Why? & Re: Will we be sued?

[Nathan Kelley]

To OSI License Discussion subscribers,

>>>> From: Jan Dockx <Jan_Dockx at peopleware.be>,
>>> From: David Presotto <presotto at closedmind.org>,
>> From: Jan Dockx <Jan_Dockx at peopleware.be>,
> From: Lawrence E. Rosen <lrosen at rosenlaw.com>,

>>>> Are we really afraid that we will be sued for damages by something 
>>>> we give away for free (as in free beer)?
>>>
>>> The recipient may not have gotten your code for free.  Anyone can 
>>> redistribute for money as part of something they build or just with 
>>> better packaging and/or support.  The original contributors can and 
>>> will be sued for anything that goes wrong; its the american way.
>>
>> If you say so. I understand that for the patent infringement, but for 
>> damages, I think it is weird. I would expect the party that made 
>> money of it to get sued, and possibly convicted, but not the original 
>> authors that put the thing in the public domain.

This is not as clear-cut as it looks.

Example 1: You create a program and release it licensed under an 
OSI-approved license. A third party then takes the program and sells it 
as allowed under the license. A large corporation adopts the program 
and uses it widely, but suffers damage to its business due to a bug in 
the program code, which when tracked is code entirely written by you. 
For all intents and purposes, the program has been configured and 
operated correctly by the large corporation. You were not a party to 
the sale of the program by the third party.

Example 2: You create a program and release it licensed under an 
OSI-approved license. A third party then takes the program, makes some 
changes (effectively creating a derivative work) and sells it as 
allowed under the license. A large corporation adopts the program and 
uses it widely, but suffers damage to its business due to a bug in the 
program code, which when tracked is code entirely written by you. For 
all intents and purposes, the program has been configured and operated 
correctly by the large corporation. You were not a party to the sale of 
the program by the third party.

Example 3: You create a program and release it licensed under an 
OSI-approved license. A third party then takes the program, makes some 
changes (effectively creating a derivative work) and sells it as 
allowed under the license. A large corporation adopts the program and 
uses it widely, but suffers damage to its business due to a bug in the 
program code, which when tracked is code that has been added by the 
third party or original code of yours subsequently modified by the 
third party. For all intents and purposes, the program has been 
configured and operated correctly by the large corporation. You were 
not a party to the sale of the program by the third party.

In each of the above examples, the fact that the large corporation in 
question has suffered damage from the use of the program is why they 
are suing, rather than because they paid for it. The code that was 
written is deemed to be the actions taken that caused the damage if the 
code turns out to be incorrect, or worse malicious.

For each example, who would you expect the large corporation to sue? 
What arguments would you expect them to present? How would you respond 
or expect the third party to respond? And what would you expect the 
likely outcome to be? This can be a very grey area indeed.

(Editorial Note: I know these aren't the best examples, but they 
illustrate the point).

Most all of the OSI-approved licenses help add weight to your response, 
as the author of the software, through disclaimers forming part of the 
license body. Nothing can prevent you from being sued or taken to 
court, but the terms of the license mean all the difference between a 
judgment in your favour and a judgment in the plaintiff's favour.

>> 1)
>> a) Do I understand it correctly that you _believe_ that you can be 
>> sued for damages if code that is distributed for free _fails_, at 
>> least in the States? And that a disclaimer as it is presented with 
>> most Open Source licenses makes this threat go away?

You can be sued for just about anything. Whether the action is 
successful or not is the matter in question, and how likely it is to 
succeed or not *and* get the result that the plaintiff's want is 
another matter entirely. A license can't make the 'threat' go away, but 
it can make it more trouble than its' worth unless the plaintiff is 
really serious.

>> 2) An important aspect of the disclaimer seems to be a protection 
>> against possible patent infringement. As a single developer we are 
>> not able to do extensive patent research, we publish the code, and if 
>> anybody later claims that we broke a patent, we want to be protected.
>> a) Do I understand it correctly that you _believe_ that a disclaimer 
>> in this respect makes this threat go away?

See above.

>> b) If so, how? People are using software, which they found on the 
>> net, which they use in good trust, often without them being in a 
>> position to read source code or do the extensive patent research 
>> themselves. But the software is being used, so the damage to the 
>> patent owner is real. And we are not going to pay for it because of 
>> the disclaimer.
>> i) Do we believe that ignorant end users will be condemned in to 
>> paying royalties retroactively?
>> ii) Do we believe that an organisation like the Apache Software 
>> Foundation, Red Hat, IBM, Apple, Lucent is indemnified by such a 
>> clause (either as original authors, or as distributors)?
>> iii) If not so, and if so, who's paying the bill? Or have we 
>> constructed a giant ripp-off here that indeed is able to kill of 
>> software patents? (Luckily, we do not have such idiocy in Europe 
>> :-P).

I am in no way an authority on these points, and will leave others on 
the list to answer them. I would be interested to know, however. But 
keep in mind that all answers here are voluntary.

>> Actually, that would mean that also research papers on physics or 
>> medicin or pharmaceuticals need a disclaimer. If the researcher made 
>> a mistake, or even if some third party misused the paper, the 
>> researcher can get sued.

Yes, that's entirely possible. And has almost certainly happened in the 
past.

> Your email highlights the irrational fears that some in the open 
> source community have about being sued.  If we exclude those who 
> haven't got enough money to be worth suing over intellectual property 
> infringement, and exclude those who stop doing infringing things when 
> they are made aware of accidental infringement, there are only a few 
> deep-pocket defendants left.

I don't know how it works in the U.S., but here personal liability is 
not limited to capital. If that is also true in the U.S., then 'small 
guy' developers that form a large portion of the open-source community 
could still be attractive targets if they have high-value assets such 
as houses, cars, computers, and home entertainment equipment.

> Of course we disclaim most warranties and liability in our licenses.  
> Why
> should we willingly accept potential liability when we give our 
> software
> away for free?  Despite what our licenses say, however, we are subject 
> to
> local laws relating to gross negligence and fraud.  As a matter of 
> public
> policy in many civilized jurisdictions, we can't recklessly distribute
> damaging software to consumers and expect to get away with it.
>
> So we should treat free software businesses as real businesses.  Behave
> professionally and ethically in all our intellectual property 
> transactions.
> The chances of being sued when we do that are slim to none.  But it is 
> wise
> to put some money into your bank account just in case you need to hire 
> a
> lawyer to answer all your questions.

All good advice, Larry :-)

Cheers, Nathan.

--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3