[License-discuss] Protection of Academic Medical Center Patent Portfolio via MGBopensource Proposed License

Pamela Chestek pamela at chesteklegal.com
Sun Nov 24 19:08:33 UTC 2024


Comment below.

Pamela S. Chestek
(in my personal capacity)
Chestek Legal
4641 Post St.
Unit 4316
El Dorado Hills, CA 95762
+1 919-800-8033
pamela at chesteklegal
www.chesteklegal.com


On 11/21/2024 3:45 AM, Lukas Atkinson wrote:
>
> I fail to understand how this MGB license is supposed to be more 
> patent-friendly than Apache-2.0. I'm not a legal professional, but 
> licenses would ideally be both legally sound /and/ comprehensible by 
> lay people.
>
> The relevant clauses of Apache-2.0 are:
>
>     each Contributor hereby grants to You a … patent license to make,
>     have made, use, offer to sell, sell, import, and otherwise
>     transfer the Work, where such license applies only to those patent
>     claims licensable by such Contributor that are necessarily
>     infringed by their Contribution(s) alone or by combination of
>     their Contribution(s) with the Work to which such Contribution(s)
>     was submitted.
>
>
> The corresponding parts of this MGB license:
>
>     each Contributor hereby grants to You a … license to use,
>     reproduce, prepare Derivative Works of, publicly display, publicly
>     perform, sublicense, and to distribute the Work, and Derivative
>     Works …
>     This License does not include any express or implied license to
>     any [patent] that is not necessary to exploit the rights granted
>     in Section 2.
>
>
> You explain as the rationale:
>
>     The thought is, if its necessary to exploit the patent rights to
>     use the licensed works, Licensees possess the rights,  but this is
>     a more appropriate standard than “if it infringes on a patent, you
>     have rights to that patent.”
>
>
> But these two approaches largely seem to end up with the exact same 
> rights being licensed.
>
> * Apache: for those patents that are necessary for this Contribution, 
> Contributor grants a patent license to use.
> * MGB: Contributor grants a right to use, including any implied patent 
> licenses necessary for that use.
>
> It seems that the word "infringed" in the Apache license is causing 
> some unease, but both approaches seem to license the same rights: 
> those patents that would be infringed by use of the contribution, were 
> it not for this license.*What would be an example scenario where there 
> is a difference*, where the Apache-2.0 would grant a patent license 
> beyond what is necessary to use the Work?

I second this comment. "A nonexclusive patent license is simply a 
promise not to sue for infringement." /U.S. Philips Corp. v. Int'l Trade 
Comm'n/, 424 F.3d 1179, 1189. Procedurally, if one is accused of 
infringement, the accused has an affirmative defense than their 
infringement is excused by permission given by the rights holder. 
/Carborundum Co. v. Molten Metal Equip. Innovations, Inc./, 72 F.3d 872, 
878 ("As the alleged infringer, MMEI had the burden of establishing the 
existence of an implied license as an affirmative defense.") So a 
nonexclusive license is only a description of what the licensor will 
allow others to do that would otherwise infringe the patent, with the 
burden on the licensee to prove the existence and scope of the license.

The Apache license grants a license to patent claims that are 
"necessarily infringed" and the MGB license grants a license to whatever 
is "necessary to exploit" the patent claim. Apache defines the grant by 
referring to the result (necessarily infringed) and the MGB license 
describes it in forward-looking terms (necessary to exploit). But I 
don't see any legal difference between the two, since, no matter how 
it's phrased, the scope is the same - the extent of the infringement the 
licensor will tolerate. So I also would like to see an example where the 
scope of the grant between Apache and MGB is different.

>
> Another difference is the absence of an explicit license to "sell" or 
> "import" the Work. If this is an Open Source license then those would 
> be allowed, so for the avoidance of doubt it could be worth keeping 
> those two verbs.
Indeed, by taking the word "Copyright" out of Section 2 but not 
otherwise amending it to add the patent terms of art you may have failed 
to grant a license to sell and import.

<snip>

> * I feel uneasy about the combination of the somewhat implicit patent 
> license in sections 2+3 in connection with section 8 "no implied 
> rights". Someone might interpret this as explicitly withholding any 
> patent license, in which case the license would fail to provide 
> Software Freedom.
I agree these are directly contradictory.
>
> * I understand the intention of section 7 "personal information", but 
> find it confusing. Some data is said to be part of the Work, but then 
> gets a separate usage license. It uses the term "protected health 
> information" without defining it. The definition of "personal 
> information" would seem to include some attribution notices per 
> section 5, then requiring their removal. Section 7 also includes a 
> requirement to "inform Licensor", which might go against the 
> traditional "desert island test" for Software Freedom.
I think Section 7 makes the license non-free. In particular:

> The Work may include data, graphs, and models, and if so You may use 
> and modify the data, graphs, andmodels.
>
That's fine, albeit perhaps unnecessary to state.
>
> However, You have no license to any protected health information 
> (PHI), or other personal information collected by or included by 
> Licensor, whether or not de-identified or aggregated.
>
So parts of the software are not covered by the license and therefore 
non-free.
>
> Licensor has no obligation under this License to provide any such 
> personal information, or to validate any data generated by the use of 
> the Work.
>
For what it's worth this is fine, but it's unnecessary. What else in the 
license would suggest that there /is/ a duty to provide it? I suppose 
you could have non-functional software if it's been removed? But I don't 
think there is any duty to provide /working /software under an open 
source license.
>
> For purposes of this License “personal information” means any 
> information relating to an identified or identifiable natural person, 
> including PHI.
>
This statement probably belongs in the definitions, since you have 
followed the convention of having a section of definitions. And it's 
quite unrefined as a definition, reading more as an afterthought. As 
Lukas pointed out, this includes the authors names in notices.
>
> Licensor has attempted to delete all copies of such personal 
> information in the data, and will undertake to ensure that the Work 
> does not contain any data with personal information. If despite 
> Licensor’s efforts in this regard, You identify any personal 
> information in the data, You agree not to use such personal 
> information and to promptly delete all copies of such personal 
> information in Your possession, use or control, and to inform Licensor 
> promptly of the foregoing so that it can remove such personal data 
> from future transmissions of the Work.
>
I understand the impulse here, but I don't agree with it. First off, 
you're shifting the burden for compliance from you to the user, but you 
are in the better position to know whether or not there is personal 
information. Further, the benefit of open source licenses is that they 
are frictionless. Now, you are telling the downstream user that they 
cannot use the software with the knowledge that all the rights necessary 
to use the software have been granted, instead telling them that there 
might or might not be something in the software that they are not free 
to use, which they have to go find. I believe that the possibility that 
there are portions of the software that are not available under the 
license is also a violation of open source principles generally.

Moreover, obligations imposed by law and those imposed by the license 
are separate and distinct and we frown on efforts to import obligations 
imposed by law into the license. All users are obliged to comply with 
the law that applies to them, whether or not a license says so, so there 
is no need to duplicate the duty in the license. It also imposes 
obligations arising in one jurisdiction on others who might not 
otherwise have them in their jurisdiction, a violation of OSD6 
(discrimination based on geographic locale).

In addition:

What does Section 4(d) do - how it is different from 4(c), other than to 
state it in the inverse?

What is Section 5(d) meant to say and do? Are you suggesting that those 
who don't contribute code, but conducted a scientific experiment, can be 
listed as authors of the work? The attribution list is generally 
understood to be those who have made copyrightable contributions to the 
source code file. This is useful information to have if one needs to 
contact all the authors for a license change, although it is being 
replaced by version control information. But by adding people who are 
not copyright authors you are adding noise to the intended use of the 
Notice file. Throwing non-authors into the mix might also invite those 
who don't actually have any rights to bring claims premised on the 
theory that they do because their name is listed.



>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Official statements by the Open Source Initiative will be sent from an opensource.org email address.
>
> License-discuss mailing list
> License-discuss at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20241124/94cf0ae0/attachment-0001.htm>


More information about the License-discuss mailing list