Open Source Risk Management (OSRM), a provider of open-source consulting and risk mitigation insurance, announced last week that it has found that there are 283 issued, but not yet court-validated, software patents that could conceivably be used in patent claims against Linux. In that same week, the German city of Munich temporarily put its planned Linux desktop migration on hold due to Linux patent concerns.
Open Source Risk Management (OSRM), which will be offering a patent litigation insurance policy for Linux users and developers starting in 2005, has a clear business interest in the results of its study, but that doesnt mean that its research isnt right.
How serious are Linux patent concerns? We asked several intellectual property lawyers for their thoughts on Linux and the risk associated with it from patent lawsuits.
“Like patents in any other rapidly evolving area of technology, software patents can be a threat,” said Thomas K. Stine, an experienced patent prosecutor and litigator with Chicago-based Marshall, Gerstein & Borun LLP.
But potential patent problems are far from limited to Linux.
“With the explosion in the number of patents issued over the past decade, it is not surprising that potential patent infringement claims exist against the Linux Kernel,” said Allonn Levy, an attorney with Hopkins & Carley in San Jose, Calif.
“Indeed, most software available today comes with any number of such potential patent claims. Unfortunately, the degree of risk—and the question of whether actual infringement exists—can really only be answered through litigation,” Levy said.
Kelly Talcott, an intellectual property partner in the New York office of the national law firm of Kirkpatrick & Lockhart LLP, agreed. “OSRMs announcement simply puts a number to a fact that the software industry has been living with for years. With the increasing number of issued software patents comes the increasing possibility of being sued for infringement. This affects all flavors of software, not just Linux.”
“In straight numerical terms, the threat is probably no greater for Linux vendors and users than it is for other operating systems. That is because many software patents are not language-specific, but read on general processes that can be implemented in more than one way,” Talcott said.
Bradley M. Kuhn, executive director of the Free Software Foundation (FSF) added that the news “isnt a surprise.”
“The U.S. Patent Office has been granting patents at an alarming rate. In fact, its likely difficult today to write any software program—be it free software or proprietary—from scratch that does not exercise the teachings of some existing software patent in the U.S.A.”
Moreover, the “FSF has long warned that software patents were very dangerous not only to free software, but to the software industry as a whole. We firmly believe that the world would be a much better place without software patents,” Kuhn said.
What Should Developers, Users
Do?”> For businesses that use Linux, Kuhn advised that they dont overreact to the news.
“We dont think an alarmist response to the [OSRM] report is warranted,” he said, because “the worlds largest software patent holders are heavily invested in service and support of GNU/Linux systems.”
“Indeed, many of the patents in question may be held the very organizations that now have a vested interest in continuing patent-unencumbered GPL distribution of GNU/Linux systems.”
Kuhn cited IBM as an example. “From time to time, we have discovered that various IBM patents read on the GCC [GNU Compiler Collection], an important component of the GNU/Linux operating system.
“In those cases, we have worked with IBM, who may be the largest software patent holder in the world, to place a letter on file at FSF stipulating that they will not bring patent infringement claims against anyone exercising the teachings of those patents under the terms of GPL.
“We believe that anyone who has a vested interest in the success of GNU/Linux systems—which is most of the worlds major software-patent-holding corporations—will do the same as IBM when the situation arises,” Kuhn said.
But what Kuhn doesnt say is that, according to the OSRM report, at least some of the Linux kernel patents belong to Microsoft, which has no cause to love Linux.
Levy said he doesnt think there is much of a threat, but for a different reason. “None of the 400 litigation-tested patents that he [Dan Ravicher, leader of the OSRM study] investigated could form the basis of an infringement claim against the Linux kernel,” he said. “Only untested patents form the basis of these potential infringement suits.”
“Until the 283 unidentified patents are tested in court,” Levy said, “one cannot even confirm that they are protectable patents, since it is common for companies to try to claim a patent over work that is not protectable.
“These 283 potential infringement claims may be less of a warning to users and distributors of Linux systems and more of a commentary on problems within the existing patent system,” he said.
But Thomas Carey, chairman of the business practice group at Boston-based Bromberg & Sunstein LLP, a firm specializing in intellectual property litigation and business law, said he doesnt think that the potential threat from Linux patents should be treated seriously.
“Software patents are very, very serious, especially because the software industry is so used to assuming that they dont apply to software, and developers plow ahead without giving it a moments thought.
Then, Carey said, “you get the blockbuster infringement case, like the one Google settled with Yahoo, resulting in a payment, in the form of stock, exceeding a quarter-billion dollars.
“There are going to be many more scores like this that are settled for big dollars, and then the software industry will get more disciplined about patent-infringement issues, smoking them out before they develop their products, not afterward,” Carey said.
So, how should developers handle these issues? Daniel Egger, chairman and founder of OSRM, suggested that Linux programmers not look at patents. “Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other peoples software patents, because doing so creates the risk of triple damages for willful infringement.”
Stine said ignoring others patents would not be wise. “While there are ways to minimize the threat, ignoring the patents as Mr. Egger suggests is not one of them. Vendors should continuously monitor patents and published patent applications to make sure any infringement problems are dealt with early.”
As for corporate Linux customers, Stine said end-users are not likely to know how the software operates. “Therefore, they should make sure they are adequately indemnified by their vendor”
Carey added, “As to Linux in particular, I cant possibly review 283 patents to answer the question.” He added that OSRM “seems to be offering an insurance product without being licensed to do so.”
“They are calling it an indemnity agreement, but whats in a name? A serious Linux user will go to a real insurance company and get real insurance, if thats the path they choose. But when they see what the premiums will cost, they may find that Microsoft is the low-cost answer.”
Talcott didnt go that far, but he did say lack of indemnification is a concern for vendors and users. “The problem faced by Linux vendors and customers is that Linux suppliers tend not to indemnify their resellers and users for the defense of patent or copyright infringement claims.”
“A user who gets sued for patent infringement for using a Linux application for its intended purpose is likely to have no recourse to the supplier for defense costs,” Talcott said. “This is in contrast to traditional software suppliers, which often include some level of indemnification in their licenses.”
Still, Talcott said, “Some companies, such as HP, have been moving in the direction of providing some level of indemnification to customers who use their open-source products. They may decide that further indemnification for patent infringement claims is a marketing feature that is worth the accompanying risk.”