Open source license litigation

Open source license litigation involves lawsuits surrounding open-source licensed software. Many of the legal rights of open source software licensors enforceable against users violating licensing agreements are untested by the U.S. legal system. Free and open source software (FOSS) is distributed under a variety of free-software licenses, which are unique among other software licenses. Legal action against open source licenses involves questions about their validity and enforceability.

Jacobsen v. Katzer (2008)
Jacobsen v. Katzer ("Jacobsen") addressed the extent to which a copyright holder of free public-use software can control the modification and use of their work by another party.

Jacobsen made code available for public download under an open source public license, Artistic License 1.0, which Katzer copied into their own commercial software products without recognizing the code's source. Jacobsen argued that the terms of the license defined the scope of the code's potential uses and that use outside these restrictions infringed copyright. The license holder expressly stated the terms for modification and distribution of the material. Katzer argued that the license terms were, instead covenantal in nature and should be limited to enforcement under contract law.

The U.S. Federal Circuit Court of Appeals established that license terms are enforceable copyright conditions under federal copyright law, in addition to enforceability under state contract law. Since Katzer failed to comply with the terms of the license by affixing required copyright notices to the derivative software, their use of the code constituted copyright infringement. The case established that some violations of open source licenses can be claimed as infringements of copyright.

BusyBox litigation (2007-13)
During 2007 to 2009, Software Freedom Conservancy (SFC) filed a series of copyright infringement lawsuits on behalf the principal developers of BusyBox. These lawsuits claimed violations of the GNU General Public License Version 2.

In September 2007, SFC filed a lawsuit against Monsoon Multimedia, Inc. alleging that Monsoon had violated the GNU General Public License (GPL) by including BusyBox code in products without releasing the source code. In October 2007, an SFC press release announced the parties had reached a financial settlement, and Monsoon had agreed to comply with the GPL.

In November 2007 SFC filed a lawsuit against Xterasys Corporation and High-Gain Antennas, LLC. In December 2007, SFC announced a settlement. Xterasys agreed to stop shipment of infringing products until it published the complete source code licensed under GPL and to pay an undisclosed financial settlement.

In December 2007, SFC filed a lawsuit against Verizon Communications, Inc. alleging Verizon had violated the GPL by distributing BusyBox in wireless routers without providing corresponding source code. A settlement announced in March 2008 included an agreement to comply with the GPL and to pay an undisclosed financial settlement.

In December 2009, SFC filed a lawsuit against 14 companies, including Best Buy, Samsung, and Westinghouse alleging violation of the GPL. By September 2013, all of the defendants had agreed on settlement terms, except for Westinghouse, against whom default judgment was entered.

Free Software Foundation, Inc. v. Cisco Systems, Inc. (2009)
On December 11, 2008, the Free Software Foundation (FSF) initiated a lawsuit against Cisco Systems in the United States District Court for the Southern District of New York. The FSF claimed various products sold by Cisco under the Linksys brand violated the licensing terms of many programs for which FSF held copyright, including GCC, GNU Binutils, and the GNU C Library. Most of these programs were licensed under the GNU General Public License Version 2, and a few under the GNU Lesser General Public License.

The Software Freedom Law Center (SFLC) represented FSF in the suit. The FSF contended that its copyrighted code was found in multiple Linksys models, and in the program QuickVPN. The plaintiffs asked the court to enjoin Cisco from further distribution of Linksys firmware containing FSF copyrighted code and also asked for damages amounting to all profits Cisco earned from sales of those products.

On May 20, 2009, the parties announced a settlement agreement that included Cisco appointing a director who would ensure Linksys products comply with free-software licenses. Cisco also made an undisclosed financial contribution to the FSF.

Geniatech v. McHardy (2018)
The ''Geniatechv. McHardy'' case, heard by the Higher Regional Court of Cologne (OLG Köln), Germany in 2018, was the culmination of a string of abusive litigations by Linux kernel developer Patrick McHardy concerning the noncompliance of GPL licensing terms (version2) by a number of Linux distributors. After the bench outlined their understanding of the case, McHardy elected to withdraw all extant proceedings, and the bench ordered him to pay all costs in what is seen as a substantial victory against copyright trolling by many in the open source community.

For about a decade, McHardy had contributed to the development of the Netfilter subsystem that provides network‑related operations to the Linux kernel. Geniatech EuropeGmbH is the Germanybased representative of consumer products manufacturer Geniatech, headquartered in Shenzhen, China. The actual devices in question are a series of satellite TVreceivers manufactured by Geniatech that employ the Linux operating system.

Specifically, the Cologne court advanced the view that McHardy is not a coauthor of the Linux kernel nor of Netfilter and that although McHardy might have rights in derivative works, he did not provide sufficient evidence of the copyrightability of his contributions. To be protected, such contributions need to represent the intellectual creation of the developer, which necessarily excludes most if not all maintenance programing. The court also opined that McHardy may have misused any rights he may hold, but noted that this matter would require further analysis. In addition, Geniatech made substantiated claims in filings that McHardy primarily performed his enforcement activities to seek monetary gain and not license compliance.

McHardy's strategy was to approach a commercial entity with minor GPL violations such as attribution deficiencies, lack or inadequacy of a written offer for source code, or an EULA conflicting with the GPL license for the sole purpose of obtaining an undertaking to cease and desist from further infringing activity and including a clause imposing contractual payments on any future infringements. German law admits such penalties to $€250,000$ per violation, so the sums involved can be substantial. While the initial demands appeared modest, once McHardy has secured a contractual remedy he sought to uncover further violations and repeat the process while increasing the penalties. And because his cease and desist declarations may likely have required nondisclosure, it was difficult for defendants to band together and resist. This business model was both enabled by and tailored to the specifics of the German legal system. It is believed that McHardy approached around 80companies over license noncompliance and may have netted two million euro or more while active.

Markus vonWelser, who represented Geniatech at trial, argues that McHardy's litigation was an abuse of law and outlines defensive strategies for companies that find themselves subject to this kind of copyright profiteering.

In early2022, the Netfilter project announced that a legallybinding settlement between Patrick McHardy and three members of it coreteam had been reached. The settlement document from the District Court of Mannheim is public.

Artifex Software Inc. v. Hancom Inc. (2017)
Following Jacobsen v Katzer, Artifex Software Inc v Hancom Inc. in the United States District Court for the Northern District of California centered on breaches of open source software licenses, including breaches of contract as well as infringements of copyright. Artifex is the exclusive licensor of the software product, Ghostscript, under the GNU General Public License Version 3. Hancom is a South Korean software company that used Ghostscript in software they were selling.

This case concerned Hancom's failure to distribute or offer to provide the source code for their software. The GNU GPL provides that the Ghostscript user agrees to its terms, thus creating a contract, unless the user obtains a commercial license. Artifex alleged that Hancom did not obtain a commercial license to use Ghostscript, and claimed that its use of Ghostscript was licensed under the GNU GPL. These allegations sufficiently plead the existence of a contract.

This case establishes that the GNU GPL constitutes a contract between the owner of the source code and the person/company that uses that code through the license. This sets the precedent that allows licensors to bring claims of breach of contract where a party does not comply with the terms of a license.

SCO Group Inc. v. International Business Machines Corporation (2017)
SCO Group Inc. v. International Business Machines Corporation was litigated in the United States Court of Appeals for the Tenth Circuit. It covered a complex contract with claims made in tort concerning contractual duties. Claims of code ownership were disputed. Eben Moglen, the counsel for the Free Software Foundation (FSF), released a statement regarding the lawsuit: "As to its trade secret claims, which are the only claims actually made in the lawsuit against IBM, there remains the simple fact that SCO has for years distributed copies of the kernel, Linux, as part of GNU/Linux free software systems. [...] There is simply no legal basis on which SCO can claim trade secret liability in others for material it widely and commercially published itself under [the GNU GPL Version 2] that specifically permitted unrestricted copying and distribution." On May 14, 2003, SCO Group announced they would no longer distribute Linux. SCO said it would "continue to support existing SCO Linux and Caldera OpenLinux customers and hold them harmless from any SCO intellectual property issues regarding SCO Linux and Caldera OpenLinux products".

SCO claimed and maintains that their employees used code licensed under the GPL without proper authorization, and thus the license terms were not legally binding. For code to be licensed under the GPL, the copyright owner must place a GPL notice before the code, and SCO did not add the notices.

Software patenting litigation
Bain and Smith (2022) provide a review of patent litigations initiated against open source projects.

Diamond v. Diehr (1981), Bilski v. Kappos (2010), and Alice Corp. v. CLS Bank International (2014)
These U.S. Supreme Court cases defined law concerning computer program patent eligibility. The intellectual property implemented in computer programs does not inherently fall under patent law. Computer programs cannot be patented, but can be copyrighted.

In Alice Corporation v. CLS Bank, the Software Freedom Law Center (SFLC) submitted a brief to the U.S. Federal Circuit Court of Appeals to support the long-standing court precedents limiting patent rights for computer programs. The open source community has an interest in limiting the reach of patent law so that free software development is not impeded. The SFLC expressed support for the machine-or-transformation test which limits patenting of software processes to computers designated for specific purposes. The Court's ruling aligned with ideas set out in the SFLC submission.

Enfish LLC v. Microsoft Corp. (2016)
The ruling in Enfish LLC v Microsoft Corp. supported the patent-eligibility of software operating on a general-purpose computer.

Rothschild Patent Imaging v. GNOME Foundation (2019 – 2022)
In 2019, Floridabased Rothschild Patent Imaging (RPI) filed a patent infringement lawsuit against the GNOME Foundation in relation to user features provided by the Shotwell image organizer. More specifically, RPI claimed that Shotwell infringed United States patent said to be directed to the use of WiFi communications to selectively transfer photographic images between a camera and a computer and demanded $US$75,000$ in settlement. GNOME sought help and was represented by New York law firm Shearman & Sterling on a probono basis. The case was resolved by an agreement between the parties in 2020. That agreement provided that any software under an OSI approved license would receive a legal release and covenant to the aforementioned patent and also any other patents owned by Leigh Rothschild or an entity controlled by Rothchild. The agreement, however, included a clause that terminated the legal release to any entity that challenged the validity of Rothschild’s patents, and prevented GNOME from disparaging Rothschild. Nevertheless, the claims in patent 9936086 were later subject to a legal re-examination, filed by an entity named Defease Patents, with the final result that every claim of that patent was found to have been improperly granted. The USPatent Office (USPTO) duly issued a certificate canceling all claims in their entirety in2022.

The Rothschild modus operandi is to obtain patents, form a number of limited liability companies to hold just a family of patents directed to one area of technology— often based on agroup of patents emanating from the same initial patent filing— and then seek a large number of targets to sue. By way of example, RPI had asserted patent 9936086 at least 20times against other entities before that patent was finally canceled. And before and since, RPI has filed at least 50lawsuits using related and similar patents to patent 9936086— similar because they are based on the same original patent application filing as 9936086. Once issued by the USPTO, the merits of a patent can be quite expensive to challenge either through litigation or a procedure called Inter Partes Review— unless a challenger can use the reexamination process (as Defease Patents did)— so the relatively small sums required to settle usually remain individually attractive. The GNOME Foundation instead reacted by launching a counter claim and subsequently pushed Leigh Rothschild, the owner of RPI, to settle for nothing less than the elimination of the Rothschild patent threat from all open source projects.

Participants and commentators have drawn several lessons from these events. Neil McGovern, executive director of the GNOME Foundation was pleased with the signed agreement and remarked "Ifelt it was incredibly important to send a message to the entire patent assertion industry that basically you don't go after open source projects. It won't end well for you." Bain and Smith (2022) opine that it remains to be seen "whether the patent litigation against the GNOME Foundation represents an anomaly, or the start of a trend of NPEs (nonpracticing entities) asserting patents directly against [open source] projects themselves".

Wallace v. International Business Machines Corp. (2006)
In Wallace v. International Business Machines Corp., the U.S. Court of Appeals for the Seventh Circuit determined that under U.S. law the GPL Version 2 did not contravene federal antitrust laws. This suit followed a dismissed action, Wallace v. Free Software Foundation where the Free Software Foundation (FSF) and the GPL Version 2 were accused of price fixing. Wallace's argument was that a ‘copyleft’ system created by FSF was a project with IBM, Novell and Red Hat intended to undercut the prices of potential rivals. Wallace argued this could be governed under antitrust law which regulates predatory pricing.

The purpose of antitrust law is to protect consumers from predatory pricing, by promoting competition to keep prices low. However, Mr. Wallace was attempting to use anti-trust law to drive prices up, by suggesting it was impossible to compete with IBM's prices. Under antitrust law, Wallace had to prove not only an injury to himself but also to the market, which he failed to do. The claim was quickly dismissed because of the increasing number of proprietary operating systems and persisting competition in the market despite some software being free of charge. So it was confirmed that the GPL and open source software cannot be challenged by antitrust laws.

Google LLC v. Oracle America, Inc. (2018)
In 2018, Oracle America Inc v. Google LLC was adjudicated by the United States Federal Circuit Court of Appeals. The case concerned Google's fair use of source code licensed by Oracle under the GNU GPL Version 2. Google had copied 37 Application Programming Interface packages (APIs) to aid in building its free Android software for smartphones and launched a product which competed with Oracle's.

The code's license required improvements of the code, or derivative code, to be freely shared. A licensing fee would be required to avoid publishing the code or to compete with the code's owners. Google used the APIs in a competing product without paying a licensing fee, which Oracle contended was a breach of copyright.

The Court of Appeals decided in favor of Oracle, after considering the applicability of fair use laws, and found Google failed on a majority of accounts. In 2019, the United States Supreme Court decided to allow an appeal, with Google facing liability for $9 billion in damages if the court ruled against them.

In April 2021, the Supreme Court ruled in a 6–2 decision that Google's use of the Java APIs fell within the four factors of fair use. The ruling did not establish whether APIs can be copyrighted. The decision reversed the Federal Circuit ruling and remanded the case for further review.

Open source software trade secrets litigation
In 2005, a Korean case in the Seoul Central District Court considered a case in which the defendants used code developed for a previous employer and licensed under the GNU GPL Version 2 to develop a competing product. Trade secrets fall under intellectual property laws if their contents are of competitive property value and, unlike patents, are not required to be novel or progressive. The purpose of prohibiting trade secret infringement is to avoid unfair advantage.

One defendant had retired from the company but privately kept a copy of the source code and provided it to a rival company, shortening the rival company's development period by two months. The Court ruled that the GPL was not material to the case. The defendants argued that trade secrets are impossible to maintain while complying with GPL in distributing the work, so they could not be in breach of trade secrets. This argument was considered groundless and the defendants were sentenced following criminal proceedings.

Planetary Motion v. Techsplosion (2001)
The United States Court of Appeals, Eleventh Circuit case, ruled "Software distributed pursuant to [the GPL] is not necessarily ceded to the public domain" (dicta).

Computer Associates v. Quest (2004)
The outcome case in the United States District Court, N.D. Illinois, Eastern Division determined that though Computer Associate's source code contained previously known source code (GNU Bison Version 1.25) available under the GPL, that does not prevent them from protecting their own source code. There is a special exception in the GPL to allow the unrestricted use of output files for versions of Bison after and including version 1.25.

Welte v. Sitecom Germany (2004)
In April 2004 a preliminary injunction against Sitecom Germany was granted by Munich District Court after Sitecom refused to cease distribution of Netfilter's GPL-licensed software in violation of the terms of the GPL Version 2. The court's ruling said:"Defendant has infringed on the copyright of plaintiff by offering the software 'netfilter/iptables' for download and by advertising its distribution, without adhering to the license conditions of the GPL. Said actions would only be permissible if defendant had a license grant."

Welte v. D-Link (2006)
On September 6, 2006 in the District Court of Frankfurt, the "gpl-violations.org" project prevailed against D-Link Germany GmbH regarding D-Link's copyright-infringing use of parts of the Linux Kernel in devices they distributed. The judgment stated that the GPL is valid, legally binding, and stands in German court.

AFPA v. Edu4 (2009)
September 22, 2009 the Paris Court of Appeals ruled that Edu4 violated the terms of the GNU GPL Version 2 by distributing binary copies of the remote desktop access software VNC while denying users access to its corresponding source code. Olivier Hugot, attorney of Free Software Foundation France said:"Companies distributing the software have been given a strong reminder that the license's terms are enforceable under French law. And users in France can rest assured that, if need be, they can avail themselves of the legal system to see violations addressed and their rights respected...But what makes this ruling unique is the fact that the suit was filed by a user of the software, instead of a copyright holder. It's a commonly held belief that only the copyright holder of a work can enforce the license's terms - but that's not true in France. People who received software under the GNU GPL can also request compliance, since the license grants them rights from the authors."

Free/Iliad (2011)
This was an October 2008 case in Paris Regional Court. Free/Illiad is an internet service provider. The routers they distributed contained software licensed under GPL Version 2, but Free/Iliad didn't provide the source code or the GPL text.

Free/Illiad's argued that the routers are their property (not sold to customers) and still on their network, so their actions did not amount to "distribution" under the terms of the GPL. A secret extrajudicial agreement was reached in July 2011. Free has since released the source code and informed users of the GPL software used in their routers.

China's courts rulings on open-source licensing (2018)
The Beijing Intellectual Property Court (BIPC) heard a case from business-software developer Digital Heaven claiming software developer YouZi had copied the code for three plug-ins contained in its "Hbuilder" development tool. In 2018, the court found that YouZi violated copyright. This decision proved controversial since the legal test employed by the court differed from reasoning used by United States' courts.

YouZi argued that since Hbuilder is based on a GNU open-source module known as "Aptana", licensed under General Public Licence Version 3, HBuilder is also open source software. The BIPC decided it was only necessary to identify whether the three specific plug-ins used by YouZi are subject to the GPL. The Aptana-GPL Exception License stipulates that identifiable sections of the modified version can be seen as independent works and would not fall under the GPL. Without further examination of the open source licences, the court ruled that the GPL did not apply to the three plug-ins and therefore Hbuilder could not be considered a derivative work licensed under the GPL.