May 25, 2017 -

Free Doesn’t Mean No Strings Attached: Open Source Licenses Are Real Contracts

A ruling by a California federal court has confirmed that open source licenses for free public software can be legally enforced as contracts and that modification or distribution of open source code in a manner that violates the license terms may infringe copyrights.

Open source (sometimes called “copyleft”) licenses typically provide that users can run and edit the source code for free, but that if the program is distributed to third parties (either by itself or as integrated into another software program), the open source license terms apply to these activities.  Some common open source licenses, made freely available for use to promote open source development and collaboration, require notifying third parties that the code is governed by the license and making a copy of the distributed source code (possibly including the source code for the larger product in which the public software is integrated) available with the program.  For these reasons, companies that use or distribute third-party open source code (i.e., most companies) should develop policies to ensure that they are complying with open source licenses and do not unintentionally “infect” their proprietary software by integrating public code which triggers a contractual requirement to distribute their own source code.  It is because of the desire to avoid such a potentially disastrous disclosure of trade-secret materials that many open source developers offer their products under a dual-licensing model, where a licensee can pay a fee to acquire the software under less problematic terms.

In Artifex Software, Inc. v. Hancom, Inc., No. 16-cv-06982-JSC (N.D. Cal. Apr. 25, 2017), Artifex offered its Ghostscript software (a program that interprets PDF documents for printing and display) under such a dual licensing model, but, according to Artifex’s complaint, the defendant Hancom failed to purchase the commercial (paid) license for Ghostscript before incorporating it into its word processing program Hangul.  Artifex provided the open source offering of Ghostscript under the Free Software Foundation’s popular GNU General Public License (GNU GPL). The relevant version of the GNU GPL stated that by modifying or propagating a work covered by the license, the user accepted the terms of the license.  Artifex alleged that because Hancom integrated Ghostscript into Hangul without notifying end-users that Ghostscript was part of the software, the GNU GPL required Hancom to distribute Hangul with its source code.  When Hancom failed to do so, Artifex sued for copyright infringement and breach of the GNU GPL, seeking both damages and a court order to force Hancom to distribute the source code.

Asserting a breach of contract claim for violation of a software license in addition to a copyright claim can substantially expand the licensor’s rights and remedies, since the U.S. Copyright Act limits the types of damages that are recoverable for infringement, and for the most part infringing acts that occur outside the U.S. (an issue in Artifex case) are not actionable.   Hancom moved to dismiss Artifex’s breach of contract claim on the grounds that Artifex could not establish Hancom’s assent to the GNU GPL or that Artifex had suffered damages.  The U.S. District Court for the Northern District of California easily disposed of Hancom’s first argument by noting the GNU GPL provides that the user agrees to its terms if it fails to obtain a commercial license and that Hancom’s website stated Hancom had licensed Ghostscript under the GNU GPL.  In its argument on damages Hancom essentially challenged Artifex’s ability to claim it was entitled to pecuniary damages or other relief for violation of a license in a product it was making available for free.    (This is a variant of the widely held – and incorrect — “If it’s on the Internet, I should be able to do what I want with it” perception that often crops up in digital copyright matters.)

The court rejected Hancom’s assertion that Artifex had failed to plead harm.  Specifically, it noted, “Defendant’s use of Ghostscript without obtaining a commercial license or complying with GNU GPL deprived [Artifex] of the licensing fee, or alternatively, the ability to advance and develop Ghostscript through open-source sharing.  Indeed, as the Federal Circuit has recognized, there is harm which flows from a party’s failure to comply with open source licensing:  ‘[t]he lack of money changing hands in open source licensing should not be presumed to mean that there is no economic consideration’ because ‘[t]here are substantial benefits, including economic benefits, to the creation and distribution of copyrighted works under public licenses that range far beyond traditional license royalties.’ [quoting another case] [citations omitted].”  Simply put, open source licenses are real contracts.  The court went on to rule that Artifex’s breach of contract claim was not preempted by the U.S. Copyright Act and that Artifex had adequately stated a claim against Hancom for copyright infringement.

The Artifex decision strengthens the legal underpinnings of open source licensing and sets out a rationale for why these licenses deserve the same enforcement as other contracts.   Companies that integrate or distribute open source with their proprietary products (even in a SaaS context where they do not make their own object code available to their customers) need to be cognizant of the code they are using and the accompanying licensing requirements and should consider seeking paid (commercial) licenses in certain sensitive areas where they wish to maintain a closed, proprietary framework for commercialization.  This is not to underrate the considerable advantages of open source licensing in promoting adoption and evolution of a platform and improvements in support and security.  However, companies should never make the mistake of believing that something that is free can’t cost you in the end.