Many dev entrepreneurs use open source software (OSS) on a routine basis without considering the serious implications of OSS licensing. For example, if you use a piece of OSS code that’s governed by a strict type of license (commonly referred to as a viral license), you could be at risk of having to distribute your own source code when you distribute the OSS. That’s a lot of time and money invested code that you might have to give away for free. These kinds of serious risk require expert legal help to develop sound policies that match industry standards.
In general, copyright laws provide legal rights of ownership to the author of that work. However, and in general, copyleft licensing provides legal rights to everyone receiving the work. In practice, this means that if you write a book under copyright law, you own the ideas and order of the words written in a book. However, if it was an open source book governed by a copyleft license, the person receiving a copy of your book would be the one with the legal rights and might be entitled to all of your notes and edits regarding the book.
Some OSS code comes with its own copyleft licensing terms that require the distributor to disclose their name, source code, licensing terms, and other information when distributing the OSS to others. This could impair your ability to sell your code if you’ve failed to adhere to the OSS licensing terms. For example, if you write an API for an AR/VR program and integrate certain OSS code that’s governed by a standard Common Public License, you may have to distribute your source code with the OSS even if you thought it was proprietary. Now the code that you worked so hard must be distributed for free the OSS code. That’s terrifying!
There are certain exceptions and work arounds and many other OSS licensing terms, but the moral of the story is that your source code might be at risk if you fail to plan for the legal implications of using OSS.
Consequences of Breaching OSS License
It’s not the most common thing, but the Software Freedom Law Center sues about a dozen companies each year, including major consumer electronics companies, for copyright infringement of OSS offered under a general public license. Private creators of OSS also sue others to enforce the OSS licenses they create too.
Defendants are usually accused of selling products that included the executable forms of the software but failing to include the source code or a written offer to make the source code available. Most of the lawsuits do not involve any modifications made to the software by the defendants but rather the defendants’ failure to comply with the licensing terms. Many of cases settle out of court for undisclosed amounts, but when the suits do make it to trial, courts can be quick to enforce the terms of the OSS license.
In one lawsuit, California-based Artifex complained that Korean-based Hancom violated its GNU General Public License when Hancom used Artifex’s Ghostscript code in one of its products while refusing to make its source code available or pay for the commercial Ghostscripts license. The California federal court ruled (in declining to dismiss the case) that GPL isn’t just a copyright license, it’s also a legally binding contract. Hancom quickly settled the case, which might also be a symptom of companies safeguarding their reputation in the OSS and software dev industry. (Artifex v. Hancom, United States District Court for the Northern District of California, Case No. 3:16-cv-06982).
Another issue that often arises for software companies is when investors and buyers in mergers and acquisitions want to know the details of a target’s OSS usage. This includes what open source software is being used, how the software is being used, what licenses apply, proof of compliance with license terms, and whether the target has implemented an open source software policy.
Protecting Yourself and Your Code
Because OSS cannot be sold, developers using OSS often repackage it with their own code and sell the package as a service. This type of relationship is called software as a service (SaaS). Under SaaS agreements, devs should disclose, define, and structure the relationship with their customer in a number of ways too numerous to write about it here. Your lawyer will know what your SaaS agreement should say.
Another way that industry professionals protect themselves when using OSS is by containing OSS in an independent program. For example, devs will create a proprietary software program that links to or refers to an independent OSS program. By segregating the OSS code, it’s easier to see that the OSS code is not integrated into the source code and therefore, the source code should be protected and shouldn’t be disclosed with the OSS.
Obviously, it’s also a good idea to copyright your proprietary source code if you think you might be selling it as a service or otherwise licensing it.
Not all free code is OSS. Freeware is not OSS. Freeware is usually software that is free to use but is also owned by a person or company, while OSS is software that is owned by its users and is free to modify and redistribute subject to certain conditions. Public domain code is also not OSS. Public Domain means that the copyright is public and the code can be used in any way, but OSS code is subject to its licensing terms and may require users and distributors to copyleft.
We work with our clients to develop internal best practice manuals, sound SaaS agreements, proper OSS licensing packets and user terms and conditions. Because there are so many different types of OSS licenses and different versions of types of OSS licenses, it’s important to work with a legal team that understands OSS and the way you use it.
The terms of OSS licenses may seem strict and one-sided, but their entire purpose (in general) is to inspire collaboration while ensuring everyone is working in a uniform current version of the code in a way that’s easy to use, modify, and redistribute. To make sure OSS code accomplishes its mission, most OSS creators pick a licensing agreement that fits their vision for the code.
To open the source to business profits and software success, build your program in a way that complies with the OSS licensing agreement and protects you and your code legally.
Joshua Bam is a proud member of the Cloutier Ortega team. As a business and nonprofit attorney, Josh has helped clients with entity choice and formation, commercial transactions, product development, contract negotiations, tax strategies, and corporate compliance. Josh is dedicated to providing impactful legal services for small businesses and entrepreneurs.