A Selection of Case Studies On
Business and Legal Risks Associated with the GPL
In recent months, Microsoft has described its “Shared Source” approach to source code
development and has contrasted that approach with licensing models often described as “open
source.” Microsoft firmly believes that both the commercial and open source software
development models have roles to play in a well-balanced software development ecosystem. At
the same time, the GNU General Public License (“GPL”), used for Linux and many other opensource programs, raises significant business and legal risks for corporate users. These risks are
many and varied and are described in more detail elsewhere, but three of the more common
types of risks include:



Accusations of violating the GPL.
Uncertainty over the breadth of the GPL.
Potential liability to third parties.
These risks are not theoretical – companies have, in fact, experienced precisely these risks. The
following descriptions of a few of these cases illustrate graphically that using software subject to
the GPL may expose companies to substantial business and legal risks.
A.
Companies accused of violating the GPL

NVIDIA. NVIDIA, a leading developer of media communications devices, also develops
software programs known as “drivers” to optimize the performance of its products. In
developing one of these drivers, an NVIDIA programmer used a portion of code from a
freely available video driver – not realizing that the code was licensed under the GPL.
When the video driver’s author discovered his code in the NVIDIA driver, he informed
NVIDIA that its failure to release the source code for the entire driver violated the GPL – an
accusation that immediately made NVIDIA the subject of criticism among open source
supporters. Because NVIDIA did not wish to release the source code to its commercial
software, the company instead developed a new driver that did not contain the GPL code.

Slomedia.

Be. Be, Inc., a developer of operating systems for Internet appliances, typically licenses its
Slomedia, a commercial software developer, created the program Vidomi,
which converts video into digital images. Soon after Slomedia released Vidomi, Avery Lee,
the author of a GPL video editing program, accused Slomedia of violating the GPL by using
code from his program but failing to publish Vidomi’s source code. Although Slomedia
acknowledged that Vidomi included some of Lee’s GPL code, the company asserted that its
use of the code in fact complied with the GPL (on the ground that Vidomi constituted an
“independent and separate work” under the GPL), and that the company had published
relevant portions of the Vidomi source code on the company’s web site. Lee, however,
demanded that Slomedia either rewrite Vidomi to purge it of his GPL code or issue the
entire product under the GPL. Other open source advocates agreed with Lee, with some
even recommending that Lee “force” Slomedia to cease using his code. Slomedia
contacted the Free Software Foundation in an effort to resolve the dispute amicably and
later withdrew its version of Vidomi that included the GPL code. Instead, the company
now offers Vidomi as two distinct programs – one issued under the GPL, the other issued
under a commercial license – that communicate with one another through a separate layer
of code so as to avoid subjecting the commercial program to the GPL.
products under a commercial license. At the same time, Be strives to make its operating
system compatible with open-source applications by licensing discrete portions of the
system under a form of public-domain license (“freeBSD”). In 1998, Be was accused of
violating the GPL by including a “library” in its operating system that included GPL code.
Although this library was apparently rarely used, Be agreed to re-write the library to purge
the GPL code and established a special email account to which users could send their
questions and concerns. In spite of these actions, some open source supporters declared
Be’s response inadequate, while others accused Be of further GPL violations.

Corel. In Autumn 1999, Corel Corporation released a “beta” version of its Linux-based
operating system under terms that restricted further distribution of the program. When
open source advocates accused Corel of violating the GPL, Corel responded that its actions
were consistent with the GPL and were necessary to protect the company’s reputation in
the marketplace. According to a Corel spokesperson, “[a]s these added features [included
in the beta release] will bear the Corel brand name, we wish to ensure that they are of the
high quality that people expect from Corel.” At the end of 2000, Corel spun off its Linuxbased development division to re-focus the company’s energies on commercial software
development.

Sony. In Spring 2001, Sony Electronics introduced an updated version of its Clie personal
digital assistant, which operates on a modified version of Palm’s Operating System
Emulator (“POSE”). Although Palm licensed POSE under the GPL, Sony did not initially
make available the source code to its version of POSE and did not offer any means for
users to obtain the source code. In addition, users who wished to download the software
from Sony’s developer web site were reportedly required to accept a license stating that
the software was the sole property of Sony. These actions led a third-party software
developer to assert that Sony’s actions violated the GPL. Although Sony appears never to
have formally responded to accusations that it violated the GPL – and may not have even
been aware of such accusations – the company has since made available the source code
for at least certain versions of its modified POSE software.

NuSphere. NuSphere Corp. provides support, consulting and training for users of MySQL,
a database program licensed under the GPL and distributed by the Swedish firm MySQL AB.
NuSphere also developed and distributes Gemini, a software package designed to enhance
MySQL by making the database more suitable for commercial users. In June 2001,
NuSphere sued MySQL AB in US federal court for various contract and tort-related claims,
to which MySQL counterclaimed that NuSphere had violated the GPL by licensing Gemini
under a commercial license despite the fact that Gemini links to and is closely integrated
with MySQL software and, accordingly, should likewise have been licensed under the GPL.
Because NuSphere allegedly failed to do so, MySQL AB claimed that NuSphere no longer
had the right to link Gemini to MySQL. NuSphere responded that MySQL AB’s accusations
were a “smokescreen” and suggested that MySQL AB itself may have violated the GPL by
requiring certain customers to acquire MySQL under a non-GPL license. In November
2001, MySQL filed a motion for preliminary injunction reiterating its claim that NuSphere
violated the GPL as it applies to MySQL and alleging that NuSphere infringed MySQL AB’s
trademarks. As of February, this issue was being considered in court after a failed attempt
to resolve the issue through mediation.

Sistina Software.
Sistina Software developed and distributes the Global File System
(GFS), a program that allows multiple servers on a single network to share storage area
and file structures. Although Sistina originally released the GFS under the GPL, in August
2001 the company announced that future versions of GFS would be released under the
Sistina Public License (SPL). Unlike the GPL, the SPL imposes licensing fees on commercial
users who incorporate GFS into their products or service offerings and requires users who
modify GFS source code to transfer those modifications back to Sistina. Although Sistina
has stated that its replacement of the GPL with the SPL was necessary for the company “to
maintain a viable and stable business model,” Sistina’s decision was quickly attacked by
GPL advocates. GPL developer Alan Cox reportedly sent Sistina a letter stating that its new
licensing policy would violate his copyrights in GPL software, and GPL developers who have
launched a competing GPL version of GFS under the “Open GFS Project” leveled similar
2
accusations. Sistina representatives have responded that the company has audited its GFS
software to ensure that it does not violate the GPL.

FSMLabs. Finite State Machine Labs (“FSMLabs”) develops and distributes RTLinux, a
real-time operating system licensed under the GPL that incorporates the Linux kernel. In
late 1999, FSMLabs’ CEO, Victor Yodaiken, obtained a patent for the technology underlying
RTLinux, which purports to enable dual-kernel operating system environments based on
Linux to achieve consistent real-time performance. Soon thereafter, FSMLabs issued its
“Open RTLinux Patent License,” which permits licensees to practice the patented invention
royalty-free so long as the licensee does so in a manner that complies with the GPL.
Despite FSMLabs’ efforts to draft GPL-friendly licensing terms, the Free Software
Foundation (FSF) issued a statement in September 2001 accusing the FSMLabs’ patent
license of violating the GPL and calling on copyright holders in the Linux kernel to take
action against the company. In an effort to allay the FSF’s concerns, FSMLabs issued a
revised license in October 2001, to which the FSF subsequently gave its approval.

Red Hat. Red Hat, one of the leading distributors of Linux-based operating systems,
licenses many of the programs that it distributes under the GPL. Because the GPL permits
users freely to copy and distribute GPL software, independent retailers often offer “burned”
CD copies of Red Hat products for a small fraction of the price that Red Hat charges for the
same product. In an effort to halt such practices, a law firm representing Red Hat recently
sent a cease-and-desist letter to the discount CD retailer UnixCD.com, alleging that the
retailer’s practice of using the Red Hat name and logo without Red Hat’s permission
violated the company’s trademarks, and threatening legal action against UnixCD.com if this
practice continued. UnixCD.com’s owner, Jason Phillips, immediately countered that Red
Hat’s threats violated the GPL as they effectively sought to prevent users from distributing
“unauthorized” copies of Red Hat software. Several GPL advocates were also quick to
denounce Red Hat, with some suggesting that Linus Torvalds, holder of the “Linux”
trademark, should refuse to permit Red Hat to use the Linux mark in promoting Red Hat
products. Although a Red Hat spokesperson initially responded that the company merely
wanted to avoid customer confusion about the availability of support or documentation,
recent changes to Red Hat’s trademark policy expressly prohibit any use of the “Red Hat”
name or logo on most redistributions of Red Hat software. The trademark policy also
expressly forbids statements that a redistribution “contains” Red Hat Linux, as well as plays
on words that could be viewed as referring to Red Hat (e.g., “Red Cap” Linux, “Sombrero
Rojo” (the Spanish equivalent of “Red Hat”), “Redd Hatte” Linux, “RH” Linux, and “Green
Hat” Linux).

Empower Technologies. In September 2001, Empower Technologies, a developer of
Linux-based systems for consumer electronics, released a Palm-compatible personal digital
assistant embedded with Empower’s proprietary “Linux DA” operating system. Even before
the product’s official release, however, GPL adherents accused Empower of violating the
GPL by failing to release the complete source code for Linux DA and by posting GPLincompatible licensing terms on its web site – this despite the fact that the site stated that
its open-source offerings are “distributed subject to the terms of the applicable open
source software license.” These accusations prompted the Free Software Foundation (FSF)
to launch an examination as to whether Empower had violated the GPL. Soon thereafter,
Empower’s CEO publicly stated that, although in his view his company had “done
everything possible to be GPL complaint,” he would make any further changes to the
company’s practices or policies requested by the FSF.

Abit.
In 2000, Abit Computer, a Taiwanese manufacturer of computer components,
published Gentus, a Linux distribution licensed under the GPL. Soon after Gentus was
3
released, however, open source supporters accused Abit of violating the GPL by failing to
release the source code to utilities that Abit had developed in-house to accompany Gentus.
Fearing a boycott of its products, Abit removed the utilities from its subsequent release of
Gentus.
B.
Uncertainty and other concerns over the breadth of the GPL

Wind River.

Sun Microsystems. Sun Microsystems distributes the Solaris suite of software programs
Wind River Systems, a leading developer of embedded software, has
announced that it will not develop Linux-based programs due to concerns over the GPL.
Wind River executives reportedly were concerned that the GPL would have required the
company to “turn [Wind River’s software] over to the open source community” and thereby
placed the company “at a disadvantage.” Executives also stated that Wind River’s
customers – many of whom rely on their software to give them a competitive edge in the
marketplace – are “afraid of [the GPL] because [it] is so uncertain.” Indeed, Wind River’s
CEO concluded that “[t]o honor the GPL in the embedded space is really not a sustainable
bus[iness] model.” Instead of the GPL, the company has opted for the more “business
friendly” BSD license, which allows companies that modify BSD code to own and
commercialize these modifications.
to run on its computer hardware. In 2000, Sun released a program that converts Linuxbased drivers licensed under the GPL into Solaris-compatible drivers. Sun, however, does
not require users of this program to license these Solaris-compatible drivers under the GPL,
even though such programs presumably “modify” GPL code. Although open source
advocates criticized Sun for releasing the program, there appears to be considerable
uncertainty as to whether the program actually violates the GPL. Attorneys for the Free
Software Foundation reportedly “spent the better part of a week puzzling over the legalities
of Sun’s Linux-to-Solaris driver porting kit,” but were unable to determine “whether the kit
violates the GPL or simply exploits a hole in the license.”

M-Systems. M-Systems manufactures the DiskOnChip (DOC) Flash disk, which is used by
many developers of embedded Linux-based systems as the primary boot and storage
device. When such a system boots up, a proprietary driver included with the DOC disk
engages with the Linux kernel in a manner that, according to some open source adherents,
subjects the driver to the GPL – thereby conflicting with M-System’s use of a commercial
license for the driver. Lineo, an embedded software systems company that distributes
solutions based on the DOC Flash disk, originally claimed that the driver fell within a
“loophole” in the Linux kernel’s version of the GPL that, in Lineo’s view, permitted the
driver to be licensed commercially. However, Lineo later amended this position and
concluded that use of the DOC driver with the Linux kernel “effectively limited the legal use
of DOC modules to individually created systems that could only be used for in-house
research and development.” In an effort to address this issue, Lineo developed a special
“abstraction” layer of code to run between the M-Systems driver and the Linux kernel in
order to protect the driver from becoming infected by the GPL’s viral provisions.

ACUNIA.
In October 2001, Belgium-based ACUNIA NV launched Wonka, a Javacompatible virtual machine for embedded devices. ACUNIA released Wonka under a BSDtype license, rather than under the GPL, based on its concern that the GPL is “problematic
for embedded devices that need to be able to run proprietary code.” According to ACUNIA
architect Chris Gray, in order for Wonka to be successful, “it was essential that the license
not pose a barrier to using Wonka in embedded devices. Had we released Wonka under
the GNU General Public License, we would immediately have run into problems, both with
the way that embedded systems are generally built, and with the use of Java as a medium
for delivering executable content.” Specifically, ACUNIA determined that releasing Wonka
under the GPL might raise significant legal risks in cases where Wonka linked to proprietary
4
code. The company noted that the GPL’s legal implications in certain of these cases were
not clear-cut, and that “‘[p]robably’ [legal] is not the kind of answer you want to give to a
bank, publisher, or car manufacturer.” ACUNIA’s Chief Technology Officer, Steven
Buytaert, stated that ACUNIA’s decision to avoid the GPL “reinforces our belief that in an
open-source software license, simplicity is a virtue.”
C.
Claims that GPL code infringes third-party rights

CPHack / Mattel. In Spring 2000, two programmers developed CPHack, a program that
enabled users to circumvent Cyber Patrol, an Internet filtering program owned by Mattel’s
Microsystems Software subsidiary. The widely distributed program included an “About”
box claiming that it was “[r]eleased under the GNU Public License.” Shortly after CPHack
was released, Microsystems filed a lawsuit against its creators claiming that CPHack
violated the company’s copyrights in Cyber Patrol. Soon thereafter, the parties agreed to a
stipulated permanent injunction pursuant to which the CPHack programmers agreed to
discontinue publishing CPHack in either source or binary code form. Although the
settlement resolved Microsystems’ copyright claims against CPHack’s authors, users who
downloaded or copied CPHack could still face liability in a copyright infringement action by
Microsystems. And users who were ordered to pay damages in such a case might find it
impossible to recoup those damages from CPHack’s authors due to the GPL’s express
disclaimer of all warranties, including the warranty that the program does not violate
someone else’s copyright.
5