LinuxUser Column 4

Let’s take a stroll through the world of patents and licenses. If you follow these things you’ll know that patents are a double-edged sword. For example, patent offices are supposed to thoroughly check for ‘prior art’. This isn’t old paintings but finding evidence that someone else came up with the invention thereby invalidating the right to win a patent. As the volume of patents registrations has exploded and patents have become increasingly complex, prior art checks have got progressively worse. In the world of electronics and software where the underlying code is not visible to academics and patent office examiners, little prior art can actually checked. So we end up with many absurd patents which should never have been accepted.

Large companies with the resources to run dedicated patenting teams take advantage of the flaws in the system. They build ‘walls’ of patents around innovations they see as being key to their commercial future. These walls are constructed of patents they know they don’t need but which create a minefield of obstructions to competitors attempting to follow down a similar technological path. If you’re someone like General Electric then to dodge the walls you have stringent processes to monitor your own R&D against specialist patent tracking databases.

But if you’re a small company… or a FLOSS development team, what do you do? You generally build something totally oblivious to the patents you are potentially infringing. Then once the work is done and you’re spreading the word about your great idea, software or widget somebody sends you a nice letter threatening to sue you for infringing a patent that should never have been allowed in the first place. It’s these kind of problems which fill FLOSS activists with the passion to fight software patents in Europe.

But patents aren’t the only minefield lying in wait for the unsuspecting FLOSS developer. Patent problems have had fairly good publicity in the media, many are aware of the problems I’ve highlighted above. What far fewer recognise are the problems surrounding FLOSS license incompatibilities.

All FLOSS has to be covered by a license to protect its freedoms. The daddy of licenses is the GNU General Public License but there are many others from the BSD and Apache licenses to IBM and Apple’s open source licenses. These all have specific terms decreeing differing levels of freedom, ability to reuse the code commercially and so on.

If each piece of software lived in splendid isolation then licenses really wouldn’t be an issue. But that isn’t how it is, we live in a world of complex interdependencies. Our computers run hundreds of programs which depend on thousands of libraries and sub-programs. Let me give you an example…

Back in 1999 I began writing GNU.FREE, a Java-based Internet voting system. I wrote the core intelligence, protocols and security code but there are only so many hours in the day so I took the shortcuts any smart developer would. I used the Swing library to deliver the graphical interface, I leaned on the Cryptix library to do some cryptography and I integrated the log4j library for secure logging.

It was fantastic, with a little bit of learning I could have rich features working in GNU.FREE without my having to get a PhD in encryption. I’d tried writing my own logging tools but when I realised the scale of the challenge secure logging posed, I despaired. Decent logging is important for any system, it helps you track bugs and trace security problems. But for electronic voting logging is vital, it builds the audit trail required for delivering trust in the security and accuracy of the system. I was hugely relieved to find the log4j project which met my needs and then some. I made checks on all these libraries to ensure that their licenses would be compatible with GNU.FREE’s use of the GNU General Public License. Everything was ok.

The project came to a halt in October 2002, so I was rather surprised when this year I got an email from the Free Software Foundation (the organisation which shepherds GNU project software) querying the licenses under which I had used a number of libraries. It turns out they’re not really sure if the different licenses are compatible. The result is that GNU.FREE has been withdrawn from the GNU download servers until this is all figured out.

Sound familiar? Yep, it’s like the patent game. I get that sense that the multitude of different FLOSS licenses are blocking up the positive use of different open projects in other open works. The good intentions that go into building any freely available lump of software are based partly on the idea that others will benefit. If license incompatibilities prevent that then we are losing the key benefit of going for FLOSS in the first place.

The danger is that to create license compatibility we will engage in a race to the bottom. We’ll keep pushing for more and more loose licenses which protect fewer and fewer of the core freedoms that FLOSS is all about.

This column first appeared in the excellent LinuxUser magazine, available internationally. For more information visit