short lines

IPR Indemnities in the Open Source and Proprietary Software Worlds

July 2005

Intellectual property right ( IPR ) indemnities in software licences - the commitment of the licensor to step up to the plate and bear the risk if the customer is challenged in its use of the software by a third party for infringing its IPR [i] - are assuming increasing importance in the competing marketing strategies of the open source software (OSS) and proprietary software vendors' camps as they engage for the hearts and minds of the IT departments of the world's largest customers.

Commercialisation of OSS.

Very briefly, OSS has increasingly in recent years moved away from its radical, anti-business establishment origins and towards the middle ground [ii]. Customers constantly raise the bar on their requirements for cheaper, better and more reliable software that preserves sunk investment. The perceived lower cost of OSS coupled with the ability of users to modify the core OSS operating system have accelerated its take up around the world in the public and corporate sectors. This combination of increasing pressure on software developers and the opportunity for profit that growing acceptance affords is driving the commercialisation of OSS . Established vendors like Hewlett Packard and Novell now include in their catalogues their own house 'flavours' of OSS products like Linux. IBM manages, Janus-like, to point both ways - not only is it a self professed proponent of OSS but it is also one of the largest holders of software patents in the world[iii].

OSS Licences and specific licensor covenants. The heart of the OSS tradition - that software should be communitarian (i.e. outside traditional norms of property ownership) and freely open to adaptation and distribution - means that there is no single entity responsible for all of the code. Consequently there is no one with either the capability or inclination to speak to its origin. In essence, the whole concept of licensor is anathema. This is reflected in licences under which OSS is supplied. For instance both the GNU General Public Licence [iv] (GPL) and the Open Source Licence (OSL) of the Open Source Initiative ( OSI )[v]. focus on licensee activities only. These traditions have served the ideals of OSS , by maximising the evolution of the underlying code but it is little surprise that, historically, OSS came with indemnity, warranty or liability measures expressly excluded[vi]. This can lead to odd results: Clause 7 of version 2.1 of the OSI 's OSL gives with the one hand - the Licensor gives a warranty of title of sorts - whilst taking away with the other - the Licensor is defined (circularly) as the unnamed 'owner of the Original Work' [vii].

Recent litigation focuses attention. With a 'pure' OSS product, the customer gets no legal security to support his use, adaptation and distribution rights: the pressure, such as there is, is peer pressure through knowing who the OSS design/coding community is - but of course there is no diligence mechanism to check this out. To date, this inherent inability to stand behind supplier commitments - which in the real world go beyond the contractual word on the page and directly to reputation - has not been as significant an impediment to OSS take up as might have been expected. But this slightly rose-tinted view is changing.

Until relatively recently, IPR indemnities were one of those clauses that didn't get a lot of attention in software deals. For an IPR claim to arise that would trigger the indemnity was perceived to be a remote possibility. There were more important things to discuss. That perception is changing however with a spate of high profile IPR infringement actions against resellers and end users which bring the issue of supplier IPR indemnities directly into play. These cases include Luxembourg company Inpro's patent infringement claim in Germany against T-Mobile as a customer of Research in Motion for the Blackberry device [viii]; Lucent Technologies, Inc. v Dell [ix], concerning allegedly infringing Microsoft software pre-loaded on Dell computers; the Forgent Compression Labs JPEG infringement claims launched in April 2004[x]; and of course the SCO v IBM [xi] and related litigation in the OSS arena. With increasing numbers of software and related patent applications, the trend towards a more assertive approach to software IPR by right holders looks set to continue.

Risk allocation in large-scale procurement. These cases have really brought home to big IT buyers recognition of the indemnity/security issue. Over the last few years, big organisations in the public and private sectors alike have invested significantly in world class procurement processes to manage risk and get better value from suppliers. As IT systems constantly become more central to the organisation's activities, these processes focus on technology suppliers' contractual terms and conditions, particularly the risk allocation mechanisms of warranties, liability limitations and IPR indemnity clauses. Big IT buyers like financial institutions increasingly take management of contingent IPR liabilities and their potential for financial exposure and business disruption no less seriously than exposures from their trading books. As with most types of products, they will invariably want to see their software vendors step up to such third party IPR risks by providing IPR indemnities.

A square peg in a round hole: balancing corporate needs with community ideals. The OSS community finds it hard to respond effectively to this rigorous, contract based procurement process. Large software vendors are attempting to step into the breach. A feature of the monetisation of OSS has been the offering of OSS products with contractual cover by software vendors to improve acceptability in the corporate world. The best example of this is by corporate vendors selling their own version of Linux where the stimulus for providing cover has largely been the SCO litigation.

Overlaying IP indemnities on the OSS world . HP (from September 2003) and Novell (from January 2004) now offer indemnity cover of sorts for their versions of Linux [xii]. It is to be noted that in these cases we're not really talking about pure OSS at all - these vendors offer their own specific flavours of Linux. Further, the indemnity cover provided is limited: HP requires users to run the HP version on HP hardware and to subscribe to an HP software support agreement; Novell requires users to have a minimum spend with them of $50,000, be subscribers to its support and upgrade services, and its indemnity is capped at the lower of $1.5m or 125% of the value of the customer's purchases with Novell; and Red Hat (since January 2004) offers a warranty to replace infringing code but no indemnity as such.

Approach of proprietary developers. Outside the OSS world, proprietary software vendors who give meaningful IPR indemnity protection perceive a relative advantage in the face of increasing legal risk and procurement rigour. This is because they write their software in-house, know who wrote what and are well placed to gauge and hedge the risk of third party infringement claims.

For example Microsoft's indemnity [xiii], although expressed as an obligation to defend against claims and to pay the amount of any 'final' judgement, is broad in its coverage (including copyright, trademark, misappropriated trade secrets and - more boldly and unusually - patents). Being uncapped, it is also deep in financial terms. This is the language and these are steps in the negotiation dance that the procurement groups at large organisations understand. And in late 2004, in recognition in part of the SCO litigation issue, it extended IP protection for covered claims from volume licensees to all end users of Microsoft's software.

Weighing the balance. The issue of indemnification will only be one factor when businesses calculate the total cost of ownership of a particular piece of software. Indemnities, a minor contractual art form in their own right, invariably come replete with restrictions: however dull, they must be read carefully and all the way through. But purchasing a third party software product (on which your business may rely completely for core processes) which comes with an uncovered contingent risk that could, at worst, take away your right to use it is something of an aberration in the world of the large organisation procurement machine. The buyer who does so in this case is gambling, calculatingly or otherwise, that the risk of a successful IPR claim against it is minuscule. Calculating this gamble is not simply a prediction of whether, for example, SCO will win. Simply being involved in litigation incurs cost, which may be significant when the subject matter is highly technical and the market so competitive. Researching and responding to a claim whether frivolous or not will tie up internal resources, almost certainly require specialist external advice and (for defendants with an exchange listing and concomitant disclosure obligations) potentially impact upon brand image and shareholder value. These points should not be underestimated in the context of IP claims [xiv].

Going forward. In these times of greater calibration of - if not aversion to - risk, proprietary software vendors think they're on to something. What was once regarded as a boring, narrow, technical legal issue may well become a tipping point. Whatever industry sector one looks in, it is hard to find an example of another product, whether for the mass- or professional- market, which comes without any sort of good title commitment. In the end it will be the market that decides just how big a brake on OSS uptake the lack of effective legal security will be. Tellingly, the new version of the GPL anticipated for release in 2005 is anticipated to be likely address patent and other IPR issues [xv].

Richard Kemp/Caspar Gibbons

[1] For a good primer, see http://tinyurl.com/br4vb

[2]See 'Open Source Software Monetised: Out of the Bazaar and into Big Business', The Computer & Internet Lawyer, Vol 21, No. 10 (Oct 2004) at page 1.

[3]"There are some high ironies that IBM , one of the largest obtainers of patents in the world, ends up being the defender of the GPL" (S Shankland, CNET News.com, 28 Oct 2003, quoted in 'Open Source Software Monetised'), see footnote 2 above.

[4] http://tinyurl.com/agckq

[5]http://tinyurl.com/ey34u

[6]see e.g. v.2 GPL clauses 11 & 12

[7]see clause 7 in the document at the link at footnote 5.

[8]See also InPro II Licensing v T-Mobile USA, Inc for similar litigation in the USA : http://tinyurl.com/cbmsb

[9] see press comment, e.g. http://tinyurl.com/dqzfc

[10]http://www.forgent.com/ip/672patent.shtml

[11]In essence, SCO alleges that IBM 's version of Linux infringes its IP rights in Unix; see press comment e.g. http://tinyurl.com/ajvxo and the useful http://www.groklaw.net .

[12]Overview of HP: http://tinyurl.com/dhmhf ; and Novell: http://tinyurl.com/7d8z6

[13]http://tinyurl.com/axk6g

[14]The SCO claim is in the region of $3 billion; for a recent actual judgment, see Lowry's Reports, Inc. v Legg Mason, Inc. WDQ-01-3898 ( http://tinyurl.com/c323w ) , where misuse of an $800 licence resulted in a jury award of ~$20 million.

[15] See for example the Free Software Foundation (FSF) press release of 9 June 2005 about the article by Richard M. Stallman and Eben Moglen discussing the forthcoming GPL Version 3 - http://www.fsf.org/news/gpl3.html