Author Archive for Rowan Wilson

i4i and the law of retaliation

Published by Rowan Wilson on April 28, 2011 in Business and Legal. Comments

The legal troubles of Microsoft with Canadian technology firm i4i may seem far removed from the world of open source, but in fact this legal battle – which has just reached its final stages in the Supreme Court of the United States (SCOTUS) – will have repercussions that are bound to change the environment in which open source survives and grows. To sum up the issue: i4i have a software patent that – they have successfully argued – Microsoft infringes upon in their ubiquitous Office package. As a result Microsoft had to pull Office from the shelves 18 months ago and alter it to ensure that the patent was not infringed going forward. Microsoft appealed the decision, arguing that the patent was invalid as a result of ‘prior art’ (meaning that someone else had had the idea first) and that it was not fair to expect litigants who were trying to invalidate patents – such as themselves – to meet the very high standard of proof that is currently necessary. The chief problem, from Microsoft’s point of view, is that the US courts have got used to applying the so-called ‘clear and convincing evidence‘ standard to arguments that patents are invalid as a result of judicial precedent, but that in fact Congress never approved this standard, and that the less stringent ‘preponderance of evidence‘ standard – the default for civil litigation – should apply.

Specifically in the i4i SCOTUS case this would mean that Microsoft could use circumstantial evidence that i4i in fact invalidated their own patent by selling a product based upon the technology over a year before they applied to patent it. Unfortunately for Microsoft, the source code to this late-90s product  - which would have been direct evidence of invalidity and therefore met the ‘clear and convincing evidence’ standard – no longer exists. All Microsoft has are manuals that imply that the technology was present in the product. So if SCOTUS agrees to Microsoft’s arguments, Microsoft will be able to bring this weaker evidence back to the court and will have a much better chance of invalidating i4i’s patent.

While this would to be cathartic for Microsoft who have been losing heavily every step of the way in this chain of cases, the implications of a Microsoft win here would be profound indeed, and perhaps surprisingly, they would benefit open source software a great deal. Lowering the standard of proof needed to invalidate a patent would – inevitably – lead to the value and effectiveness of patents themselves dropping. Generally open source software is on the receiving end of patent litigation; there is little motivation for open source developers to apply for patents as the licence they plan to use on their software makes the patent rights available at no cost to everyone. If that’s the effect you wish to achieve, just releasing the software does the job without any additional patent attorney fees. So – arguably – any weakening of the defensibility of patents benefits open source developers and users.

When a case gets to SCOTUS there tend to be many briefs submitted from interested parties not directly involved in the action. These ‘Amicus Curiae’ (friend of the courts) briefs describe the view of these external parties who feel they might be affected by a decision one way or the other. In this case, i4i’s argument is backed by a very wide range of patent-obtaining entities from Universities to pharmaceutical companies. Even the US government has submitted a brief arguing that the current standard should stand. Submitting briefs backing Microsoft are – among others – Apple, Google and Apache. It’s an interesting sign of how – despite the endless rounds of suing and retaliatory counter-suing over software patents in the IT industry – the big players see the current system as flawed and damaging. The contrast with the Pharmaceutical industry in this case couldn’t be more striking. For Pharma, patents are unequivocally a good thing, serving their need to underwrite investment in research with strong IP protection of their products. In IT it seems, even those with the largest patent portfolios see them as too powerful a weapon. When even the owners of software patents want them weakened, it’s hard to argue that the current law strikes the correct balance.

Of course, the problem here is that Microsoft’s argument, if successful, would reduce the enforceability of every kind of patent in the US, software or otherwise, and for that reason it could be argued that even if the IT industry is being hamstrung by endless patent wars, that is an evil we must tolerate for the good of innovation across the economy. Having lost the opportunity to reduce the protection of software patents on their own during Bilski it may be overly optimistic to hope that SCOTUS will address this even wider issue with anything like clarity. The court is expected to deliver its conclusions in June.

Patent posse stalks WebM?

Published by Rowan Wilson on February 18, 2011 in Community. Comment

Last month I posted about WebM, the free-for-reuse video codec that has been released by Google. In that post, I mentioned the reservations that Apple and others have about patent status of the codec. There are various groups of patents held by industry players that concern the encoding and decoding of video. To make the process of creating hardware and software that encodes and plays video easier, the MPEG LA was created, a body to administer the collection of royalties for the use of up to date digital video and audio patents. So if you’re writing a program that decodes, say, H.264 video, you could pay a fee to the MPEG LA to cover your use of the patents. In turn the MPEG LA would split the fees between the individual patent owners in the ‘patent pool’.

Now as detailed in a previous post, the issue of video patents is becoming increasingly controversial as the web becomes more and more video-oriented. The new HTML 5 specification includes a ‘video’ tag along the lines of the current ‘image’ tag which allows the embedding of video media direct into web pages, without the need to specify a helper object (like say a Flash video player) to actually do the decoding. This means that web browsers themselves now need to be able to handle the decoding and displaying of videos, and that would seemingly mean the payment of money to the MPEG LA (unless you used very old video standards that have the double disadvantage of poorer quality and larger file size).

So the arrival of WebM was seen by many as a blow for the open web, making the creation of open source and free software web browsers and video encoders possible without the levying of patent fees by the MPEG LA. Not unnaturally, the MPEG LA were not too pleased about this prospect, and began making comments about starting a VP8 patent pool almost immediately. On February 10th the MPEG LA went public with their plan to create such a pool.

So it seems that battle lines are being drawn. When asked about the situation Google told The Register that they are in the process of building a coalition of technology players who agree to not assert their IP against the WebM standard. Indeed the VP8/WebM code made available by Google is under a permissive (BSD) licence with an additional patent licence that is conditional on the licensee not alleging that VP8/WebM infringes on any of their patents. While the terms of the WebM hardware codec designs are not publicly available, it seems very likely that they too carry this kind of stipulation.

It’s not surprising then that the list of firms who support the use of WebM has no cross-overs with the list of firms that hold patents in H.264, the standard with which WebM competes most squarely. If WebM does implement some of the patents from the H.264 pool, and it’s quite possible that it does, Google should in theory be paying a lot of licence fees into this patent pool, to cover the entirety of the community use around WebM. In practice, if Google can force uptake of WebM rapidly enough, hardware and software producers will need to serve user demand and join the Google non-assert posse, even if they are also H.264 licensors.

This strategy is helped by the fact that WebM is less of a standard and more of a solution. Formal video standards like H.264 are described in official published documentation, and implementers are allowed to write the encoders and decoders according to their own ideas of what is most efficient. WebM does not have the same kind of official standardised documentation that H.264 has, which makes it much harder to implement without just using the code Google makes available, with its accompanying non-assert patent commitments.

The march of WebM

Published by Rowan Wilson on January 13, 2011 in Community. Comments

On Tuesday Google announced that it would be withdrawing support for the video standard h.264 from its Chrome browser in two months’ time. Back in June 2009 we covered the contortions that Google had gone through to use the open source video codec FFmpeg in Chrome to decode embedded videos without risking the wrath of the the owners of that standard, the MPEG LA h.264 patent pool. Essentially Google used FFmpeg but did not acquire a licence from the patent pool for FFmpeg itself, but instead for its Chrome browser. This was a cunning move but at the time it annoyed some around the open web standards community who felt – with some justification – that Google’s move was something of an ‘I’m alright Jack’ statement to the rest of them. Representatives of the Mozilla project who produce Firefox scalded Google on public lists, as reported in that previous post.

In August 2009, a couple of months later, Google bought the media compression company On2 for about £100m. This was widely interpreted as an initial move to bypass the stranglehold that h.264 had on web video and perhaps produce a genuinely open standard with all necessary patents licensed for use by all. After all, On2 was the company that had contributed its (somewhat outdated) video codec VP3 to the web standards community, a codec which had come to be the basis of open video encoding standard Theora. During the arguments over Chrome and FFmpeg, many had argued that Theora should be the basis for web video and its embedding in the new HTML 5 standard using the new <video> tag. At the time Google had pointed out that Theora/VP3 was just not as efficient as h.264, and that its use would mean hosts and users paying for more bandwidth for the same quality video as h.264 provided.

In May last year, Google announced a new video container standard – WebM – which incorporated three related open media standards. Digital media files typically contain multiple streams of data encoding video, audio and subtitle information. To manage these multiple streams, media files are packaged in what are often called ‘container’ formats – essentially standards that describe how streams can be packaged together and decoded by playback hardware. Early container formats such as MPEG and AVI did not support complex options such as multiple audio and video streams, or incorporated subtitles. As it became clear that these older formats were unable to mimic the experience end users expected from their DVD players, more complex containers – such as the open standard Matroska - were developed. Matroska – which enabled multiple audio, video and subtitle tracks in a single file – became popular quickly, in part due to its ability to allow Japanese Anime video files to be exchanged over the internet in a form that satisfied both native Japanese speakers and others who required subtitles or dubbed audio. Google’s WebM was a new container format based heavily on the Matroska template. Within each WebM file there is typically at least an audio stream encoded by the open Ogg Vorbis standard and a video stream encoded by the VP8 standard (a much more efficient progression of the VP3/Theora codec) which Google had acquired with On2 the previous August. In the same announcement, Google, Mozilla and Opera revealed new builds of their browsers which fully support the WebM standard.

So since last year there has been – thanks to Google – an entirely open group of video and audio standards that anyone can use in their web content and encode and decode in their software. The question remained, though, would it get used? Microsoft and Apple were both licensors in the h.264 patent pool, and stood to make money if they could keep h.264 the de facto web video standard. The day after the WebM announcement Microsoft revealed that Internet Explorer would also support the new open standard. That left – and leaves – Apple. Apple’s browser Safari does not support WebM and Apple has announced no plans for it to do so. This is not such a big problem in the desktop, where Chrome is available for Mac OSX with WebM support, but in the mobile space, it potentially is. Mobile Safari, the only web browser currently permitted by Apple to render HTML on the iPhone, iPad and iPod, accounts for 40-50% of mobile web traffic. While WebM can be a huge success on the desktop with or without Apple’s support, in the mobile space Apple’s cooperation is more important. So would they play ball? It seems unlikely, at least for the moment. The day after the Google WebM announcement, an Apple engineer briefed news site Apple Insider saying that the VP8 codec element of WebM was ‘a mess’ and not competitive with h.264.

By dumping h.264 support from Chrome, Google is making a strong statement that it is prepared to use its power to drive WebM adoption. After all, Google owns Youtube, the most accessed video hosting site on the internet.  If Google shuts down h.264 support on Youtube, it could kill that standard – at least in web video – overnight. Whether it is prepared to take this action remains to be seen. Certainly it seems likely that the MPEG LA h.264 licensors might have something to say about such an action –  and its anti-competitive effect – in court.

For the open source and open standards community, WebM is unequivocally good news, as is Google’s willingness to strong-arm its adoption. Open source video decoding has long been a dark art for legal rather than technical reasons. The existence of a genuinely royalty-free video format set removes the threat of legal action from open source video projects which adopt it. For educational establishments, the current lack of involvement of Apple is troubling. iTunesU has been extremely successful in the UK, with UK institutions producing a surprisingly high proportion of the most downloaded material worldwide. With the current emphasis on open educational resources in UK policy, a genuinely open video standard would seem a natural way for open educational resources to be distributed – opening as it does the possibility of entirely legitimate royalty-free open source video editing software and a consequent widening of the audience who are capable of remixing the material for their own purposes. However while iTunesU remains the primary portal for UK educational video content, and Apple’s native software (iTunes, iOS video decoding, Quicktime) does not support WebM, it seems unlikely that we will be able to take full advantage of this advance.

The Novell Deal

Published by Rowan Wilson on December 3, 2010 in Business and Legal. Comments

The web has been aflutter with the news that Novell – owners of the SUSE Linux distribution – have been sold to Attachmate, and that futhermore a bundle of 882 patents belonging to Novell have been sold to CPTN Holding, a somewhat mysterious proxy for a group of tech companies organised by Microsoft. Whenever the words Microsoft and Linux get mentioned together there is extensive internet drama. In this case the concerns raised were chiefly

  1. that Microsoft might somehow use the 882 patents to destroy Linux
  2. that Attachmate might kill the openSUSE project

Point 2 was answered quickly by a statement from Atachmate shortly after the deal was announced:

“The openSUSE project is an important part of the SUSE business… As noted in the agreement announced today, Attachmate plans to operate SUSE as a stand-alone business unit after the transaction closes. If this transaction closes, then after closing, Attachmate Corporation anticipates no change to the relationship between the SUSE business and the openSUSE project as a result of this transaction.”

That leaves the suspicion that CPTN Holding might be a lynching posse for Linux. An interesting post on the FOSSPatents blog argues convincingly against panic on this score, but I think there are also other reasons for delaying any effigy burning or widespread acts of civil disobedience.  Novell was a member of the Open Invention Network, an organisation that holds a group of patents and licences these to tech companies on condition that they commit not to use their own patents against Linux. The OIN is criticised on occasion for seeming to be inert (in fact the blog post I linked above does just that) but it’s quite possible to argue that for a body like the OIN success looks an awful lot like inertia. After all, if it were constantly having to ride to the rescue of Linux, it would be failing in at least its intended deterrent effect.

In any case, OIN is kind enough to publish the standard agreement that tech companies sign up to when joining.  This agreement covers what happens when a signatory wants to sell (assign) the patents that they have agreed not to use against Linux:

5.1 No patents subject to this Agreement shall be assigned or any rights granted hereunder unless such assignment or grant is made subject to the terms of this Agreement. Neither OIN nor You shall assign this Agreement, assign any of its rights under this Agreement, or delegate any of its obligations hereunder, unless otherwise agreed in writing by the other party. Any attempt to do any of the foregoing shall be void.

I am not a lawyer, but my reading of this clause is that – assuming this agreement was in force between them – Novell needed OIN’s agreement to sell their patents and the patents themselves remain subject to the agreement at their new home. If this is the case, it seems extremely unlikely that they can be used against Linux.

IP dust-up round-up

Published by Rowan Wilson on November 8, 2010 in Legal. Comments

In a world where the most recent arguments over IP are almost impossible to track effectively (although I’m grateful to the The Guardian for providing this handy diagram on who is suing whom in the world of mobile phone technologies) it’s nice to be able to catch an argument that is going to be huge in its early stages. David Willetts, Minister of State for Universities and Science in the Coalition Government, has praised the US patent system and suggested that in the UK we are too reluctant to allow the patenting of wide areas of invention:

“In the US, it’s easier to obtain software patents, and Google was able to patent some work – using a federal grant, I might add – that it might not have been able to patent in the UK. The US rule is that ‘anything man has invented under the sun you should be able to patent’. That’s something we do wish to investigate.”

from http://www.guardian.co.uk/commentisfree/2010/nov/06/google-david-cameron-copyright

Knowing the vehemence of the European anti-software patent lobby, this seems likely to be a controversial course, should the government decide to pursue it. It was also somewhat in contradiction to the themes in David Cameron the Prime Minister’s speech at the same event which talked about widening fair dealing exceptions to copyright law to better mirror those in US law (the document underpinning the PM’s speech also trailed a ‘peer to patent’ system of vigorous crowd-sourced patent application testing specifically for the UK, which might work against the ‘everything under the sun’ approach that Willetts advocated).

Argument number 2: GPL-licensed media player VLC has been converted to run on iOS, the operating system used on Apple’s portable devices the iPod Touch, the iPhone and the iPad with the blessing of the managers of the project. Unfortunately a contributor to the project has taken exception to this and believes that distributing his work under the GPL via Apple’s App Store is an infringement of his copyright. This is an extremely interesting example of why IP management in projects is a sticky, potentially ugly but essential issue. Project managers need to be sure they have the rights necessary to do what they want to do. Discussions of this issue on the VLC mailing list (including one thread started by the Licence Compliance Officer at the Free Software Foundation explaining why they are supporting the complaining developer and which quickly degenerates into abuse) are ongoing, and it is not yet clear if Apple will remove the app from their store in response to the complaint.

Argument 3: Oracle has responded to Google’s response to their complaint over Java on Android. Despite doubts over whether Oracle could make the copyright infringement accusations stick, Oracle have come back strongly with alleged actual code borrowings between Oracle’s Java and Android’s Dalvik virtual machines. The Register has reported that – although Google’s code is based on the Apache Software Foundation project Harmony, the alleged borrowings are not present in the Harmony code base, and so must have found their way into Android through Google’s downstream customisation work. This is good news for Apache, but potentially awful news for Google and the Android ecosystem.

Google responds to Oracle: ‘Unclean Hands’

Published by Rowan Wilson on October 8, 2010 in Legal. Comments

Almost two months after Oracle filed suit against Google over the use of Java technologies in Android, Google has responded – somewhat angrily. The gist of Google’s responses are as follows:

  1. Google has not infringed Oracle’s patents
  2. …which are invalid anyway
  3. …and unenforceable because Oracle have waited too long to enforce them
  4. Also, Google’s Android code can be used in many ways that do not infringe on Oracle’s patents
  5. Also, we believe that Oracle already made these patents public domain
  6. In any case, damages should be limited because any infringement was long time  and Oracle only just told us… oh and because the patents are invalid anyway
  7. Did we mention that Oracle are misusing their patents?
  8. We definitely think that Oracle should pay Google’s attorney fees because Oracle knew they had no case but went ahead anyway
  9. Also, the US government uses this code so take (some of) this up with them
  10. Oracle certainly shouldn’t be able to stop Google distributing Android as other less harsh remedies could sort this whole problem out
  11. …and anyway, Google already has a licence for all this stuff
  12. …or at least Oracle implied Google had a licence by the way they acted
  13. Oracle is not trying to right a wrong here; they are trying to commit a wrong

Reading these lists of defences can often be confusing, or amusing, or both. It’s important to remember that these arguments are allowed to be somewhat contradictory; they are designed to stand individually even if some or all of their compatriots are struck down. Thus saying “I wasn’t there, but if I was I didn’t kill him, but if I did he was threatening me and therefore asking for it” is perfectly normal when defending accusations in court.

In addition to this response Google is responding to the claims of copyright infringement that I found so interesting in the previous post by arguing that Oracle’s pleas are just not specific enough to amount to anything at all. Google is asking that these claims therefore be dismissed entirely. Now, with any luck, Oracle will have to respond with specifics on the copyright infringement issue. This is perhaps the most important aspect of the claim from  the point of view of the open source community. In asking for the claim to be dismissed, Google point out that Oracle’s vagueness on this issue is unaccountable. After all, this is not an accusation leveled at a closed source program, where there might be some justification for not producing specific examples of code copying; here the source is available to all, and Oracle could easily reproduce or cite the sections which it feels are duplicative of their property. Perhaps Oracle will respond with a more general claim that Android infringes on its copyright in specifications; although as I pointed out in my last post, that can be a hard argument to make successfully.

Some of the uncertainty over the specification issue springs from the history of the so-called Java Community Process, of which Google gives its own account in its response. This is an ugly, contentious and long-running story that I have touched on before and which I don’t propose to fully detail here. In essence, despite nominally releasing Java as open source and creating a process whereby other implementations of Java technologies could get accreditation and necessary IP licences, Sun never really made Java technology open for all potential uses. Their keenness to profit from the mobile sector in particular meant that they set up obstacles to the creation of mobile Java implementations that enjoyed all (potentially) necessary IP licences from Sun. The result of this was that Sun’s Java Micro Edition was somewhat protected from competition by the lack of clarity over whether open source versions of Java could be run on mobile devices without infringing on some of Sun’s intellectual property. Google points out that – when they did not own the Sun IP in question – Oracle repeatedly attacked Sun’s position on this issue and called for Sun to create a simple process whereby any Java implementation could be tested and obtain all necessary licences from Sun. However once Oracle itself acquired the Java IP, they went curiously silent on the issue. In some ways Oracle is in an awkward position here (if their copyright claim relates to specifications). Having loudly called for all Java implementations – regardless of whether they are mobile or not – to be licensed by Sun in the past, they would now find themselves relying on the fact that Sun refused to do as they asked.

The 13th point above is – in the response itself – detailed in this way:

13. All of Oracle’s claims are barred because Oracle has come to this Court with unclean hands.

This essentially means that Google believes that Oracle is using the Court system – whose intended purpose is to create greater fairness and justice – to perpetrate an injustice and achieve an unfair outcome. Whether this accusation is based upon Oracle’s u-turn Java openness remains to be seen.

Oracle vs Google: Triple Damage!

Published by Rowan Wilson on August 19, 2010 in Legal. Comments

In Norse mythology it’s predicted that the final days of the world will see a supernatural wolf called Sköll swallow the sun before helping to kill Odin, the mightiest of the Gods. In a move that will surprise no ancient Vikings, Oracle – the gigantic database corporation that up swallowed Sun Microsystems – has made a wide-ranging patent and copyright infringement complaint (pdf) against the mighty Google Inc. that may or may not indicate that the world will soon end.

The complaint concerns the use of Java-related technologies in Google’s Android mobile Linux platform, and the details are ugly indeed. Ever since Sun released Java back in 1995, they (and now new owners of the Java IP Oracle) have been looking for ways to make some money off it. Java was intended to provide a solution to the problem of platform fragmentation – the unfortunate situation that means software developers have to write many differing versions of their code to cater for all the different varieties of computing environment out there (Macs, Windows, Unix etc). Sun’s Java provided a layer of virtualisation, so that in theory you could write your Java code once and have it run anywhere, confident that the virtualisation layer (or ‘virtual machine’) on each system would handle the complexities of translating your program for use on the local hardware.

It didn’t help that the technology grew in ways that Sun had not really predicted – seeing far more adoption on the server than in the client area at which it was initially targeted. When mobile phones and set top boxes began to become more powerful and able to run consumer software, Sun launched a ‘Micro Edition’ (ME) of Java that was intended to coalesce this massively fragmented market. This ought to have given Sun a strong, commercialisable position as gatekeeper between software developers and a wide spectrum of hardware platforms, but in the event the technology was not equal to the vision and developers still needed to tweak Java ME software to run efficiently on each platform, causing much woe and despondency. Nevertheless, the mobile market remained Sun’s core focus in the struggle to wring money out of Java. At the same time, Sun was positioning itself as an open source-friendly company, and was therefore receiving quite a lot of pressure from the open source community to put its money where its mouth was and release Java under an open source licence. In 2006, when Sun finally did release Java as free software, the strategy to monetise mobile was still very clear in their licensing choices.

The standard edition of Java – designed to run on desktop computers and servers – was released under the GNU GPL with the so-called ‘Classpath Exception’. This was a licence created by the Free Software Foundation’s GNU project to cover their own free software implementation of the core Java-compatible class libraries (essentially toolkits of functionality for building complex applications). The exception meant that you could use the GPL-licensed libraries to build your applications without having the copyleft requirements of the GPL transmit to your own code. However for the ‘Micro’ edition of Java, Sun used a dual licensing model, leaving out the exception from the GPL version and selling commercial licences for device manufacturers and developers who wanted to write mobile software which was not compelled to be GPL.

Thus, when Google decided it wished to use Java as the development language for software on their eagerly anticipated mobile Linux platform Android, one could argue that it should – finally – have been a huge payday for Sun. However it was not to be. For whatever reason, Google did not want to go down the road of licensing and mandating the use of Java ME. Instead, they took an open source implementation of Java called Apache Harmony and made some variations to it of their own. First they created their own virtual machine called Dalvik, which ran a different kind of code to a standard Java virtual machine (a tool in the Android development kit converts standard Java ‘byte-code’ to the new Android format). They also added many new libraries to support more modern functionality such as Bluetooth and the 3D graphical acceleration technology OpenGL. Everyone – except Sun – was happy. Developers did not need to buy commercial Java ME licences from Sun but could still use the Java skills they had developed over the last decade. Google did not have to rely on another company to mediate their relationship with developers and handset manufacturers. Sun had lost out again. Perhaps their previous highly-publicised love affair with open source meant that they could not easily start suing a competitor over a piece of open source software? Finally in early 2010 a financially embarrassed Sun was acquired by Oracle.

Oracle itself has some open source credentials – they run a proprietary/open dual licensing model for the product Berkeley DB. However the majority of their business is unashamedly closed source and therefore ever since they acquired the Java IP with Sun there has been much speculation that they would come after Google over Android and Dalvik. The complaint that has finally emerged is a wrathful document indeed, accusing Google of wilfully infringing on Sun/Oracle’s patents and copyright and seeking the seizure of all infringing devices, code and even advertising materials. Due to what they see as the egregious cheekiness of the infringement, Oracle want punitive triple damages.

What makes this case interesting – apart from the enormity of the two combatants – is the range of the counts. Along with seven fairly generic technology patents dealing with program compilation and execution, Oracle are also alleging copyright infringement. This would normally imply – in the case of software – that Oracle believes that Google (and quite possibly Apache Harmony) have incorporated verbatim sections of their code in their own products. Here, though, it’s hard to see how that could be the case. As an open source project Harmony’s source has been available for the world to see for many years, and one might have expected any literal code inclusion to have been noticed and acted upon a long time ago. As for the parts added by Google, it seems extremely unlikely that a company with Google’s resources would risk any kind of ‘code contamination’. Dalvik has been widely reported to have used ‘clean room’ reimplementation in its creation – meaning that no-one with any experience of (in this case) Java’s internals would be allowed to contribute any code to the project. The only point of connection between the original and the new code in a clean room reimplementation is the specification – the detailed but high-level description of how the software should operate. Could Oracle be suing over the use of the specification?

Oracle’s complaint says this:

38. The Java platform contains a substantial amount of original material (including
without limitation code, specifications, documentation and other materials) that is copyrightable
subject matter under the Copyright Act, 17 U.S.C. § 101 et seq.

39. Without consent, authorization, approval, or license, Google knowingly, willingly,
and unlawfully copied, prepared, published, and distributed Oracle America’s copyrighted work,
portions thereof, or derivative works and continues to do so. Google’s Android infringes Oracle
America’s copyrights in Java and Google is not licensed to do so.

…so specifications are explicitly listed as a variety of copyright work Oracle considers itself to hold in Java. This is of course true – specifications are copyright works as they are original and complex. The documents themselves are clearly ownable and their owners rightly get peeved if people copy and distribute them without permission. Here’s another quote from the Java Specification Participation Agreement – the agreement which allows third parties to get involved with defining and implementing new parts of Java:

For any Specification produced under a new JSR, the Spec Lead for such JSR shall offer to grant a perpetual, non-exclusive, worldwide, fully paid-up, royalty free, irrevocable license under its licensable copyrights in and patent claims covering the Specification (including rights licensed to the Spec Lead pursuant to Section 4.A and 4.C) to anyone who wishes to create and/or distribute an Independent Implementation of the Spec.

(JSRs are Java Specification Requests – basically descriptions of new features). Taking the language of the complaint along with the language of the participation agreement, it seems quite possible that Oracle are going to argue that any implementation of their specification is a derivative work of that specification and therefore needs a licence from them. This kind of copyright action – essentially claiming a high-level copyright in the design of the technology – is controversial and difficult to win. The more abstract the entity for which you are trying to claim copyright ownership, the harder it is to show indisputable infringement. Verbatim code copying is fairly easy to spot and demonstrate; the duplication of structures and interfaces is harder to demonstrate and is always open to arguments that there is no substantial relationship between the design and the implementation.

Of course, it may be that Oracle does have evidence of more concrete low-level copyright infringement, despite my personal instinct that that is unlikely. However if they will be arguing on the difficult basis of ’specification infringement’ I have to wonder why. Is it a plan to bolster a set of patents they are unsure about? Somewhat selfishly part of me hopes that the case will play out publicly and not be settled behind closed doors, if only to clarify this controversial area of copyright.

My pacemaker will not be tweeting just yet

Published by Rowan Wilson on July 23, 2010 in Legal. Comments

June 2007:the Free Software Foundation (FSF) publish their third ‘discussion draft’ of their proposed new licence, the GPL version 3. Alongside this new draft is published a so-called ‘rationale’, which helpfully explain the changes made since the last draft. Originally the FSF had planned to require all forms of encrypted GPL software to be accompanied by appropriate decryption keys, to prevent device manufacturers from putting GPL software in their products but making it impossible to end users to modify it. Many people had complained about this however, saying that it undermined a lot of legitimate uses of cryptography on software code. The FSF responded by limiting the requirement only to ‘User Products’ in its next draft, and went to a lot of trouble to define this subset of GPL-containing items. In the rationale document(pdf), they commented:

We considered including medical devices for implantation in the human body in the User Product definition. We decided against this, however, because there may be legitimate health and safety regulations concerning inexpert and reckless modifications of medical devices. In any case, it will probably be necessary to convince medical device regulators to allow user-modifiable implantable medical devices. We plan to begin a campaign to address this issue.
Some commentators made fun of this aspiration. Ed Burnette of ZDNet commented:
This paragraph demonstrates both the pragmatism that is creeping into the FSF (concerns for ‘reckless modifications’) and the ‘tin-foil hat’ eccentricity that has always been a part of Stallman’s free software movement. If nothing else, the activities of the FSF and its colorful leader will continue to give us plenty to talk about in the years to come.
Well, years passed and there was little public evidence of this campaign… until this week. On Wednesday the Software Freedom Law Center (SFLC) published research which argues that the US Food and Drug Administration (FDA) should require all manufacturers of Implantable Medical Devices (IMDs) to publish the source to the code in their products. The paper cites many chilling examples of software reliability and security problems with IMDs:
While there has yet to be a documented incident in which the source code of a medical device was breached for malicious purposes, a 2008-study led by software engineer and security expert Kevin Fu proved that it is possible to interfere with an ICD (implantable cardioverter defibrillator) that had passed the FDA’s premarket approval process and been implanted in hundreds of thousands of patients. A team of researchers from three universities partially reverse-engineered the communications protocol of a 2003-model ICD and launched several radio-based software attacks from a short distance. Using low-cost, commercially available equipment to bypass the device programmer, the researchers were able to extract private data stored inside the ICD such as patients’ vital signs and medical history; “eavesdrop” on wireless communication with the device programmer; reprogram the therapy settings that detect and treat abnormal heart rhythms; and keep the device in “awake” mode in order to deplete its battery, which can only be replaced with invasive surgery.
In one experimental attack conducted in the study, researchers were able to disable the ICD to prevent it from delivering a life-saving shock and then direct the same device to deliver multiple shocks averaging 137.7 volts that would induce ventricular fibrillation in a patient. The study concluded that there were no “technological mechanisms in place to ensure that programmers can only be operated by authorized personnel.” Fu’s findings show that almost anyone could use store-bought tools to build a device that could “be easily miniaturized to the size of an iPhone and carried through a crowded mall or subway, sending its heart-attack command to random victims.”
Chilling stuff indeed. The paper goes on to argue that FOSS is inherently more secure than closed source, and that source code for IMDs ought to be available for all to see both for greater security and to avoid problems if a device manufacturer goes bankrupt and disappears.
This is not quite the campaign promised back in 2007, however. Notable by its absence is a call for IMDs to actually be user-modifiable:

Specifically, we call on the FDA to require manufacturers of life-critical IMDs to publish the source code of medical device software so the public and regulators can examine and evaluate it.

The paper uses the argument that FOSS is more secure to underpin a request for publication, not full FOSS-licensing. Presumably any errors detected in the code would have to be notified to the manufacturer for actual repair. This is, of course, not particularly surprising. Calling for the FDA to allow individuals to flash their pacemakers to tweet their heart rate would probably attract the same kind of ridicule that Ed Burnette engaged in three years ago. While some activists – including possibly Stallman himself – may regret this reticence, it is probably necessary in order for the request to be taken seriously.

Machine, transformation or cop-out?

Published by Rowan Wilson on July 2, 2010 in Business, Development and Legal. Comment

After a long, long wait, the Supreme Court of the United States has finally delivered its opinion (pdf) in the so-called ‘Bilski’ appeal. The judgement was eagerly awaited by those who opposed software patents, as it held the potential to change the rules on patentability of software in the US.

Thirteen years ago Bernard L. Bilski and Rand Warsaw applied (pdf) for a patent on a process that sought to allow commodities traders to reduce their risk exposure. The key components of their invention were a list of steps traders could take, and an expression of those steps as a mathematical formula. The patent application was rejected on the basis that it did not describe a specific apparatus, that it manipulated only abstract ideas and that the problem it solves is an exclusively mathematical one.  Bilski et al kept appealing the decision at progressively higher courts, and kept getting knocked back. Finally the en banc court (a kind of grand moot of all the Court of Appeal judges reserved for issues where uniformity of opinion is particularly important) knocked it back while also tearing down one of its previous ‘tests’ for patentability which might otherwise have been interpreted as supporting Bilski et al’s arguments. This test, established in the case of State Street Bank & Trust Co v. Signature Financial Group, Inc. in 1998, held that a process could be patented if it produced a “useful, concrete, and tangible result”. The State Street decision was taken at the time as a green light for patent applications on abstract concepts like business and software processes.

In the light of the Bilski patent claim, the en banc court decided that this was too low a hurdle, and that they needed a new test for patentable processes. Instead they insisted that a process must meet the following two criteria: “(1) it is tied to a particular machine or apparatus, or (2) it transforms a particular article into a different state or thing.” This has become known as the ‘machine or transformation test’. Bilski responded by taking the final throw of the dice and asking the US Supreme Court to review the en banc court’s decision. The Supreme Court agreed.

So what does this have to do with software? Well business processes are frequently embodied in software, and the discussions of where the borderline between invention and abstraction lies is an extremely relevant one in the world of software development. The ‘machine or transformation test’, if affirmed by the Supreme Court, would very likely have made many pure software inventions unpatentable (as general purpose computers are not ‘particular machine[s]‘, and their own internal processes and data unlikely to qualify as ‘particular article[s]‘). After the en banc decision hopes were high in the anti-software-patent community that the Supreme Court would affirm the ‘machine or transformation test’ and make widespread software patenting a thing of the past. On the other side of the argument, groups like the Business Software Alliance and Dolby Labs submitted amicus briefs to the Supreme Court arguing that the machine or transformation test would kill off a large proportion of their livelihoods.

Perhaps inevitably the Supreme Court has chosen a middle path that brings little certainty to anyone except Bilski et al – who now definitely know they’re not getting their patent. The decision finds that the specific Bilski patent is indeed an attempt to own an entirely abstract concept, and so should be disallowed. It does not, however, go as far as to agree with the en banc court that the ‘machine or transformation test’ is the new gold standard for patentability in these worryingly abstract domains:

The Court’s precedents establish that although that test may be a useful and important clue or investigative tool, it is not the sole test for deciding whether an invention is a patent-eligible “process”

A little further on, the decision gives the effect on software patentability as a good reason for not adopting the ‘machine or transformation test’, and in doing so cites a group of software problem domains that – it seems to imply – are very firmly the proper subject matter for patents:

But there are reasons to doubt whether the test should be the sole criterion for determining the patentability of inventions in the Information Age. As numerous amicus briefs argue, the machine-or-transformation test would create uncertainty as to the patentability of software, advanced diagnostic medicine techniques, and inventions based on linear programming, data compression, and the manipulation of digital signals.

Yet a little further on, we get the qualification:

It is important to emphasize that the Court today is not commenting on the patentability of any particular invention, let alone holding that any of the above-mentioned technologies from the Information Age should or should not receive patent protection.

Clearly there is confusion here. There seems to be an anxiety on the part of the Supreme Court that they will ‘break’ innovation whichever way they lean. This is perhaps best expressed in this elegantly-phrased linguistic shrug:

This Age puts the possibility of innovation in the hands of more people and raises new difficulties for the patent law. With ever more people trying to innovate and thus seeking patent protections for their inventions, the patent law faces a great challenge in striking the balance between protecting inventors and not granting monopolies over procedures that others would discover by independent, creative application of general principles. Nothing in this opinion should be read to take a position on where that balance ought to be struck.

True, that.

OSS Watch Newsletter

Published by Rowan Wilson on August 21, 2009 in Community. Comments

OSS Watch is pleased to announce the first issue of our newsletter, available as a PDF.  It will be published monthly, and include a selection of feature items, news, and upcoming events.