Will FOSS Damages Finding Spook Government Agencies?

Last week, the U.S. Federal District Court of Northern California found a software developer liable for unattributed use of a Java Model Railroad Interface.   The lack of attribution, as required in the license, the Court found, violated the Digital Millennium Copyright Act.  While the Courts finding has limited legal jurisdiction, it does set a precedent which will surely be cited in future cases looking for both damages and to set further legal precedent and define more fully the cases in which stare decisis will apply.

While, analogously, no different than any other license violation, I predict that this finding will have a ripple effect in government adoption of open source projects in their applications, further dampening the adoption rates.

  • Many government agencies are skeptical of open source in the first place.  Open source projects, rightly or wrongly, have a blanket aura of the two high school kids in a garage image.  Most government agencies like controls and process, which they dont perceive exist in open source projects.  If some of them tried to become committers on major projects, perhaps the perception would change.
  • Very few open source projects have sales representatives.  The sales representatives at major software companies such as Microsoft do an excellent job of the appropriate education and shepherding to provide assurances to the government buyers.
  • Walking through a purchase process gives the perception of license compliance.  A contracting officer can say that they have made a purchase and have a license and feel like they are in compliance, although audits oftentimes reveal shortcomings.  With an open source project, anyone can download source code and deploy the software onto a system, creating manifold increases in risk of license violations.
  • Most legal counsel isnt familiar with open source licensing requirements and restrictions.  Rather than digging into and understanding GPL or “copy-left” restrictions, its easier to just stay away from it.  Again, there are probably as many, if not more, EULAs than accredited and accepted open source licenses, but there are also sales representatives to walk through EULAs whereas the open source projects do not have such champions.
  • Its easier to create blanket restrictions than to make judgments on each case based on the specific merits of the case.  The finding in Jacobsen v. Katzer makes it easier to point to a known and potentially quantifiable risk to deny use.  The Government is, and in most cases rightly so, risk-averse, and this finding creates a potentially big risk.  The risk may be a black swan, but it is very hard to measure and, in a perfect (in the Governments view probably an imperfect) storm, could be potentially exceptionally large.

While it wont have an immediate effect, the end result, I expect, will be an even more rigorous set of processes to complete for approval of the use of most open source software within the government.  I hope this is not the case, because there are many cases where open source software is the best solution.  Furthermore, I truly believe that:

  • By and large, open source developers are not a litigious group.  They want to write software which makes life easier, and as long as they get the credit and attribution they want, theyre happy to share.  Its whats written in the licenses.  Plus, legal paths are expensive, and very few can afford to go down that path.  Compliance with a very few legal requirements or selection of a different platform will avoid any potential legal pratfalls.

Thanks to Onlyopensource for pointing out this article!