EDITOR DIRK RIEHLE Friedrich Alexander-University of Erlangen Nürnberg; OPEN SOURCE EXPANDED [email protected]

Free and Open Source Software Licenses Explained

Miriam Ballhausen, Bird & Bird, LLP

are found to be dull, and the task of This installment of Computer’s series exploring having to consider the law and licens- free and open source software confronts a ing is regarded as a bug rather than a tool, a safety net to ensure that the pressing issue, free and open source software software remains free.1 However, once considered from licenses: what they are, the rights they convey, that angle, FOSS licenses become an essential instrument, which, if un- and the restrictions they impose. derstood, may be employed to achieve a set objective. To foster such under- standing, this article first looks into what FOSS licenses actually are and ree and open source software (FOSS) has been im- then focuses on software freedom as a key differentiator portant to the software industry for a few decades. between them and other software licenses (see the next By now, the percentage of FOSS in the average ap- section), before turning to the tools they employ to secure plication exceeds the amount of proprietarily li- this liberty (see the section “It’s All About Preserving the Fcensed code (according to Black Duck’s 2018 Open Source Freedom”). Security and Risk Analysis Report, available at https:// www.blackducksoftware.com/open-source-security- THE DEFINITION OF FOSS LICENSES risk-analysis-2018, applications, on average, contain roughly Initially, all FOSS was referred to as . The 57% FOSS). That is easily understandable given that FOSS term open source was introduced in 1998 with the in- allows engineers to save time, effort, and money while still tention of clarifying that the software was not free but, solving the (coding) issue at hand. By contrast, FOSS licenses instead, gave users flexibility because the was readily available. The definitions of free soft- ware and open source software largely align and es- Digital Object Identifier 10.1109/MC.2019.2907766 Date of publication: 4 June 2019 sentially include the same license terms (see “The Four

82 COMPUTER PUBLISHED BY THE IEEE COMPUTER SOCIETY 0018-9162/19©2019IEEE applicable law. For example, in the case of employment relation- FROM THE EDITOR ships, the rights of use may lay with Welcome back to this column on open source software and how it is chang- the employer. Third parties (anyone ing the world! After our start with an article about the innovations of open who is not the software developer) may source, we will now tackle, head on, one of the more baffling aspects of open only use the software if, and to the source: its licenses and how to use the software correctly. Often overlooked extent that, rights of use are granted by researchers, this is still, after so many years, the topic at the top of many practitioners’ minds. (licensed) to them. The first author in this theme is Miriam Ballhausen, of the Bird & Bird law firm. In this article, she explains what free and open source software licenses Software licensing are, the rights they typically grant, and the obligations they place on users Software licensing means that rights of as well as common prohibitions. This article is a solid foundation for the first use to computer programs are granted. in a series of articles on managing the (corporate) use of open source soft- Such rights may be granted in various ware. Future articles will discuss how to select open source components, to ways, including simple/single rights of be license compliant, to work with the supply chain, and so forth. If you have use with all others having the same privi- comments or suggestions for future themes and articles, email me at dirk@ leges or exclusively so that the licensee is riehle.org. Happy hacking! — D. Riehle the only one who may lawfully exercise a particular right. A license may be territo- rially restricted (for example, the Euro- pean Union only) or granted worldwide; Essential Freedoms” section for de- medium, of causing a machine having it may be restricted in time (such as what tails). To cover both aspects, software information-processing capabilities happens with hardcover books before licensed under such terms is referred to indicate, perform, or achieve a par- they become available as paperbacks), or to as FOSS. ticular result.” (The model provisions it may be perpetually granted. Finally, li- Simply put, FOSS licenses are dis- are available at www.wipo.int/mdocs censes may be granted for varying types tribution terms for software. They are archives/AGCP_NGO_IV_77/AGCP_ of use, including reproduction in whole necessary because software is protected NGO_IV_8_E.pdf.) Software is usually or in part; translation, adaptation, ar- under copyright laws (see the “Pro- referred to as computer programs in the rangement, and other modifications; and tection of Software Under Copyright respective legal texts and is widely distribution of a computer program and Law” section). Unless rights of use are protected as literary work (the same making software publicly available. granted (licensed, see the “Software as books and this article) under appli- Licensing” section), third parties are cable copyright law, provided that the FOSS licensing not in a position where they can law- software embodies an author’s orig- These licensing options always exist fully use the software. This applies inal creation. This protection was agreed irrespective of whether software is li- irrespective of whether software is li- to in the WIPO Copyright Treaty and is, censed proprietarily or as FOSS. All censed as FOSS or otherwise (for ex- for example, reflected in the United FOSS licenses simply make use of these ample, proprietarily), but if software States by the Copyright Act of 1976 options in a particular way. Rights of use is licensed as FOSS, the distribution and in the European Union by the so- are granted to the furthest extent possi- terms meet particular requirements called Computer Programs Directive ble to give users the four essential free- (see the “Free and Open Source Licens- (Directive 2009/24/EC of the European doms detailed in the next section. The ing” section). Parliament and the Council of 23 April rights of use only vary in how they are 2009 on the legal protection of com- worded. Some are simple and straight- Protection of software puter programs) and its integration forward, such as the rights-of-use provi- under copyright law into member states’ laws (for example, sion in the Berkeley Source Distribution In line with model provisions made the German Copyright Act). (BSD) licenses, as illustrated by this ex- available by the World Intellectual All rights of use to the software ample from the BSD-2-Clause2: Property Organization (WIPO), Geneva, (such as the right to distribute and the Switzerland, a computer program is right to modification) initially lay with Redistribution and use in source “a set of instructions capable, when the software developer. Exceptions to and binary forms, with or without incorporated in a machine-readable this rule may apply depending on the modification, are permitted […].

JUNE 2019 83 OPEN SOURCE EXPANDED

Others, such as the provision in the definition of free software available previously, had been perceived as a pre- MIT license, are more elaborate but at www..org/philosophy/free-sw condition for the four freedoms. still directly worded3: .html.en#f1.) Accordingly, for software to be considered free, users must be 1. The free redistribution of the Permission is hereby granted, granted the following freedoms: software as a component of an free of charge, to any person aggregate software distribution obtaining a copy of this software 1. to run the program as desired that contains programs from and associated documentation for any purpose several different sources may files (the “software”), to deal in 2. to study how the program works not be restricted. This includes the software without restriction, and change it so that it performs a stipulation that the license including without limitation the computing tasks as desired grant may not require payment. rights to use, copy, modify, merge, 3. to redistribute copies 2. The source code of the software publish, distribute, sublicense, 4. to distribute copies of modi- must be available, preferably, and/or sell copies of the software, fied versions, thus giving the upon distribution or, at least, and to permit persons to whom the whole community a chance to through a well-publicized software is furnished to do so, […]. benefit from the changes that means of obtaining the source were made. code for no more than a reason- Yet others, such as the Apache-2.0 able reproduction cost, ideally license, use more legalese to describe Although the term free software was by downloading via the Internet the same, extensive rights of use4: always intended to reference software without charge. This includes liberty and not price, the ambiguity of a stipulation that deliberately Subject to the terms and conditions the word free was widely assumed to obfuscated source code or of this license, each contributor prevent the business adoption of FOSS intermediate forms, such as hereby grants to you a perpetual, and FOSS licenses. In reaction to such the output of a preprocessor or worldwide, non-exclusive, no-charge, a misconception, the term open source translator, are not allowed. royalty-free, irrevocable copyright was coined in the late 1990s. 3. Modification and creating de- license to reproduce, rived works must be prepare derivative allowed as well as works of, publicly dis- distribution under play, publicly perform, The definitions of free software and open source the same terms as sublicense, and distrib- software largely align and essentially include the the license of the ute the work and such same license terms. original software. derivative works in 4. The right to distrib- source or object form. ute modified ver- The open source definition sions of the software may only In comparison to the rather simplis- be restricted to preserve the The four essential freedoms tic definition of free software, open integrity of the author’s source By extensively granting rights of use, source is defined through 10 crite- code. Distributing software FOSS licenses ensure that users have ria that software distribution terms built from modified source the freedom to use, study, share, and must meet (see the Open Source code may not be restricted. modify software. Three of these four Initiative’s definition available at If the license restricts source essential freedoms were first set out in https://opensource.org/osd).​ Despite code from being distributed in ’s definition of free the term open source, these criteria modified form, it must allow software, which, after adding free- go beyond the mere accessibility of the dissemination of patch files dom zero, the Free Software Founda- source code. with the source code so that tion (FSF), Boston, still relies on today. Criteria one, three, and four essen- the program can be modified at (See the FSF’s “What is free software?” tially mirror the four freedoms Richard build time. article available at https://www.gnu Stallman and the FSF defined. The sec- .org/philosophy/free-sw.en.html. ond criterion requires the accessibility The other six criteria are usually less For additional detail, see the FSF’s of the software’s source code, which, apparent, although they are often the

84 COMPUTER WWW.COMPUTER.ORG/COMPUTER main differentiator between FOSS and academic approach of publishing all Software at http://www.ifross.org/ other licensing models under which research and results. On the other en/license-center.) software may be distributed free of hand, software was only distributed licenses are characterized charge (for example, freeware). as a part of hardware because a mar- by the obligation to distribute deriv- ket for it, alone, would only be estab- ative works of the software (granted 5. The rights of use must be lished in the mid-1970s once computer to the licensee under the copyleft granted equally to everyone. programs had been recognized as pro- ­authorization) under the terms of the 6. The license must allow the tected literary work under applicable respective copyleft license. While this software to be used in all fields copyright laws (see the “Protection of general rule applies to all copyleft li- of endeavor. Software Under Copyright Law” sec- censes, they each define independently 7. The rights of use granted by tion). This recognition also enabled which modification, alteration, or com- the license must be available to copyright holders to charge license bination constitutes a derivative work every recipient of the program fees when they allowed third parties (which requires them to be licensed un- without having to execute an to use their software, meaning that, der the copyleft terms). In practice, this additional license. although the software’s source code means, for example, that changes made 8. The rights of use must apply irre- remained generally available, payments to files authorized under Public spective of, and separately from, were becoming necessary to actually License (MPL) 2.0 must also be licensed the product the software is used in. gain access to it, thus, instantaneously under the terms of MPL 2.0, and self-­ 9. The license must be impar- restricting software freedom, for which developed software that is linked to tial to other software that is free access to source code is a prereq- software licensed under General Public distributed with the licensed uisite. The FOSS community grew from License 3.0 must be licensed under the software. This includes a a countermovement against these de- same terms. stipulation that it may not be velopments and aimed to preserve soft- Copyleft licenses can further be mandatory for all other soft- ware freedom, although freedom was categorized as strong copyleft licenses, ware to be open source also. interpreted differently by various FOSS on the one hand, and weak copyleft 10. The license may not prescribe licensing models. licenses, on the other. In the for- the individual mer case, the copyleft technology or generally broadly ap- style of inter- plies to all derivative face for the By extensively granting rights of use, FOSS licenses works (the term deriv- software. ensure that users have the freedom to use, study, ative work must still be share, and modify software. interpreted for each IT’S ALL ABOUT FOSS license individ- PRESERVING THE ually, determining, FREEDOM FOSS licensing models: Copyleft for example, on a case-by-case basis, The focus of both definitions is on versus noncopyleft licenses if dynamically linked components preserving software freedom. That is FOSS licenses can generally be divided qualify as derivative). In the latter hardly surprising given the roots of the into two models: copyleft licenses and instance, the copyleft only applies in free-software movement (see the next noncopyleft licenses. (A list of FOSS li- certain situations (for example, only section). Once software freedom is un- censes that was approved by the Open to changes made in the same , as derstood to be at the core of everything, Source Initiative is available at https:// in the case of MPL-2.0). All copyleft many FOSS license obligations (or the opensource.org/licenses; a list of FOSS licenses, irrespective of whether the lack thereof) become clear, comprehen- licenses commonly found in software copyleft is strong or weak, aim at pre- sible, and, for the most part, predictable. and projects is available from the serving software freedom, with the Foundation’s Software Package focus, in this case, being on ensur- The emergence of FOSS licensing Data Exchange project at https://spdx ing that the source code remains In the beginning and until the 1970s, .org/licenses/; and a list, in English, freely accessible. all relevant software was FOSS. On of categorized licenses is avail- Noncopyleft licenses, in turn, do the one hand, freely sharing soft- able from the Institut für Rechts- not focus mainly on the free accessi- ware aligned best with the standard fragen der Freien und Open Source bility of the source code but, instead,

JUNE 2019 85 OPEN SOURCE EXPANDED

on the licensees’ freedom to determine obligations, which are typically found rom a legal perspective, FOSS li- the license conditions for works they in all FOSS licenses, including the censes are no different from any create, even if they are derivative works duty to provide other copyright license. They, of a third party’s code. Accordingly, Frather, only make use of the options weak copyleft licenses do not oblige 1. the full text of the applicable available under applicable copyright the licensee to apply the same license license(s), thus ensuring the law in a way that grants and protects terms to derivative works but, instead, licensee is aware of all rights software freedom to the furthest extent allow him or her to license them under and obligations possible. Ensuring software freedom freely chosen conditions (for instance, 2. the attribution notices. was the initial trigger for creating FOSS derivative works of BSD-3-Clause-li- licenses and remains the strategic fo- censed software can be distributed un- These (and other) license obliga- cus. Keeping that in mind allows one to der the terms of the licensee’s choice, tions, and how to comply with them easily understand and work with FOSS including proprietarily). in practice, will be the subject of the and FOSS licenses. next article in this series. Their in- Other typical license obligations terpretation in the light of software REFERENCES Apart from the copyleft provision freedom has, therefore, only been 1. D. Neary, “Gray areas of software (or lack thereof), there are other outlined here. licensing,” LWN, 2012. [Online]. Available: https://lwn.net /Articles/481386/ 2. , “The 2-clause BSD license,” Opensource. Accessed on: Apr. 26, 2019. [Online]. Available: opensource.org/licenses/BSD-2-Clause 3. Open Source Initiative, “The MIT stay license,” Opensource. Accessed on: on the Apr. 26, 2019. [Online]. Available: Cutting Edge opensource.org/licenses/MIT 4. Open Source Initiative, “Apache of Artificial Intelligence license, version 2.0,” Opensource. Accessed on: Apr. 26, 2019. [Online]. Available: opensource.org/licenses

IEEE January/fEbruary 2016

Also in this issue: IEEE Intelligent Systems provides peer- /Apache-2.0 aI’s 10 to Watch 56

January/FEB real-Time Taxi Dispatching 68 f rom flu Trends to Cybersecurity 84 ruary IEEE 2016

PUTTING AI INTO PRACTICE reviewed, cutting-edge articles on the

Online Beh theory and applications of systems A OrAl AnA OrAl MIRIAM BALLHAUSEN is a lawyer lysis that perceive, reason, learn, and at Bird & Bird, LLP, Hamburg, Ger-

VOL many. Contact her at Miriam.Ball- uME 31 uME nu MBE act intelligently. r 1 www.computer.org/intelligent [email protected].

IS-31-01-C1 Cover-1 January 11, 2016 6:06 PM

The #1 AI Magazine Access all your IEEE Computer www.computer.org/intelligent Society subscriptions at IEEE computer.org/mysubscriptions Digital Object Identifier 10.1109/MC.2019.2915439

86 COMPUTER WWW.COMPUTER.ORG/COMPUTER