By Brian Proffitt
Indemnification. It’s a big word. It’s fancy, and all legal-ly
It’s also, as applied to software, complete horse hockey.
Yes, IANAL, but I am a human being with what I hope is a modicum
of common sense. And to me, it seems that this whole
indemnification thing is just one big trap for the open source
Last week, the new legal firm of Gates and Ballmer came out with
the announcement that from now on, most end users of their software
would be protected from lawsuits under Microsoft’s new
indemnification plan. This was in response to cries of “BS!” from
the industry observers when Ballmer’s pre-Halloween memo
highlighted lawsuit protection as one advantage of sticking with
Microsoft. He was called out because everyone with half a brain
knew that only the largest Microsoft deployments were covered.
Rather than being called a liar–again–Ballmer issued a correction
this week with the new plan.
On the surface, indemnification for any software, open or
closed, seems like a good idea. Dig down about a centimeter and
you’ll soon discover that protecting end users from lawsuits is
about as kosher as protection rackets from the Mafia–especially as
it applies to proprietary software vendors.
It has to do, at least to me, with the very structure of open
vs. closed source development. Proprietary development is typically
managed and owned by a single entity, most usually corporate. Open
source software is developed, usually, across many entities. Some
are individual. Some are corporate.
When you look at Microsoft Excel, you can pretty much point to
the owner of the code. When you look at OpenOffice.org’s Calc, you
could point to the Calc team as the developers, but as the owners?
No… nor could you really point at Sun Microsystems, since they
have given the code to the community. You might need to go all the
way back to Star Division to trace ownership of code, but that’s
ancestral. Who owns it now?
Let’s say I patented the spreadsheet cell, way back in the 80s.
Clearly, some people are using my invention. Who do I sue? If it’s
Excel, well, then I’m off to Washington State. Suing the Excel end
users would never even occur to me. Why would it? I have a clear
legal target with lots of cash. But, if I want to take the
OpenOffice.org folks to task, then it becomes a bit more
problematic. Sun seems a likely target, but only if I can prove
they own the code and were responsible for the inclusion of my
idea. Tricky. Sue an individual developer? Again, tricky. Who wrote
the code? And, even if I tracked that person down, I seriously
doubt that person will have enough funds to recompense me for my
Now, if I were SCO, at this point I would start wondering about
suing large end users of Calc. Threaten them with a suit, and I’ll
either get a quick settlement, or they’ll drop Calc like a hot
potato and hopefully set up a ripple effect of end users dropping
Calc, too. Calc is punished for stealing my brilliant idea.
This threat of end user lawsuits is clearly what is bringing the
idea of indemnification to play in these times. But for a
proprietary company to say they’ll indemnify customers is
ridiculous. It’s like selling cans of Florida sunshine. If someone
wants to try a trademark, patent, or any other kind of suit against
a closed-source vendor, they’re going to go after the vendor, not
the vendor’s customers.
The indemnification trick is just that–a trick to put open
source vendors in the unenviable position of coming up with a
response to potential litigation. (Remember that word potential,
I’m coming back to it.)
In 1948, Lyndon Johnson was running for the US Senate in Texas.
He was not expected to win against his Republican opponent, Coke
Robert Stevenson. Three days before election, he called his
campaign manager and suggested they call a press conference and
state that his opponent fornicated with dogs. His campaign manager
was aghast “We can’t say that!” To which Johnson replied, “Yeah,
but let that bastard get up and start denying it!”
That’s the urban legend. What really happened was less colorful,
yet no different in outcome. Johnson had spent more money on the
race for the senate seat than had ever been spent on a race until
that time. Then, like now, money bought media time, which Johnson
used to accuse Stevenson of failing to back the Taft-Hartley act
and wanting to repeal the act. Stevenson barely responded, sending
a letter to various news outlets, and that was all. Doubt was cast
on Stevenson, and (with the help of some ballet box irregularities
in East Texas), Johnson won that election.
This whole notion of indemnification is just like Johnson’s
tactics, real or legendary. Proprietary vendors get up and say
“we’ll indemnify, how about Linux?” Linux software vendors can
either (a) say nothing, since they think the whole notion is crazy
or (b) respond with like measures, which ironically will increase
the size of a legal target, since potential litigants can now point
to something and say, “hey, there’s some money for us.”
What I wish open source vendors would say is “let them sue.” I’m
serious. I think one solid end-user suit would quickly set a
precedent in the courts that such suits are frivolous and
unenforceable. Of course, in reality, I wouldn’t wish a lawsuit on
And we may never see a real end-user lawsuit against open source
software. As David Berlind pointed out in a column yesterday, we
haven’t seen one yet! For all of SCO’s threats and saber rattling,
they have not sued a Linux end user for using Linux. It’s all been
contractual or trademark oriented stuff.
Indemnification is a nice ideal, but it is utterly unnecessary.
If someone steals code, it’s the developer’s problem, not the end
users’. That’s true on either side of the closed/open source fence,
and the proprietary vendors know it.
Users of open source are not likely to get sued, and developers
of open source software don’t have much to fear. If the notion of
open source was so litigiously dangerous, why would Sun be about to
open source their flagship operating system?
Doesn’t sound so dangerous to me.