Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Linux Business Patents

Why Consider Linux Kernel Patent Risks? 226

chromatic writes "After the hoopla about OSRM's study of patent risks in the Linux kernel, I talked to Dan Ravicher, the patent attorney and free software afficionado who conducted the study. Contrary to my initial reaction, I've come to believe that the study is actually very valuable. Linux and Patent Risks on the O'Reilly Network explains why."
This discussion has been archived. No new comments can be posted.

Why Consider Linux Kernel Patent Risks?

Comments Filter:
  • So.... (Score:3, Insightful)

    by evan_th ( 791330 ) on Tuesday August 10, 2004 @01:58PM (#9932471)
    If somebody decides to sue Linux for copyright infringement, who defends it?
    • Re:So.... (Score:5, Funny)

      by Kenja ( 541830 ) on Tuesday August 10, 2004 @02:03PM (#9932544)
      "If somebody decides to sue Linux for copyright infringement, who defends it?"

      SCO? I thought they owned Linux.

      • Maybe IBM should put a huge patent lawsuit anouncement that if it is decided that SCO owns the copyright to Linux that they are then infringing on 57 of IBM's patents (or what ever number.) And leave it as pending the outcome of the current case.
    • Re:So.... (Score:3, Insightful)

      by irokitt ( 663593 )
      One would assume the FSF is in a position to help. If by Linux you mean individual distros, some of the larger ones are probably capable of beating off most attacks (that is, ones that aren't bankrolled by people like Microsoft).

      And don't forget that the free software community has a history of helping groups that fall under legal trouble (the aftermath of SCO is making free software users more aware of legal risks). So passing the hat around would also be an option. The worst cas is that Microsoft could s
    • Re:So.... (Score:5, Insightful)

      by sloanster ( 213766 ) * <ringfan@@@mainphrame...com> on Tuesday August 10, 2004 @02:05PM (#9932569) Journal
      If somebody decides to sue Linux for copyright infringement, who defends it?

      I think you are a little confused, perhaps... When you say someone will "sue linux", exactly who do you mean is being sued? Novell? Linus Torvalds? IBM? Red Hat?

      Once you apply a bit of clear thinking, and decide who is being sued, the answer to your question will follow naturally.
      • I'm asking, if somebody sues *ME* for running a piece of code called the Linux kernel 2.6.1, who defends it? Cos me, I'm switching to BeOS. I don't have the cash to fight a lawsuit by Microsoft.

        To word it another way: I administer a set of computers. Will my organisation get tied up in a costly lawsuit, just because I want to use Linux rather than one of it's lower-profile brothers (*BSD)? Or even dole out the money for one of Microsoft's OS's?

        So, it's not Novell, IBM, etc. who's getting sued, I am. And t
        • Did you read the damned article? Here's a piece of it,

          "Pragmatically, individual users, developers, and small businesses have relatively little risk -- it's expensive to initiate patent infringement proceedings. Suing someone with few assets (compared to a large company with a large portfolio of offensive patents) is likely a bad investment."

          I really don't think they'd sue you in particular nor would they sue your organization, not to mention the fact that NO ONE IS SUING ANYONE RIGHT NOW. So switching

        • Re:So.... (Score:3, Insightful)

          by killjoe ( 766577 )
          If they sue you then you switch to BSD and they have wasted all their money. More people they sue the more money they have wasted.

          BTW in the history of the world nobody has ever been sued for actually using a product that infringes on a patent. NEVER EVER.

          You need to take a course or two in risk management. Getting paranoid about extrememly unlikely scenarios and changing your business practices to avoid unlikely events is just a "BadIdea"
    • Worse yet, though a project may have pedigreed and documented prior art that could easily convince a court to overturn a patent, the cost of such an action is out of reach for most developers -- and many companies.

      The flipside to this is that frivolous, non-innovative patents can be attacked without an infringment case - out of the blue - as restraint of trade, provided you have the cash to do so. If someone were to patent something obvious, let's say ordering a list of files by date, anyone can file a re

    • Re:So.... (Score:3, Interesting)

      I find this a very intriguing question although you might want to phrase it differently: whom to sue if a patent is infringed upon by the Linux kernel? In the cooperative development environment that is Linux, no-one really *owns* the kernel if I understand the GPL correctly. I think that is what has the microsofts of this world so worried - no single entity to attack and subdue. I would be most interested to see what a patent lawyer would come up with. I note that this issue is not mentioned in the article
      • Re:So.... (Score:4, Insightful)

        by Bruce Perens ( 3872 ) <bruce@perens.com> on Tuesday August 10, 2004 @02:45PM (#9932980) Homepage Journal
        You can sue anyone. Indeed, lawsuits are generally brought against a list of defendants and "John Does 1 through 1000", so that more defendants can be added later. So, suing all known kernel mailing list subscribers would not be impossible.

        Bruce

        • I am not exactly familiar with US patent law. In Holland where I live such a thing would be quite difficult. The problem here is that you either sue a natural person or a legal entity. Suing several natural persons from the kernel mailing list at once for an infringement made would be difficult at the very least because a) it would be difficult to reconstruct who is responsible for the patent infringement (of course you could track CVS or whatever to check who checked in what and when, but still) because ma
          • Re:So.... (Score:4, Informative)

            by Bruce Perens ( 3872 ) <bruce@perens.com> on Tuesday August 10, 2004 @05:23PM (#9934782) Homepage Journal
            Well, in the U.S. it isn't necessary to figure out who is responsible for the infringement before you decide who to sue, because the patent title says that use is one of the infringing acts you can sue for. This is why there is even a question that users can be sued, we would just love to have a court rule that they can't be.Bruce
    • Re:So.... (Score:5, Informative)

      by spacefrog ( 313816 ) on Tuesday August 10, 2004 @02:32PM (#9932823)
      • If somebody decides to sue Linux for copyright infringement, who defends it?
      IBM, Apparently. [com.com]
    • You can't sue a piece of software.
    • Linux is a piece of software. You can't sue a piece of software. You could sue a developer, a distributor, or an end user, and they would have to defend themselves.
  • I would still like to know if anyone's audited the source code for any of the proprietary OS's for patent violations.

    Seems Linux will be one of the safest kernels from a (patent point of view) to run, since it has had the most companies scouring it's source code looking for infringements.

    • by Anonymous Coward
      So what happens if you buy a proprietary OS that infringes on someone's patent. I can think of a few possibilities.
      1. If your license also includes indemnification or insurance, your vendor might pay you (but AFAIK, noone actually does this, do they).
      2. Your vendor might be prohibitied from selling their OS, leaving you out in the cold. (at list with Linux you could hire people to code around the infringing parts)
      3. You get sued and have to license the patent.

      Sounds like you're better off with Linux that

      • If I, an end user, license a proprietary OS and it is determined to have violated someone's patent, how could I be held responsible? In order to file a lawsuit against someone, there are 3 basic tenants that must be proven. First, you must prove that someone had a duty to do something or to ensure that something does not happen. Second, you must prove that the duty was breached. Third, you must prove that your injury or loss was a result of that breach. A lawsuit will be quickly thrown out if you cannot do
        • Thats my thought exactly. Maybe not as direct but it's there.

          A close reletive bought a car from a small used car lot and later it was found that the owners were buying junkers and then replacing the vin numbers from stollen cars or using stollen cars to fix the junkers. The police identified her car as one of them but couldn't take it away. In fact, they couldn't make her do anythign about compensating the original owners. They did however askher questions about when and why she bought it. Everythign was
    • First you would have to have the source code. I suppose it could be de-compiled? I don't know how that works. Are there laws against that? We are talking about Windows, here, right?
    • I agree whole-heartedly. I have said the same thing in different words before; all these companies are worried about the validity of linux, but should they be a hell of a lot MORE worried about these closed-source, proprietary bastards that, if caught with pants down, could sink your whole ship of a business? It seems to me open source implies "NOTHING TO HIDE" in blaring, obvious letters.

      Now that we know M$ is attempting to undermine linux by training themselves rather than spewing FUD, ... oh, wait; ther
      • In Microsoft's case, we know that they have offered to indemnify their customers regarding patent risk in their software. So, even if MS has something to hide, the customer is theoretically off of the hook. In practice, the customer is potentially in the position of having to sue Microsoft in order to get them to make good on their indemnity. Even the Federal Government doesn't have much luck at suing MS, so the customer can only hope that MS pays without a fight.

        Most other companies could not offer to pay their own indemnities, and many of them believe this is covered by their liability insurance when that may actually not be the case.

        So, I think it still turns out that code that is open for all to view is better.Bruce

    • Because of the way patent law works, if you don't intend to license every patent you find, and that's insane because most of them are not inventions, it is best not to look.

      Bruce

      • Yet it seems customers (perhaps Daimler/Chrysler, since they're now sensitive to the issue), would start demanding that proprietary software they buy gets audited for IP rights.

        I don't expect anyone (except the fringes in he open source community) to start auditing their own code out of the goodness of their hearts -- but now that AutoZone, Cognos/Timeline and friends have woken up to the fact that you can be sued merely for using inventions that infringe, I would think they would want assurances that sof

        • Yet it seems customers (perhaps Daimler/Chrysler, since they're now sensitive to the issue), would start demanding that proprietary software they buy gets audited for IP rights.

          They could demand this, but what they would get would be indemnification or insurance. Their motivation is to reduce their legal risk, so either of these would be acceptable.

          You really can never complete a patent search. Because of the vagueness of patent claims, it is difficult to say conclusively that a patent can't be asserted against a particular body of code.

          Bruce

    • Has anyone talked about the patent risks in Microsoft's code?

      I mean, Microsoft's customers were sued by Timeline after Microsoft shipped Timeline's IP in their SQL server.

      And then, there's the Eolas case - everyone using Internet Explorer could owe Eolas patent royalties... Think about that for a moment.

      With more than 50 million lines of code in the Windows 2000 kernel alone, why isn't anyone talking about Microsoft's patent liability? Do you think even Microsoft can audit every line for a paten

      • But, because of the open nature of the code, any infringements that do exist in the code would probably be moot, because the patent holders have not shown due diligence in protecting their patents

        You are talking about the Doctrine of Laches. Look it up on the web. Generally it takes a 6-year delay of prosecution, although it has been won for less and lost for more. It's not easy to win a laches case. You can lose your shirt while doing so.

        Bruce

  • by bollow (a) NoLockIn ( 785367 ) on Tuesday August 10, 2004 @02:01PM (#9932502) Homepage
    From the article

    Ravicher discovered that open-source-friendly companies (including IBM and HP) hold about 100 of those patents. Again, the likelihood that such a company would bring suit against someone using or distributing Linux is small, especially since those companies often distribute Linux themselves. (Legally, a company probably could, but it goes against the spirit of open source.)

    The assertion "legally, a company probably could" in the above statement is false. Even though it's primarily a copyright license, the GPL contains an implied patent license.

    • I think you're confusing the notion of having a valid case versus actually bringing a case. You don't have to have a good chance of winning to file a suit. You just have to be stupid, arrogant, or really unfriendly.

    • It's only a patent license for those who *distribute* the GPLed software. Linux is still vulnerable to patents owned by any company that does not release a distribution (and AFAIK, IBM does not.. but it would be stupid for them to try to enforce their patents, given their investment in Linux).
    • by killmenow ( 184444 ) on Tuesday August 10, 2004 @02:17PM (#9932690)
      Also, thanks to Groklaw [groklaw.net], I learned about this thing called Promissory Estoppel [lawzilla.com] that would pretty much stop them from bringing a patent suit at this point.
    • by Bruce Perens ( 3872 ) <bruce@perens.com> on Tuesday August 10, 2004 @02:39PM (#9932895) Homepage Journal
      To a great extent IBM has avoided distributing GPL software directly. We think this is because they don't like the patent terms of the GPL.

      Bruce

      • Huh?

        http://www10.software.ibm.com/developerworks/ope ns ource/linux390/linux-2.6.5-s390-06-april2004.shtml

        Click on the "Download" button and you have to agree to the GPL code.

        Section 7 on patents is there too.
        • What part of, "To a great extent" did you read as "In all cases"?
          • I didn't. I took the entire statment;

            >To a great extent IBM has avoided distributing GPL software directly.

            Did a 5 second search on google and came up with the link. Behold, a public link of IBM distributing software under the GPL.

            Don't think link is an interesting counterpoint, say why.
            Don't think that the link shows that IBM isn't scared of GPL or doesn't distribute under it, say why.

            Just don't insult me by trying to get into nit-picking issues, stick to the point.
            • To get the original sentence: To a great extent IBM has avoided distributing GPL software directly

              That basically means: IBM hasn't distributed a lot of GPL software directly.

              That also mean that have distributed some.

              So by providing ONE link, you just prove they did distribute some, and you are in agreement with the original statement. You didn't prove that they did a lot.

              Hence, your link is not a counterpoint, because the author didn't say that they did not distribute any GPL code.
              The fact that they ha
        • This is an interesting one. Reading section 7 of the GPL on gnu.org seems to indicate that having a patent issue on the code DOES NOT excuse you from the obligations under the GPL (namely distribution of source code). Indeed, what it does indicate is that you STILL have to fulfil the source obligations under the GPL to those who you distribute it to (and the permission propagates down the chain).

          But reading it carefully, it seems to indicate that you are not giving a carte blanche license TO THAT CODE.
  • by antikarma ( 804155 ) on Tuesday August 10, 2004 @02:01PM (#9932504)
    "The 283 patents that the kernel could infringe have all gone unchallenged so far."
    In other words- Sco doesn't know about them yet.
  • Linus and patents (Score:5, Informative)

    by blogtim ( 804206 ) on Tuesday August 10, 2004 @02:02PM (#9932515) Homepage
    Linux founder and leader Linus Torvalds has taken that approach. "Finding patent infringement has always been a responsibility of the patent holders," he said in a 2003 interview. "It is a fact that I do not encourage engineers to look up patent information
    Actually, I read an article in Wired maybe a year ago quoting Torvalds as saying that he personally avoids looking at patents because willful violation leads to triple damages. Better just to close your eyes and do whatever...
    • Actually, it IS the patent holder's job to find infringement. There are firms that do try to sniff out patentially patented material, but it's still hit or miss.

      All things being equal, you are better off (legally speaking) by simply doing what you intend to do. You can always license whatever the technology is later, even assuming the patent is valid and/or applicable in your situation.

    • By using the word "actually", you have implied that your statement contradicts the quoted statement.
    • by iabervon ( 1971 )
      I wouldn't be surprised if someone actually challenged the triple damages law on the basis that it makes it undesireable for inventors to look at patents, and therefore that the system violates the patent office's constitutional mandate. Of course, it would probably not be argued in front of the present Supreme Court, since they didn't seem to go for a similar argument in Eldred v. Ashcroft.
    • Linux doesn't look because it provides him with some protection...without willing intent concequences are less. Also, at the time linux was written, Software patents were not valid in Europe..so again he wasn't breaking ANY laws where he lived.

      The other reason for not looking is that he wouldn't learn anything anyway. Most software patents [except for IBMs] are so vague that viewing the patent would only cause you troble...because most don't have ACTUAL implementaion...just "works-like-this". What eve

      • Also, patents are invalid if the idea was published ANYWHERE prior to being patented.

        Nope. In US there's the 1 year time period after publishing during which one can file patent applications; obviously as long as applicant published the invention (built something that implements the invention).

        There really should be a Slashdot Patent FAQ; this same claim has been refuted a number of times.

        For purposes of Open Sourcing things this doesn't have much effect, except that the author can both Open Source

  • by grunt107 ( 739510 ) on Tuesday August 10, 2004 @02:02PM (#9932522)
    With the gloom of the patent infringement reports, the one bright spot is the Patent machines of IBM (and HP). It is doubtful that other major patent holders (MS) do not violate any of IBM/HP (and vice versa), so the threat of mutually assure destruction is the only seeming deterrent.

    Who are the commies in this scenario?
  • assuming software patents are enforced it seems "reasonable" (c.f. DMCA "effective security") that you can stop a company selling a product violating a patent. but can you possibly stop individuals writing their own code?

    so AFAIK software patents have the possibility of stopping the business end of linux, but can't fundamentally be a threat to its existence?
    • by OwnedByTwoCats ( 124103 ) on Tuesday August 10, 2004 @02:09PM (#9932611)
      It seems to me that an individual with ordinary skill in the art of developing software, coming up with a patented solution to a problem, poses as much a problem for the owner of a patent as it does for the individual developer.

      One of the requirements for granting a patent is that it describe an invention or process that is nonobvious to one skilled in the art...
    • True. We can write about a patented process to our heart's content. It's only when we render it in concrete form that it enters the realm of patent law.

      IOW, we would toss in a compile flag for "INCLUDE CODE COVERED BY CONTESTED PATENTS"

    • by maximilln ( 654768 ) on Tuesday August 10, 2004 @02:15PM (#9932667) Homepage Journal
      so AFAIK software patents have the possibility of stopping the business end of linux, but can't fundamentally be a threat to its existence?

      The fact that Linux users continue to use Linux, which is obviously an illegal rip off of proprietary systems, is analogous to those 12 year olds who continue to trade mp3s even after we explicitly told them that doing so was a felony. We will continue to implement hardware based DRM, we will deny a license for anything but the MS boot block, and we will continue to increase funding for the anti-piracy arm of the FBI so that we can raise multinational efforts to hunt down and prosecute, to the fullest extent of the law, anyone who continues to write this so-called "open source" software. We will use any and all available means, including invocation of the PATRIOT Act, to ensure that these hardened criminals do the maximum possible time behind bars as an example to our youth. We are continuing to lobby Congress for "three strikes and you're out" laws which make repeated "open source" violations a mandatory felony. The distribution of such "open source" code is also considered a felony. Distributing 1 kb of hardened binary code, based on open source, has a mandatory minimum of 5 years in prison and distributing more than 30 g of "open source" source code carries a mandatory minimum of 10 years in prison with up to a $50,000 fine.

      With your help, and the help of other concerned citizens like yourself, we will eradicate "open source" houses from our neighborhoods. We will hunt down "open source" dealers. We will prevent our children from using "open source" code. We have already implemented measures to make the distribution of "open source" code with 500 meters of a school an automatic felony, no matter what amount or who the distribution is to.

      'Nuff said...
    • Look at it this way.

      The court have found that IE is violating an EOLAS patent. Can EOLAS sue everybody who uses IE?
  • If the point is negledgable they could get a compotent opinion form a patent lawyer that says they think the patent is bogus. Then they are an unknowing offender and only have to pay royalties. There are no royalties with OSS. Problem solved. But then again, they can't even find a target. Linux isn't one face, its many, unassociated, different corporations and organizations. Sue this!
    • Did you read the article? Your post is full of inaccuracies.

      Defending against a patent lawsuit is expensive and time-consuming. Sure, the courts throw out around half of all contested patents, but that means they uphold around half of all contested patents.

      Unwitting infringement does not mean that the patent is bogus, it means that you can show reasonably well that you did not know that you reinvented something someone else had patented.

      Where did you come up with the idea that patent damages include

      • Sure, the courts throw out around half of all contested patents, but that means they uphold around half of all contested patents

        I suspect this is an incorrect deduction. If the courts throw out half of
        all contested patents, it does not follow that it upholds the other half.
        My uninformed opinion is that of the remaining 50%, some will be dropped,
        some will be settled, and the court will rule on the rest (either for or
        against the defendant).

        Can anyone find statistics about the 50% that aren't thrown out? It
  • Er, because I don't have enough to keep me awake at night as it is beyond the erroding IT job market in the US, the goofball in office, and natural disasters?
  • Uh... (Score:3, Insightful)

    by sjvn ( 11568 ) <sjvnNO@SPAMvna1.com> on Tuesday August 10, 2004 @02:17PM (#9932689) Homepage
    >I would still like to know if anyone's audited the source code for any of the proprietary OS's for patent violations.

    If they could be publicly audited for patent violations they'd be open-source, yes?

    Steven
  • The law is loaded. (Score:2, Insightful)

    by Skiron ( 735617 )
    Patents are given out willy-nilly as we know from 'M$ 3000 patents' a year pledge.

    Then to find a programmer 'unwittingly' coded something similar that treads on the patents' toes, it is beyond the financial means of the coder to say 'Hey, I done that 5 years ago!' in a court of law.

    The law is an ass.
  • The only real problem that anyone is going to run into is that there are only so many ways to derive four from integers. As such, there are only so many ways to do certain things in any language.

    I mean, if people who hold those patents REALLY want to be anal, I guess the linux dev guys could just develop those segments in asm.

  • by bani ( 467531 ) on Tuesday August 10, 2004 @02:46PM (#9933004)
    the rewards of 'enforcing' a patent against the linux kernel would have to outweigh the risks of being a permanent pariah.

    given the fact that so many patents are revoked upon challenge, the fact that many patents are trivially circumvented via minor changes, and the fact that attacking one company over a 'patent infringement' in kernel code is in effect attacking millions of end users worldwide, the risk is extremely high and the rewards extremely low.

    to me it seems rather unlikely any company would attempt this, unless they have nothing to lose (eg SCO).
  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Tuesday August 10, 2004 @03:12PM (#9933354)
    Comment removed based on user account deletion
    • by flossie ( 135232 ) on Tuesday August 10, 2004 @03:42PM (#9933751) Homepage
      Couldn't this be a sign that attacking Linux on patents might therefore simply not be worth it based on the money & time that would be involved?

      Unfortunately, I think it is more likely that this is a sign that companies like Microsoft don't want to attack the competition with patents until they have succeeded in getting US-style patent law in force around the world.

      At the moment, it is very difficult to convince politicians how harmful software patents can be because most of the damage is theoretical. If Microsoft were to start suffocating Linux with patent threats prematurely, it would be much harder for them to get software patents introduced in Europe and Asia, thus reducing the effectiveness of their eventual attack.

      • Because he is probably right. The reason we haven't seen patent action by Microsoft _yet_ is because they aren't ready to strike a killing blow. But they will be, soon enough...
    • "The Open Group" holds the UNIX name, not SCO. SCO owns some UNIX code (System V) but does not own the UNIX name.

      SCO could potentially have patents on some of their filesystem stuff, just as Microsoft has patents on certain parts of FAT. FAT's patent was granted in 1996, but there are at least three instances of prior art that have come up that seriously put the patent into question. Before Microsoft's recent attempts, they have never demanded any license over the use of FAT. On the other hand, it's ve
  • by Anonymous Coward
    Though many developers prefer to ignore patents, the current laws (at least in the U.S.) provide minimal legal defense for unwitting infringements. Worse yet, though a project may have pedigreed and documented prior art that could easily convince a court to overturn a patent, the cost of such an action is out of reach for most developers -- and many companies.

    Microsoft knows this. It is why they are filing 10 patents a day (reported on Slashdot before - you look it up). They have, rather correctly in my o
  • The more patent heavy corporations that have vested interest in FOSS, the better. This way, if a FOSS unfriendly company decides to launch a patent attack that would be damaging to the bottom line of FOSS friendly companies (IBM, HP, Novell) then it is all the more likely that the attacker will be found in violation of somebody else's patents. We have a MAD (Mutually Assured Destruction) scenario, and the attacker will be forced to back down. Aside from a FOSS patent fund, the best defence is to have as many patent heavy corporate friends with a vested interest in the success of FOSS as possible.
    • This is the wrong way to look at it IMHO. We need to plan for what WE are going to do WHEN ms starts suing people.

      We need to organize now so we can start boycotting MS products and services, protesting at MS locations, programming our servers to reject traffic from MS, and fighting their FUD with counter FUD (yes FUD we have to fight fire with fire), filing countersuits or what have you.

      Plans need to be made, people need to get organized. Would a daily protest in redmond work? Would countersuits by indi
  • by russotto ( 537200 ) on Tuesday August 10, 2004 @06:37PM (#9935285) Journal
    ...for the patent issue: Open Source's usual strength is its weakness here. Since anyone can look at the source, anyone -- including hostile IP companies -- can fairly easily find infringing code. With a proprietary OS, the patent-holder first has to reverse-engineer the code to find the infringement. Which isn't so easy.

    As for the claim above that no one has sued an end user: nonsense, of course. SCO has, for one. And one company was even successfully sued for a program which did not embody or use a patented process or device, but simply wrote one bit of data that, when inserted into another device, would cause it to execute the patented process in a manner violating the license granted to the manufacturer of the second device.

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...