Public domain software is not open-source?

[Philippe Verdy]

Romain Berrendonner [mailto:romain at berrendonner.org] 
> I'm sorry, but did you ever read about liability for 
> defective products, as implemented by article 1386-1 and 
> following of the French civil code,
>   resulting from a European directive of the 25th of July 1985 ?
> 
> Art. 1386-9 (translation courtesy of www.legifrance.gouv.fr):
> 
>         "The plaintiff is required to prove the damage, the 
> defect and the causal relationship between defect and damage."

This cannot be done by the consumer for the damages that the use of an
invalid licence could make. Especially if there's no proof of the identity
of the abusive licensor. So we are left to check the validity of the licence
before accepting it, but without any way to perform this check for the same
reason.

This article speaks about what will happen after damages have occured, i.e.
too late after the licence has been already accepted in the past. But such
acceptation of the licence may have been favored by unlawfully presenting
false conditions of execution of the licene, notably by not explicitating
clearly which exclusive rights where granted for use under coverage by the
licence.

When damages will occur later, after we have accepted the licence, we will
be left alone with the consequences of this failure. Notably because most
open licences are not even signed by the licensor itself, as they were
written by others that have the full separate copyright on the licence text.

An open licence can only be acceptable if it comes only as a complement to
another document or statement asserting who is the licensor, and what he is
licensing under the terms of the licence. The licence itself provides
nothing by itself and does not automatically cover any software coming along
with it:

Magazines are regularly published with CDROMs full of open-source software
plus proprietary content plus sharewares from third parties. They are
deliivered on the same support, the magazine guarantees the support itself
for a limited time, but not the software, the magazines sully restricts the
exclusive content of the CDROM, but does not put it under the same terms as
the rest of the accompanying sharewares, trailwares or commercial products
that may be bundled on the CDROM along with open-sourcve or free programs.
All these softwares are coming with their own licences. All this is
packaged, but there's a copyright notice statement for each software that
comes with the licence and other required written offers.

Without these copyright notices, it would be impossible to determine what is
covered by each licence,and all these licences would clearly conflict. The
copyright notice, or statement of ownerships, or "legal" document that comes
along with the software is there to describe what is covered (i.e. the
product name, its summary description, and other distinctive elements needed
to identify it) and who owns the rights. This is the prior condition before
granting a licence on these products.

But if I see invalid statements like "Copyright (c)2008 Example.com" where
Example.com is just a domain name and not a registered company or
organization that can be located in some country, there's no identity.

This absence of valid statement is most often used by crapwares that are
full of ilegal content or abusive spywares, spamwares, or abusing the
licenses owned by others, or not respecting the terms of open source or free
licences (forgetting to provide the required access to source, and
forgetting to give the list of authors...). These pseudo-company names are
disappearing the same year after they are created, and left in the fog of
old unused domain names (that will be immediately taken by large
cybersquatter as soon as the domain name becomes unreserved, i.e. 3 months
after the end of reservation).

There's little that can be done, because domain names were registered under
invalid identities, stolen in one country for use to host a website in a
different country, and targetting "customers" in another. Or you'll find a
complex agglomerate of rogue companies created specifically for a limited
period and disappearing the next year, without having ever been physically
localted somewhere where their responsible would be held liable for their
past abuse. And this is just for the best case.

I've seen also other cases where the company names did not even exist
anywhere, the addresses never existed in the indicated city, phone numbers
were going to nowhere (or were not paid and were cancelled). That's why we
need the way to verify the identities: if this identity is unverifiable, the
ownership of exclusive rights being licenced is also unverifiable, and the
licence is suspect if not compeltely invalid and inapplicable to the
product.

Suppose I take a copy of Microsoft Word but find a way to remove all
copyright statements, change the product name into "OpenBureau Word" and
display no copyright statement or just write "Copyright (c)2008
Openbureau.com" if I've been able to reserve the domain "openbureau.com"
(just an invented example, not existing now I think, but may appear at any
time) paying the domain registration for just one year and then leaving the
domain go until it disappears and gets taken by cybersquatters one year
later. I won't reveal my name, I will just process some payments from a
temporary bank account open in a country where I don't live and with which
my country has no official financial collaboration for allowing
investigations (suppose this is in a bank office in Tuvalu): this domain
will be associated with a company "officially" located in Tuvalu, having its
domain name in "openbureau.tv"...

There are lots of rogue pseudo-"companies" like this everywhere. They are
disguised and operate many pseudo office and consistently refuse to give any
immediately verifiable proof of their physical existence; they use
unverifiable identities. And then they are trying to do every thing without
even giving details about who they are: this works because too many people
around the world forget to require the identity of other people with which
they are contracting: they just accept some money for one time and provide a
limited service in exchange but others don't know really that the
contractants are in a very weak position.

We do need verifiable identities, which are not virtual and existing onyl
within virtual computer databases: if they are companies, the names and
address of residence of their directors must be known. A licence granted by
anonymous people is clearly invalid. A licence not describing which product
is covered is also equally invalid (or more exactly equivalent to the total
absence of any licence).

Nothing replaces a signed statement of ownership (the simplest form being
the short copyright notice, but this notice must respect some minimal terms
notably the year of publication and the official name of the owner at the
time of this publication, or the name of one of its official successors
registered later; this statement must also include the product name and a
summary description, unless this is is already part of the product itself,
i.e. the covered product is a document containing the statement).

There are some normative conditions for making such statement valid, and
this is best guaranteed by adopting some conventionally used forms and
placing the statement in specific locations: either in its introductionary
page, at the begining, or at end of the document. When there's a specific
section in the document containing information about the editor, publisher,
authors, and so on, this is also a good place to include this copyright
notice. Other possible place is a signed letter coming with the package, or
a sale contract, or written on the packaging.
In France, all publications (including on the web or on vocal phone
services) require such indication termed "informations éditeur", including
toll-free services.

The publisher is held responsible for verifying the source of ownership of
the content they are publishing, he cannot accept things without known or
identifiable authors (unless it accepts the risk of becoming itself liable
for all damages resulting from the illegal publication, or this publication
is legal in the country of the publisher when it is not in the country of
the author). I think this will also apply easily in almost all countries.

Most OSS licences are flawed here: they don't require the copyright notice
(or statement of ownership). That's not the case of free licences (GPL and
similar) that absolutely require it.

Most recently created "public domain" software are also flawed with the same
reason, because they fail to provide a verifiable proof of identity of the
licensor. In fact there are still copyrighted and protected under national
and international author's right.

True public domain is dated and signed, or its exclusive rights are proven
to have been exhausted in time by law that cancelled all exclusive rights.
Such public domain does not require any licence from anyone. If there's a
licence it's void.

The "public domain" used for recent creation is generally coming from
governmental works when the government feels it would be the interest of
everyone to be able to use the content without prior agreement or
contractual condition (the conditions still exist, but not within licences
or contracts, but in the national law that created and regualted the public
domain; as this law is not necessarily applicable elsewhere, this public
domain is not necessarily valid in other countries as this universal
condition of free use applies only for the use in that country). So the
"public domain" created by some US agency is not necessarily public domain
elsewhere: you may need to get a licence from a US governement agency to use
the content elsewhere. Public domain is, at best, protected and guaranteed
only at the national level, and under national law.

If you are not the government, it will be hard for you to create a law
protecting your work for use in the public domain in your country; it will
be even harder to make this public domain enforceable internationally (the
Berne convetion is very, very fuzzy here), and countries can pass laws that
will limit the reuse later (this happened in both Russia and USA with
retroactive effects when laws decided to extend the time of validity of
exclusive owners rights, including for contents that has already fallen in
the public domain: the public domain remains valid only for governemental
use, but others suddenly became liable of copyright abuse). The "public
domain" is a very bad way to protect recent creations and make it available
and usable by the public, if you're not a national government with
legislative power.

The public domain will be useful however to avoid the persistence of
licences to usr old creations that are in general use (because all licences
required on contents with general public interest, need and use, is a
situation of monopole, and long term monopoles are clearly abusive if they
are not owned by the government and regulated by law under contant scrutiny
by elected assemblies that may adapt their condition of existence). But this
is another class of public domain, and it is more universal and exists in
all countries, as we all depend on this class of content for our whole life
as it covers universal things like our language, the basic right to
education, the work traditions...