日本語 English

<br /> <b>Warning</b>: Undefined variable $sitetitle in <b>/home/xb675064/monolith.law/public_html/wp-content/themes/monolith_en/header.php</b> on line <b>117</b><br />

MONOLITH LAW OFFICE+81-3-6262-3248Weekdays 10:00-18:00 JST

MONOLITH LAW MAGAZINE

IT

HOME > LAW MAGAZINE > IT > What is an OSS License Violation? Explaining the Risks and Countermeasures Companies Should Know, Based on Case Studies

What is an OSS License Violation? Explaining the Risks and Countermeasures Companies Should Know, Based on Case Studies

IT

What is an OSS License Violation? Explaining the Risks and Countermeasures Companies Should Know, Based on Case Studies

Open Source Software (OSS) is widely used by companies and developers as a means to achieve low-cost and high-quality software development. OSS allows anyone to freely use, modify, and redistribute it, which significantly contributes to faster development speeds and technological innovation.

However, this freedom is underpinned by regulations known as “OSS Licenses.” Using OSS without a proper understanding of these licenses can lead to serious troubles.

In this article, we will provide a detailed explanation of the basics of OSS licenses, the risks of non-compliance and specific examples, key points to prevent violations, and how to respond if a violation is discovered. By understanding the correct way to utilize OSS, you can confidently make the most of open-source resources.

Understanding OSS Licenses

An OSS License refers to the set of conditions that govern the use of Open Source Software (OSS), which is software with source code that is made available to anyone for free use, modification, and redistribution. Notable licenses include the GPL, MIT, and Apache, each with its own specific conditions for redistribution and modification.

The purpose of OSS Licenses is to encourage the use and improvement of software and to support the development of the community. However, an OSS License is not merely a “free use permit”; it comes with clear conditions based on copyright law. Understanding the terms of the license accurately in all forms of use, including commercial, is the first step in avoiding risks.

Reference: Open Source Group Japan | What is Open Source? The Definition?

Main Patterns of OSS License Violations

Main Patterns of OSS License Violations

OSS license violations are not uncommon and can occur unintentionally by companies and developers, especially when adopting or utilizing OSS from other entities. It is essential to be aware of the following five representative patterns of violations.

Non-Disclosure of Source Code

Under copyleft licenses such as the GNU General Public License (GPL), there is an obligation to disclose the source code of the modified software when distributing it. Distributing software without fulfilling this obligation constitutes a license violation.

Failure to Include License Documentation

Many OSS licenses, particularly copyleft licenses like the GPL, require the inclusion of the original license documentation and copyright notice when distributing the software. Neglecting this can lead to a license violation. In the rush to prioritize development speed, these procedures are often overlooked, resulting in violations.

Violation of Copyright Notice and License Information Display Obligations

When using OSS, removing or altering the copyright notice or required license information specified by the original copyright holder directly leads to a license violation. This infringes on the rights of OSS developers and can lead to serious disputes.

As a fundamental rule underlying the free use of OSS, these points must always be adhered to.

Misunderstanding or Misuse of Licenses

Violations can occur due to incorrect interpretation or inappropriate application of OSS license terms.

For example, misunderstandings such as “The MIT License can be freely used, so commercial use is not a problem at all,” or not accurately understanding the conditions for attribution of modifications and redistribution, fall under this category. Even licenses that appear simple can lead to unexpected violations if their scope and conditions are misunderstood, making it crucial to accurately understand the content of each license.

License Incompatibility

When developing a single software by combining multiple OSS, the conditions of each OSS license may contradict each other, resulting in a violation of one or more licenses.

For instance, if one OSS is only available under certain conditions while another OSS has terms that are incompatible with those conditions. When combining software with different licenses, it is necessary to carefully check for compatibility.

Examples of OSS License Violations

OSS license violations are not merely ethical issues. In fact, numerous troubles have arisen both domestically and internationally, potentially impacting corporate activities and development significantly.

Here, we will discuss three particularly representative cases. Through these examples, let’s deepen our understanding of the importance of complying with OSS licenses and the specific measures necessary for their proper use.

Case 1: GPL Violation by the American Router Development Company ‘Linksys’

This case is one of the most well-known instances of OSS license violations, involving the American router development company Linksys.

Linksys was selling wireless routers that incorporated the Linux kernel under the GPL license but failed to comply with the GPL’s requirement to make the source code available.

In 2003, the German open-source advocacy group gpl-violations.org filed a lawsuit against Linksys for GPL infringement. Ultimately, Linksys agreed to publish the source code and paid a settlement, resolving the issue. This case underscored the importance of strict adherence to OSS license obligations within the industry.

Case 2: GPL Violation by the American Smart TV Manufacturer ‘Vizio’

This case drew attention as a GPL violation in the smart TV market, involving the American smart TV manufacturer Vizio.

Vizio had incorporated numerous open-source software components licensed under GPLv2 and LGPLv2 into the OS of their smart TVs but had not properly fulfilled the licenses’ requirements, such as providing the source code.

In 2022, the Software Freedom Conservancy (SFC) filed a lawsuit against Vizio in a California court, based on the groundbreaking claim that consumers could directly enforce license compliance.

In May 2023, the court recognized SFC’s argument and ruled in their favor. As a result, Vizio was ordered to disclose the source code in compliance with the GPL and LGPL obligations.

Typically, only the copyright holder (licensor), i.e., the person or organization that created the software, can sue for copyright infringement. The SFC argued that under the ‘Third-Party Beneficiary’ clause stipulated in the GPL license, consumers (end-users) who purchased Vizio’s smart TVs are also third parties benefiting from the GPL license and, therefore, have the right to exercise the rights defined by the license (for example, the right to obtain the source code).

The Vizio case demonstrated that the obligation to comply with licenses like the GPL extends not only to developers but also to end-users, clarifying the need for companies to further tighten OSS license management.

Case 3: GPL Violation by a Domestic Appliance Manufacturer in Japan (Printer Driver Issue)

This case is a representative example of OSS license violations that occurred within Japan, involving a domestic appliance manufacturer, Company B.

Company B used open-source software under the GPL license for their printer drivers but was distributing them under proprietary license terms that differed from the GPL’s requirements.

Following the indication of this GPL violation, Brother Industries temporarily halted the distribution of the problematic drivers, revised the license notation to comply with the GPL, and then republished them.

This case highlighted that OSS license violations can occur even within Japanese companies and emphasized the importance of carefully verifying the compatibility between proprietary license terms and OSS licenses.

Risks and Impacts of OSS License Violations

Risks and Impacts of OSS License Violations

When an OSS license violation is discovered, it can pose significant risks and cause substantial damage to companies and developers. It’s not just a simple matter of breaching a license; it can have serious implications across legal, business, and reputational aspects. Here, we will explain each of these risks in detail.

Legal Risks

OSS license violations can lead to copyright infringement claims, including injunctions and demands for damages. In particular, violations of the GPL license have been reported to result in settlements amounting to millions of dollars.

Furthermore, responding to lawsuits or arbitration can be time-consuming and costly, placing a significant burden on engineers and legal departments. In some cases, companies may be ordered to halt the shipment or sale of products, posing a critical risk to business continuity.

Business Risks

License violations can lead to the suspension of product shipments or delays in service provision. This can cause disruption throughout the supply chain and potentially result in the loss of trust from business partners.

Additionally, there is a risk that business contracts may be terminated due to the violation. Losing business credibility and opportunities can have a severe impact on business operations.

Reputational and Brand Risks

If OSS license violations are reported on social media or news sites, it can significantly damage a company’s brand image. Not only can it shake the trust of the OSS community, customers, and partner companies, but it can also affect recruitment activities and fundraising efforts. Even for companies with strong technological capabilities, regaining lost trust requires time and effort.

5 Measures to Prevent OSS License Violations

To prevent violations of Open Source Software (OSS) licenses, it is crucial to have the right knowledge and systems in place from the outset. Here, we will introduce five particularly important measures in detail. By implementing these measures, you can not only avoid legal risks but also build a trustworthy relationship with the OSS community.

Review the Contents of OSS Licenses

When adopting OSS, always make sure to review the contents of its license. OSS licenses contain important information such as the obligation to disclose modified versions and the conditions for redistribution.

It is advisable to perform this review at multiple stages, not just at the beginning of development but also before product shipment, for example. Special attention should be paid to changes in license conditions that may accompany version upgrades, especially when using third-party OSS.

Establish Internal Rules and Governance Structures

Creating internal rules is essential to prevent OSS license violations. Clarify the procedures and approval flow for using OSS, and ensure that legal and technical personnel always check before use. Additionally, it is important to document the OSS policy and disseminate and operate it throughout the company.

Collaboration Between Engineers and Legal Departments

Compliance with OSS licenses requires collaboration between engineers and legal departments.

Engineers play a role in utilizing OSS in the field of software development and reflecting license conditions in the implementation. On the other hand, the legal department must provide accurate knowledge regarding license interpretation and legal issues. Even if your company does not have a legal department, it is important to have a system in place to consult with external experts or attorneys knowledgeable about OSS license issues at any time. Such collaboration is directly connected to the early detection and resolution of problems.

Utilization of OSS Management Tools

Relying solely on human checks for managing OSS licenses inevitably carries the risk of oversights and misunderstandings.

This is where OSS license management tools come in handy. By using these tools, you can automatically detect the licenses of the OSS you are using and visualize potential violation risks. Incorporating these tools into the development process can significantly reduce license risks while keeping human errors and increased workload to a minimum. The introduction of such tools is particularly effective in complex software development.

Education and Awareness

To prevent OSS license violations, it is vital that engineers and related departments have the correct knowledge about licenses.

Therefore, through in-house training and educational programs, thoroughly instill the basic content of OSS licenses and compliance obligations. Encouraging participation in external seminars and study groups is also effective. For new employees or members with little experience using OSS, education that includes practical examples will deepen their understanding.

What to Do If an OSS License Violation Is Discovered

What to Do If an OSS License Violation Is Discovered

If an Open Source Software (OSS) license violation comes to light, it is imperative for a company to act swiftly and sincerely. Mishandling the initial response can exacerbate the damage and make trust recovery more challenging. Here, we will explain the specific steps that should be taken following the discovery of a violation.

Prompt Communication and Apology to OSS Developers or Organizations

Upon discovering an OSS license violation, the first step is to contact the developers or organizations involved with the OSS and offer an apology. Demonstrating a genuine and considerate approach is the first step towards restoring trust.

Rectifying the Problematic Code and Complying with License Conditions

Immediately rectify any problematic areas and adjust your usage to comply with the correct licensing conditions, ensuring adherence to the OSS license. During this process, it may be necessary to consult with the OSS developers or organizations to decide whether you can continue using the product or service.

Consulting an Attorney for Appropriate Legal Action When Necessary

If you are faced with a cease and desist order, a claim for damages, or a lawsuit from OSS developers or organizations, it is crucial to take appropriate legal action. Lawsuits may be filed abroad, and in such cases, local laws and procedures apply, making expert advice indispensable. To resolve legal issues, consulting an attorney knowledgeable in software and copyright law is essential.

Conclusion: Consult Experts on OSS Licenses

This article has explained the issues surrounding OSS license violations.

While Open Source Software (OSS) contributes to the rationalization of software development efforts, there are cases where it leads to significant troubles, forcing developers to deal with the consequences. By properly understanding OSS licenses and establishing a system for preventing and responding to potential issues, you can create an environment where OSS can be utilized with confidence.

Guidance on Measures by Our Firm

Monolith Law Office is a law firm with high expertise in both IT, particularly the internet, and legal matters. Violations of OSS licenses can lead to risks in business and legal terms. Our firm provides contract drafting and review services for a wide range of cases, from companies listed on the Tokyo Stock Exchange Prime Market to venture companies. If you are having trouble with contracts, please refer to the following article.

Areas of practice at Monolith Law Office: Contract Drafting & Review, etc.

Managing Attorney: Toki Kawase

The Editor in Chief: Managing Attorney: Toki Kawase

An expert in IT-related legal affairs in Japan who established MONOLITH LAW OFFICE and serves as its managing attorney. Formerly an IT engineer, he has been involved in the management of IT companies. Served as legal counsel to more than 100 companies, ranging from top-tier organizations to seed-stage Startups.

Category: IT

Tag:

Related Articles

The Regulation of ICO and the Methods of Conducting Legally

The Regulation of ICO and the Methods of Conducting Legally

IT

What is the Law When Payment for System Development is Unpaid?

What is the Law When Payment for System Development is Unpaid?

IT

Explaining the Legal Regulations on Hardware and Software Aspects to be Aware of in IoT Business

Explaining the Legal Regulations on Hardware and Software Aspects to be Aware of in IoT Business

IT

What Makes Blockchain a Novel Technology?

What Makes Blockchain a Novel Technology?

IT

Is Taking Screenshots a Copyright Infringement? Explaining Identification and Removal of Posters

Is Taking Screenshots a Copyright Infringement? Explaining Identification and Removal of Posters

IT

What is Copyright Infringement Related to Programs?

What is Copyright Infringement Related to Programs?

IT

Regulatory Issues of Crypto Staking

Regulatory Issues of Crypto Staking

IT

Regulations and Custody Services for Crypto-asset Exchanges in Japan

Regulations and Custody Services for Crypto-asset Exchanges in Japan

IT

How to Preserve Evidence of Defamation on Instagram? Explaining Methods to Save Admissible Evidence for Court Use

How to Preserve Evidence of Defamation on Instagram? Explaining Methods to Save Admissible Evide.

IT


tag

Advertisement Review AI (ChatGPT and others) Contract Drafting and Review Cross-border Crypto Assets and Blockchains Cybercrime General Corporate ID of the Defamatory Statement Internet IPO IPO in Japan IT Legal Support for VTuber Legal Support for YouTuber M&A M&A of SNS Accounts Mitigating Reputational Damage Personal Information Protection System Development Terms of Use

Weekly Popular Articles

Return to Top