Alert January 16, 2008

Open Source Software Authors Launch Legal Enforcement Campaign

Lawsuits involving open source software have been few and far between. Many developers of open source software are informal associations of individuals that typically lack the resources or the motivation to pursue infringers of their intellectual property rights. Those cases that have addressed open source software have been primarily focused on issues other than the copyright infringement claims common to software disputes, such as patent infringement or breach of contract. Another reason for the lack of precedent in this area is the preference of the Free Software Foundation, the organization responsible for the popular open source license known as the GNU General Public License (i.e., the “GPL”), for private enforcement actions against violators, often resulting in settlements that are not publicized.

Recently, however, there has been a flurry of legal activity relating to alleged violations of the GPL. At the center of this activity is the Software Freedom Law Center (“SFLC”), a non-profit organization founded in 2005 and operating with the goal of providing pro bono legal services to the open source software community. This past September, the SFLC announced that it had filed the first lawsuit in the United States claiming copyright infringement based on a defendant’s violation of the terms of the GPL. The complaint was filed on behalf of the developers of BusyBox, a small program that provides Unix system utilities for use in embedded systems. The defendant in that case, Monsoon Multimedia Inc., distributes a wireless video streaming device aimed at the home entertainment market, and the SFLC alleged that Monsoon had used BusyBox in violation of the GPL by failing to make the BusyBox source code available to Monsoon’s users.

That case was settled in a little over a month on terms including source code distribution and the payment of an undisclosed amount of financial consideration to the plaintiff developers. Shortly after that settlement, the SFLC announced a second wave of BusyBox lawsuits, this time against Xterasys Corporation and High-Gain Antennas, LLC, both makers of wireless networking devices. The SFLC’s claims in both of those cases mirror those in the Monsoon case – the defendants are alleged to have used BusyBox in the devices they distribute without complying with the GPL’s requirement to make available the source code for BusyBox or derivatives thereof. On December 17 the SFLC announced that it had settled its case against Xterasys, again on terms including source code distribution and the payment of an undisclosed amount of financial consideration to the plaintiff developers.

The most recently announced BusyBox case was filed by the SFLC against Verizon Communications, Inc. This case is the first to involve a Fortune 500 defendant, although the claims are similar to those in the original Monsoon case. Here the SFLC claims that Verizon is distributing wireless routers that utilize the BusyBox software and that Verizon is not complying with the terms of the GPL because Verizon is not making the BusyBox source code available to recipients of the router.

This rash of lawsuits from BusyBox and the SFLC represent one of the first concerted campaigns to enforce the GPL, or indeed any open source license, using the court system. To see how unusual it is for such lawsuits to be filed, one need only look at the BusyBox website (http://www.busybox.net), where the authors have for some time published a “Hall of Shame” openly identifying over a dozen allegedly infringing uses of BusyBox that have not been litigated. Other open source projects are also aware of such uses of their software, but have never taken legal action to enforce their rights.

The message from the SFLC and the BusyBox developers is clear: if you use the BusyBox software and are not in compliance with the terms of the GPL, you are at risk of becoming the subject of their next lawsuit. The long-term ramifications of the BusyBox cases are less clear. This enforcement campaign may be the first of many enforcement efforts from the SFLC. It may even mark a change in the open source community to favor more rigorous policing and enforcement of IP rights. Some open source commentators have claimed that these lawsuits will slow and reduce the adoption and use of open source software due to the perceived increase in litigation risk.

The BusyBox suits also underscore the importance of having procedures in place for the management of third-party software licensing and usage. For companies distributing software or hardware that includes software developed without the benefit of such procedures, an audit of current third-party software usage may prevent significant headaches down the road.