Use of Open Source Software in Embedded Systems. Legal Aspects

Use of Open Source Software in Embedded Systems –

Legal Aspects

embedded world Conference 2007

February 13

_{– 15}

_{2007, Nuremberg}

RA Dr. Tobias Sedlmeier KANZLEI DR. ERBEN

Use of Open Source Software in Embedded Systems –

Legal Aspects

Authors

Dr. iur. Tobias Sedlmeier Dr. iur. Meinhard Erben Dr. iur. Wolf Günther

Use of Open Source Software in Embedded Systems –

Legal Aspects

Introduction

Use of open source software (OSS) in embedded systems increases rapidly, in particular due to the following reasons:

 OSS is economical,

 OSS is easily available (e.g. via the Internet), and

 OSS is trendy.

The economic advantages of OSS lead to the fact that the entities involved (producers, resellers, purchasers) often

1. Legal Framework for the Use of OSS in Embedded Systems

2. Liability Risks Arising from the Use of OSS for the Supplier of Embedded Systems

3. Contractual Measures to Minimize Legal Risks Arising from OSS Used in Embedded Systems

4. Technical Measures to Minimize Legal Risks Arising from OSS Used in Embedded Systems

5. Conclusion Contents

Use of Open Source Software in Embedded Systems –

Legal Aspects

1.

Legal Framework for the Use of OSS

in Embedded Systems

Almost any OSS is distributed under certain standardized terms and conditions which determine the scope of the possible use of the OSS.

Most of these OSS license conditions interdict the use of the OSS if the user does not comply with any and all provisions of the license conditions.

E.g., the GNU General Public License (2.0) states: “If you cannot distribute so as to satisfy

simultaneously your obligations under this

License and any other pertinent obligations, then as a consequence you may not distribute the Program at all.”

1.

Legal Framework for the Use of OSS

in Embedded Systems

In case the OSS is distributed in object code (the relevant case for embedded systems), the OSS and any modifications thereto may only be distributed if the complete corresponding machine readable source code (also with respect to the modifications to the OSS!) is also provided to the relevant customer.

In case of modifications effected to the OSS, the supplier has to cause the

modified software parts to carry prominent notices stating that he has changed the files and the date of any such change.

Any modification to the relevant OSS may itself also only be distributed under the relevant OSS license conditions.

 I.e. in many cases: Any modification made with respect to the OSS has itself also be offered as OSS (!).

1.

Legal Framework for the Use of OSS

in Embedded Systems

Copyright notices have to appear when a modification of the OSS is running.

 With respect to embedded software, this is almost impossible as embedded software usually does not cause any output on a display visible for the user (e.g. the driver of a car).

The distributor of the relevant OSS or of modifications thereof has to agree with its customers on a complete disclaimer of warranty and liability.

 Such an agreement would be invalid and unenforceable under most

European legislations. In particular, in case the supplier contracts with its customer based on general terms and conditions, the legal possibilities to restrict warranties and liabilities are very tight.

1.

Legal Framework for the Use of OSS

in Embedded Systems

The use of the relevant OSS is illegal.

 Any author who contributed any part to the OSS may for example

 Claim for damages and/or

 Seek for a preliminary injunction which interdicts the use of the OSS.

 If an author claims so: Supplier has probably to

 Recall all systems / software containing the relevant OSS and

 Exchange the OSS and any software based thereon by own or properly licensed software.

2.

Liability Risks Arising from the Use of OSS for the

Supplier of Embedded Systems

The use of OSS in embedded systems is very likely gross negligent, since

 There is no quality assurance mechanism in the course of the development of OSS which can certainly be retraced;

 It is – for a prudent merchant – not reasonable to rely on software the

authors of which are unknown and the development process of which may not be certainly retraced;

 It is not traceable whether the authors of the OSS have used own / properly licensed code or whether they have illegally used code of third parties;

 The terms and conditions under which OSS is distributed are often Liability risks towards clients (1/2):

2.

Liability Risks Arising from the Use of OSS for the

Supplier of Embedded Systems

Most embedded systems are distributed under

 General terms and conditions or

 At least liability restriction clauses the wording of which the supplier uses more than once.

 For both cases most European legislations state that any restriction of liabilities caused by gross negligence is invalid and unenforceable.

 There is no legal measure to reduce liabilities caused by gross negligence by standardized contracts / provisions.

Liability risks towards clients (2/2):

Supplier has to face enormous liability risks!

2.

Liability Risks Arising from the Use of OSS for the

Supplier of Embedded Systems

In case of a breach of the OSS license conditions, any author of the OSS may

 Claim for damages and/or

 Seek for a preliminary injunction which interdicts the use of the OSS.

 Consequences:

 Danger for the supplier of being sued in a multiplicity of countries since the authors of OSS are often wide spread over the whole world.

 Danger for the supplier of being sued in countries where damage claims may reach “galactic” dimensions (e.g. United States of America, Canada).

 Supplier has probably to recall all systems containing the relevant OSS and Liability risks towards OSS authors:

2.

Liability Risks Arising from the Use of OSS for the

Supplier of Embedded Systems

Also other third parties may

 Claim for damages and/or

 Seek for a preliminary injunction which interdicts the use of the OSS as far as

 Their intellectual and/or industrial property is affected by the OSS. Liability risks towards other third parties:

3.

Contractual Measures to Minimize Legal Risks Arising

from OSS Used in Embedded Systems

A complete contractual exclusion of the supplier’s risks relating to the use of OSS is not possible.

However, the following information should, from the suppliers point of view, be integrated in the contractual documentation of transactions and projects in which OSS is relevant:

 It must be very clearly indicated that OSS is used.

 The names of all OSS products in question as well as the names of these products’ manufacturers/originators must be fully mentioned.

 In case the OSS may only be distributed and/or used under certain license conditions, a clear indication must be made that the client has to adhere to these license conditions.

 It is also clearly advisable to exclude any warranties and liabilities in connection with the OSS as far as feasible under applicable law.

4.

Technical Measures to Minimize Legal Risks Arising

from OSS Used in Embedded Systems

As far as possible the OSS should be technically separated from the hardware:

 The relevant OSS should not be directly embedded into the relevant hardware (e.g. a controller unit, etc.).

 The relevant OSS should not be directly integrated into the relevant

hardware unit but rather in separate hardware modules (such as CF-cards, EPROMs, etc.) on which the OSS is stored and which may be connected to the unit for the upload of the OSS.

Alternatively, it is also possible to deliver the OSS to the customer

separately by using standard data carriers (such as CD, DVD, etc.) and to cause the customer thereby to upload the OSS by himself.

5.

Conclusion

The use of OSS in embedded systems is, from a legal point of view, very risky.

In particular, the use of OSS in embedded systems causes enormous liability risks.

There are only very few measures which may reduce these risks (but it is not yet clear whether the courts will consider and accept these measures).

 From a legal point of view, it is clearly advisable not to use OSS within embedded systems.

Thank you for your attention!

KANZLEI DR. ERBEN Neuenheimer Landstr. 36

D-69120 Heidelberg www.kanzlei-dr-erben.de