Coexistence: synergies and tensions between open source software, privacy and patents


Michael Pavento, Stephen Dew and Tony Glosson of Kilpatrick Townsend recently spoke on a panel at Kilpatrick Townsend’s Annual Intellectual Property Seminar (KTIPS) on “Coexistence: Synergies and Tensions Between Open Source Software, confidentiality and patents”. The panel discussed the use and licensing of open source software and the implications for patent law and privacy protection. Topics covered included special considerations in open source software licensing. They also discussed data breaches involving open source software and breach response best practices.

Main takeaways include:

  1. Free software (OSS) is software whose source code is made available under license. Licenses generally grant rights to study, modify, and redistribute to anyone for any purpose. OSS allows companies to avoid having to “reinvent the wheel” and focus on the value-added aspects of their product or service.
  2. OSS licenses usually place limits on its use. Therefore, compliance with these terms is essential to avoid copyright infringement and breach of contract claims. In general, the obligations of the licensee occur on a distribution of the OSS or a modified version of the OSS. Common obligations include requiring attribution to the copyright holder and requiring that any modified free software be released in source code form.
  3. Best practices include maintaining a formal written OSS usage policy, using a tracking system to review OSS usage requests, and verifying compliance prior to shipment. of the product. A tracking system creates an OSS in-use record that can then be used for license compliance or security auditing. Many obligations of licensees arise during distribution.
  4. When considering contributing to an OSS project, consider the scope and purpose of the contribution and whether proprietary intellectual property is involved. Consider the commercial value of the intellectual property versus the ecosystem benefits of the contribution. For example, an OSS contribution involves a downstream IP license, generating certain intellectual property rights. But on the other hand, a contribution can allow customers, suppliers and partners to create improved software for a company’s platform.
  5. Assess patent risks when using OSS. Many OSS contributors consider patents to be antithetical to open source. For example, OSS licenses generally require, implicitly or sometimes explicitly, that an OSS contributor grants all downstream recipients a license to all of the contributor’s patents that cover his contribution. Therefore, at a minimum, a company’s own patent rights may be diminished if the company contributes to the OSS. Some companies have pledged not to assert patents against users of certain OSS, while some non-practicing entities have asserted patents against users of OSS.
  6. Assess company software versions for security vulnerability of all OSS components used. In some cases, vendors using OSS code components must be asked to provide assurances of cybersecurity and data privacy as well as intellectual property infringement. In this case, consider leveraging vulnerability databases such as NIST’s National Vulnerabilities Database and MITER’s Common Vulnerabilities and Exposures (“CVE”) Database. Best practices include maintaining a “responsible disclosure” mechanism, such as email, through which security researchers can securely report identified vulnerabilities in company code. In the unfortunate event of a data breach, companies should carefully inventory their contractual breach notification obligations, in addition to regulatory and statutory obligations.
  7. Blockchain-based technology is among the fastest growing open source developments. A Blockchain is a decentralized digital ledger. Transactions are recorded in immutable blocks. Many Blockchain projects are open-source and therefore have OSS obligations. But many applications of Blockchain technology come with technical and social engineering risks that companies need to make sure they understand.

Comments are closed.