By Jacqueline Emigh
Linux Today Correspondent
On Monday at LinuxWorld, Open Source Risk Management (OSRM) will
roll out a new patent and copyright insurance program for Linux.
“There’s already a wait list for the first policy, which will be
for the Linux kernel,” said Dan Ravicher, a patent attorney who led
the OSRM’s recent evaluation of the kernel’s possible patent
infringements.
“The SCO case has been model for those with rights they think
they could assert against Linux,” Ravicher said during a
pre-briefing for Linux Planet. Even parties who are not sure they
will win in court “can still sue, and get the visibility,” the
attorney added.
Launched last August, OSRM calls itself a “vendor-neutral
provider of risk mitigation and management solutions.” Ravicher,
who was hired by the ORSM about three months ago, found during his
evaluation that no court-validated software patent has been
infringed by the kernel. However, the investigation also identified
283 not yet court-validated software patents that might potentially
come into play in patent claims against Linux, if these patents are
ever upheld by the courts.
About one-third of these 283 software patents are owned by
corporations deemed “friendly to Linux,” including IBM,
Hewlett-Packard, Red Hat, Intel, Cisco, and Sony, for example.
These companies have some current financial interest in widespread
Linux adoption.
Yet about 27 of the patents are held by Microsoft, and other
patents by indviduals and “shell corporations” with “little to
lose” by going to court, according to Ravicher.
OSRM is now starting to underwrite $5 million insurance policies
to protect Linux customers and vendors against both patent and
copyright infringement suits around the Linux 2.4 and 2.6 kernel.
The policies, which will take effect in January, 2005, cover both
liability and legal fees. Policy-holders will pay an annual fee.
After completing his evaluation, Ravicher recommended that the OSRM
offer this sort of insurance.
Some observers point out, though, that the OSRM’s Linux kernel
insurance is geared to large enterprises. “The insurance is not
necessary for most users. It is only for larger companies that have
deep pockets, and thus are already often victims of lawsuits. Such
companies already carry liability insurance for similar risks,
other than software,” said Linux expert Bruce Perens.
Insurance policies aren’t the only method companies can use to
guard against patent infringement lawsuits, acknowledged Ravicher,
who specializes in the IS (information systems) and life sciences
fields in his legal patent work. Founder and executive director of
the Public Patent Foundation, Ravicher also performs pro bono work
as senior counsel to the Free Software Foundation. “I am not an
OSRM shareholder,” he noted.
Other approaches to lawsuit protection include “encouraging
patent policy reforms in Congress and the courts, negotiating for
open source-compliant solutions, and stockpiling art in order to
design around it,” for example, according to Ravicher.
“None of these are mutually exclusive. You can get insurance,
while continuing to stockpile art and encourage patent reforms,” he
elaborated.
Pamela Jones, editor of Groklaw, also cites more than one
alternative solution to kernel patent issues. “I’d like to see the
patent system tweaked, to prevent patents from being used for
anticompetitve purposes,” Jones said during an interview. “That is
the ultimate solution. Meanwhile, insurance is one more option
businesses can consider. Whether they need it (is a matter of) a
case by case examination. It’s perfectly normal to insure against
risk in business.”
Ravicher contends, though, that unlike other approaches to the
problem, insurance provides immediate protection. “Patent reforms
will take a while, and you can’t be prepared to design around every
patent,” he said.
Another key advantage revolves around the prospect of lowered
legal costs, according to Ravicher, who estimated $3 million
dollars as the average cost of defending against a patent lawsuit,
even when the courts find no patent infringement. Settling lawsuits
out of court can be expensive, too. Enterprises can realize
economies of scale by protecting themselves through insurance
policies, he maintained.
“Also, there’s a perverse rule in patent law that lets the
courts assess triple damages in what is called ‘willful
infringement,'” he added. Businesses can risk these damages if they
examine other companies’ software patents. OSRM’s insurance policy
protects against “willful infringement” charges, in that companies
won’t need to look at the other patents directly, he said.
OSRM decided to offer the Linux kernel insurance policies after
determining that possible Linux kernel patent claims constituted an
acceptable risk. “The bottom line is that there’s really no greater
risk than for any other type of software,” according to
Ravicher.
“All software, in my view, has some level of software risk,
mainly because proprietary software companies don’t always know how
to play nicely with others,” concurred Groklaw’s Jones. “Is (risk)
unique to GNU/Linux systems? No, except that we don’t have large
patent portfolios for cross licensing. So once again, we rely on
our brain power to come up with solutions. Is there a patent risk?
Yes, there is, but it is definitely manageable,” Jones said.
“Microsoft has announced that it plans to file for 3,000 patents
this year. It filed for 2,000 patents last year. And Microsoft
mentioned its patent portfolio as a source of future revenue, which
indicates to me that it isn’t filing just for defensive purposes.
How big a hint do we need? If you subtracted them from the picture,
I’d say the patent risk would be smaller. But with Microsoft in the
picture, asking if there is a risk is like asking, ‘Do crocodiles
bite sometimes?’ Well, are crocodiles more likely to bite if they
are staring right at you and heading your way?”