Whether or not the SCO Group wins its $3 billion lawsuit against IBM Corp., the company has succeeded in raising a lot of fear, uncertainty and doubt about using Linux in an enterprise. But how do you know whether what you've heard about the case is a legitimate cause for concern or whether it's just FUD? Attorney, iLinx International LLC consultant and SearchEnterpriseLinux.com site expert Scott Nathan has been helping Linux administrators separate fact from FUD in the site's Ask the Expert section. In this article, he answers Linux administrators' questions, offering advice about how admins can protect their companies from SCO-induced legal liability.
Administrator: My company's execs don't want to use Linux now because of the SCO lawsuit. We use a lot of IBM hardware and software, and our IT shop wants to use Linux. Are there ways to protect my company from the fallout of the SCO suit if we begin to use more Linux?
Nathan: This topic can the subject of substantial discussion and analysis and is best addressed on a case-by-case basis.
While risk sensitivity is certainly understandable in this economic climate, there are reasonable means to evaluate the level of risk posed by SCO's allegations and to pursue the Linux path without undue risk. For example, there are several firms (including Olliance Group, with which I am affiliated) that can review the source code and licensing agreements in order to help organizations understand
Finally, there may be insurance (either in an existing policy or in additional coverage available from your insurer) to cover the risk of loss associated with the use of Unix-based software to which SCO claims ownership.
In my view, it is by no means clear that SCO possesses the licensing and enforcement rights it claims to own. Your company should recognize that IBM has firmly denied the allegations filed by SCO and presumably stands behind that position with its customers. Other software providers, including Novell, have also publicly denied SCO's claims in writing. Moreover, the strategy pursued by SCO appears calculated to create fear and uncertainty over a prolonged period of time, sufficient to convince users that it is easier to either pay the licensing fees to SCO or withdraw from the Linux market than it is to worry about the outcome of the litigation. In this context, if SCO had the requisite evidence to substantiate its claims concerning IBM's AIX license, it would have asked the federal court in Utah for an immediate injunction to prevent IBM from distributing AIX. It did not, intentionally leaving the claim dangling during the next phase of the litigation, which will take months or years to complete.
There are reasonable and cost-effective ways to take advantage of Linux and open-source while protecting your enterprise against the possibility that SCO is right. Avoiding Linux until the dust settles seems prudent only if the cost of compliance with SCO's asserted rights outweighs the economic benefit of Linux and open-source.
Administrator: I don't think [SCO] will impact us if we use Red Hat Linux. Am I right?
Nathan: I believe that Red Hat has stated publicly that it has complied with all licensing agreements to which it is a party.
Administrator: Do you think that the USL vs. The Regents of the University of California legal battle will have any impact on the current SCO vs. Linux case? The two cases seem to be following a similar path.
Nathan: The litigation between USL and BSDL, the Regents of UCal and others was settled in or around 1994, and all of the litigation pending between the parties starting in the early '90s was dismissed. Moreover, with one or two exceptions, few relevant decisions were rendered in that litigation before the settlement. So, with one possible exception, there will be little practical impact from that litigation on the current spate of lawsuits.
The one apparent exception involves the initial decision in the case filed by USL against the Regents in U.S. District Court in New Jersey. In that case, the Regents asked the Court to dismiss the case and USL asked the Court to enter a preliminary injunction preventing the Regents and BSDL from distributing source code. The judge ruled that USL was not likely to prevail on its copyright and trade secret claims pertaining to 32V and Net2/BSD 356. Therefore, to the extent that SCO's claim of copyright originates from USL's code for these programs, the decision in the earlier litigation may have some impact on the current matter.
Administrator: In recent news, I read that SCO is saying that [the] GPL is not compatible with U.S. copyright law. Could that possibly be true?
Nathan: Presumably, this is part of their effort to create fear, uncertainty and doubt. I wonder about such claims, when SCO has, until 2003, participated in distributing open-source products under a version of the GPL. In addition, it should be remembered that copyright protects the expression of ideas in the name of the creators of those expressions. If creators voluntarily distribute their expressions using a distribution model that differs from the restrictive and proprietary world of copyright, it strikes me that neither the Copyright Act nor SCO can prevent it. This applies with equal force, in my view, to those who registered their work with the federal government and subsequently decided to distribute their work more freely. Without more explanation from SCO about what it really means, on its face this assertion appears without merit.
Administrator: If SCO wins its suit against IBM -- and that's a big 'if' -- could it go after companies that were using Linux prior to the ruling?
Nathan: Again, this appears to be part of the effort by SCO to create fear, uncertainty and doubt. Here, the threat is that SCO will seek retroactive licensing fees if entities do not agree to buy licenses before the litigation is concluded. The question is raised in the context of the IBM litigation, which does not involve any claims of copyright infringement and only claims trade secret misappropriation against IBM. So, if SCO succeeds in this lawsuit, it will recover any damages to which it is entitled from IBM. It would also have the right to expect IBM to fix any problems resulting from its conduct.
In the context of copyright and patent infringement claims, if SCO can prove that a company had notice of some infringing activity and did not take all reasonable and necessary steps to cure the infringement, as by buying the appropriate licenses, SCO would be in a position to recover licensing fees going back to the date on which the user first had notice of the infringing activity. This issue does not arise directly from the litigation with IBM, as that case is currently constituted.
Administrator: At LinuxWorld, Bruce Perens said that software patent regulations and lawsuits were going to be big problems for the open-source community. What's going on with that? Are patent lawsuits going to affect business users?
Nathan: Without getting into a protracted macroeconomic discussion about the impact of patents and patent litigation, it is not clear that any contemplated patent litigation (I am aware of no pending litigation that includes either a challenge to a patent or a claim of patent infringement regarding Unix, Linux or related applications) will impact the open-source community in general or so-called business users in particular.
It strikes me that the claims asserted by Red Hat and IBM raise substantial questions about whether any patent infringement claims can succeed. According to those pleadings, as well as common knowledge and lore within the open-source community, any business process or invention now owned or controlled by SCO was freely distributed to the open-source community in such a manner as to void any subsequent claim of infringement. One also wonders about the extent to which some or all of the business processes now owned by SCO are subject to claims of prior art, i.e., that SCO's technology was not invented by SCO or one of its predecessors.
Might there be some economic impact if SCO successfully pursues a patent infringement claim? Yes. The likelihood of the kind of colossal impact suggested by SCO and some of its sympathizers is, in my opinion, remote. However, as I have recommended elsewhere, it is wise for companies that are legitimately concerned about this issue to evaluate the level of their risk/exposure and then develop a rational risk reduction program. If migrating to or expanding the enterprise's use of open-source is otherwise justified, recent events need not change that result.
FOR MORE INFORMATION:
FEEDBACK: Has the SCO Group's legal action against IBM and threats against the Linux community caused your enterprise to either delay or cancel a Linux or open-source project?
Send your feedback to the SearchEnterpriseLinux.com news team.