A B C
1
2 3 3
IPR(s) licensed by
FOSS Licensor
FOSS Licensee IPRs
IPRs IPRs
PICTURE 3: STREAM OF LICENSE GRANTS AND UNLICENSED IPRS
Arrows 1-3 illustrate the stream of IPR licenses, whether under copyrights and/or patents (or trademarks) granted by FOSS Licensor(s) to FOSS Licensee(s). FOSS Licensor should be able to accurately identify under what IPRs (Arrows 1-3) it grants a license to FOSS Licensee, and what is the specific scope of the license grants.
Accordingly, FOSS Licensee should be able to accurately identify under what IPRs (Arrows 1-3) it receives a license from FOSS Licensor, and what is the specific scope of the license grant.
Arrows A-C illustrate unlicensed IPRs such as copyrights, patents, trademarks and/or other IPRs owned either by FOSS Licensor and/or third parties relevant for the assets exploited by FOSS Licensee. Both FOSS Licensor and FOSS Licensee should be able to identify what IPRs are outside the scope of the granted licenses (Arrows A-B), and accordingly, which IPRs FOSS Licensor may assert against any parties (within or outside of the FOSS community), and accordingly, to which IPRs FOSS Licensee should secure additional, FOSS or proprietary licenses either from FOSS Licensor and/or third parties.
While it is a little bit old fashioned to talk about risks related to use of FOSS, since to great extent FOSS license compliance requires nothing but ordinary legal education, knowledge of IPR licensing and due diligence in sourcing decisions as well as research and development (R&D) activities28, the implications of FOSS licensing from patent perspective are harder to tackle: ambiguous license grants in the most common FOSS licenses result in uncertainty in both the FOSS licensors and the FOSS licensees regarding what rights they actually grant and/or receive under the respective FOSS license. This unclarity regarding the scope and the extent of the license grants may bring about – perhaps unnecessary – fear, uncertainty and doubt within the FOSS community:
corporate contributors may be unable to clearly identify what patent rights, if any, they (and/or their affiliated companies) are granting under the FOSS licenses, to whom in the down-stream chain of licensees as well as to what computer program: only the FOSS contributor version or, alternatively, the FOSS distributor version, or perhaps even the modified versions of downstream licensee(s)? Thus, the exposure to patent portfolios remains unclear: It is hard to determine whether patent claims infringed by the FOSS program are either exhausted and/or implicitly licensed under the respective FOSS license, thereby precluding the patent holder from collecting royalties or other compensation from exploitation of the relevant patent(s) reading the FOSS program and thus leading to dilution of the respective patent rights. Further, FOSS users may not be able to determine whether they are safe from patent assertions even within the FOSS community.29
One of the key steps in ensuring proper management of FOSS and addressing license compliance requirements is to design, draft and implement policies and procedures governing use of FOSS. The said policies and procedures should address in sufficient detail guidelines for use of FOSS in the organization in line with the organization's strategic goals. The purpose of the policies and processes is to ensure that FOSS is used within the organization in compliance with all applicable licenses and without (knowing) infringement of any third party IPRs or misappropriation of trade secrets. In
28 Williamson at 54.
29 Haapanen 2009 at 2-4. Stern & Lee at 7.
corporate context the guidelines would also address evaluation of the impact of using FOSS on the organization's patent portfolio and copyrights in proprietary software.
Guidelines for identification, categorization and approval processes of FOSS components and review of related licenses as well as architectural and license compatibility analyses are also commonly part of the said policies. Internal and/or external FOSS audit tools are often used to carry out the procedures, which are indeed helpful when the used FOSS components include software packages subject to multiple FOSS licenses. However, mere policies and processes, no matter how detailed, are never sufficient to address the risks until they are properly implemented, communicated and educated within the organization.30
In addition to internal R&D procedures, companies may also require that as part of their FOSS processes, suppliers must list any and all FOSS components embedded in deliverables together with applicable license terms, or alternatively, that suppliers give warranties that the deliverables do not include FOSS components (under any or identified licenses) and/or provide indemnification against third party claims based on alleged infringement of IPRs and/or breach of license terms. Further, FOSS due diligence (FOSS DD) is important also in connection with technology transactions to ensure that proprietary software products of the target company are actually owned by the target and have neither accidentally become subject to the source code distribution requirements of FOSS licenses or that the target company's patents are not diluted due to uninformed decisions regarding FOSS licensing.31
1.1.5 FOSS and Patents
The topic of FOSS and patents may be roughly divided into two aspects: (1) infringement of third party patents by development, exploitation, sale, licensing and/or distribution of FOSS; and (2) management of own patent portfolios through analyzing the impact of contributing and/or distributing FOSS on the FOSS licensor's own patent
30 Ilardi 2005 at 302 -305. Stern & Lee at 267-269 and 276-280. Meeker 2008 119-122.
31 Ilardi 2005 at 302. Stern & Lee at 267-269. Meeker 2008 at 122 and 237-244. Meeker 2008 II at 870-871 and 874-875.
portfolio.32 The focus of this study is primarily on the category (2) from the perspective of FOSS licensor (i.e. FOSS contributor and/or FOSS distributor), although also the topic of category (1) will be occasionally touched upon, when the discussion turns to FOSS users allegedly infringing software patents by exploiting FOSS. Further, the impact (read: "threat" from the perspective of many FOSS users) of third party patents on use of FOSS as well as the impact (read: "risk" from the perspective of many industry FOSS licensors) of contributing and/or distributing FOSS on enforcement of own patents will be summarized in Section 6 (Discussion of the Results).
The flow of patent infringement claims (Category 1) and FOSS patent licenses (Category 2) can be illustrated as below. The terms FOSS licensor, FOSS contributor, FOSS distributor and FOSS user have the meanings defined in Section 1.1.1 (Concepts).
32 Meeker 2015 at 151. Meeker 2008 at 89. Guibault & van Daalen at 142-148.
PICTURE 4: FLOW OF PATENT INFRINGEMENT CLAIMS AND PATENT