Linux patent risks: Things to consider
Thomas C. Carey, a partner at Bromberg & Sunstein LLP, Boston comments on the announcement made this summer by Open Source Risk Management (OSRM) which indicated that Linux infringes 283 patents. Mr. Carey chairs the firm's Business Practice Group and specializes in licensing and transfers of software, technology and other knowledge-based content, mergers and acquisitions, equity financing, and project development.
He recently responded to open.itworld.com's questions on where Linux users stand:
open.itworld.com: Open Source Risk Management (OSRM) recently announced that Linux infringes 283 patents. What's at the heart of the issue?
Thomas Carey: OSRM sees a business opportunity in trying to play upon the fears of open source software users.
open.itworld.com: What should companies know about the patents in question?
Thomas Carey: It is a massive undertaking to read 283 patents. I have not read them, and I doubt that any user will. Perhaps they will be read by another insurance company seeking to offer similar protection, or by Red Hat.
open.itworld.com: If a company were to file a lawsuit based on Linux infringing a patent, who would it sue? One of the big Linux players (Red Hat, Novell), or the programmer or organization that contributed to infringing functionality, or some major end user?
Thomas Carey: This has already happened, of course. SCO sued IBM first, Red Hat sued them for a declaratory judgment, and SCO then sued two end users. No individual programmers have been sued, to my knowledge. A similar pattern would be likely in the future -- sue the deep pockets rather than individuals.
open.itworld.com: What does it mean for enterprise Linux companies - companies that sell and/or service Linux as well as those companies that use it. How concerned should they be?
Thomas Carey: They should be moderately concerned, if only because of the PR problem that this presents.
open.itworld.com: What steps should enterprise Linux companies take now?
Thomas Carey: They should undertake a study of the 283 patents (and any others that they know of); and see if they can offer an infringement warranty against those known patents for a separate fee. This warranty should be backed up by a real insurance company with real assets, not a start-up like OSRM.
The problem with OSRM is that it is offering something that looks and smells like insurance, but, as OSRM admits, it is not licensed as an insurance company. If the sky fell on Linux after OSRM had sold lots of its "indemnity contracts", would OSRM have the resources to back up all of its obligations? Unless its balance sheet is open for public inspection, as a real insurance company's is, nobody can tell. And unless you have good risk measurement and risk management practices in place, there is a real chance of nobody being there when the chickens come home to roost.
open.itworld.com: What's the most important take-away for any Linux company (companies that sell and/or service Linux as well as those companies that use it) on the patent infringement issue.
Thomas Carey: First, there are opportunists out there seeking to play on the FUD that the SCO litigation has engendered. Second, patent infringement is potentially the Achilles heel of open source software. A real solution to this would be good to have, even if it costs a little more. Third, that there is patent risk lurking everywhere, and that some risks are simply unavoidable.
Thomas C. Carey is a partner at Bromberg & Sunstein LLP, Boston and chairs the firm's Business Practice Group. Tom's business practice is broad-based. It includes licensing and transfers of software, technology and other knowledge-based content, mergers and acquisitions, equity financing, and project development in such fields as real estate, education and waste-to-energy. Tom devotes a substantial portion of his time to counseling software and technology companies in their business transactions. For example, Tom represents a company providing visualization software to the US military, in which export control and reverse engineering issues have occurred; a software company active in providing evaluations of the efficacy of hospitals and health organizations; and a company seeking to bring to market a proprietary technology directed at the wireless industry. He has experience in licensing technology in the fields of medical devices and cosmetic care. Before becoming an attorney, Tom was a computer programmer, then city planner working for the City of New York. Tom graduated from Yale University with a degree in French literature, and received his J.D. from the State University of New York at Buffalo.
open.itworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
