CLOUD BUSINESS MODELS AND THE EVOLUTION OF OPEN SOURCE LICENSES

(1)

CLOUD BUSINESS MODELS AND THE

EVOLUTION OF OPEN SOURCE LICENSES

(2)

SPEAKERS

Phil Odence

Vice President of Corporate and Business Development

Karen Copenhaver

Partner at Choate Hall & Stewart Counsel for the Linux Foundation

Mark Radcliffe

Partner at DLA Piper

General Counsel for the Open Source Initiative (OSI)

(3)

AGENDA

• Evolution of Cloud Business Models

• GPLv2 & GPLv3 Framework

• AGPL and other licenses which effect the cloud

(4)

• By 2017, global enterprise

spending on cloud

computing will amount to a projected $235.1B, triple the $78.2B spent in 2011.

• SaaS will be the fastest growing segment, followed by IaaS.

• The SaaS market can be

further segmented in categories such as:

• Cloud Security

• Corporate and SMB SaaS Cloud services, and

• Mobile Corporate and SMB SaaS Cloud

services.

GLOBAL IT CLOUD SPENDING SOARS

0 50 100 150 200 250 300 2011 2012 2013 2014 2015 2016 2017

Cloud & Big Data Report - A Paradigm Shift in the ICT Industry - 2013 - IHS Technology

(5)

THE RISE OF SAAS

• Gartner predicts that the global SaaS market could be worth over

$22 billion by 2015, almost double what it was in 2011 ($12.3 billion). Juniper Research predicts this will rise to $53B in 2018.

• SaaS leads over IaaS and PaaS, and is used in nearly 2/3 of

organizations.* 25% 100% 2012 ₂₀₁₃ 75% 50%

63%

54%

*2013 Cloud Survey Northbridge Venture Partners.

(6)

EVOLUTION OF SOFTWARE DELIVERY AND OPEN SOURCE LICENSES 1990 ₂₀₀₀ ₂₀₁₀ CDs GPL V2 ASP Loophole AGPLv1 GPLv3 AGPLv3

(7)

OPEN SOURCE PROJECTS USING AFFERO GPLV3

Over 1000 projects use AGPLv3

(8)

NUMBER OF PROJECTS WITH AGPL-LIKE LICENSES

Source: Black Duck KnowledgeBase

(Did not include Apple Public Source License in analysis)

(9)

AGPL-LIKE LICENSES DISCOVERED IN AUDITS

(10)

(11)

THE GNU GENERAL PUBLIC LICENSE:

GPLV2 – KEY TERMS

• Reciprocal License

• Work based on the Program must be distributed (if it is

distributed) under the GPLV2

• Rights flow directly from copyright owner (one-tier

license; no sublicense)

• Right of recipients of code to modify

• No obligation to distribute, private internal use is

unrestricted

• If you distribute object code, you must make the

corresponding source code of any “work based on the

program” available subject to GPLV2

• You can charge your recipient, but you can not impose this

(12)

WHAT IS DISTRIBUTION UNDER COPYRIGHT LAW

• Distribution one of five rights under US copyright law (similar rights arise under copyright laws of other countries)

• Distribution is really “distribution to the public” under US copyright law:

• to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending

• Public is not defined in US copyright statute, but legislative history states:

• “’to the public’ as distribution to persons under no explicit or implicit restrictions with respect to disclosure of the contents.”

• Issue has arisen in the Versata v. Ameriprise case about the

GPLV2

• Copyright law cases have defined a category of “limited

publication”

• Designated group

(13)

THE GNU GPLV3 VS GPLV2

• Scope defined by “copyright law,” not US copyright law

• Applies to any copyrightable works

• Applies to hardware

• Copyright Law Basics

• Copyright law is different in different countries; you do not have “copyright” but UK copyright, US copyright, French copyright etc.

• Copyright was designed for creative works such as books and movies, but is poor fit for software (an industrial work)

• GPLV2 uses US copyright terms which become part of the “contract” but such terms may not have meanings under foreign copyright laws so GPLV3 took a different approach

• GPL licenses have no choice of law provision so the license rights may differ if both licensor/licensee are located in US than if they are located in another country such as France

(14)

THE GNU GPLV3 VS GPLV2

• “Convey” and “propagate” (contract terms, not copyright

terms)

• To “propagate” a work means to do anything with it that, without permission, would make you directly or secondarily liable for

infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well.

• To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user

through a computer network, with no transfer of a copy, is not conveying

(15)

HOW IS THE LOOPHOLE FIXED

• GNU AFFERO GENERAL PUBLIC LICENSE, Version 3

(AGPLV3)

• “The GNU Affero General Public License . . . requires the

operator of a network server to provide the source code of the modified version running there to the users of that server.

Therefore, public use of a modified version, on a publicly

accessible server, gives the public access to the source code of the modified version.”

(16)

GPLV3 INTERACTION WITH AFFERO GENERAL PUBLIC LICENSE

• GPLV3 does not incorporate the Affero General Public

License requirements into GPLV3

• But it does build a bridge…

• Section 13. of GPLV3 Use with the GNU Affero General

Public License:

• Notwithstanding any other provision of this License, you have

permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a

single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered

work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such.

(17)

DOES THE AGPLV3 CHANGE THE DEFINITION OF

DISTRIBUTION (NOW CONVEYANCE)?

• No, GPLV3 and AGPLV3 make it clear that interaction

through a browser is not a conveyance

• To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere

interaction with a user through a computer network, with no transfer of a copy, is not conveying.

(18)

(19)

APPLE PUBLIC SOURCE LICENSE

• Unique license from Apple

• 1.4 "Externally Deploy" means: (a) to sublicense, distribute or otherwise make Covered Code available, directly or indirectly, to anyone other

than You; and/or (b) to use Covered Code, alone or as part of a Larger Work, in any way to provide a service, including but not limited to

delivery of content, through electronic communication with a client other than You.

• If You Externally Deploy Your Modifications, You must make Source Code of all Your Externally Deployed Modifications either available to those to whom You have Externally Deployed Your Modifications, or publicly available. Source Code of Your Externally Deployed

Modifications must be released under the terms set forth in this License, including the license grants set forth in Section 3 below, for as long as you Externally Deploy the Covered Code or twelve (12) months from the date of initial External Deployment, whichever is longer. You should

preferably distribute the Source Code of Your Externally Deployed Modifications electronically (e.g. download from a web site).

(20)

COMMON PUBLIC ATTRIBUTION LICENSE

• Drafted for Socialtext prior to AGPLv3, Mozilla Public License with “External Deployment” provisions

• 15. ADDITIONAL TERM: NETWORK USE. The term “External

Deployment” means the use, distribution, or communication of the Original Code or Modifications in any way such that the Original Code or Modifications may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of

license hereunder, You must treat any External Deployment by You of the Original Code or Modifications as a distribution under section 3.1 and make Source Code available under Section 3.2.

(21)

OPEN SOFTWARE LICENSE/ACADEMIC FREE LICENSE

• Unique licenses which use “External Deployment” concept to

extend requirements to provide source code to network use as well as distribution:

• 5) External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original

Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You,

whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c).

(22)

HONEST PUBLIC LICENSE

• This license is a modified version of the GNU General Public

endorsed by the Free Software Foundation. Section 2(d) has been added to cover use of software over a computer network.

• b) You must cause any work that you distribute, communicate to

the public or publish, that in whole or in part contains or is

derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this

(23)

SUMMARY

• As companies move services to the cloud services and move away from “on premise” software use, companies need to understand the effect of AGPLV3 and other licenses that have sharing obligations triggered by remote access over a network

• The use of these licenses is increasing and will continue to increase • Everyone’s comfort level with these licenses will also increase, just as it

did with other GPL licenses

• There will be a period of education and consensus building around license

interpretation and participation in that conversation will be helpful

• Projects will implement exceptions and license architectures that will clarify

obligations

• Key infrastructure projects will drive adoption

• License proliferation will (hopefully) be avoided due to evolution of community norms

• Practice of rapidly up-streaming modifications of non-differentiating software will be normalized and reduce friction

(24)

QUESTIONS?

Legal Webinars www.blackducksoftware.com/resources/w ebinars/legal @black_duck_sw