category-x

39https://www.apache.org/legal/resolved#category-a

40https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201610.mbox/%3CCAJwFCa34RKbC35_GSg5NxZrQ1%3Db36-zw13f%3Dmc9ayXinibVBHQ%40mail.gmail.com%3

41https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3CA922A412-2E2E-4BD8-9782-AF0757A8439E%40apache.org%3E

42https://mail-archives.apache.org/mod_mbox/www-legal-discuss/201611.mbox/%3C0CE2E8C9-D9B7-404D-93EF-A1F8B07189BF@apache.org%3E

43https://lwn.net/Articles/707510/

44http://creativecommons.org/licenses/by-sa/4.0/