Tel 800.661.2530 |
AGPL and what EVERY SaaS Company Should Know About It?
You may have already heard of this open source license, but if not, here are a few things every SaaS company needs to know about the Afferro GPL or AGPL (at least from the perspective of an open source attorney).
1) If you use AGPL'd code or modified code in your SaaS offering, you need to make the source code available.
- Yep, this license requires that if provide the AGPL'd code 'over a network,' you must make the source code available (unlike the GPL where if you modify the code but do not provide it externally (i.e. do not distribute it) you do not trigger the source code requirement).
2) What does the GPL say again?
- It is generally considered that SaaS companies that provide their service over the Internet/network (but do not require the user to download the code) are not 'distributing' the code. As a result, using the GPL'd code in a SaaS offering does not necessarily require disclosure of the source code (this is called the ASP exception).
2) Where does it actually say this in the AGPL?
- There is a new Section 13 of the AGPL:
Ok so this is not that hard to remember: if you use code under the AGPL in your SaaS offering, you need to take seriously the source code disclosure requirements, as the rules are very different from the GPL (just a reminder from an open source law firm).
Resources:
Linking and the GPL (Technical and Legal Analysis)
I finally found a really useful working paper and law review article written by some European open source attorneys and the Free Software Foundation Europe on linking issues and the GPL license. I thought I would share some of the highlights with you as it is really hard to get some good practical guidance on open source legal issues. As a bonus, this perspective tries to marry the legal analysis with the technical analysis. Take a read!
(1) Derivative Work or Compilation (copyleft obligations)
- Static Linking (GPL'd code combined with your code in one executable at build time)
- Macro/Template Expansions (embedding GPL'd code into your code)
(2) Close Call (aka, it depends)
- Plug-ins (to extend functionalities of other programs)
- depends on external factors (I added a few of my own here):
- dependency/independency of your code;
- communication protocols/sharing resources;
- copying of API host code/no copying of API host code;
- core functionality not subject to copyright/functionality subject to copyright; and
- existence of other libraries with the same function.
- depends on external factors (I added a few of my own here):
(3) Independent and Separate Program (no copyleft obligations)
- Dynamic Linking (calling and using library only at run-time; (no GPL code copied, modified, translated or changed . . . I added this part from Larry Rosen's view (see below) on it))
- remember to look at the above external factors as it could become a derivative work if the facts change
- oh yea, I moved Dynamic Linking to this section as I think it fits in here more than Close Call
- Interprocess Communications (remote procedure calls)
- System Calls (core operating system resources)
- Interpreted Language 'Scripts' (not compiled, executed by interpreter, no third party code incorporated)
So long story short, this is an evolving issue and I don't think the definitive work has been written, but don't let that stand in your way of learning more about it. As an open source attorney and proprietary software attorney, I thought you should be aware of this, as these folks did a fantastic job with this working paper and law review article (see below).
Resources:
Working Paper on Software Interactions and the GNU Public License (July 2010)
Larry Rosen's view on Dynamic Linking.
Disclaimer: This post is for informational and educational purposes only, and is not legal advice. Hire an attorney if you need legal advice.
3 Things You Need in Your Open Source Policy!
If you operate a software based business you are likely using some open source code in your software. There really is nothing wrong with that, as it is really common now (and probably a best practice). But what is your process to review and track this code, and the associated license terms? Well, here are 3 thoughts from a software licensing lawyer that may help.
1) Written Policy. Think through (a) what situations makes sense for your company to use open source code (maybe with functionality that is not core to your offering), and (b) what type of licenses you will allow and won't (maybe try to avoid GPL licenses if you distribute your code to your customers). For example, you may allow licenses which only require notice (i.e. attribution) that the code is distributed with yours. Oh yea, don't forget to write this down in a policy and let all your developers know about it.
See below for an example of attribution.
2) Tracking Process. Tracking where you use the open source code and the associated license terms is critical, and I suggest very easy to do (along the way at least). Your process could be as simple as a spreadsheet with the name of the open source code, listing of which of your products (and versions) it is included with, any requirements of that license, and a copy of the license agreement. This tracking process is super simple if you implement it along the way, and really hard to re-create if you have to do it years later when someone (an acquiror or the CEO) needs to know what open source code is embedded in your product.
3) Annual Review. While many people overlook this, whoever is in charge of your open source process/policy (and I suggest you have one person in charge who owns this policy), should annually review that your developers (including any developers that are actually contract developers) are aware of and follow your policy.
Look I could make this a lot more complicated, but I find that most small software companies need at least these three basics requirements and not the 25 page open source policy.
Great More Detailed Article on Developing an Open Source Policy.
Some Thoughts from a Microsoft Attorney on Creating an Open Source Policy
Legal Disclaimer: This is for informational and educational purposes only, and does not constitute legal advice. Contact your attorney for legal advice, which should be provided after review of the facts and applicable law.
What Does a Software/SAAS Company Need to Know About the Creative Commons License Program?
Any software or SAAS executive should learn about this, even if this does not affect their software EULA or SAAS contract. This is just one of those things to be aware of, because it is a big deal in the licensing of copyrighted material. So what do you need to know about this?
- What is the Creative Commons License Program. It is a new way to license copyrighted material, as essentially there is so much confusion out there regarding what people can and cannot do with content, images, music, etc (especially on the Internet). The fundamental idea is to try to find a more efficient way (trying to take out the intermediaries) to allow people to use copyrighted material through the use of icons/badges, a legal license and embedded code, and to move away from the concept of 'All Rights Reserved' to 'Some Rights Reserved.' More info here.
- How Does it Work? The creative commons is a non-profit organization that promotes the use of their free tools to allow people to license their copyrighted material in a much easier way (but it does not work for everything and every scenario).
- What Do I Need to Know About This?
- First, the Creative Commons License Program should NOT be used to license software (they actually say this, so don't take my word for it (see about 1/3 down this page)).
- Second, I also suggest you do not use it for your documentation, even though they suggest it. I think documentation should be kept proprietary and licensed just like the software.
- Third, so what can you use it for? Maybe your blog or marketing material (maybe viral type marketing material).
There is a lot more to learn about this program (remember this is just a blog) and its relation to copyright law, but I really do think it is a great program. Talk to your copyright attorney first though!
Resource: Here is one of their great short videos to explain the CC program and their reason for existence: Video.
Some more copyright related blog posts.
Everything a Software or SAAS Company Needs to Know About Copyrights.
Disclaimer: This is for informational and educational purposes, and no legal advice is provided. Consult your attorney for legal advice.
A Software Lawyer’s Take on the Linux Foundation’s ‘NEW’ Open Compliance Program
On August 10, 2010 the Linux Foundation announced the Open Compliance Program. So what is this all about and is this bad or good?
Essentially, the Linux Foundation created this program to address a lot of the FUD relating to using open source software with proprietary software. I think this is a noble objective, as there definitely is quite a lot of that FUD out there. So what are the components of the program (from the perspective of a of proprietary Software or SAAS company).
1) TOOLS [Note to Self: need to check what OS these run on, as it may not be that useful for us]
- Dependency Checker – checks for dynamic and static links.
- Code Janitor - scans for certain keyword before the code is released.
- Bill of Material Difference Checker – provides the ability to more accurately track components of the software.
- Link to the TOOLS WEBSITE for more details.
2) SELF ASSESSMENT CHECKER
- Here is the checklist. Link
3) SOFTWARE PACKAGE DATA EXCHANGE (SPDX). [Note to Self: While this sounds good on its face, it sounds like they are trying to lead the industry into disclosing all embedded open source software to (a) customers and (b) partners, etc. in the form of the Bill of Material (not sure this is a good thing or even necessary; sounds like it will mainly add complexity and delay (at least in certain situations))]
- Black Duck Software is deeply involved in this Working Group, so I understand why this benefits them. The more they can force the industry to become transparent about embedded open source, the more software companies will need tools like theirs. I am not say they are bad folks (as I have only heard great things about this company), but I am trying to share my thoughts on the possible motivations and direction the industry may be heading.
- You can read more about this HERE (see page 2 about disclosing this information to third parties).
4) COMPLIANCE DIRECTORY AND RAPID ALERT SYSTEM. [Note to Self: Sounds like a good idea, as it will help to create a direct link between the open source providers and the open source compliance officers at various companies] MORE INFO HERE.
5) TRAINING AND EDUCATION. [Note to Self: Only good things can come from this] MORE INFO HERE.
Whew. Ok, so if you have a Software or SAAS company, take a read (or have your head of development take a read), especially if you embed open source software in your software.
Disclaimer: This is for informational and educational purposes, and no legal advice is provided. Consult your attorney for legal advice.
What is Fair Use?
People often ask me can I use this or that work of a copyright owner. Basically, as a copyright attorney, there is a legal concept called ‘fair use’ which allows non-copyright owners to use copyrighted works in certain situations.
What are the situations? Well, this is one of those it depends, as there is a 4 part test.
1. Purpose and character of the use.
- commercial nature (- for fair use) or nonprofit/educational (+ for fair use)
- commentary, criticism or news, as this is a + factor for fair use (the First Amendment kicks in here).
- transformative (adds something new) (+ for fair use) vs derivative (- for fair use)
2. Nature of the copyrighted work (factual (+ for fair use) or creative (- for fair use))
3. The amount and substantiality of the portion used in relation to the copyrighted work as a whole (less used (+ fair use) and more used (- fair use))
4. The effect of the use upon the potential market for, or value of, the copyrighted work (less of market effect (+ fair use) and more market effect (- fair use))
These factors are weighed in each situation to determine if it is a fair use, or not. If you are right and it is fair use, then you can use the copyrighted work without the permission of the copyright holder, but if you are wrong, then you may have some significant legal problems (if the copyright holder decides to pursue the matter).
The internet has really brought this issue to the forefront, and it is a good example of when technology and law come together to create fodder for disputes
CONNECT WITH ME
