Buying protection
- Article 3 of 16
- LinuxUser & Developer, June 2004
In the wake of SCO's legal action, a variety of indemnification and insurance schemes have sprung up. But are they worth the investment?
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages
“When you pay to use someone’s software, you want to be sure you’re entitled to use this thing – that it’s not ripped off from some third party. You’re paying for the right to use this, so you want to make sure it’s a valid right,” adds Simon Halberstam, a partner at Sprecher Grier Halberstam. “When I advise my clients, I advise them to demand an intellectual property indemnity. I’d find it very difficult to advise clients to go through with a contract if they didn’t get that comfort. With open source, it’s a different environment though; although it would be desirable to get an indemnity, it’s understandable if I don’t get it because I’m getting such a good deal anyway: it’s unreasonable to expect the owner to take on liability for that as well.”
However, closed-source indemnities are not as ubiquitous as might be thought, even in the enterprise software world. HP, for instance, while it does offer an indemnity policy for end-users running Red Hat and SuSE Linux users on its hardware, doesn’t offer an indemnification on its other products. “Our indemnity programme is basically targeted at an issue in the market [the SCO lawsuit],” explains HP’s worldwide Linux marketing director Efrain Rovira. “It’s very specific as to the need: I can’t recall any time we’ve needed to do this in the past.”
Notably, open source champion IBM is an indemnification-free company. It refuses point-black to indemnify its GNU/Linux-using customers, arguing that: it would be impossible to put in place a sensible indemnification policy that is in keeping with the spirit of open source; since no single company provides it, users understand that there are no warranties or indemnities that come with Linux; and even that since the claims that have been alleged by SCO against IBM “have no basis”, no indemnification is needed.
The company has received a lot of abuse for this failure to indemnify. “IBM is being hypocritical,” accuses Sun president and chief operating officer Jonathan Schwartz. “If the issue is a non-issue, why don’t they indemnify their customers? And if they don’t need to indemnify, why do you have the world’s largest patent litigation team inside IBM suing the bejesus out of the entire industry?”
IBM is at least consistent, since none of its open source code is indemnified, including its highly popular WebSphere application server, and neither is AIX, its closed-source Unix operating system. And IBM doesn’t have its own GNU/Linux distribution and doesn’t install it onto servers or desktops: it relies on third-parties or end users to add the operating system to its hardware, so can happily argue it shouldn’t have to indemnify a product it doesn’t actually sell.
IBM also raises another major issue that other companies have had to grapple with: it didn’t develop Linux by itself and doesn’t know for sure where all the code comes from – how can it take the risk of indemnifying its customers against possible copyright infringement when it doesn’t know for sure there isn’t some other company’s code illegally embedded in Linux?
For companies such as Novell, it’s a balance of risks. Novell automatically indemnifies users of all its closed source software since, “We developed it, we have control over it, we know the engineers who developed it and we have the engineers with appropriate agreements that transfer the intellectual property rights to Novell,” says Nitin Maru, vice president of legal affairs for Novell EMEA. But its open source indemnification is comparatively limited in scope. “On the open source side, you never know: the risks are greater. What we’ve taken is a calm and measured approach, balanced against the risk to Novell and the duties we have to our shareholders against our duties to the open source community and what is needed out there to push open source further and further into the enterprise.”
This lack of control over open source developments and the possibility that more companies may try to repeat SCO’s stock-price-raising lawsuit – one with perhaps greater chances of success or maybe even a stronger case – means that Novell is one of the few companies that have been willing to go out on a limb and indemnify customers of an open source product against any copyright suit that might emerge. And it thinks it has a competitive advantage in doing so.
“I strongly believe it has given us an advantage,” maintains Maru. “It’s been proven in several customer situations. I’ve had emails from two or three customers looking at different distributions, and while there were other areas that interested them, a key differentiator was the fact they would get indemnity from Novell.”
Other companies agree that indemnification is definitely proving attractive to some customers. JBoss’s European general manager Sacha Labourey says that companies are interested in talking with the firm because of the indemnification it now offers on its open source application server. “We had some different opinions inside the company at some point, but now the result is clear. Large companies do care about indemnification.” HP’s Rovira says his company’s policy is “of great value and a leading differentiator for our sales people,” while Forrester’s survey of North American companies showed that 27% of them would be interested in an indemnification programme.
Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages