An extra post on Technology Law Culture (Netherlands!) this Sunday, on the legal workshop IP, Software Patents and Copyright Law: Avoiding the Legal Pitfalls of Open Source, held in Amsterdam Thursday, 9 November 2006. The format was a free-form panel discussion, without prepared presentations or slides from the panelists. Instead, Larry Rosen, of the U.S. law firm Rosenlaw & Einschlag, of OSI fame, and the person who wrote the book on open source licensing, moderated all three panels, with the audience contributing questions and answers as well. I’ll try and catch some of the comments below. Errors are all mine -^_^-.

Copyright and Derivative Work Analysis

Larry Rosen, David Rickerby of the U.S. law firm Choate, Dr. Till Jaeger of JBB Law in Germany and one of the driving forces behind the Institut für Rechtsfragen der Freien und Open Source Software, Walter van Holst of Dutch IT consultancy firm Mitopics, and Eric Tjong Tjin Tai of the Dutch law firm of Pels Rijcken discussed what constitutes a derivative work, and why and whether we should care about this question.

On this, David Rickerby noted that the GPL is brilliantly ambiguous and allows different projects to flavor it differently. According to Dr. Till Jaeger, since software works together, it is important to look at this question whereas you have to deal with copyleft and incompatible licenses. Also, while you have to keep in mind that it is ultimately for the courts to decide what a derivative work is (see Dan Ravicher on how the U.S. courts do this here), you can look at the interpretation of the steward of the license (see Laura Majerus, in connection with the Progress v MySQL case, discuss on how the FSF does that for the GPL here) and, perhaps more importantly, at how the copyright holder looks at it. (See for example, Linus Torvalds in relation to Linux and linking here.) In the end, after all, it is the copyright holder who will or will not sue.

How do you deal with this in practice? David Rickerby gave the example of a PVR player, using the Linux kernel as the embedded OS, with a proprietary (differentiating and value-adding) interface on top, whereby access to the underlying UI of Linux is locked out. Does this create a derivative work, in the sense that the manufacturer would be required to release the source to its proprietary interface? According to Eric Tjong Tjin Tai, not releasing it should be o.k., since, although you might create a derivative work under the law since it’s a different embodiment, you could argue that you do not create a derivative work in the technical sense, whereas you use the kernel as it was intended. (See in that sense also Arnoud Engelfriet here on how to deal with this issue of mixed source development for embedded code.)

On how to move forward with this issue, Eric Tjong Tjin Tai noted that with ambiguous terms in a license, you might end up poisoning your own wells, as future contributors shy away from either using such a license, or contributing to a project that uses such a license. Dr. Till Jaeger added that you should not only look at the language of the license when interpreting it, but also at what might have been the intent of the persons applying it.

According to Eric Tjong Tjin Tai, it makes sense to use a definition, so that you know what you are up to. Dr. Till Jaeger pointed out that you are then likely to move the discussion to what the definition means, whereby the definition could also be used as instructions to circumvent the limitations in the license.

Patents and Open Source

In the second session, Carlo Piana of Italian law firm Studio Legale Tamos Piana & Partners and counsel to FSF Europe, Steve Davidson of U.S. law firm Leonard, Street and Deinard, Mark Lange, policy counsel with Microsoft, and Larry Rosen talked about Patents and Open Source. (I have to admit my notes are a little thin here.)

Today, in the EU, you cannot ignore software patents, as they exist to a point. (See on that for example a recent Bird & Bird bulletin on the U.K. Aerotel case here.) And although the validity of these patents have not been tested in court, you might at one point have to litigate in relation to it.
According to Carlo Piana, software patents (as they exist today) are not so much of a problem of OSS, as they are a reason for deep concern. In that sense, Steve Davidson mentioned that if the OSS community is going to push hard on copyright, then there might be some pushing back from patent holders. Right now, there is room for a spirit of detente. Carlo Piana used another cold war era term, M.A.D., noting that smaller companies are not likely to benefit from a patent war, as they may only be able to support claims with a limited number of patents, whereas a larger party can counterclaim with a much larger body of patents. Claims that the smaller party does not have to resources to refute. In that sense, the only winning move is not to play.

Such an understanding disregards trolls (at which point someone in the audience mentioned SCO) but is also disregards legitimate claims. For the latter, Steve Davidson gave the examples of Kodak v. Sun (ZDNet on the ruling and on the settlement that followed) and the current IBM v. Amazon (ZDNet on the filing of that case) cases.

At another point in the discussion, Mark Lange remarked that little guys can benefit from access to the patent system, and that little guys become big. The system should be more accessible than it currently is for some, not inaccessible for all.

Larry Rosen asked whether users, that incorporate patented software technology, and redistribute it [as part of their product] risk being sued, and perhaps being enjoined from distributing (selling) their products. According to Steve Davidson, this is not very likely in the U.S., as injunctive relief is not a readily available remedy if monetary compensation is possible, whereby the effect on the installed user base is also taken into account. (In this light, see also the NTP v. RIM case, and perhaps NTP v. Palm as well. Also, the same principle is true for the Netherlands.) An injunction should not be the cloud hanging over your head.

Best Practices for Open Source Development

Closing the day, Karen Copenhaver of U.S. law firm Choate, Cathrine Bore of Trolltech, Kat McCabe of Black Duck Software, yours truly, Mark Lange and Larry Rosen, looked at a number of best practices for open source development. (Notes are even more thin here, as I participated in the panel itself.)

All participants stressed that educating developers on basic copyright tenets is a valuable exercise. Kat McCabe mentioned in this respect that lawyers should also be educated, whereas “we don not use open source software” [in our product] is not a very well-informed answer, and very likely not true either.

In the context of controlling the pedigree of code from outside contributors (the source of the source so you will), Karen Copenhaver mentioned taking a look at IBM’s approach with their Certificates of Originality.

Cathrine Bore shared the great tip that you should not have non-competes in your external development work contracts, as it is next to impossible to ensure compliance if you allow or even encourage your developers to participate in open source programs.

Shownotes / Open Source Conversations

The live-blogging style of this post does not do full justice to the engaging discussion that took place on 9 November 2006 in Amsterdam. Hopefully, audio from the day will be submitted to Open Source Conversations on GigaVox. This post will be updated if audio of the workshop becomes available.

‡‡
[This is a post from Technology Law Culture: http://tlc.oosterbaan.net. Olivier Oosterbaan, ICT and media lawyer in Rotterdam, the Netherlands, maintains this blog. Some rights reserved.]

(Picture from: Yogi, under a by-sa Creative Commons license, found through Flickr Creative Commons search.)

If you’re really quick (and happen to be in Amsterdam) you can still join the 9 November 2006 workshop: IP, Software Patents and Copyright Law: Avoiding the Legal Pitfalls of Open Source in Amsterdam. It follows a two-day conference on The Business Models and Technology Choices for Monetising Open Source in Mobile.

Workshop leader is Larry Rosen of the U.S. law firm Rosenlaw & Einschlag (and of OSI fame). Participants include David Rickerby of the U.S. law firm Choate, Dr. Till Jaeger of JBB Law in Germany, Steve Mutkoski of Microsoft, Walter van Holst of Dutch IT consultancy firm Mitopics, and Eric Tjong Tjin Tai of the Dutch law firm of Pels Rijcken. They will talk about Copyright and derivative work analysis.

Following them, Carlo Piana of Studio Legale Tamos Piana & Partners, Steve Davidson of U.S. law firm Leonard, Street and Deinard, Ron Zink of Microsoft (or try Google for more results :P), and Larry Rosen will discuss Patents and Open Source.

Closing the day, Karen Copenhaver of U.S. law firm Choate, Cathrine Bore of Trolltech, Kat McCabe of Black Duck Software, yours truly, and Steve Mutkoski and Larry Rosen, will together look at Best practices for open source development.

Associated reading materials can be found under the del.icio.us tag OSiM2006LegalWorkshop. (I have to admit that as of today over half of these were added by me, so the usefulness is unconfirmed.)

I look forward to it greatly. TLC will of course report on it in due course.

‡‡
[This is a post from Technology Law Culture: http://tlc.oosterbaan.net. Olivier Oosterbaan, ICT and media lawyer in Rotterdam, the Netherlands, maintains this blog.]

(Picture from: Found through Yahoo Creative Commons Search. I have to admit I relied on that and did not further check the license on the site it pointed to.)

Trying to embed a linkroll for a particular del.icio.us tag on a separate page of Technology Law Culture, the statement from del.icio.us that you as the user own your bookmarks, caught my attention. This statement is perhaps not entirely true.

Do you really own – from a legal viewpoint that is – your bookmarks? And if you do own them, what can you tell others not to do with them?

Depending on whether you have many or just a few links, on what else you add (tags, notes), in what context you create them, and, oddly, where you live, you may or may not have rights on your social bookmarking collection.

Why? Because it is not a given that your (collection of) bookmarks is sufficiently original to qualify for copyright, although the collection may be protected under a database right.

The (EU) Database Right

To take del.icio.us as an example. They say:

del.icio.us does not own your bookmarks — you do! As the creator, you have the right to license this list any way you see fit.

Granted, this is a statement on the page where you set-up your feed, but is del.ico.us right? Under European law, that’s not entirely certain. Under U.S. law, I don’t know. (I really have no idea, Trackbacks, comments or e-mails on the U.S. situation are welcomed!) As del.icio.us says on their help page “it’s good to know the legal details” so let’s dive right in.

Under the Berne Convention, artistic and literary works receive copyright. But, your collection of links on say, copyright, may not be literary enough to be copyrighted.

Under the national implementing laws of the EU Database Directive, you receive a database right (which is different from, and might be received in addition to copyright in the structure of the database or the underlying constituent parts) when you make a “substantial investment” in the creation of a “collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic means” in “any form”. Sounds like a social bookmarking site to me.

But wait, in addition, I need to have made “qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents” of the collection. When is this the case? Well, although most database cases deal with telephone listings, sports fixtures and the like, in one German case, Kidnet v. Babynet, 251 links were considered a database worthy of protection. With 727 public links as of this day, I should be golden then. If I add plenty of tags, and notes describing what the content links to, the investment becomes more substantial.

And what do you get with this database right? 15 years of protection against substantial or repeated “extraction” and “re-utilization”. This might include using my feed for other purposes than I intended, as I may have expressed it with a Creative Commons license or otherwise. (By the way, the cases that I am familiar with, although playing out a time when RSS was already there, deal mostly with framing, or scraping. Push/pull adds another dimension. For one such case, read kranten.com, an early Google news if you will.)

So, when Denise Howell talks about Jason Calacanis rejecting any implied licenses in feeds, he may have a point as far as database rights are concerned as well. (That is, if he would be based in the EU; for sake of brevity and argument I am not discussing jurisdiction questions here.)

Conclusion (For Now)

So, you might have rights for your collection of bookmarks on your favorite social bookmarking site but it is not altogether sure that you can prevent the kinds of re-use that might typically be made of your collection. For example, one type of use discussed today is where a third party repurposes your collection (and that of other users) to make a “parasitical competing product” (to quote the Database Directive). Except, the product competes with whatever site or service you contributed your bookmarks to, and they are likely not the beneficiaries of a database right.

Now what? I don’t have the answer ready. (And this post is getting rather long, so the conclusion will be short.) The question about (reusing link collections from) social bookmarking collections illustrates a greater point. These days, the web has more, and more interconnected, pieces of content, moving in different directions. In addition there is meaning in the underlying syntax, whereby such meaning can be immediately apparent or needs to be extracted first (mash-ups! semantic web!). This means that we are less dealing with one-on-one (or even one-on-many) relationships, and more with small pieces loosely joined. This point is not new, but I think that the above example illustrates, if very rudimentary, how this plays out. With the live web, me might have to think a little about how to apply some of the existing rules.

(More on Database Law)

(Writing this post, I was reminded of a paper [pdf] I wrote on the topic of database law when at Duke Law in 2000. (In the paper, I manage to talk about “the right amount of incentive without too much of a stifling effect” and “the development of the computerized and networked global village” while taking myself completely seriously ^^.) In any event, since then, the ECJ (European Court of Justice) has interpreted the Database Directive in four decisions, handed down simultaneously. See for a good discussion of those cases Professors Mark J. Davison and P. Bernt Hugenholtz in EIPR 2005, Issue no. 3 [pdf].)

(By the way, I didn’t actually manage to get the linkroll I mentioned at the beginning of this post up and running quickly on WordPress, so that will have to be for another day.)

‡‡
[This is a post from Technology Law Culture: http://tlc.oosterbaan.net. Olivier Oosterbaan, ICT and media lawyer in Rotterdam, the Netherlands, maintains this blog.]