IP risks for OSS developers
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 199 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/32552 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2014179 / 199
2
3
10
11
12
13
14
17
18
19
23
24
25
27
29
45
46
47
48
49
50
51
52
55
56
57
58
65
67
68
70
72
74
75
76
77
78
79
81
82
84
86
87
89
90
93
94
100
101
102
103
104
106
107
109
110
111
112
113
114
115
119
122
123
124
126
127
128
129
137
139
141
143
145
147
150
154
155
158
161
163
164
165
166
168
171
174
175
176
179
182
183
185
188
190
191
192
194
195
196
00:00
Open sourceMultiplication signGoodness of fitSoftware developerQuicksort
00:44
Software developerService (economics)View (database)Message passingBitPoint (geometry)Execution unitMiniDiscTerm (mathematics)Open sourcePhysical lawMachine visionRevision controlCopyright infringementObject (grammar)Exception handlingProcess (computing)Mechanism designMultiplication signDesign by contractSoftwareTurnbull, JamesBookmark (World Wide Web)Basis <Mathematik>JSONXMLUMLMeeting/Interview
03:20
LogicSoftware developerOpen sourceCodeChainPattern languageCopyright infringementRight angleEndliche ModelltheorieXMLUMLProgram flowchartLecture/ConferenceMeeting/Interview
03:54
Error messageComputer programmingLogical constantNeuroinformatikRight angleExistenceSoftware developerField (computer science)Eigenvalues and eigenvectorsElement (mathematics)Open sourceResultantCopyright infringementSoftwareReal numberInformation securityPhysical systemRevision controlData managementVideo gameCASE <Informatik>CodePhysical lawExpected valuePoint (geometry)View (database)XMLUMLProgram flowchartLecture/ConferenceMeeting/Interview
05:53
Open sourceSimulationSource codeComputer programmingSoftwareRevision controlComputer animationLecture/ConferenceMeeting/Interview
06:31
Right angleRevision controlSoftwareExtension (kinesiology)DigitizingComputer programmingFunctional (mathematics)Element (mathematics)ExpressionTwitterObject (grammar)Task (computing)CodeNeuroinformatikSource codeInstance (computer science)Open sourceContext awarenessComputer animationLecture/ConferenceMeeting/Interview
07:53
SoftwareComputer programmingAuthorizationNatural numberExpressionForm (programming)Axiom of choiceNeuroinformatikLevel (video gaming)Computer animationLecture/ConferenceMeeting/Interview
08:22
Computer programmingLevel (video gaming)CASE <Informatik>SoftwareProgramming languageGraphical user interfaceFile formatFunctional (mathematics)ExpressionFormal grammarNeuroinformatikComputer filePredictabilityFrequencyReading (process)Computer animationLecture/ConferenceMeeting/Interview
09:44
Context awarenessOpen sourceMaizeDerivation (linguistics)Right angleCodePredictabilitySoftware developerGoodness of fitAuthorizationFunctional (mathematics)Set (mathematics)Element (mathematics)JSONXMLLecture/ConferenceMeeting/Interview
10:48
Right angleAuthorizationLink (knot theory)Order (biology)RankingCASE <Informatik>Open sourceComputer animationLecture/ConferenceMeeting/Interview
11:21
Software developerType theoryGroup actionAuthorizationComputer programRight angleMultiplication signCASE <Informatik>Order (biology)Open sourceComputer programmingException handlingCodeInterpreter (computing)Computer animationMeeting/Interview
12:51
Copyright infringementTerm (mathematics)CodeType theoryFormal grammarCovering spacePlotterException handlingSoftware developerExistenceXMLMeeting/InterviewComputer animationLecture/Conference
14:04
Pattern languageComputer programmingPredictabilityCopyright infringementMereologySoftwareNeuroinformatikData storage deviceXMLMeeting/Interview
14:42
Source codeOpen sourceCodeCopyright infringementRight anglePattern languageMetropolitan area networkSoftware developerInstance (computer science)PredictabilityComputer animationMeeting/Interview
15:41
Copyright infringementCombinational logicSound effectPresentation of a groupOpen sourceSoftware developerDifferent (Kate Ryan album)Right angleMaterialization (paranormal)Point (geometry)Annihilator (ring theory)InformationLevel (video gaming)Goodness of fitCodeTheory of relativityJSONXMLMeeting/Interview
17:30
MereologyDependent and independent variablesForestRight angleCodeAnnihilator (ring theory)Expected valueXMLLecture/ConferenceMeeting/Interview
18:06
System callRow (database)CodeAnnihilator (ring theory)WordGroup actionLimit (category theory)XMLLecture/ConferenceMeeting/Interview
18:45
Mechanism designNeuroinformatikGroup actionCodeElectric generatorXMLLecture/ConferenceMeeting/Interview
19:13
Open sourceLimit (category theory)Software developerDesign by contractVolume (thermodynamics)Group actionExecution unitLecture/ConferenceMeeting/Interview
19:58
CodeLevel (video gaming)Multiplication signFigurate numberSpeech synthesisRight angleWordOrder (biology)AuthorizationLocal ringSoftwareLimit (category theory)XMLLecture/ConferenceMeeting/Interview
20:27
Multiplication signOrder (biology)Right angleWordElectronic mailing listRootEstimatorSystem callFlash memoryMalwareDifferent (Kate Ryan album)GodLaptopMeeting/Interview
22:44
Multiplication signUtility softwareDirection (geometry)Marginal distributionComputer virusImage resolutionProgram slicingXMLUML
23:20
CodeAndroid (robot)Client (computing)Installation art2 (number)Data miningPoint (geometry)Multiplication signType theorySoftware bugForcing (mathematics)CASE <Informatik>SequenceQuicksortSimilarity (geometry)Goodness of fitMereologyAreaEndliche ModelltheorieIncidence algebraPower (physics)Pole (complex analysis)Translation (relic)Communications protocolOrder (biology)ResultantComponent-based software engineeringXML
Transcript: English(auto-generated)
00:00
I don't know where my two speakers went, so they're in the hall. I should probably remind them that it's time to start. Okay, well, thank you for coming back to the Legal and Policy Issues Dev Room.
00:21
For those of you that didn't have too much beer last night and were really excited to start off, I'm talking today about IP Risks with Yongxin and Sumi. Good morning.
00:42
The topic of this talk is IP Risks for Open Source Developers. Yesterday, I went to a very interesting keynote of James Turnbull on software archaeology for beginners. I really enjoyed it. I don't know if anyone else was there, but I really enjoyed the talk.
01:06
I learned a lot, although I don't think I understood everything. There were two minor things that disturbed me a little bit. The first thing, but I discussed it with him, so he knows.
01:21
The first thing was, in one of his messages, you always have to ask the right question at the right time. As an example of how it should not be, he gave the example of, don't ask the developer what his favorite contract is. I think that's a bit unfortunate because I think that developers should be aware of contracts
01:45
because law is inevitable and you need to know what you're working with on a daily basis. The second thing that was a little missing from my point of view was in his step-by-step process of what you should do when you join an open source project,
02:05
he didn't mention the licensing compliance check. I asked him afterwards and he said that he just trusts the people in a good project. We will talk about this today because we think there are some issues.
02:26
What we do want to share with you today is some thoughts on how to protect yourself against IP infringements by others. We will also talk a little bit about how to protect yourself. Before we really start the presentation, I just want to give you the message that
02:45
if you are involved in an open source project, there are still copyrights hanging there because copyleft is only an exception for your copyright, so you really need to consider copyright and you really need to know what the risks are.
03:06
But first, before we get to the protection mechanisms for you, we will have Sumi talking about copyright, basically.
03:22
I will explain the problem shortly. You have an open source project X and developer 1. Though he is actually in good faith, he has an infringing contribution to the developer's chain. The piece of code that he uses infringes the IP rights of the third party
03:41
who is not directly involved in the project and didn't give permission to use this code. Every subsequent developer can be held liable for this infringement even when they are not aware of the fact that his contribution is infringing. In general, creating a computer program, even open source,
04:04
completely unaware of the existence of any IP rights of a third party, can be used as a defense to willful IP infringement, but it's not a defense to IP infringement in general. Because it is common for open source projects that they are developed by community
04:24
rather than one person or one organization, these problems occur in real life. In case of a big project, when you have thousands of developers, it's not reasonable to expect that every developer will check if there are infringements in the code by other developers.
04:45
But in smaller projects, these expectations might be different. You can use version management systems to see which developer made which contribution to the project. The risk of IP infringements, it is not a specific problem to open source projects,
05:02
but of course the risk is greater because open source allows you to distribute and modify the software freely. The infringement will carry through subsequent versions of the program and further development of the software.
05:21
A small and quick remark is that everything we say today is seen from a Belgian point of view. Of course, when you have an international project, it's possible that there is another law applicable, so this can also have influence on the outcome of the results of your claim.
05:42
The problem consists of two elements. When do you have an IP risk and how can you protect yourself? First, I will explain about when you will have an infringement. I will explain to you which kind of intellectual property rights should be taken into account
06:01
when you are dealing with open source projects. The most important are copyright and patent law. First, I will tell you something about copyright and how you can know if the source code of someone else is protected by copyright. In Belgium, in general, computer programs are protected by copyright
06:21
because there is an assimilation with literary works, with a burn convention. So it's not exactly the same as general copyright, but you can see it as a kind of modified version of copyright for software. Because of the general principle that copyright doesn't protect the underlying idea of your program,
06:43
but only the original expression, you are allowed to copy the functionality of a computer program, provided that you do not copy the source code, but you rewrite it to your own original code. The mere fact that software is developed in an open source context does not mean that there is an extension on this general principle that copyright plays a role.
07:07
In Belgium, we don't have a definition of what a computer program exactly is, but for instance the UK does, so it is possible that different elements of your program are protected in different countries.
07:22
The European Court of Justice did indicate that your object code, source code and your preparatory design can possibly be considered as an expression of your computer program. What matters is that your expression enables the reproduction of your computer program
07:41
and enables the computer to perform its task. So, what are the criteria for copyright protection? You need originality, and Article 1 of the European Software Directive says that the computer program shall be protected in the sense that it is the author's own intellectual creation,
08:03
in the sense that he made creative choices that are an expression of his own personality. So, you cannot apply any other criteria for copyright protection. There will be given protection to the expression in any form of your computer program,
08:21
provided that nature is such as that a computer program can result from it in a later stage. As a consequence, you will not get protection for your functionality of your program, the programming language and format of data files and the graphic user interface.
08:41
Nevertheless, a graphic user interface can be protected by general copyright, if it fulfills the criteria of originality. This also applies to the programming language. It can also be protected if it is an original expression.
09:00
So, are there any formalities to obtain copyright? There are none. The mere act of creating your computer program is sufficient to obtain copyright protection. It is also not necessary that your software is finished, so you will be able to get protection for every stage of your computer program.
09:21
And who is the author? In principle, it is the creator. You have some assumptions for in the case of employees or when you are working for someone else.
09:42
So, you have various works and copyrights. In the context of open source projects, you could say that you have a maze of derivative works. So, when you have your first original work in an open source project,
10:01
a developer will base himself on the contributions of the previous developers. So, he will make a derivative work, because he will use essential elements of the first original creation. However, you can get protection for your derivative work, if it fulfills the criterion of originality itself.
10:25
So, you will have an independent and fully functioning protection for your derivative work, but you will need authorization from the previous developer to use his piece of code. A lot of open source licenses, they will have a provision on how it works, derivative rights.
10:48
The set of copyrights, they cover patrimonial rights or economic rights and moral rights. Moral rights, they want to safeguard the link with the author, whereas economic rights are more, you can use them to exploit your work.
11:05
In case of a joint authorship, which is typically for open source projects, those rights will belong equally to all the authors, unless you have agreed otherwise. Now, who is a co-author? In order to be considered as a co-author,
11:26
it's not necessary that all the developers worked on it at the same time, which is of course not the case when you have an open source project. It's also not necessary that your contribution was equally important,
11:41
but it is required that your contribution fulfills the criteria of originality or that your contribution was necessary in order to get the computer program the way it is now. So this means that someone who only proposed an idea or made something on instructions of someone else, he will not be considered as a co-author.
12:05
An exception of copyright protection is given by the case when the rights of the author are limited by a private agreement or a license. Especially in the case when open source is available, there are licenses that might limit the use of your code.
12:22
It's a very difficult and complicated matter, and the clauses are often rather unclear, especially if you have individual programmers who wrote their provisions. There's also a disagreement about the interpretation of open source licenses,
12:40
but in any case, it's very important that you always reach an open source agreement and know what's in it, so that you won't be surprised at the end. There are many types of open source licenses. We will not talk about this in detail, but just leave it at the idea that you have a lot of them.
13:03
Now, when will you have an infringement of copyright? You have two types of infringements. Either your code is an unlawful use of the code, or you have an infringement of your license terms. A license that will not be honored, for example, when you were required to apply a notice and you didn't do this.
13:25
The question, if a developer was aware of the fact that he was infringing someone else's code, it could play a part, it could play a role in copyright, and because of the fact that copyright doesn't require any formality, and comes into existence following the mere creation of it,
13:45
it's of course not easy to know if something is protected by copyright. However, the Copyright Act does not require that the infringer has knowledge of the infringement or the copyright, so it is not an exception to copyright.
14:04
Another IP infringement might follow from a breach of patent law. Although computer programs are excluded from copyright from a patent protection as such, the European Patent Office does grant such software patents. They are part of a new and non-obvious technical solution for a technical problem.
14:26
Moreover, in many other countries, software patents are accepted. In a way, patents allow you to protect the underlying idea of your computer program, which is something that copyright doesn't.
14:42
Now, since most of the patent claims do not include source code, it is impossible to do technical searches based on the available patent data and open source code. In practice, it may be possible just to avoid well-known infringing patents and to look at the patents of your direct competitors.
15:02
So, it's not easy to know if your code is an infringement of a patent, but you should know that a patent is a territorial right. This means that its scope of protection is limited to the country under which it was granted. So, if I have obtained a patent for Belgium, I cannot exercise my rights in France, for instance.
15:25
Since getting patent protection all over the world is very costly, there are only very few companies who can do this. The biggest risk in our discussion problem is this when developer won, when he would contribute code in a way that is not allowed by the license
15:43
or is an infringement of a patent protection. But you should also know that you can have a combination for protection of copyright and patent law because they will protect different subject matter. Now, for this presentation, it won't make a big difference if you have a patent infringement or a copyright infringement.
16:05
The main concern is that there was an infringement somewhere along in the developer's chain. You could ask, is it possible to exonerate the other open source developers when someone made an infringement? Now, the starting point when you address the effect of an agreement on third parties is Article 1165 of the Belgian Civil Code.
16:31
This article entails the relativity principle, which means that the effect of an agreement towards third parties will only be very limited.
16:43
When you apply this principle to the open source agreement between the different developers who deliver a contribution, this has as a consequence that provisions who are in exoneration, which exonerate developers for the use of infringing materials,
17:01
they cannot be successfully invoked against the third party, so the person whose rights were infringed. However, you can use such a provision against the developer who made the infringing contribution because it is only fair that if someone who was in good faith and innocent,
17:23
that he can reclaim the damages that he should pay from the infringing developer. So that was it about the when is there a risk part. Yeah, and so I will now talk about how to protect yourself.
17:41
Well, don't raise your expectations too high because actually you can't do that much. I think that most of all we have to make a distinction first between your own code and the code of others. I mean like when you get into a project, when you join a project,
18:00
there are some things you have to do for your own code that is right in good faith. So first of all, try to avoid duplication. If you don't need a code of someone else, start from zero and write it yourself. That's pretty easy. And then also keep records.
18:21
So if you keep clean and clear records of all your actions, it will be easier for the next contributors in the project to check your code and to understand what the legal obligations are that are connected to your code.
18:40
And then about the code of others is, I call it here, joining in good faith. So then there are some preventive mechanisms and some remedial efforts. So about prevention is, first of all, only contribute clean code yourself again,
19:03
also for when you join, and then be aware of the previous contributions. This means that you need to identify all the pieces of the code and where they come from. You need to identify the person, the developer who wrote it, the licenses that are a burden to code,
19:24
and what the obligations and limitations are that follow from these licenses. So therefore you need to read the documentation, and that will be a lot of work. You can have open source insurances, but due to the fact that they're quite expensive
19:40
and they not cover everything, all the legal issues, they don't seem to become very popular. So what to do if you have figured out that someone previous has used infringing code? Well, first of all, you can try to modify the code, but that will be very time consuming and re-consuming,
20:03
so I guess it's only a solution when you're in the very early stages of the project. And then secondly, you can negotiate additional licenses, because if a previous person was the author of the code, he has the right to give another license with other obligations and other limitations.
20:24
So I guess that our main conclusions are that there are local software conclusions, and a stitch in time saves nine. Read the licenses and try to comply as good as you can.
20:42
Basically. Yeah, that was it. So if someone has questions, like more concrete questions. No? Okay, well thank you very much.
21:07
Can I take a picture? Go ahead, you can take a picture. Yeah, okay. I'm sure I'm getting lots of malware installed on my laptop when I plug these in.
21:25
I'm so sorry. It's okay. O-I-N flash drive. Come on, show up. Yeah, I figured he wouldn't. Yeah, I know, it's like highly overrated.
21:49
I stopped by to say hello, and then she was still there. She stayed like four hours later. Oh my god. I got a light this time.
22:02
This is a USB 3 port, it's possible. This flash drive doesn't like USB 3. Yeah, my bag is there, thanks.
22:24
Sure, say it again. Are you ready to go? You can if you want, I don't mind. No, no, it actually converted it. Yeah, okay.
22:41
We haven't heard many repeat speakers, but Alexis is a repeat, a different speaker, so. No, it's new content, he was on a panel. It's like me, he's been on panels. I have never spoken either, he's in the same situation I am in. Yeah, we should have bugged her just a bit of time. Martin, you can spit a talk.
23:02
Yeah, why did Martin spit a talk? You still have time. Do you have my slot? Did you manage to connect it up? Yeah, Jeremy actually solved the problem. I talked to Jeremy for an hour last night about it, and he solved everything. So it's all connected.
23:23
I time watched it. I think we've got... Do you have an idea of a type thing? I think mine is more active than yours. But mine just synced with NTP this morning.
23:41
And so what's your point? Mine is only microseconds off. Microseconds off? Don't you know? It synced like an hour ago. Don't you know the Android bug about how American phones are, what is it, 30 seconds off?
24:00
But it synced with, I have the NTP client installed. It's got a bug! It did 30 seconds in two hours? No, no, no, it's because of the off, it didn't take into account some offset thing. Even if you have the NTP client? No. Ask Paul, he was here yesterday, he would know. I don't believe this.
24:21
I believe that the NTP client is not installed. Do you have an NTP client installed? You're telling me the NTP guys didn't... This isn't an NTP thing, it's something about the goofy OS 3. I'm on it, right? Maybe Paul fixed it, so I take it all back. Yeah, so I'm running Paul's code.
24:40
Wait a second, I'm running Paul's code. I just realized what Paul you were talking about. The guy whose code I'm running, you said it's broken. No, no, no, I thought you were running this. Yeah, I forgot that you were running the real thing. I'm running the real thing. I don't run that Google crap. Oh, okay, just checking. So, I'm not sure if I'm saying it right.
25:01
Alexis? Alexios. Is it Alexios? Alexios. There's an I, you have to say the I. I don't know if they pronounce the I as in English. Alexios. Do you have a problem with names, President?
25:20
I have a really bad problem pronouncing names. Even U.S. ones, it's not like I'm just a dumb American. I pronounce U.S. names wrong too. I could sort of pronounce Smith, but... Occasionally I've said Smyth, right? It's because everybody pronounces my name wrong. I'm getting back at the world.
25:41
I've been called Con so many times. My name's Coon. But people say Con all the time. For since I was a kid. That's actually close. It's a German name and the umlaut was dropped at some point in the U.S. So it's actually a Coon name, but technically speaking. But with the umlaut, the umlaut is...
26:04
Actually, there are people in the U.S. who are translated, transliterated with my name. That's K-U-E-H-N-E. You'll find those communities in... But they still say Coon. Those people still say Coon. You never have the same name, right? They say it the way I do.
26:52
So let's get started. Since we have a couple of short talks, I want to make sure...