presentation on development agreements

Alas, it has been far too long since I’ve posted anything. That being said, I have amassed a nice collection of half-completed posts which have all but lost any relevance or interest. Something I’ll need to work on, I suppose.

In any event, in case it might be of interest, I gave a presentation earlier today as part of the IT.Can – LSUC Annual Sprint IT Law Form. My piece was on development agreements. It was a relatively short presentation, so I only focused on a limited set of issues. I’ve perhaps done better in terms of delivery, but the slides [PPT] aren’t bad. Feel free to download and peruse.

who owns your tweets? (@novaspivack)

Thought I’d tackle a relatively short and easy one today – it’s been a long, long week. Anyway, I noticed a tweet from @novaspivack (via a retweet by @mathewi) asking “Legal question: Who owns the copyright to your tweets, and who has the ultimate right to decide who else can access them?”

Under both the US (§201) and Canadian (s. 13(1)) Copyright Acts, the first owner of a work in which copyright subsists is the author of that work. In other words, you write it, you own it. So that’s your starting point. You write a tweet, you own it.

There are also exceptions to the rule that an author owns the work. For example, if you author something in the course of your employment, your employer will be the first owner of the work absent an agreement to the contrary. So, for example, if you tweet as a part of your job, then copyright in your tweets are owned by your employer, not you, unless you’ve struck a deal saying otherwise with your employer. In the US, this is often referred to as a “work made for hire” (sometimes contracted to “work for hire”).

You can also agree, up front, with a contract with someone else, that a work that you author will be owned by them. Subject to the usual legal niceties of creating a legally enforceable contract (and some caveats, which I won’t get into here), that means that what you write will be owned by that other person. So, for example, you can agree under a contract to tweet for someone else and that those tweets will be owned by that other person.

This can also be done after the fact. You can author a work, and then sell it to someone else under a contract. Then they’ll own it. This could be done with tweets. So for example if a publisher wanted to compile your past tweets into a book, you could sell them the copyright in those tweets, and they’d be free to do what they want with them.

Along similar lines, you can also grant licenses to work you create. The granting of a license means that you give someone else some rights that only you would, in the absence of that grant, be entitled to exercise. So, for example, you could grant someone the right to publish a book of your tweets, in paper form only, in North America. Once you grant that right, then they can publish that book without infringing your copyright.

The reason I mention licenses is because there is a specific term in the Twitter terms of service pursuant to which users of Twitter grant Twitter a license. Here it is, for your reading pleasure:

You retain your rights to any Content you submit, post or display on or through the Services. By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed).

You agree that this license includes the right for Twitter to make such Content available to other companies, organizations or individuals who partner with Twitter for the syndication, broadcast, distribution or publication of such Content on other media and services, subject to our terms and conditions for such Content use.

Such additional uses by Twitter, or other companies, organizations or individuals who partner with Twitter, may be made with no compensation paid to you with respect to the Content that you submit, post, transmit or otherwise make available through the Services.

We may modify or adapt your Content in order to transmit, display or distribute it over computer networks and in various media and/or make changes to your Content as are necessary to conform and adapt that Content to any requirements or limitations of any networks, devices, services or media.

“Content” basically means your tweets. So you keep ownership of your tweets. BUT, you grant a license to Twitter to do a whole bunch of stuff with it. These rights constitute, more or less, anything you as the owner could otherwise do. It’s quite broad. Very broad, in fact. Substantively, really the only difference between this and giving up ownership completely is that you can continue to use your tweets in other ways. So for example if you want to put your tweets on Facebook, or your blog, or sell a book of your tweets, you would be free to do so. Then again, so can Twitter, if it wanted to.

All of this of course assumes that the terms of service are enforceable. There are arguments for and against, but that’s a bit beyond the scope of this post.

So the second part of the question is who has the ultimate right to decide who else can access them. While, as you probably know, Twitter does allow you to restrict who can see your tweets, they do have the right to give access to whoever they choose, and completely disregard your settings. I didn’t see anything in their terms of use that imposed a contractual restriction on them to honour restricted user settings. Then again, I haven’t exactly read it word for word.

I imagine there might be situations where you could be able to terminate the contract, even though the terms of service don’t expressly provide for that, but I imagine it would be challenging to suggest that the license rights granted to past tweets would terminate. Interestingly, the rights granted under the license language above aren’t characterized as “perpetual” (i.e. forever), which they often are in such documents.

It may also be worth mentioning that Twitter can control access to your tweets to the extent it involves Twitter. Just to make this clear, they have this provision in their terms of use:

We reserve the right at all times (but will not have an obligation) to remove or refuse to distribute any Content on the Services and to terminate users or reclaim usernames. Please review the Twitter Rules (which are part of these Terms) to better understand what is prohibited on the Service. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request, (ii) enforce the Terms, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security or technical issues, (iv) respond to user support requests, or (v) protect the rights, property or safety of Twitter, its users and the public.

So, for example, they can pull all of your tweets off Twitter, so that no one can see them anymore. However, that doesn’t preclude you from, for example, reposting all your tweets to Facebook or a blog, if you wanted to, and assuming you retained a copy of them.

Of course, lawyers tend to argue about everything and anything, so I’m sure someone out there may be inclined to disagree with something I’ve written above. Which is fine. And of course the usual – not legal advice, no lawyer-client privilege, no obligation or liability. Just in case you live in the US.

Fascinating stuff, isn’t it?

open source and copyright

I was intrigued by the title of this artlce in Wired News (which was by way of AP): “Court says copyrights apply even for free software”

Sounded intriguing. Particularly the intro, where it stated that “[i]n a crucial win for the free software movement, a federal appeals court has ruled that even software developers who give away the programming code for their works can sue for copyright infringement if someone misappropriates that material. Interesting, though surprising, since I was of the understanding that it was long settled that software, whether open source or otherwise, was subject to copyright.

I then started reading the article’s analysis of the decision:

Because the code was given away for free, thorny questions emerge when a violation has been discovered and someone is found to have shoved the code into their own for-profit products without giving anything back, in the form of attribution and disclosure of the alterations they made.

Hmmm. That doesn’t sound quite right, as that implies that the fact that there wasn’t a price for the code (or rather the right to use the code) is what gave rise to dispute. In other words, it suggests that because you haven’t paid, the obligation to attribute and disclose alterations may not necessarily be enforceable.

So I decided to take a quick peek at the case. Not quite right. The developer, in this case, was trying to get an injunction (a court order that forces the other party to stop doing something, failing which they get thrown in jail). In order to get an injunction, the person seeking it must show that if the court doesn’t grant it, they will suffer “irreparable harm”. Usually, the burden will be on the person seeking it to demonstrate. However, there is US case law that basically says that in the case of copyright claims, irreparable harm is presumed (subject to certain conditions). In other words, it makes it quite a bit easier to get an injunction.

So, the applicability of copyright in this case was of primary importance as it would determine whether or not the developer would be able to get an injunction, not “because it’s easier to recover monetary damages in a copyright-infringement case” as the article states.

Anyway, it turns out what was at issue in the case really had nothing to do with whether or not the software was open source, or whether or not there was a price associated with it. Instead, it was focused on the very fine (as in detailed-oriented rather than nice) distinction between a condition in a contract and a covenant.

The way a license works is that it grants to the user, through a contract, certain rights to use, copy, etc. the software, but only those rights. So, if you don’t have a contract and use or the software, then you don’t have any rights to do so. That would be a violation of copyright law. Similarly, if you exceed the rights granted to you, that would also be a copyright infringement.

Finally, we come to conditions. Another word that is often used to describe these are provisos. These are things in a license that are tied to the grant of rights – in other words, if you don’t do them, then you don’t have the rights. Its like the “if… then” structure in programming. If you do A, B and C, then you can use the software. And of course, if you don’t, you can’t. Sometimes also worded like this: “You can use the software, provided you do A, B and C”. The effect then, is that if you don’t do A, B and C, then you don’t have a right to use the software. And if you don’t have the right and you use it anyway, then once again you will be infringing copyright.

The “heart” of the case, as the court described it, wasn’t whether or not the software license was paid for or not, but rather whether or not certain obligations to attribute the software to the developer and provide modifications were conditions or rather merely covenants. The distinction is important because a covenant is an obligation that is not tied to the license grant. In other words, if you don’t perform a covenant, you don’t lose your rights to use the software. Sure, you are in breach of the software license, and can be sued for damages, but the key difference is that you are not infringing copyright, since it is not tied to the grant of rights to use the software.

In this case, the defendant was saying that the obligations they breached were only covenants. Therefore, no copyright violation. Therefore, no presumed irreparable harm. Therefore, no injunction. The district court agreed with this.

However, the court of appeal corrected this. Perhaps not surprising, given that the license in question had language such as

The intent of this document is to state the conditions under which a Package may be copied.

The court of appeal further remarked that

The Artistic License also uses the traditional language of conditions by noting that the rights to copy, modify, and distribute are granted “provided that” the conditions are met.

In short, the decision has less to do with open source and more to do with contractual interpretation – in this case, the distinctions between conditions and covenants. The same dispute could have just as well arisen for typical commercial software.

So is this a “crucial win” for the open source community? No, probably not. However, it does serve to illustrate the importance of clear and well-drafted licenses. If you are a developer and want to make sure your software cannot used without the licensee doing certain things, your license must clearly identify those things as conditions.

Almost forgot – for those so inclined, a link to the case (PDF).

Update: I was surprised to see that Lawrence Lessig commented on this same case as being “huge and important news”. Which to me is somewhat surprising, given my comments above. In brief, he noted:

In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you’re simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license.

However, the issue – at least the one that seemed to be argued on appeal – was not whether or not free or open software licenses per se could attract copyright violation if they were not adhered to, but rather the more pedestrian question of whether the obligations in the license in question actually constituted conditions as opposed to covenants. Hmmm.

Further update: I had pulled this post for a while because time and time again I kept reading how this was a big win for open source and was rethinking the above. While I certainly think the appeal decision was the right one, I don’t think this should be thought of as a big win for open source, since the findings would seem to apply to any license – i.e. its somewhat like celebrating a victory for bicycle riders because a judge has found that all wheeled vehicles are legal in a case that happens to be about a bicycle being illegal. Anyway, I do plan another post on this one, but more on the reactions and analyses that I’ve been reading rather than the decision itself.

after one gpl body blow, skype yells uncle

As most of you probably know, there has been a case that just went to court earlier today in Germany on the GPL. It had been described by Harald Welte as one of the more time consuming cases he has worked on. For those of you not familiar with him, Mr. Welte founded gpl-violations.org, an organization that helps to enforce the provisions of the GPL.

Skype had apparently used certain elements of the Linux kernel in its WiFi phones without complying with the GPL, and was set to challenge the validity of the GPL based on its alleged contraventions of German legislation – in particular anti-trust legislation. It would be interesting to see the analysis in that regard, particularly on the anti-trust front, but so far I’ve not been able to get my hands on a translated copy of the pleadings – if anyone knows where to locate, do let me know.

Anyway, apparently, they didn’t get too far. According to the entry in Harald Welte’s blog, apart from the validity of such claims, the somewhat ironic result to which the court alluded at the hearing is that if Skype were able to successfully assert the invalidity of the license, then it would also be difficult for them to claim any right to use the impugned code. Makes sense. Invalid license = no use rights.

After the court suggested that Skype’s likelihood of success would be low, Skype apparently threw in the towel in such a manner that they would not be able to revisit it further, effectively giving the victory to Welte.

I find the case and Skype’s litigation strategy somewhat puzzling, both given the decision in the 2006 D-Link case, also in Germany and the relative costs of litigation in comparison to compliance. That being said, I haven’t been able to obtain much in the way of original documentation regarding the particular GPL violations that Skype allegedly committed. Presumably, Skype went down a path in its use of GPL code that would result in it incurring significant expenses (or facing significant risk, of some sort – perhaps exposure of their own proprietary IP?) if they were required to comply after the fact. Presumably, they would not have found themselves in this situation if they had turned their mind toward structuring their use of GPL code appropriately, by either ensuring they could comply in a cost-effective manner, or not using the GPL code.

ALPR is….

short for Automatic License Plate Recognition. Sometimes I find mention of the most interesting things in the most unexpected places. Like this brief article on how police in British Columbia are currently using a system that can easily and quickly scan license plate numbers as they drive along that I saw in bookofjoe. Surprised I didn’t see see it anywhere else, oddly enough, particularly given the implications for privacy, etc. Not necessarily that there are any – after all, license plates are there so that they can be seen by the public at large and police officers. That being said, I find it interesting how the application of new technology (optical recognition) to old technology (license plates), significantly alters the implications of how the old technology is perceived.

Sure, its one thing to have police on the lookout for a particular license plate on a car with a known felon who is escaping, but it seems to be quite another for a police car to scan and process thousands upon thousands of license plates while driving around the city.

Alarm Bells Over Vista’s “Fine Print”

I like Michael Geist. He’s a law professor at the University of Ottawa and writes a column in the Toronto Star. Not that agree with everything he says, but I certainly do respect the fellow. He’s a sort of Lawrence Lessig of the Great White North, for those of you from the US. A lot of what he says has merit, or at least is worthy of debate. But when I read his last column on how Vista’s legal fine print raises red flags, well, it left me scratching my head a bit. Don’t get me wrong, I don’t think Microsoft is the world’s saviour or anything, and from the perspective of a user I’m not that keen on all the DRM stuff in Vista and the headaches it will cause in using protected content, but OTOH I did raise a bit of an eyebrow to some of his comments on the Vista license. Such as:

Vista’s legal fine print includes extensive provisions granting Microsoft the right to regularly check the legitimacy of the software and holds the prospect of deleting certain programs without the user’s knowledge. During the installation process, users “activate” Vista by associating it with a particular computer or device and transmitting certain hardware information directly to Microsoft.

I don’t particularly like activation, but this is nothing new – Windows XP has activation and as for hardware information, I’m not sure how sensitive I would consider the make or model of my video card to be. I also find the reference to “deleting certain programs” to be a bit overstated. I wasn’t able to find anything about deleting programs in the Vista license I got from the MS website. It implies that Vista can suddenly go wild and start erasing other stuff you’ve installed. The only thing I was able to find was in Section 5(c), which says:

If, after a validation check, the software is found not to be properly licensed, the functionality of the software may be affected. For example, you may

  • need to reactivate the software, or
  • receive reminders to obtain a properly licensed copy of the software,

or you may not be able to

  • use or continue to use some of the features of the software,

Again, nothing particularly surprising – XP had the same thing – you don’t have validated software, you can’t use certain features of the software (i.e. Windows Vista, not other stuff).

Continuing on:

Even after installation, the legal agreement grants Microsoft the right to revalidate the software or to require users to reactivate it should they make changes to their computer components. In addition, it sets significant limits on the ability to copy or transfer the software, prohibiting anything more than a single backup copy and setting strict limits on transferring the software to different devices or users.

On revalidation, again, nothing new at least compared to XP – same complaints of course as well. As for backup copies – well, its pretty standard to only permit one backup. I’d prefer more but I don’t find it super-alarming to be limited to one. As for “strict limits on transferring” these are set out in Section 16:

a. Software Other Than Windows Anytime Upgrade. The first user of the software may
make a one time transfer of the software, and this agreement, directly to a third party. The first
user must uninstall the software before transferring it separately from the device. The first user
may not retain any copies.
b. Windows Anytime Upgrade Software. You may transfer the software directly to a third
party only with the licensed device. You may not keep any copies of the software or any earlier
version.
c. Other Requirements. Before any permitted transfer, the other party must agree that this
agreement applies to the transfer and use of the software. The transfer must include the proof
of license.

I gotta say I don’t find any of the above particularly strict, onerous or burdensome. Before you transfer, you must uninstall and not retain any copies. The transferee must agree to the agreement. You must transfer proof of the license. Hmmm. Doesn’t seem that bad.

Then, onto Windows Defender:

Vista also incorporates Windows Defender, an anti-virus program that actively scans computers for “spyware, adware, and other potentially unwanted software.” The agreement does not define any of these terms, leaving it to Microsoft to determine what constitutes unwanted software.

C’mon. There is a general understanding of what constitutes spyware and adware. And yes, “potentially unwanted software” is vague. But how then, should it be defined? “Bad stuff”? Interestingly he fails to mention the language that follows:

If it finds potentially unwanted software, the software will ask you if you want to ignore, disable (quarantine) or remove it. Any potentially unwanted software rated “high” or “severe,” will automatically be removed after scanning unless you change the default setting. Removing or disabling potentially unwanted software may result in
· other software on your computer ceasing to work, or
· your breaching a license to use other software on your computer.
By using this software, it is possible that you will also remove or disable software that is not
potentially unwanted software.

So Defender will ask you what to do (which he doesn’t mention), except for “high” or “severe” software, which it removes unless you change the setting (which he does). Well, I can understand the auto-removal thing. If it was left off by default (i.e. didn’t remove), then fingers would be pointed at MS at having lousy default security settings – a criticism often levelled (and, I think, justifiably so) at XP’s security settings – the rock on the other side of the hard place Michael identifies.

Then this:

Once operational, the agreement warns that Windows Defender will, by default, automatically remove software rated “high” or “severe,” even though that may result in other software ceasing to work or mistakenly result in the removal of software that is not unwanted.

C’mon Michael, that’s a bit over the top, isn’t it? Even “nice” spyware removers, like Spybot (highly recommended, btw) specifically warn that removing spyware might remove or cause other software not to work any more. Of course. Because many of the filthy, evil, nasty folks who distribute spyware or adware bundle it up with software that people actually want to use, and bundle it up in such as way that you can’t get rid of the spyware without killing the other software. Go figure.

Lastly:

For greater certainty, the terms and conditions remove any doubt about who is in control by providing that “this agreement only gives you some rights to use the software. Microsoft reserves all other rights.” For those users frustrated by the software’s limitations, Microsoft cautions that “you may not work around any technical limitations in the software.”

Grr. Of course. Show me a commercial license that gives anyone “all” rights to use the software without restriction. Actually, even the GPL doesn’t permit that – there are still limitations and restrictions even in open source code as to what you can and can’t do. I don’t think its fair to point to this type of language and imply that Microsoft is up to no good here. Same goes with the last sentence. Sure, you can’t hack the software. Doesn’t surprise me.

I never thought I’d be defending Microsoft’s licensing practices. Not to mention questioning Mr. Geist’s criticisms of same. But there you go. Not that I necessarily think, OTOH, that you should go out and buy Vista. Though it is pretty.

The Virtues and Evils of Open Source

Yes, I know, I’ve been behind lately. A ton of very interesting things to catch up on. But I’d like to put in one quick note about open source code. I recently came across an article, written last year by a lawyer, generally advising development companies not to use open source. I don’t quite recall where it was (if I did I’d link to it) but I do remember it being quite clear in stating that using open source is A Bad Thing and to avoid it altogether – not just to be careful, but rather to treat it as one would radioactive waste.

With respect, I don’t quite agree. I certainly advise my clients to take a great deal of caution in using open source code, particularly the GPL variety, and very particularly if they have a desire to keep some or all of their own secret, proprietary code secret and proprietary. That being said, I do have many, many clients who have used open source code to great advantage in various ways. Some have simply used existing open source code to avoid reinventing the wheel (and saving on costs), while taking care to keep viral elements out of their proprietary code. Others have been more aggressive with the open source model and have intentionally decided to use open source as the basis for their business model and making their very own code, or parts of it, either open source or subject to a dual-licensing model. As the Red Hats, JBosses, Sleepycats, MySQLs etc. etc. of the world have demonstrated, you can go open source and still have a pretty viable business. And, of course, there are the “old world” companies like IBM who have decided to go open source (in some limited ways – e.g. IBM’s DB2 Express-C thing).

Of course, this is not to suggest that anyone through caution to the wind and just start pulling down stuff from Sourceforge and whacking it into your product. Use of open source definitely requires some planning ahead and consideration of what the business model and value proposition of your business will be. Optimally, enlist the help of a lawyer who’s familiar with open source licenses to discuss what you plan to do and the packages you plan to use. Or, if that’s not feasible, try at least to read the applicable licenses yourself and ensure you comply with them, because if you don’t think that anyone will notice, or that no one will actually sue you, you may want to pay a visit to the GPL Violations Site and reconsider, in addition to the questions that will be asked of you when the due diligence starts on your next round of financing or, even worse, your (aborted) exit event. Can badly managed open source usage (and I emphasize badly managed, not simply open source usage) kill a deal? Definitely.

In short – I don’t think open source is necessarily a bad thing. In fact, it can be a pretty good thing, not just in the social good sense and all that, but also as a business. But it need to be used taking into account its terms of use and ensuring that its consistent with the strategy you plan to take.

If perhaps there’s one thing I’d recommend it would be for shops to make absolutely sure they have a disciplined approach in tracking where code comes from and the terms under which its being used and why its being used. That applies not only to open source stuff, but also, for example, your programmers taking neat snippets of code from Dr. Dobbs or something else, or coming across a nice little script somewhere on the Web and saying “Gee, that’s neat, let’s use it in our product”.

Anyway, if I remember where the article was I’ll update this to include a link.

Microsoft Patents RSS. Or Tries To. Maybe.

Interesting post on someone else’s blog about Microsoft apparently trying to patent RSS:

The applications, filed last June but just made public yesterday, cover subscribing and discovering what Microsoft calls “Web feeds.” That comes as a bit of a shock to anyone who’s been working on RSS, which has its origins in a format developed seven years ago at Netscape Communications.

Microsoft executive Don Dodge, while not involved in the patent applications, says he suspects the filings were made to defend the company against “patent trolls”. (The filings were made shortly before Microsoft announced plans to build RSS technology into its upcoming Vista operating system.) Still, if granted, the patents would give Microsoft a legal cudgel to wield against other companies using RSS.

Well. They do have a point. Generally speaking, I don’t think patent trolls (those that basically file overly broad patents and then sit on them in a dark cave until someone who actually does something useful, and therefore has deep pockets, unwittingly infringes, at which point the troll comes out and clubs them over the head with a lawsuit or settlement) are a good thing. That being said, its ironic that Microsoft feels the need to abuse the system in the same way as patent trolls in order to proactively defend itself. It will be interesting to see how things turn out.

Unfortunately, I’m not necesarily sure that prior art would necessarily invalidate these patents – after all, most of NTP’s patents were more or less considered invalid, but that didn’t stop them from collecting several hundred million from RIM. And its not like there haven’t been other, um, rather broad patents asserted in the past. You know, like back in 2002, when British Telecom asserted ownership of hyperlinks (which they lost) though of course BT doesn’t quite fit the description of a patent troll.

Then again, it begs the question as to who or what should or shouldn’t be considered a patent troll – for example, its well known that IBM has a huge, gigantic, enormous arsenal of patents at its disposal. IBM also actively licenses these patents (and of course threatens litigation where it believes its rights are being violated), but it isn’t necessarily the case that IBM would otherwise have exploited these patents in what I’ll call “active” business – i.e. making and selling something based on the patent as opposed to primarily seeking royalties and licenses from those do – even though IBM does do so in some cases. So does that make IBM a patent troll? What about Philo T. Farnsworth who, arguably, never started producing televisions but instead sought legal claims against others?

My perhaps overly simplistic take on this is that patent trolls are not inherently the problem, but rather the ability, primarily in the US, to register patents that should have never issued in the first place. If someone comes up with a smart, cool, inventive, and truly novel way of doing something, then they should certainly be free to either produce something with it, or sue the living daylights out of someone else who comes along and infringes the IP even if they don’t (or can’t) make productive use of it themselves. Not actively exploiting a patent is not necessarily tantamount to being a bad guy, IMHO.

It will be interesting to see what happens on this front, if anything. If nothing does, then I may well turn to drafting patents, the first being “Method of Utilizing a Rhythmic Cadence in the Expansion and Contraction of Multiple Muscular Groupings to Faciliate Indefinite Continuation of Metabolism of Cell Structures.” I like the sound of that. Yes indeed.