Does the GPL Violate Sarbanes-Oxley?

The Software Freedom Law Center refutes claims by embedded systems seller Wasabi Systems that companies using the GPL could be in violation of the Sarbanes-Oxley Act.

The Software Freedom Law Center on March 8 will publish a white paper that dismisses recent publications that have alleged GNU General Public License violations in relation to the Sarbanes-Oxley Act of 2002.

The three-page white paper, titled "Sarbanes-Oxley and the GPL: No Special Risk," essentially counsels users of the free software license that they have no need to worry. The white paper can be found here.

That white paper follows those from the legal department at embedded systems seller Wasabi Systems, of Norfolk, Va., which is headed by Jay Michaelson, one of the companys founders and its general counsel.

Wasabi Systems has created a Web site that contains a licensing guide that includes a section on how the Sarbanes-Oxley Act "has changed the open source landscape by making GPL violations a federal crime."

Wasabi Systems has also posted a white paper to its Web site titled "When GPL Violations Are Sarbanes-Oxley Violations," which says that the SOX (Sarbanes-Oxley) Act requires public companies to provide truthful disclosures of information, including ownership of intellectual property.

/zimages/2/28571.gifThe full Wasabi Systems white paper can be downloaded in PDF form here.

However, the latest Software Freedom Law Center white paper maintains that while some have argued that corporate executives face increased risk of criminal liability under SOX if their companies develop and distribute code licensed under the GPL, these issues were reviewed and it was found that there is in fact no special risk for developing GPLd code under SOX.

"Under most circumstances, the risk posed to a company by SOX is not affected by whether they use GPLd or any other type of software. Arguments to the contrary are pure anti-GPL FUD [fear, uncertainty and doubt]," the paper says.

Eben Moglen, the centers chair, admits that the recent discussions regarding the GPL and SOX prompted the Software Freedom Law Center to issue its position on the topic, especially as they "have been wrought with false information."

He also stressed that the white paper will help all users of the GPL, from free and open-source software developers to CIOs working at Fortune 500 companies, "to clearly understand there is no new need for concern. The fact remains that no criminal charges on the basis of violating SOX have ever been brought against a GPL user," he said.

/zimages/2/28571.gifClick here to read eWEEKs Q&A with Richard Stallman, founder of the Free Software Foundation, about his goals for the GPL and the hopes and fears of free software advocates.

The centers white paper also, essentially, defines the realistic impact of a GPL violation as it could be applied under SOX, pointing out that SOX generally applies only to public companies and disclosure in a companys Securities and Exchange Commission reports is not necessary if a companys use of the license is immaterial to its business.

It also notes that companies that must comply with SOX bear the full cost of SOX compliance, regardless of the software licenses they choose. Lastly, the paper explains that if SOX applies to a GPL violation, it is not likely that a company or developer would be criminally liable, since the act could not be criminally violated without intentional misconduct.

/zimages/2/28571.gifClick here to read more about the Software Freedom Law Centers mission.

"The idea that a GPL violation could result in jail time is unreasonable. You take away this unlikely threat, and the argument is reduced only to compliance, and GPL compliance is remarkably simpler than that of alternative licenses," Karen Sandler, an attorney at the Software Freedom Law Center, said in a prepared statement.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest open-source news, reviews and analysis.