Open season on open source?

There are several IP considerations to bear in mind when using, integrating and contributing to open source software, says Daniel Tarr of Duane Morris.

Open source software, used either as standalone internal solutions or integrated into in-house developed software, can give companies many advantages.

However, despite the increase in quality and availability of open source software, some companies are still apprehensive about using open source software, either due to the belief that open source obligations may “infect” other software and result in the loss of proprietary rights, or due to a misunderstanding of what rights are granted under an open source licence.

A properly implemented open source policy allows companies to gain the benefits of open source software while maintaining control over IP rights. Open source policies should include licence-specific considerations tailored to the interaction of specific open source licences and IP rights.

Open source software is software with distributed source code that any person can inspect, modify and change (compared with closed-source software, which hides source code from the end user).

The use of open source software is becoming widespread, with many of the largest software companies embracing open source software by contributing to open source projects, integrating open source into their own projects and using open source programs internally.

“Depending on the type of open source licence, a company may be free to use, distribute, modify or integrate open source software internally and within proprietary software.”

For example, Google released Android as open source software, and last year Microsoft purchased GitHub, one of the largest repositories of open source projects.

By utilising open source solutions, companies can avoid reinventing the wheel for tangential or noncore tasks that have already been solved by others.

Instead, development resources can be devoted to core functionality or value-add functionality for core software (or hardware) products. In addition, the use of open source software can enhance the reputation of a company, among both end users and potential employees such as software developers.

Before using or integrating open source software, companies should establish a clear open source software policy that takes into account rights and obligations of the company, such as IP rights, and the specific terms of each open source licence.

Depending on the type of open source licence, a company may be free to use, distribute, modify or integrate open source software internally and within proprietary software, or may be required to use open source software that is based on other software licensed under an open source licence.

Open source and IP rights

Open source licences fall generally into one of two categories: permissive and “copyleft” licences.

Permissive licences, such as the MIT Licence and the Apache Licence 2.0, generally allow users to use, modify or distribute software without restriction.

In contrast, copyleft licences, such as the GNU General Public License (GPL) 3.0, include licence terms that require any modifications, changes or distribution of the software to occur under an identical licence to that provided with the original software.

These licences interact with IP rights, such as copyright, patent rights and trademarks, in different ways.

Open source licences are express grants of rights that permit an end user to use, modify, and distribute the software. For example, the MIT Licence permits a user to “deal in the software without restriction” and provides rights to “use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software”.

Similarly, the GPL 3.0 Licence provides the right to “make, run and propagate covered works that you do not convey, without conditions”. 

Companies are free to use unmodified versions of open source software in standalone configurations (ie, without integrating open source software with other software) without concern.

The use of permissively licensed software generally doesn’t restrict a company from distributing closed-source software that incorporates or modifies open source software. For example, the only restriction included in the MIT Licence is a requirement to include an original copyright notice in copies of the software.

Copyright for any modifications of permissively licensed software or software that incorporates or relies on permissively licensed software vests in the subsequent author (or company) without restriction. Thus, a company may freely use permissively licensed software in and with closed source software without impacting copyright ownership.

By contrast, copyleft-licensed software imposes downstream licence requirements.

The GPL 3.0 Licence automatically applies the GPL 3.0 Licence to any work “based on” the originally licensed software and requires that if such work is distributed, it must be distributed as open source software under the licence.

Under the GPL 3.0 Licence, a work is “based on” the originally licensed software if the work copies from or adapts all or part of the original work in a fashion requiring copyright permission, other than making an exact copy.

The Free Software Foundation, which maintains the GPL 3.0 Licence, has stated that “dynamically linking applications to libraries creates a single work derived from both the library code and the application code” and is therefore a derivative work “based on” the libraries.

Under this interpretation, any software that links to software licensed under the GPL 3.0 Licence would also become open source. Accordingly, a company shouldn’t incorporate or rely on GPL-licensed software for internally developed software if the company wishes to maintain control of the copyright.

Patents

Permissive and copyleft-licensed software may include an express patent licence to any patents that are owned or controlled by a contributor to the software. For example, the Apache Licence 2.0 includes a licence from each contributor of a “perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable … patent licence ... to those patent claims licensable by such contributor that are necessarily infringed by their contribution …”.

Similarly, the GPL 3.0 Licence includes an express patent licence from each contributor to all “essential patent claims”, which are any patent claims that are owned, controlled or come to be controlled by the contributor.

Although many open source licences include an explicit patent grant, several popular licences, including the MIT Licence and the GPL 2.0 Licence, do not.

The MIT Licence allows a user to “deal in the software without restriction”, including the right to “use” and to “sell copies” of the software.

Although there is disagreement as to whether the MIT Licence acts as a patent licence, the inclusion of a right to “use” the software appears to provide at least an implied patent licence.

Companies should be aware that enforcement of patents covering MIT Licence software is an unsettled question.

Similarly, the GPL 2.0 Licence does not include an express patent licence. Instead, it includes a clause stating that software may not be distributed in any jurisdiction in which patent rights may interfere with any of the terms of the licence.

This provision would prevent companies from distributing the software if they are also enforcing patent rights against the software.

Because the licence indicates that software can be distributed only “so as to satisfy simultaneously your obligations under this licence and any other pertinent obligations”, this licence term likely acts as an implied licence to any patents that are controlled by a distributor of the software.

Companies are able to use open source software under any open source licence with an express patent licence, such as GPL 3.0 or Apache 2.0, without fear of infringing essential or related patent claims owned or controlled by a contributor to the software.

Additionally, an implied licence is likely included in open source licences lacking an explicit patent licence.

The patent licence provided by open source licences (either expressed or implied) extends only to those patents that are owned or controlled by the contributors (or other persons designated in the licence).

A company should be aware that open source software may be covered by patent claims owned by a third party that may be asserted against the company, although similar risks exist with closed-source software as well.

Trademarks

Open source licences generally do not grant licence rights in or to any trademark. The Apache 2.0 Licence expressly “does not grant permission to use the trade names, trademarks, service marks, or product names of the licensor”, except as required for describing the software or reproducing a notice.

The GPL 3.0 Licence similarly includes an optional additional term that allows a licensor to decline “to grant rights under trademark law for use of some trade names, trademarks, or service marks”.

Because open source licences do not generally grant trademark rights, a company maintains all control and rights in any trademarks that they may possess.

Conclusion

As the quality and availability of open source software increases, companies should implement open source policies to take advantages of the benefits provided by open source software.

An open source policy that considers the variations in open source licences ensures that such use will not impact a company’s IP rights.

As long as the open source policies include licence-specific considerations, companies can use open source solutions without negatively impacting the company’s rights or bottom line.

Daniel Tarr is an attorney at Duane Morris. He practises in the area of IP law with a focus on patent procurement and prosecution, enforcement and licensing, and patent litigation. He can be contacted at:  DTarr@duanemorris.com.