As director of intellectual property strategy for the Linux Foundation and an attorney at Choate Hall & Stewart, Karen Copenhaver knows a bit about open source software licensing. She recently spoke with Dr. Dobb's editor in chief Jonathan Erickson.
Dr. Dobb's: Are open source and public domain the same thing?
Copenhaver: Not at all. Open source licenses are granted by the copyright holder and the license is an exercise of the copyright. In order to enjoy the benefits of the license, you must comply with its terms. If you don't comply with the license, you're not licensed--and another word for unlicensed use is "infringement."
Dr. Dobb's: There are usually no signed license agreements with open source software. How, then, can users be subject to licenses?
Copenhaver: Confusion is often caused by the fact that the software is made generally available for download. Users may assume that if something is made available for free, it's thus licensed for use without restriction. That's not the case. A license may be implied where one isn't stated, but an implied license can't contradict an actual stated limited license. The fact that there is no charge for the software is irrelevant.
Dr. Dobb's: What are the main legal issues regarding open source?
Copenhaver: The main issue for businesses is internal control. Businesses have procurement organizations that are responsible for procuring everything the business uses in its operations. Those organizations review agreements and establish terms before they write the check. The internal control is based on the assumption that the business will pay for everything it uses. In order to arrange for payment, you have to go through procurement.
Because open source is made available without charge, this basic internal control fails. The software often comes into the organization without review of the associated obligations or any process to ensure compliance. Companies are in the process of implementing policies and processes that impose basic internal controls over acquisition, use, and compliance of open source software.