Buying protection
- Article 3 of 16
- LinuxUser & Developer, June 2004
In the wake of SCO's legal action, a variety of indemnification and insurance schemes have sprung up. But are they worth the investment?
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
Imagine being bankrupted and put out of business. It’s a terrifying thought for many companies. As well as simply the fear of failure and the humiliation, there’s the little matter of all those hundreds or thousands of hard-working employees forced into unemployment through no fault of their own. But how much worse to be bankrupted not for anything you’ve done wrong or because of some Act of God, but because of something you bought in total innocence from a perfectly reputable company?
SCO – the name is enough to trigger both nausea and venom in equal amount from even the most civilised GNU/Linux user – has raised such a fear in the minds of companies around the world. The self-proclaimed “owner of the Unix operating system” has an ever-changing ongoing lawsuit against systems giant IBM. Originally, that rested on one main allegation: parts of the Linux kernel contain Unix code that IBM illegally gave to the open source community. If IBM had been the only target of SCO’s suit, few people would have been worried. But SCO argues that since the binary version of its code is inside practically every Linux kernel installed on computers worldwide, Linux users are using stolen property and should pay SCO a licence fee for every machine on which they’ve installed the kernel – and they’ll sue anyone who refuses.
To hammer the point home, SCO sent letters to over 1,500 corporate Linux users and filed lawsuits in the US against car manufacturer DaimlerChrysler and car parts specialist AutoZone. Now, even though SCO no longer alleges that IBM transferred code into the Linux kernel, it is continuing with its suits against DaimlerChrysler and AutoZone, maintaining that someone did. And they’re just the beginning.
“Lots of companies are taking a kind of ‘wait and see’ approach because the perception in the market is that if the IBM case is settled, then there’s still time to discuss,” says Gregory Blepp, vice president of SCOSource. “We are taking the firm position of saying the IBM case and the customer-usage of Linux are two completely different cases The problem with IBM is a breach of contact; but we have contacted customers, saying they are using software that uses our intellectual property. We have contacted 1,500 customers globally, formally stating we have a problem with the software which is being used out there in the market and requesting compliance with our intellectual property rights.” SCO is offering the lucky recipients of their letters the chance to settle by buying a licence for each server or desktop equipped with a Linux kernel or they “may need to see us in court”, says Blepp.
Naturally, this is frightening some bigger organisations and companies away from deployments based around GNU/Linux. Forrester, an independent technology research company, polled 36 North American companies in May this year to see how the SCO suit was affecting their views of GNU/Linux. Thirteen of those companies said they were concerned about the legal questions surrounding GNU/Linux (including the SCO/IBM suit), with those not using GNU/Linux slightly more concerned than those that do.
This, of course, worries those groups that would like to see GNU/Linux and open source software adopted in the enterprise. They’ve been looking at ways to end the fear, uncertainty and doubt caused by SCO and the most common solution so far chosen is indemnification. And if that just happens to give them a chance to get ahead of the others in the market, all the better for them.
On paper, indemnification is similar to insurance; it differs mainly in terms of who can provide it (not just insurance companies, which need to abide by certain financial reporting restrictions and so on). A software indemnity will typically say that if the user is sued by a company for some kind of intellectual property problem, the indemnifier will cover some or all of the costs. But like many insurance policies, the devil is in the details.
For instance, indemnities can stipulate that the GNU/Linux distribution has to be running on a specific vendor’s hardware; it has to have been bought from a specific company; the indemnifier has to have audited your code or you must not have changed it in any way; you have to have spent a certain amount of money with the company or taken out support and maintenance contracts with it; only certain kinds of lawsuits might be covered; you might have to agree to hand over your legal defence to the indemnifier; you might have to change your working practices; there may be an upper limit on how much the indemnifier is willing to pay out or which parts of your total costs are covered (is it just your legal defence or does it include expenses or damages if you lose the case?); or the indemnifier may only offer to replace “bad” code with new code.
Currently, there are few companies offering indemnification of customers of GNU/Linux, although indemnification is more common in the closed source/proprietary world.
“If you look at things like consumer software, they’re likely to provide limited or no indemnity,” says John Salmon, a partner at law firm Masons. “With more specialist software to a more limited market which is expensive, some would expect some further indemnity.”
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages