Open source software is regularly used as a way of leveraging the collective knowledge of the software development community by allowing anyone to improve and contribute to the code, provided they ‘pay it forward’ and allow their improved code to be used by the community. Open source software is often incorporated into proprietary software to avoid ‘reinventing the wheel’ – why develop from scratch what has already been prepared and improved upon by the collective wisdom of developers worldwide? This can, however, create a risk of “infection” (requiring the proprietary software to be released on open source terms) – the risk varies based on the terms of the open source licence under which the software is released.
This theoretical risk is often identified during due diligence, particularly for start-up companies whose key asset is their proprietary software. However, the practical risk is not always clear cut because there is relatively limited case law dealing with the enforcement of open source software licences. The recent case of Artifex Software, Inc. v Hancom, Inc.,[1] concerned an interlocutory motion to dismiss the copyright infringement and breach of contract claims brought by Artifex against Hancom relating to the use of Artifex’s open source software. Although the judgment is not a final decision on the parties’ substantive arguments, it does consider some interesting issues, including the binding nature of open source software licences, extraterritorial infringement, and potential remedies available to copyright owners.
The U.S. District Court for the Northern District of California (the Court) refused to dismiss Artifex’s claims, finding that copyright owners who distribute software products through an open source licence may be able to enforce the terms of that licence through a breach of contract and/or copyright infringement claims.
We hope the case proceeds to a full judgment as it should provide useful guidance in an area that is lacking in judicial consideration.
Background – a “dual licensing structure”
The Plaintiff, Artifex Software Inc., is a developer and licensor of software products that interpret files written in a page description language, such as Adobe’s PDF files. Artifex owns and distributes “Ghostscript” – one of the most widely used PDF interpreters. Artifex offers its customers two licensing options in respect of Ghostscript:
- purchase of a commercial license to use, modify, copy and/or distribute Ghostscript; or
- use of a free conditional open source licence GNU General Public Licence (“‘GNU GPL”).
The GNU GPL (which has a number of versions) is one of the most commonly used open source software licences. Licensees under the GNU GPL have the freedom to use, modify and redistribute the source code of the software they receive. However, one of the key features of the GNU GPL is that distribution of the software (including software that incorporates the open source code) by a licensee must be made under the terms of the GNU GPL – a so-called “copyleft” requirement – with the source code of the software made available to recipients. These copyleft provisions give rise to the risk of “infection” whereby proprietary software that incorporates software licensed under the GPL must itself be licensed under the GNU GPL (not just the incorporated open source elements).
The Defendant, Hancom, Inc., owns and develops Hangul (a word processing software) and Hancom Office, which is a suite of software programs incorporating Hangul. Hancom incorporated Ghostscript into its Hangul software in 2013. However, Hancom did not pay for a commercial licence from Artifex – its use and distribution of Ghostscript therefore constituted consent to the terms of the free GNU GPL. Artifex alleged that Hancom failed to comply with the terms of the GNU GPL in respect of its use and distribution of Ghostscript as part of the Hancom Office software. In particular, Artifex alleged that:
- Hancom integrated Ghostscript into its Hancom Office software without revealing to the end-user that Ghostscript was part of that software; and
- Hancom failed to distribute its software with the accompanying source code.
Procedural background – what were the parties’ positions?
Artifex brought two claims for relief – breach of contract and copyright infringement. It sought permanent injunctive relief enjoining Hancom from further use of any products using Ghostscript and from directly, or indirectly, infringing Artifex’s copyright in Ghostscript. Artifex also sought to require Hancom to distribute to each licensee of Hangul and Hancom Office the complete source code for the products in accordance with the conditions of the GNU GPL.
Artifex alleged that Hancom’s failure to obtain a commercial licence of Ghostscript deprived Artifex of a licensing fee or, alternatively, that Hancom’s failure to comply with the conditions of the GNU GPL deprived Artifex of the opportunity to “further promote the advancement of interpreter technologies”.
Hancom sought to dismiss the claims brought against it, arguing that:
- Artifex’s reliance on the unsigned GNU GPL failed to plausibly demonstrate the existence of a contract;
- the claim for breach of contract in respect of the GNU GPL was pre-empted by federal copyright law; and
- Artifex cannot bring a copyright infringement claim under U.S. copyright law in respect of extraterritorial acts of alleged infringement (i.e. Hancom (a South Korean company) developing its software outside of the U.S).
Hancom also sought to dismiss certain requests for relief, including Artifex’s claims for specific performance (that Hancom be required to distribute the complete source code for all of its products), restitution and consequential damages on the breach of contract claim and statutory and exemplary damages on the breach of copyright claim.
Judgment – what did the Court decide?
The Court denied Hancom’s motions to dismiss. The Court allowed the case against Hancom to proceed, but it did not address the merits of Artifex’s claims.
The Court’s decision does, however, recognise the binding nature of open source licensing requirements and underscores the viability of open source enforcement actions.
One piece of good news for people whose software incorporates open source code is that, although the Court refused to dismiss the request for specific performance, it found that “the ultimate imposition of such relief is extremely dubious”.
Going forward – what are the implications of this decision?
Software developers and those looking to invest in businesses whose primary asset is proprietary software should take note that:
- the risk of enforcement of an open source software licence is not merely theoretical – indeed the decision in Artifex could increase the likelihood of copyright owners bringing claims against potential infringers;
- the Court’s expansive approach to enforcement will enable open source owners to bring a range of claims against users, including under statute and for breach of contract, which could result in significant liability to the user for non-compliance; and
- despite the ubiquitous nature of open source software, owners will be able to sue and recover against foreign parties in different jurisdictions (your exposure may not be limited to your local jurisdiction).
Developers should be aware of the risks of incorporating code licensed on open source terms into their proprietary software. Careful consideration should be given as to whether a commercial licence should be obtained instead. If this is not possible, an assessment of how the open source software can be used so as not to “infect” the entire source code should be undertaken. For example, a common method to overcome the potential risk of “infection” is to logically separate the proprietary code from the open source software (such as in distinct software ‘modules’). This way, the open source module can be distributed with the source code and subject to the relevant open source licence, without limiting the developer’s ability to licence its own code on commercial terms.
If you would like to discuss the implications of open source licensing or associated issues, please let us know.
[1] Artifex Software, Inc. v. Hancom, Inc., No. 16-cv-06982-JSC, 2017 U.S. Dist. 2017 WL 1477373 (N.D. Cal. Apr. 25, 2017).