Daniel Ravicher, lead patent counsel at Linux insurance firm Open Source Risk Management (OSRM), answers vnunet.com over his controversial report that the Linux kernel may infringe 283 patents.
Do you not think that the claim that Linux may violate a large number of patents, coupled with an insurance scheme, could be interpreted as an attempt to generate fear, uncertainty and doubt?
The free and open source software (Foss) community has long been warning of the threat posed by patents. This is not new news. What is new is that, instead of continuing to not specify or address the threat, OSRM chose to invest the time and resources necessary to determine how much of a threat exists and what are ways to deal with it.
This is the exact opposite of FUD, because the results of the study work to end uncertainty and doubt about the patent threat, which the entire Foss community already concedes exists but has done little to address.
OSRM has put into the public domain the results of the study. OSRM had no obligation to tell the world that no court-validated patent is infringed by Linux. That is a substantial pronouncement that no other member of the Foss community, including large corporations like IBM, HP and Red Hat, has made.
There are many patents that have been upheld as valid by the courts that cover proprietary software, so saying that the Linux kernel is clear from all of them should have done quite a bit to end fear.
Second, the analysis that 283 patents not yet tested in court may be infringed by the Linux kernel is also a significantly valuable amount of information.
By identifying 98 of those as being held by Linux-friendly businesses, and only 27 held by Microsoft, OSRM has helped the community to end the disinformation advantage that the patent holders had, because we can assume they already knew what patents they had and what claims they could make against the Linux kernel.
So, I have to respectfully disagree with your conclusion that OSRM has not added significant information to the public domain that has helped end, not extend, FUD regarding the patent threat to FOSS.
Why hasn't OSRM said what the potentially damaging patents might be?
There is a very important reason why OSRM will not disclose the identity of the 283 patents that may be infringed by Linux.
Namely, doing so would expose the Foss community to greater risk, which would be directly contrary to OSRM's business purpose of reducing Foss risk to the lowest point possible and managing the rest for those who would like to have it managed.
Unknown to many, patent law has a perverse rule that says if you know of a patent and are later found to infringe it, the court can punish you for 'wilful' infringement by awarding triple damages and the plaintiff's attorney's fees against you.
However, if you can show that you never knew of the patent, the most that can be awarded against you are the plaintiff's actual damages, an amount much less than the punishment imposed for 'wilful' infringement.
Therefore, if OSRM was to put the entire Foss community on notice of the 283 patents, there would be a dramatic increase in how much risk those patents pose to the entire Foss community.
Lastly, if someone really wants to know what those patents are, they can invest their own time and money and do the research themselves, as the entire patent database is available freely from the US Patent Office.
Is there an objective assessment of the real short- and long-term risk of the patents actually being applied?
The assessment OSRM has made is that all patents, not just the 283 identified in the study, pose about a three per cent risk that one patent will be asserted against the Linux kernel per year for the foreseeable future.
This is determined by OSRM's pricing of its insurance, which is $150,000 for $5m in coverage (three per cent). If others think that's too high a calculation, then they can compete OSRM out of the marketplace by offering insurance at a lower price.
If, however, people think that is an underestimation of the risk posed by patents, then they may very well wish to buy OSRM's insurance.
Look at it this way: the average cost of patent litigation in the US is $2m-$4m. If a company does not buy OSRM's insurance and gets sued once in 20 years they will have to spend about $3m.
If, however, they used that $3m to buy OSRM's insurance, they could have bought 20 years' worth of coverage ($150/yr x 20 years = $3m) and been able to fight off a new patent lawsuit each year because OSRM would provide $5m worth of legal costs within each year of coverage.
In the end, however, this is all up to the risk tolerance and business objectives of individual Foss users. Some will want insurance, and some will not. Such is their choice.
Apart from Microsoft, who owns these patents?
The position paper and press release state that 98 of the 283 are held by businesses that are friendly to Linux, including 60 by IBM. Patent law says the distributor of a product grants an implied licence to any patents they hold that are infringed by any foreseeable use of the product.
This means that, if IBM distributes Linux under the GPL, they have impliedly licensed any patents they may hold that are infringed by Linux to their distributees.
However, I'm not sure that IBM distributes Linux, but rather I believe they merely create a relationship for Red Hat or another vendor to make the distribution.
Therefore, it is not certain that IBM has, in fact, impliedly licensed any of their patents for use in Linux.
Are any of these patents also violated by other operating systems which could lead to a Cold War stand-off based on 'mutually assured destruction' so that patents are not applied from any side?
It is entirely possible that each of the 283 patents might also be infringed by any other operating system kernel, as none of the patents (and no patent I've ever seen) is limited to software distributed in a certain manner.
Patents only care if software performs a certain function in a certain way, not how it is distributed or licensed. This is why OSRM has stated repeatedly that the risk posed by patents to Foss is no more than that posed to proprietary software.
As you correctly point out, the 283 patents that may cover Linux may also cover Solaris, Windows NT, AIX etc.
The difference, however, is that proprietary vendors build in the cost of indemnification into their licence fees so, in effect, the licensee is forced to buy patent infringement defence insurance from the vendor.
Foss, on the other hand, since it has no price, cannot force people to pay for insurance they don't want. OSRM's offering is an additional service that Foss users can choose to purchase or not, as they see fit.
OSRM has such an opportunity because the Linux vendors have refused to offer such patent infringement defence coverage themselves.
I could not agree with you more that the patent system has created an arms race and that eventually there will be such a proliferation of weapons that 'mutually assured destruction' will become entirely possible.
However, the large companies deal with this by cross-licensing their entire portfolios to one another, leaving only the small companies at risk for having those patents asserted against them.
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance
James Robbins of ArrowXL says that AI is no longer 'tomorrow's technology'
Staff told to beware of "unusual sounds" after an employee reported mystery symptoms