18 Feb 2019

Open source software generally describes software with publicly available source codes, which third parties can access, modify and re-distribute. In comparison, the source codes of closed source software are not disclosed to the public or disclosed only in limited circumstances, and on strict obligations of confidentiality.

By being freely available and constantly tested by the public, open source software tends to provide a stable and useful resource for developers and technology companies. Many of the technology applications we are familiar with have been built on open source software, from the Google Chrome browser to Netflix’s internet television services. Established technology companies like Microsoft and IBM have also invested heavily in open source developers, suggesting a likely deployment of even more open source projects.

But under what conditions can open source software be used, and what are the risks of non-compliance? This article sets out a few points on open source software licences in the context of Singapore’s copyright law.

Open Source Software Licences

Although copies of open source software can be obtained from various repositories for free, all rights subsisting in the software generally remain with the owner. These include the rights to copy the source code, modify it, and create derivative works for a profit. The capacity of a third party to exercise these rights depends on the licence granted by its owner.

Further, there is a wide spectrum of licensing models. The more permissive licences allow a user to adapt open source software to create derivative works, without restrictions on how such derivative works should be licensed subsequently. In contrast, the more restrictive licences may require licencees to make the source codes of derivative works available to the public as well.

One of the most well-known examples of such restrictive licence is the GNU Public Licence (“GPL”). Any derivatives created from GPL-licensed software must be distributed on the same terms, i.e. recipients of the software must be able to freely access, modify and re-distribute the source code. In effect, this restricts licensees from utilizing the source codes to create proprietary closed-source software, whether through licence terms, hardware restrictions or even cryptography.

The latest version of the GPL, GPLv3, seeks to avert even more indirect restrictions. As software can be protected by patent, a licensor could leverage on the threat of patent infringement to dissuade third parties from accessing, modifying or distributing the source code of their derivative work. However, under a GPLv3 licence, derivative software must be distributed with licences to use any patents necessary to work such software, which may affect your company’s patent enforcement and licensing strategies.

Risks of breaching an Open Source Software Licence

What happens if an open source software licence is breached? Under the copyright laws of various jurisdictions, including Singapore, source code can be protected by copyright. As such, the use of software in ways not authorised by the licensor may amount to copyright infringement. Further, Singapore’s Copyright Act provides that the court may grant statutory damages where the plaintiff is unable to establish the quantum of loss incurred. This means damages can be ordered for breach of the licence even if open source software is distributed gratis and there is no evidence of monetary loss.

As of the date of this article, there are no reported decisions by the Singapore courts on the consequences of breaching an open source software licence, but the issue has been litigated in other jurisdictions. In the 2008 case of Jacobsen v Katzer, the United States Court of Appeals for the Federal Circuit determined that the terms of an open source software licence are enforceable copyright conditions. This was a landmark decision as licensors of open source software have not frequently pursued their claims to trial. For instance, the 2008 lawsuit commenced by the Free Software Foundation against Cisco Systems, Inc. for breaches of open source software licences was settled out of court. The former general counsel for the Free Software Foundation has in fact shared that most breaches were resolved through light-touch measures and a confidential settlement.

Although litigation is relatively uncommon, breaches can still be made public by a community of consumers, industry observers and curious coders which proactively monitors software releases. When Xiaomi released its Mi A1 smartphone developed on Linux (an open source operating system distributed under the GPL), technology blogs including Android Authority tracked Xiaomi’s delays in publishing its source code. When the source code was eventually shared, Xiaomi made a public statement in response to Android Authority’s posts stating that it is “committed to improving [its] workflow for kernel releases in the future”. Having compliance strategies in place can therefore mitigate the risks of breach and the potentially long-term effects of negative publicity.

Conclusion

As licence terms can take many different forms and may not require you to actively indicate your acknowledgement or agreement, they could easily be overlooked when obtaining new software products. However, it is important to thoroughly investigate these licence terms before new products are used or integrated with your own source codes. If your plans are to develop proprietary software and to keep the source code non-public, you may wish to contact the owner to discuss the grant of a proprietary licence in exchange for payment of royalties.

This article was first published by Asia Law Network and authored by Benita Lau, Associate and co-authored with Shannon Ker of Taylor Vinters Via LLC.