Buying protection

• Article 3 of 16
• LinuxUser & Developer, June 2004
• View a PDF of the original article ~ 1.1MB

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

But how much of this is marketing hype, cashing in on the fears of end-users that SCO has raised? Does anyone really need an indemnification policy or is it just a tool to get companies to buy from one vendor rather than another?

Certainly, UK users appear to have little to fear at the moment. “Check your licence agreement and see what it covers, but as far as the UK user in concerned, sit and wait and see what happens,” advises Masons’ Salmon. “There’s no certainty SCO will win the case and there’s no certainty there’ll be any case at all in the UK or they’ll try anything in the UK.” That’s not to say people shouldn’t be commercially sensible, he adds: “When buying any software, whether open source or not, you’ve got to look at what the licence agreement is and see what protection it provides.” And developers using open source software should look to their existing professional indemnity (PI) policies. “A lot of developers will have their own PI policy that will cover all of this: most will have an insurance policy for infringing copyright.”

Bruce Perens, a long-time open source developer, co-founder of the Open Source Initiative and a member of the OSRM board of directors, says that vendor-provided indemnification policies aren’t for everyone. “Pretty much every business of a certain size has a liability policy. They know they will be liable in some way, from time to time, so insure themselves against those risks.” He also points out that an indemnification policy might not be ensure the end-user isn’t out of pocket from lawsuits. “I surmise that a lot of the companies that claim to offer indemnities would go bankrupt if forced to pay those claims. Most of them do not have an insurance policy that covers their payment of those claims.”

Nevertheless, with insurance premiums still sky-high since 9/11, many organisations with insurance policies are looking to their suppliers for indemnification, if only to avoid an increase in their premiums.

Another important issue for the UK is the question of legal costs, which is likely to discourage suits against end users. “It’s a very litigious environment in the US,” says Novell’s Maru. “The primary difference is that if you lose the case here, you pay the other party’s costs. If SCO sued IBM in Europe and lost, they would be paying all of IBM’s costs. In the US, they don’t have to do that, so there is great incentive to sue people.” In the UK, unless the person suing you has a good case, it’s unlikely they will sue you, particularly if the chances of getting money out of you is small.

“It’s unlikely the end user will be the target; it’s likely to be the company that ripped off the code that’s the target,” elaborates Simon Halberstam. “If you sue, you’re less likely to get the damages you want, and it’s less likely you’ll be able to put together a strong legal case since the end-user will be able to say, ‘I was unaware of this and I used it in innocence’. If you get a judgement, the damages are likely to be reduced substantially since they were innocent of what they were doing.”

Forrester analyst Richard Fichera also points out that even if SCO wins its suits and comes after large companies with plenty of assets, these companies still have plenty of options. “To the best of our knowledge, there have been no cases of end-users being held liable for vendor infringement on a widespread basis in the history of the computer business. And if SCO is planning to build a business (which is arguable), it eventually must start behaving like one. Regardless of the legal situation, a business is not built by threatening to sue prospective customers that have alternatives.”

What concerns many organisations more than a lawsuit, however, is the thought of having to migrate from GNU/Linux to another platform. Migrations typically cost hundred of thousands to millions of dollars and this cost has stopped many corporations moving from Windows or Unix to GNU/Linux in the past. Companies considering a move away from Windows or Unix are more concerned by the thought of spending money on two migrations than they are on the thought of a relatively unlikely copyright suit: it is, after all, one thing to violate copyright in innocence because of something a supplier did; it is quite another to carry on using that software after it’s been proven in court that it contains stolen property, particularly to big corporations concerned about the bad press they will get as a result, so they would have to migrate away from GNU/Linux in such an event.

It might be, despite the scorn heaped on it by other vendors, that Red Hat’s Open Source Assurance Programme is genuinely what a prudent large enterprise wants: the guarantee that the enterprise can carry on using software even after it has been found to violate copyrights. If you peel away the indemnification hype surrounding many of the policies available, you’ll find that the likes of Novell will also guarantee that they’ll change the software to make it legally unproblematic – they just prefer to focus on their indemnification policies.

With SCO the only company currently threatening open source users, the case for indemnification seems weak at the moment. But SCO is not the only snake in the garden. Kenneth Brown, president of the Microsoft-funded Alexis de Tocqueville Institution, is alleging that a survey he has conducted has shown that open source software is “often taken or adapted without permission from material owned by other companies… to this day, we have a serious attribution problem in software development because people have chosen to scrupulously borrow or imitate Unix.” Even if SCO’s suit is unsuccessful, it’s likely that some companies that saw SCO’s stock-price leap in response to its ongoing legal proceedings will consider copyright suits, particularly if Brown can support their arguments.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages