As director of intellectual property strategy for the Linux Foundation and an attorney at Choate Hall & Stewart, Karen Copenhaver knows a bit about open source software licensing. She recently spoke with Dr. Dobb's editor in chief Jonathan Erickson.
Dr. Dobb's: Are open source and public domain the same thing?
Copenhaver: Not at all. Open source licenses are granted by the copyright holder and the license is an exercise of the copyright. In order to enjoy the benefits of the license, you must comply with its terms. If you don't comply with the license, you're not licensed -- and another word for unlicensed use is "infringement."
Dr. Dobb's: There are usually no signed license agreements with open source software. How, then, can users be subject to licenses?
Copenhaver: Confusion is often caused by the fact that the software is made generally available for download. Users may assume that if something is made available for free, it's thus licensed for use without restriction. That's not the case. A license may be implied where one isn't stated, but an implied license can't contradict an actual stated limited license. The fact that there is no charge for the software is irrelevant.
Dr. Dobb's: What are the main legal issues regarding open source?
Copenhaver: The main issue for businesses is internal control. Businesses have procurement organizations that are responsible for procuring everything the business uses in its operations. Those organizations review agreements and establish terms before they write the check. The internal control is based on the assumption that the business will pay for everything it uses. In order to arrange for payment, you have to go through procurement.
Because open source is made available without charge, this basic internal control fails. The software often comes into the organization without review of the associated obligations or any process to ensure compliance. Companies are in the process of implementing policies and processes that impose basic internal controls over acquisition, use, and compliance of open source software.
Dr. Dobb's: Can you give us a (legal) definition of open source? What exactly is it?
Copenhaver: There is an official definition of open source which can be found at the web site of the Open Source Initiative. This definition was developed from the work of Bruce Perens and is used by OSI to determine whether or not a software license can be considered an "open source" license.
But when many people say open source, they are actually thinking about "Free Software" as defined by the Free Software Foundation based on the work of Richard Stallman. For a software program to be Free Software, it must be licensed under terms which assure that all users will have the freedom to run, copy, distribute, study, change and improve the software. Free Software is defined by preservation of these liberties, not by price. As the Free Software Foundation likes to say: "To understand the concept, you should think of free as in free speech, not as in free beer."
The term "Free and Open Source Software" or FOSS is used to cover both kinds of software licenses. Free Software requires a "reciprocal" or "enforced sharing" license, such as the GPL, which requires programs which are derived from Free Software to be distributed under the terms of the Free Software license. Open source licenses do not all have these obligations. Open source licenses such as the BSD license permit the incorporation of the software into other programs that may be distributed under non-open source terms.
Dr. Dobb's: Is there a danger, legally speaking, in mixing closed and open source in the same project?
Copenhaver: As I mentioned above, Free Software licenses, such as the GPL, require programs which are derived from Free Software to be distributed under the terms of the Free Software license. In order to assure that all users have the freedom to change and improve the software, Free Software licenses require the source code for the software to be made available to anyone who receives the object code. If you combine closed and open source software in the same project, you may create a derivative work of the Free Software. If you distribute that derivative work, you will have to do so under the terms of the Free Software license and make the source code available to the recipients. It is important to remember, though, that not all open source licenses are Free Software licenses, and not all combinations are derivative works, and not all software is developed for distribution. The GPL is, however, by far the most popular of the open source licenses.
Dr. Dobb's: What's the main thing CTOs and CIOs ought to be concerned about when bringing open source into the organization?
Copenhaver: Education. Developers learn how to program using open source tools and components. Ignoring the availability and usefulness of these tools and components is either disingenuous or denial. If companies don't educate and have honest conversations that support deployment of open source software, they are just driving usage underground. But customers, strategic partners, investors, acquirors all want to know. But the real reason to educate is survival. The best and the brightest development talent does not want to work at a company that does not take full advantage of open source tools and components. The most cost effective companies do not re-write basic functionality. Companies cannot survive when their competitors have learned how to leverage open source while they continue to "Just Say No."