Intellectual property and licensing

© 2016, iText Group NV© 2016, iText Group NV
OPEN SOURCE INDIA
Open source: an introduction to IP and Legal
Bruno Lowagie, CTO iText Group NV

© 2016, iText Group NV
Introduction: who and what?
Open Source: an introduction to IP and Legal2
Bruno Lowagie
Original developer of iText
ex-CEO, current CTO at iText Group

Disclaimer: IANAL
• In this talk, I merely share my experience with legal issues.
• “The law” can be different in different countries, and
• Software is usually international and local laws may apply
I’m an open source developer, not a lawyer

Agenda
Intellectual property (IP) of a project
Open source licenses
Case story: IP review of the iText source code

A quick show of hands
Who knows
Stack Overflow?

Who knows
Stack Overflow?
Who uses code
snippets from
Stack Overflow?

Who knows
Stack Overflow?
Who uses code
snippets from
Stack Overflow?
Who knows
which license
Stack Overflow
uses?

CC-BY-SA version 3.0

Attribution
Summarized:
Explain origin
Add link to question
Add author name
Add link to author profile
http://stackexchange.com/legal:
In the event that You post or otherwise use Subscriber Content outside of the
Network or Services, with the exception of content entirely created by You, You
agree that You will follow the attribution rules of the Creative Commons Attribution
Share Alike license as follows:
a) You will ensure that any such use of Subscriber Content visually displays or
otherwise indicates the source of the Subscriber Content as coming from the Stack
Exchange Network. This requirement is satisfied with a discreet text blurb, or some
other unobtrusive but clear visual indication.
b) You will ensure that any such Internet use of Subscriber Content includes a
hyperlink directly to the original question on the source site on the Network (e.g.,
http://stackoverflow.com/questions/12345)
c) You will ensure that any such use of Subscriber Content visually display or
otherwise clearly indicate the author names for every question and answer so used.
d) You will ensure that any such Internet use of Subscriber Content Hyperlink
each author name directly back to his or her user profile page on the source site on
the Network (e.g., http://stackoverflow.com/users/12345/username), directly to
the Stack Exchange domain, in standard HTML (i.e. not through a Tinyurl or other
such indirect hyperlink, form of obfuscation or redirection), without any “nofollow”
command or any other such means of avoiding detection by search engines, and
visible even with JavaScript disabled.

Share Alike
Copyright law
• allows an author to
prohibit others from
reproducing, adapting, or
distributing copies of the
author's work.
Copyleft
• gives every person who
receives a copy of a work
permission to reproduce,
adapt or distribute the
work as long as any
resulting copies or
adaptations are also
bound by the same
copyleft licensing scheme.
Open Source: an introduction to IP and Legal
©
©
10

Do you have to worry?
Sam Saffron: http://meta.stackexchange.com/users/17174/waffles
Jason Baker: http://meta.stackexchange.com/users/2147/jason-baker
Stack Exchange has been trying to
fix these issues for years now,
but the problem persists.

Intellectual property
You’re an open source developer, but:
 Who owns the code you write?
 Who owns the code you use?

A typical project
White zone
Gray zone
Black zone

The White Zone
White zone
Gray zone
Black zone

The White Zone
You have written the code yourself, but
What about your employer? Does your employer own (part of) the code?
Do you have a formal agreement with your employer with respect to
F/OSS?
Where did you get your inspiration? IBM developers are forbidden to look
at any code that is not formally approved by IBM’s legal team. Good
practice or burden?

Employees and IP
Dilbert:
Copyright by Scott Adams
Fair Use

The Gray Zone
White zone
Gray zone
Black zone

The Gray Zone
The code was contributed, but
did the contributor agree with the license?
did the contributor’s employer agree?
where did the contributor get his inspiration?
The code is taken from another project, but
are the licenses compatible?
do you respect the other project’s license?
where did the other project get its code from?

The Gray Zone
Contributor License Agreements
The Apache Foundation demands contributors and their employers to
sign a CLA
SUN used to demand contributors to sign an SCA from the moment
contributions contained more than 20 lines of code
“Fair Use”: does not apply to source code in the USA!
Check License Compatibility
Keep a detailed inventory of all F/OSS projects (subset / derivative work)

License compatibility
Your product: ASLv2
GPLv2
Your product: LGPLv3
ASLv2

The Black Zone
White zone
Gray zone
Black zone

The Black Zone
Unfortunately, you might not have been allowed to use
some specific code that is now part of your project.
Possible solutions:
 Either you ask (and get!) permission, or
 You rewrite the code, or
 You remove the code.

Open source licenses
 Copyright versus Copyleft
 How open source licenses work
 Open source business models

Open Source License overview

GPL-style software licenses
It’s all about distribution
License: MPL / LGPL GPL AGPL
Car distribution
(e.g. OEM)
Commercial use? OK for gratis commercial use Commercial license needed Commercial license needed
Bus service
(e.g. SaaS)
Commercial use? OK for gratis commercial use OK for gratis commercial use Commercial license needed
Free/Proprietary Before iText 5:
Improvement engine: LGPL
Car or bus: can be proprietary
Car: must be GPL
Bus: can be proprietary
Since iText 5:
Car or bus: must be AGPL
Or: buy commercial license

Open Core licensing: e.g. iText 7
Open source
Closed source

Business Source License: e.g. MariaDB
All source code is open,
but not “open source”:
it’s “business source”.
MaxScale is only needed
in case of heavy use of
MariaDB.
This prevents perceived
abuse by GAFA & co.

Case study
Who owns iText?
 Mapping the white zone
 Clarifying the gray zone
 Refactoring or removing the black zone

Who was asking this question?
July 2006: Eclipse Simultaneous Release
‘Callisto’; tested and approved by IBM
Eclipse/BIRT (Actuate) is part of this release
Project led by Actuate
iText is used in Eclipse/BIRT
License MPL/LGPL: not acceptable for IBM
Research agreement between Actuate and Ghent University with as
deliverable: IP Review

Turning Gray and Black into White
White zone
Gray zone
Black zone

In practice
Source code was vetted by lawyers
Source code was screened using software
Weekly reports listing potential issues

Issue 1: Quick&Dirty XML parser
State machine to parse XML
Source code taken from:
http://www.javaworld.com/javaworld/
javatips/jw-javatip128.html

Read the fine-print!
All contents of JavaWorld, including text,
programs, applets, source code, and images are
copyrighted and owned by IDG or the copyright
holder specified, all rights reserved. No material
may be reproduced electronically or in print
without written permission.

Solution 1
Write JavaWorld and author, get permission!
There were many other places where license information was incomplete
or missing.
It must become your second nature to ask for permission and to
document! document! document!

Issue 2: RC4 encryption algorithm
Names and variables referring to RC4
RC4 was initially a trade secret, but in September 1994 a description of it was
anonymously posted to the Cypherpunks mailing list.
It was soon posted on the sci.crypt newsgroup, and from there to many sites on
the Internet. Because the algorithm is known, it is no longer a trade secret.
The name "RC4" is trademarked, however. The current status seems to be that
"unofficial" implementations are legal, but cannot use the RC4 name.

Solution 2
RC4 is often referred to as "ARCFOUR" or "ARC4" (meaning Alleged RC4,
because RSA has never officially released the algorithm), to avoid possible
trademark problems.
Change all class and variable names:
 Don’t use: RC4_ENCRYPTION
 Use: ARCFOUR_ENCRYPTION

Issue 3: Class IntHashtable
Code taken from ACME.com:
// This is 90% based on JavaSoft's java.util.Hashtable.
// Visit the ACME Labs Java page for up-to-date versions
// of this and other fine Java utilities:
// http://www.acme.com/java/
JavaSoft is a name used by Sun in the past in their Java activities.
ACME indicates use of the class java.util.Hashtable which is subject to unfriendly Sun license
It is unlikely that this code is available under a license that permits this use. Without information
indicating that Sun approved of this usage the class should not be used.

Solution 3
Use the same class released by Apache under the ASL in Apache-
Commons instead of the ACME class.

Issue 4: EPS functionality
Taken from an example released by SUN under a Sample License
The Sample License allowed the use of the code, but…
The source code contained this text:
/*
* Copyright 1998 by Sun Microsystems, Inc.,
* 901 San Antonio Road, Palo Alto, California,
* 94303, U.S.A. All rights reserved.
*
* This software is the confidential and proprietary
* information of Sun Microsystems, Inc.
* ("Confidential Information"). You shall not
* disclose such Confidential Information and shall
* use it only in accordance with the terms of the
* license agreement you entered into with Sun.
*/

Solution 4: remove the code
After a very long argument about the liberal Sample License versus
the strict comment section (which was clearly overlooked at the
moment the code was released to the public), the EPS functionality
was removed from the iText code base.
It’s better to be safe than sorry…

Results of this exercise
 We work with CLAs and keep track of contributors
 We changed the license from MPL/LGPL to AGPL
 We created a successful business

Contributor License Agreement

Today: disciplined IP “book keeping”

Commercial open source
Enterprise
closed
source
open
source
commercial
source
FOSS Company
The product is available for
free for those who accept
and comply with the F/OSS
license
If the product is also
distributed under another
license, a commercial
license is needed.
The FOSS company makes
the product available under
a custom license for those
who pay for the product:
• Support,
• Warranty,
• Indemnification,
• Release from the
requirements of the
F/OSS license

Intellectual property and licensing

More Related Content

What's hot (18)

Similar to Intellectual property and licensing (20)

More from iText Group nv (12)

Recently uploaded (20)

Intellectual property and licensing