ANALYTICS EXCELLENCE WEBINAR SERIES Panel Introduction
ANALYTICS EXCELLENCE WEBINAR SERIES Panel Introduction
Liz Fortier Devin Villegas General Counsel Executive Director, Engineering Lucid LLC Lucid LLC
Justin McCarthy Chris Wheaton Principal Attorney Privacy and Compliance Counsel Schwegman Lundberg & Woessner Lucid LLC Understanding Open Source Software
• What is it? o Open source software is software with a license where anyone can inspect, modify, and enhance subject to conditions in the license.
• Where is it? o Everywhere. A common online software development platform, Github, has millions of open source software projects in various stages of completion and development. o According to a 2015 Study by Black Duck Software, 78% of companies run open- source software o Notable examples: Linux Apache Web Server Open Office Understanding Open Source Software
• Usage rights and obligations depend on license. • Today’s presentation will focus on usage of OSS in commercial software products. • Basic License Types: o Copyleft Licenses Users have a right to use modify or freely distribute copies, so long as you work produced from the licensed work is made available under the same terms. o Other Licenses • We will describe a few of the popular OSS licenses and some of their obligations. o There are other obligations and terms that you should be aware of if you plan on using OSS. o This is just an introduction. OSS: Copyleft – the GPL (V 3.0)
• “if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.” o Distribution triggers obligation to provide source Classic distribution – providing a copy of the program (on physical media or download) What about Cloud computing? What about web-based applications? • Use of even small amounts of GPL code in a larger commercial program is problematic o Larger commercial program could be considered “work based on the [GPL] Program,” which requires you to “license the entire [commercial program], as a whole, under this license.” OSS: Copyleft – the GPL
• What about linking to GPL Libraries? o Unclear. Some (including FSF – copyright holder of the GPL) hold that linking a GPL library into a work makes that work fall under the GPL Some draw the distinction between Static v. Dynamic Linking Some argue that regardless of linking, as long as you don’t modify the library you can link. o Consequences If you are wrong – may pull your entire code under GPL and have to release source code. • This is one of several aspects where the GPL is unclear OSS: Copyleft – the GPL
• Other requirements and notable features o Requires modified versions be marked as changed. o Anti- Anti Circumvention clauses for work or modified work. Targets 17 U.S.C. 1201 • Examples of GPL OSS o Linux o GNU Compiler Collection (GCC) Other OSS Licenses
• Apache 2.0 • BSD 3 Clause • MIT • Unlicensed Apache 2.0
• If you sue ANY entity alleging that the work or a “contribution incorporated within the Work” constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. o Question: Say I utilize version A of the work. Version B is modified by a competitor to include a new feature that violates the patent and the competitor submits version B to the other for inclusion in the product. I sue the competitor. Do I lose my license to use Version A? Potentially. • Notable Obligations: o Must provide a copy of the license to recipients o Modified files must carry prominent notices that you changed the files. o Retain attribution notices o NOTICE text file must be included. • You may add own copyright statements and may provide additional or different license terms and conditions, provided you otherwise comply with the license. • Submitted contributions (unless otherwise stated) are deemed under Apache license. BSD 3 Clause
• Copyright
• Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: • 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. • 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. • 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. • THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE MIT
• Copyright
• This is free and unencumbered software released into the public domain. Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means. In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. For more information, please refer to
• Conflicts between multiple OSS licenses. o Consider: You incorporate a library with a GPL v. 3 license and also a library with a GPL v. 2 license. o GPL v. 2 provides: 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. o BUT, GPL v. 3 does add further restrictions (e.g., Patent rights, etc.) • Many open source projects have no license o Full Copyright Using OSS in Commercial Software Products
• Establish programs to evaluate and document the use of OSS in your product early on and throughout the life cycle of your development. o Assume nobody is concerned with this and look into it. o Becomes much more difficult to find later on. o Easier to fix problems early on. • Understand the implications of using Copyleft OSS o E.g., tools for development where the code isn’t distributed vs. distributed code o Risk mitigation. • Communicate with developers the importance of getting permission to use OSS. • Consult with attorney to insure compliance with all OSS terms and conditions. • Consider OSS in consultancy agreements Using OSS in Commercial Software Products
• If your software is mature, tools are available that find OSS in your code. o Even if you have a program that requires developers to notify you, utilizing these tools may catch issues where developers fail to notify you. • Employ mitigation steps if OSS discovered o Mark and attribute code o Distribute source o Isolate or remove GPL code o Fight copyright – e.g., work is too simple (interface files) o Rewrite (white room) code OSS Takeaways
• Understand the implications of OSS and communicate to developers • Track usage of OSS • Consider finding alternatives to code with GPL if possible • Comply with all license requirements • Consider OSS in consultancy agreements • Research into creating workflows for approval to use (legal review). Analyze code as part of deployment process. o Certain licenses might be whitelisted. Benefits of a Virtual In-House Counsel
• Understand OSS license terms and conditions • Help implement a tracking program • Help with mitigation efforts should OSS be discovered late. • Help educate developers Discussion & Questions
Liz Fortier Devin Villegas General Counsel Executive Director, Engineering Lucid LLC Lucid LLC
Justin McCarthy Chris Wheaton Principal Attorney Privacy and Compliance Counsel Schwegman Lundberg & Woessner Lucid LLC IP Punch List Webinar Series
Please Join us for our Next Presentation: The Essentials: Setting up a Patent Program for a Med Tech Company
July 13, 2017 1 PM (Central)