Little doubt exists; a legal cloud hangs over Linux from infringement claims of the SCO Group, Inc. In spite of that cloud, Linux server sales grew 56.9 percent in the first quarter of the year. Linux sales in 2004 follows six consecutive quarters of double-digit growth for the free operating system during unprecedented legal attacks from SCO over the same period.
Linux success helped push all server growth to 7.3 percent according to IDC's Worldwide Quarterly Server Tracker. The contradictions of sales increases and legal uncertainties bring into question the degree of concern people actually feel about SCO's legal claims. One might say, if the defendants of the SCO suits don't see concern, why should I?
This article examines issues related to Linux use in the enterprise while copyright infringement claims exist. CIO's and others who need pragmatic information when deciding whether or not to deploy Linux will find this useful. Rather than examine the legal case, we will examine market perception and risk related to using Linux.
SCO believes that Linux infringes on its Intellectual Property. SCO has sued IBM, Novell, AutoZone, and DaimlerChrysler on the basis of that belief. IBM and Novell market Linux while AutoZone and DaimlerChrysler use Linux in their businesses.
Realists consider Linux adoption remarkable. The word on the street and in the foxholes of the IT community has created a swell of adoption from small businesses to the entire Fortune 500. The marketing of Linux by HP, IBM, Sun, Dell, Oracle, and Novell demonstrates the commitment of industry to Linux. With all the agreement in the market, most observers do not give SCO much of a chance of winning its cases.
The recent announcement that the U.S. Federal Court system has deployed Linux adds further to the speculation that Linux deployment may be safe. People will reason that Linux use in the courts bodes poorly for SCO.
Procurement policies within large organizations discuss infringement. For example, the basic policy for software purchases at the University of Texas states:
"We should expect that Vendors will develop their products without infringing the intellectual property rights of others, that is, without appropriating others' protected ideas or expression."
Large purchasers want warranties from vendors guaranteeing their software does not infringe. Such purchasers do not necessarily expect vendors to provide warranties. They do expect that if the software infringes someone else's rights, the vendor will take care of any expenses incurred if the purchaser is sued or asked to stop using the software because of alleged infringement. Large organizations expect protection from infringement. They want to know that a software vendor will pay for expenses related to infringement and they want that stated in the software license agreement. They also realize that exceptions exist if the software is:
In enterprise terms, if a vendor agrees to indemnify, it means the vendor accepts the risk of financial loss.
The first three situations above illustrate circumstances where a vendor may not make enough money on the product to justify assuming risk for indemnification. In effect the vendor says, "If you want this software, you'll have to accept the risk that it might infringe. If you want us to accept that risk, it will cost you a lot of money."
Past infringement cases have focused on software makers rather than end users. For example, Microsoft has encountered many infringement cases from companies like Eolas, Stac, Burst, Netscape, Sun, and InterTrust. None of the Microsoft cases have fallen over to consumers.
SCO finds itself in different circumstances. SCO used to sell Linux and contributed to its development. Linux is free, steeply discounted, and/or very low-cost software. Indemnification hasn't normally applied to Linux. SCO has no one to go after except end users for infringement.
One can argue that SCO demonstrated to the world that it could not drive a successful business selling software using traditional channels. As it saw other Linux companies pulling away, SCO decided to attempt to capitalize on others' successes by exacting a bounty on all deployments of Linux. SCO asserted its belief that it owned the Intellectual Property that makes up Linux. In legal terms, lawyers will tell you that belief alone gives one grounds for filing a lawsuit.
Many argue that SCO has faired poorly in court against rivals Novell and IBM. After the most recent setback, SCO CEO Daryl McBride insisted his coffers contain enough to pursue litigation for several years. While SCO's legal battles against IBM and Novell follow a slow pace in court, SCO plans to further litigate against end users.
Linux companies won relief in two German cases to stop SCO from pursuing end users. When SCO didn't comply with a court order to stop harassing users, Linux companies asked the courts to fine SCO for breaching the order against using intimidating tactics. Courts in Bremen and Munich issued injunctions against SCO for using a strategy of intimidating Linux users. Until SCO can prove its case, the company can't litigate against Linux users in Germany.
"The Munich I District Court determined that SCO had not plausibly demonstrated that the Linux kernel violates SCO's rights," said attorney Dr. Till Jaeger of the firm of Jaschinski Biere Brexl. Because SCO continued to publish disputed claims, the managing director, Elmar Geese of one Linux company said, "We can't simply allow them [SCO] to confuse GNU/Linux users, causing damage to Linux businesses."
In the United States, courts have not granted injunctive relief even though many observers believe SCO faces ultimate embarrassment in court against IBM and Novell. Instead of confining its claims to the people SCO says harmed the company, SCO uses a form of legal shock against the business community. The aim? SCO outwardly says it wants to bring in licensing revenues. The company reports earnings and expenses from its legal activities as a separate line of business in its SEC filings.
SCO knows most businesses flinch at the thought of litigation, and preferring to avoid litigation, will settle of out court. SCO plans to continue to threaten people who know very little about the state of its information technology shops.
The pain and perils associated with lawsuits lies in the process of litigation rather than the outcome. The old adage that few cases see the inside of a courtroom is true. Settlement agreements nearly always start off with the phrase "In order to buy the peace, the parties agree to the following..." Many people weigh the costs of legal fees and lost business opportunities against eventual outcomes and decide to just settle.
Those who have gone through litigation one or more times realize litigation isn't always about winning or losing. Plaintiffs may deliberately aggravate defendants. The process starts when the first constable shows up at your place of business to serve you papers in a lawsuit.
If you enjoy the sinking feeling of a steep rollercoaster ride at a theme park, you might like litigation. Multiply that many times and allow it to linger over many years and you know what it's like to land in a lawsuit. Each motion and service by another constable adds more anxiety.
SCO wants to intimidate people into buying its licenses. If the company accomplishes that, then perhaps it can show the courts that people believe it owns the Unix intellectual property.
Linux meets the criteria of being free, steeply discounted, and very low-cost software. This accounts for the growth of Linux while under the cloud of potential infringement. Compared to the per seat license costs of various proprietary Unix distributions, Linux presents a strong case for self-insuring.
SCO lawyers target large companies for infringement suits. Larger companies have more seats, more machines, and are more likely to self insure. If SCO could prove willful infringement then the risks increase dramatically. Willful infringement provides for statutory damages of $150,000 (per act of infringement). That said, seek the advice of a lawyer, because given the facts of the case and the potential appeal process, I think willful infringement would be a stretch. But, I'm not a lawyer.
In the event of a copyright infringement lawsuit, Novell will take over the litigation. Novell follows that as a customary practice. To Novell, indemnification allows the transfer of litigation risk from its enterprise customers to Novell's legal department or its selected law firm. Such policies endear customers to Novell.
Novell aims its indemnification policy at enterprise customers. An enterprise with upgrade protection and a support contract can ask for and get indemnification. By imposing an annual spending requirement of $50,000, Novell does not indemnify individual users or small business customers. Novell places a cap on damages of $1.5 million or 125 percent of the value of the customer's total Linux purchases.
Some people might believe that Novell knows something no one else knows: secrets of the SCO case. Some may reason that if Novell offers indemnification, it must know that SCO hasn't got a chance. That's probably not the situation. Going into litigation, no one knows the outcome. Anyone who thinks a lawsuit is a slam dunk lacks knowledge of legal matters.
Litigation outcomes often carry a surprise. You may make a mistake believing that Novell's knowledge of the issues gives it some certainty and therefore it is offering indemnification. Don't be so sure. Novell does have the advantage of experience in software litigation and a long history of customer satisfaction.
If you acquire Linux from HP, run it on HP hardware and have an HP software support agreement, then you can obtain indemnification and legal defense for claims by SCO. HP says it does not have a cap on fees or judgment payouts. You will have to discuss this with an HP sales representative.
The HP plan appears to require that customers use unmodified versions of Linux that it sells to qualify. HP may not cover modifications, but may cover the balance of the unmodified code. Again, you will have to discuss this with your sales representative.
Red Hat provides what it calls Open Source Assurance (OSA) to its Enterprise subscribers. Red Hat does not offer indemnification but rather a warranty. If code infringes on the valid intellectual property rights of another, Red Hat will replace that code. Red Hat's OSA is a promise to replace software so customers may continue the use of a solution without interruption.
Red Hat also says it offers customers access to the Open Source Now Fund. Red Hat created the fund to assist companies with legal expenses. Red Hat covers customers with valid, registered Red Hat Enterprise Linux subscriptions under its Intellectual Property Warranty during the term of the subscription.
A new organization called Open Source Risk Management promises indemnification to clients for an average annual cost of 3 percent of the maximum desired coverage. If you want $1,000,000 million in coverage then you would pay $30,000. The company states on its web site that OSRM's indemnification offering and services do not constitute an insurance product and should not be considered insurance.
You may find this offering confusing. The founder Daniel Egger explains in fairly unclear terms that he offers you consulting services. For the fees paid you will get a risk assessment and something the organization calls best practices protocols.
OSRM claims to offer extensive legal and financial backing for the use of open source software based on the Linux Kernel (versions 2.4 and 2.6). You would have to do your own due diligence to find out exactly what that means.
Depending on your status, Linux adoption may provide you significant savings and improved IT performance. If you require risk reduction because of the claims of infringement by the SCO Group you have some choices. Novell provides the best overall choice for a couple of reasons. First, Novell has a history of taking care of its clients by accepting the burden of litigation. Ultimately, that's more important than the financial scenarios in this case. Secondly, no one knows what the other vendors will provide because they have never had to test their offerings. That breeds uncertainty and creates another kind of risk we all can live without: The risk of not knowing what will happen.
Tom Adelstein became an author in 1985 and has published and written non-fiction books, journalistic investigative reports, novels and screen plays prolifically ever since.
Return to the Linux DevCenter
Copyright © 2009 O'Reilly Media, Inc.