Red Hat lawyer is right about indemnification not mattering. But for the wrong reasons

Red Hat lawyer is right about indemnification not mattering. But for the wrong reasons

Summary: According to a new FAQ on Red Hat's Web site -- one that's primarily designed to spin the bilateral legal protection that Microsoft and Novell have assured to each other as a net positive for Red Hat -- the North Carolina-based distributor of open source software will now offer indemnification to its Linux customers. Does it matter?

SHARE:
TOPICS: Open Source
113

According to a new FAQ on Red Hat's Web site -- one that's primarily designed to spin the bilateral legal protection that Microsoft and Novell have assured to each other as a net positive for Red Hat -- the North Carolina-based distributor of open source software will now offer indemnification to its Linux customers. Does it matter? According to Red Hat's deputy general counsel Mark Webbink, indemnification is not nearly as important as the Open Source Assurance Program that Red Hat already had in place.

Said Webbink:

As with any indemnification provision, if (a customer) were to get sued for intellectual-property infringement over code they got from us, the provision of the indemnification language kicks in. At that point, we step into their shoes.......We still think the earlier version of the Open Source Assurance was the far more critical thing, and we'll continue to stand behind that..

In my estimation, neither indemnification nor an assurance program will be enough to extract Red Hat from the legal pickle it could find itself in should a Microsoft lawyer turn up on Red Hat's doorstep. Here's why. 

Most people don't even have a clue what indemnification is or why it might matter to them. To be quite honest, I had no idea of its importance (or lack thereof, depending on your point of view and opinion) to Linux users (corporations included) until Sun's now CEO (but then COO) started sounding the warning bell about how little of it existed around Linux back in early 2003 (see: Unplugged interview: Sun software czar Jonathan Schwartz). In the context of how Sun was offering fully indemnified solutions such as Java's Desktop System (JDS), Schwartz said:

We like to see Linux vendors indemnify. If you can't stand behind your intellectual property, then what value are you bringing to your customers? Have you seen Red Hat's 10-Q filings recently? Look at how the risk factor section in its filings keeps growing. So, we'd like to see Red Hat indemnify along with HP and Novell.

SCO's lawsuit against IBM as over who "owned" what parts of Linux and, as such, who may owe who what amount of money, was the backdrop. But, in conjuntion with what Schwartz was saying, it was SCO's looming threat to sue end-users that had me fully-sensitized to the issue. Essentially, indemnification is a cloak of legal protection that shelters you, me, and the companies we work for from intellectual propety (IP) infringement suits that could be brought against us by someone claiming to own the intellectual property in the products we use. So, in the context of how Schwartz said he'd like to see Red Hat indemnify (above), a Red Hat offer of indemnification would theoretically shelter you from an SCO lawsuit. I used the word "shelter" because of how it implies a range of protection. A mud hut with a straw roof is a shelter. But so too is a bomb shelter. Just because a vendor offers indemnification doesn't mean you're totally safe. You have to look more closely (more on the that in a second). For a complete walkthrough of what indemnification is, see Protect Thyself 101: A primer on indemnification.

Eventually, not only did SCO sue Autozone and Daimler-Chrysler, it appeared to have twisted Robert Marsh's legal arm hard enough to make his company EV1server.net sign an actual license deal. Despite SCO's attempts to create the perception that those suits were about the intellectual property (IP) owner of Unix (and theoretically, some things that were in Linux) suing plain old users of Linux for the misappropriation of its IP (a ploy designed to scare the legal daylights out of other Linux users), both suits were really about some things entirely different. Not only that, it was just three weeks ago that Marsh revealed the EV1 license deal for the SCO PR scam that it truly was.

So, what's my point so far? It's one that I've long been making: When it comes to these sorts of circuitous third party IP infringement suits (where I use Red Hat Linux and then SCO sues me for using Red Hat Linux because it thinks its IP is in Red Hat Linux), they don't happen very often. That's because suing customers (or potential customers) isn't very good for business. Daimler-Chrysler and Autozone were not randomly picked organizations that, by virtue of their usage of Linux, may have been misappropriating SCO's IP. First and foremost, they were customers of SCO that SCO went after for license agreement violations. Those sorts of lawsuits happen all the time and are often justified. But, by trying to make it look as though any Linux user was at risk, the plan may have backfired. Now, based on the highly litigious position it has adopted, most people I've spoken to over the years won't go near SCO with someone else's ten foot pole, much less their own. 

But, just because suing customers is bad for business doesn't mean that customers are not at risk. A different kind of risk. A risk that neither indemnification nor something like Red Hat's Software Assurance can protect you for.

After Schwartz sensitized me to the whole indemnification quagmire, I did a deep deep dive on all of the legal protections being offered by IT vendors around Linux and open source. I titled the special report Managing the legal risks of Linux and it includes detailed a detailed analysis of the various forms legal protection that were offered at the time by HP, Novell, Sun, OSDL, Red Hat, and OSRM. While some of the exact protection details from each may have changed over the years, it still makes for great reading if you need to know what to look for in the protection programs that are currently offered. HP and Novell for example were offering indemnification at the time. But they were different forms of indemnification and they were for different classes of Linux users. But, now, with Red Hat's hand to indemnify seemingly being forced by both Oracle and the Microsoft/Novell deal, the larger question of whether it or any other protection that Red Hat has to offer matters.  

I think I've already dispatched the value of indemnification. As said earlier, even  according to Red Hat's current software assurance program:

The assurance program assures customers that if there is an intellectual property issue with Red Hat Enterprise Linux ("RHEL") or JBoss Enterprise Middleware Suite ("JEMS"), Red Hat will either (i) replace the infringing portion of the software, (ii) modify the software so that it becomes non-infringing, or (iii) obtain the rights necessary for a customer to continue its use of the software without interruption.

A careful study of last week's Microsoft-Novell deal reveals that the legal language revolves around patents and not copyrights. The two are incredibly different forms of IP with different legal implications to a company like Red Hat. If for example, the source code behind Linux's implementation (SAMBA) of Microsoft's SMB protocol is found to contain Microsoft-written source code, that would be a copyright infringement that Red Hat's "replace" or "modify" provisos might easily be able to correct for.

But if SAMBA violates a patent, that's a different issue altogether. Then, it doesn't matter whether the implementation of SMB is done with computer code or watermelons; it's still a violation of Microsoft's patent in which case, Red Hat may only be left with two options: (1) obtain the rights from the patent holder (per proviso iii) or (2) remove the functionality from the software altogether to prevent ongoing infringement. In either case, Red Hat's offer of indemnification is useless. For customers relying on SAMBA, the biggest risk is in being able to continue using it. So, for many customers, the aforementioned option 2 is not an option. But what about option 1?

Well, that depends. Last month, Red Hat filed a 10-Q with the SEC that amongst other sections, has one that's entitled RISKS RELATED TO LEGAL UNCERTAINTY. The first item in that section raises the possibility that the company could be found to infringe on third-party IP rights and repeats the three provisos found in its Open Source Assurance program. But what caught my eye was the following:

Although we cannot predict whether we will need to satisfy this commitment, satisfying the commitment could be costly and time consuming and could materially and adversely affect our financial results. In addition, our insurance policies may not adequately cover our exposure to this type of claim.

The 10-Q goes on to say:

Any ruling by a court that these licenses are not enforceable, or that open source components of our product offerings, may not be liberally copied, modified or distributed, would have the effect of preventing us from selling or developing all or a portion of our products.

Think about what the implications are if Red Hat can't cover its exposure or if it's reventing from selling or developing all or a portion of its products. 

Bear in mind that 10-Qs are required to be exceedingly verbose about any risk whatsoever, regardless of the odds. But Microsoft has been crystal clear in the past about protecting its IP and now that it has made nice with Novell, the big question is whether or not the legal gun turrets are swinging towards North Carolina and, if so, what exactly Microsoft has in mind. Between Microsoft's deal with Novell and its stand still agreement with Sun, an IP path has already been cleared for a legal offensive against Red Hat. Should Microsoft begin to apply pressure on Red Hat, it will probably do so on the basis of patent infringement with respect to  SAMBA, OpenOffice, and Evolution (for which Novell and Sun have now gotten legal hall passes) if not others. Should Microsoft's intellectual property claims be upheld by a court, here are some possible outcomes listed from worst to least harsh:

  • Microsoft seeks backpay for every copy of Red Hat that has been distributed and because Red Hat can't afford it. Red Hat declares bankruptcy and due to the judgement against it,  Microsoft becomes Red Hat's largest creditor and Microsoft assumes all of Red Hat's assets.
  • Instead of forcing the company into bankruptcy, which has all sorts of implications that go along with it, Microsoft acquires Red Hat at a greatly reduced price that stockholders would have no choice but to go along with if they want to ever see any of their money.
  • For some reason, Microsoft sees value in letting Red Hat survive on its own and hammers out a settlement that enforces some sort of royalty structure going forward, along with some back pay that doesn't drive Red Hat out of business.
  • Microsoft decides to be forgiving and tells Red Hat to remove the relevant functionality from all distributions of its software and to notify its customers that, for a fee, they can license replacement components from Microsoft.

Are there other outcomes? Feel free to comment below.  Will the sky fall on Red Hat? No one can say for sure. But the stage is set, the audience is in place, and the orchestra is unquestionably in the ready position, and the risk of something happening is unquestionably higher than some other randomly articulated risk item (in the name of 10-Q verbosity).

Back in September 2004, I wrote:

At this point, if I were Red Hat, and I knew that Microsoft's team now boasts ex-IBM-patent portfolio architect Marshall Phelps -- who could probably prove that OpenOffice infringes on a Microsoft patent or copyright -- and that the provisions of the stand-still agreement pave the way for Microsoft to seek " back pay" on all copies of OpenOffice distributed to date(a copy of OpenOffice is distributed with almost every copy of Linux), I would be worried -- very worried.

I still stand behind that assessment.

Disclosure: In the spirit of media transparency, I want to disclose that in addition to my day job at ZDNet, I’m also a co-organizer of Mashup Camp, Mashup University, and Startup Camp. Microsoft and Sun, both of which are mentioned in this story, were sponsors of one or more of those events. For more information on my involvement with these and other events, see the special disclosure page that I’ve prepared and published here on ZDNet.

Topic: Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

113 comments
Log in or register to join the discussion
  • I agree with the risks for RedHat, but, killing RedHat does NOT help MS, it

    would hurt them. A new RedHat (with a different name) would form out of the ashes of RedHat, with all infringing code removed from the distribution. Heck, Oracle would even be standing by to help RedHats customers. And, let's not forget that IBM has a lot of patents too that could be used against MS if need be. Really, anything MS could do against RedHat would NOT sit well with MS customers, and another company would form to take RedHats place anyway. So, while RedHat has a lot to fear, the customers do NOT.

    The real risk is a patent troll type company that has no customers. Microsoft would love to have a company like that where they could write a huge check to license the patents, and then let the patent troll do the dirty work. They though they had this sort of company in SCO, but it backfired on them in the end.
    DonnieBoy
    • why

      do I always get the impression that David Berlind editorial's about Microsoft and its relation with Linux has an undercurrent wishful thinking about the imminent demise of anything Linux?
      cscottmitchell
      • He might be right that RedHat should be scared, since MS could kill them by

        hitting them with lots of patent lawsuits. But customers of RedHat and Linux in general, have little to worry about. IBM, for one, will make sure that Linux can not be destroyed.
        DonnieBoy
      • Au contraire

        I think the archive of my work, which you are welcome to peruse at any time, reflects a balanced position on most technologies , Linux included (OK, ....with a very strong opinion about one or two like DRM).

        There is no wishful thinking there. If you see a hole in my logic, please, by all means, whack away. That's what this comments area is here for.

        db
        dberlind
        • Logic seems okay to me, however,

          I think your characterization of the SCO case put a positive spin on the risks, i.e. Created more fear than less about the risks. And number two, how do you really feel about the GPL - and I don't mean in specifics but in theory and in spirit? And I don't read all your stuff - You sort of annoy me (which I guess the point)
          cscottmitchell
          • How I feel about the GPL?

            Put it this way: I'm not happy about the way business processes can be patented. That shoots a lot higher than any particular license. Sooner or late, the chances that any given patent application will infringe on existing patent will be 99.99 percent. At that point, only the privileged few are allowed to innovate. I've also written multiple times about open source and DRM are incompatible with each other and why that stifles innovation while using the entertainment cartel to annoint technology monopolies. It terribly marginalizing to open source (and, again, innovation).

            db

            ps: I will also be funding some open source development within the next six months.
            dberlind
          • no argument

            I agree with you on the points you've made and the question you answered. And from some of the other posts, I suppose I stand corrected. I personally don't trust MS and you may be correct in there is now a potential to wipe out Red Hat - I doubt it - a even if they could/would, I don't believe Red Hat = Linux = open source. Now is there an upside to the agreement with MS for open source/Linux?
            cscottmitchell
        • RE: Au contraire

          Actually, I thought this was a pretty well thought out argument
          pointing out the possible risks to RH. As has been mentioned here
          and elsewhere, though, I think the fly in MS's ointment is IBM.
          After what Bill Gates did to IBM they may play nice from time to
          time, but I think IBM would dearly love to stick it to Bill. MS is
          going to have to walk a very fine line if it decides to go after RH.
          Protagonistic
      • I'll second Mr. Berlind

        He detests proprietary software and is anxxious for the end of Microsoft.

        He wants organizations to avoid Office because some (useful) features are available from one company only. That's also the reason he urgently propounds ODF.

        This is a situation in which Linux might be at risk, and he's very solicitous about threats to open source, the future of software as he sees it.

        So if you're an open source advocate, you have a very kindred spirit in Mr. Berlind. He's as much opposed to people being paid for their work as you are.

        How's that for being supportive, Mr. Berlind?

        ----------------- ;-) --------------------------

        [There's a difference between Mr. Berlind's aspirations and his view of what is practicable. I've exaggerated the sentiments he consistently expresses.]
        Anton Philidor
        • No seconds for me, please

          >He detests proprietary software and
          >is anxxious for the end of Microsoft.

          Not true. I have no problem with proprietary software. I often advice against the adoption of anything that locks you in. Software can be proprietray without locking you in. It just depends on what part of it is "proprietary" (or maybe what your definition of proprietary is). I am also not anxious for the demise of Microsoft. Not the least bit. In fact, I like the way Microsoft has been opening up as of late.

          >He wants organizations to avoid Office because
          >some (useful) features are available from
          >one company only. That's also the reason he
          >urgently propounds ODF.

          Not true. I don't advise avoiding Office. I use Office. I advise using open standards where ever possible. I wish Office would include more robust support for ODF.

          >This is a situation in which Linux might be
          >at risk, and he's very solicitous about
          >threats to open source, the future of
          >software as he sees it.

          I believe I'm simply matter of fact about the threats to anything.

          >So if you're an open source advocate, you have
          >a very kindred spirit in Mr. Berlind.
          >He's as much opposed to people being
          >paid for their work as you are.

          First, open source and getting paid are not mutually exclusive and there are a great many examples of that. Second, as I said at the beginning, I am not against proprietary software. So this point makes no sense to me.
          dberlind
          • You see, but you do not observe.

            Sherlock Holmes's reproach in A Scandal in Bohemia.

            Quoting:
            "I have no problem with proprietary software. I often advice against the adoption of anything that locks you in. Software can be proprietray without locking you in. It just depends on what part of it is 'proprietary' (or maybe what your definition of proprietary is)."

            An attribute of proprietary software is that you can't have it. Whether that means not looking at it or not making unauthorized changes to it, access and use are in some way restricted. And certainly you cannot provide the code to a competitor.

            The code provides advantages which remain sales points to the seller only so long as they cannot come from another source as well. Then the competition would ceease to be based on the feature(s).

            So anyone who uses proprietary software must be locked into it, in the sense that it comes from one source and will remain under the control of that source.

            So when you approve of proprietary software that does not lock you in, you approve only of proprietary software which is not proprietary.


            You continue:

            "I am also not anxious for the demise of Microsoft. Not the least bit. In fact, I like the way Microsoft has been opening up as of late."

            Microsoft is the epitome to some of the proprietary software company. In part because Microsoft exercizes a certainty of control over its software which exceeds that of other companies.

            So when you praise Microsoft for "opening up", you are praising the company for becoming less like Microsoft.

            Should Microsoft continue on the tremd you approve, Microsoft would cease to be a proprietary software company. That would be, effectively, its demise.


            In each statement, you see clearly what you're saying. But I'll assert that you're not observing the implications.


            Again, you explain:

            "I don't advise avoiding Office. I use Office. I advise using open standards where ever possible. I wish Office would include more robust support for ODF."

            I remember your concerns for having ODF and an SDK from Microsoft competitors for other Office products. It seems unlikely you would wish those products to advance ODF if you didn't want those alternative to Microsoft Office to be used.
            What would be the point of your concern otherwise?

            Also, let's assume that Microsoft would not have available full use of unique Office features without its own formats. Why invent them otherwise?

            To recommend open standards is to recommend formats which are unresponsive to the unique features that are a sales point for Office.
            By eliminating a sales point, aren't you opposing Office?


            Finally, a brief observation on your comment:

            " ... open source and getting paid are not mutually exclusive and there are a great many examples of that."

            Mr. Stallman, the (what?) guru of open source, has made no secret of his understanding that open source will reduce employment and salaries. He states that software can be sold, then gives examples like sale of a CD of open source software. Which means, because the software can be shared, the sale of one CD once.

            The real issue is whether one can be supportive of open source and still support being paid a fair wage. I would say that someone's views are less important than the impact of his actions, which further goals he might say he opposes.
            Again, see but not observe.

            One example is someone assigned to work collaboratively with employees of other companies on an open source project. The participants are being paid, no question.

            But if the collaboration did not occur, the development costs at each company would be greater. These collaborations occur to reduce staff costs.
            (I hold for consideration a good point from YBK, that sometimes none of the companies could afford to make such an effort individually. That may be true. But I wonder if the revenue would at least sometimes be sufficient to support a single [proprietary] provider of the software.)
            Anton Philidor
      • Thought police in action

        I can tell you what I detest about open source. And it has nothing to do with technology or liscensing.

        It has everything to do with a cadre of idealogues who want to enforce a politically inspired group-think on all commentary that vets its legitimacy against whether it supports open source or leads to the destruction of Microsoft.

        All you folks that find yourselves within this group, and I think you know who you are, make me feel absoultely devestated at how politics and spin is now the main arbiter of the merits of technology. Shame on you all.
        jcg_z
    • Funny you should mention that

      [i]The real risk is a patent troll type company that has no customers. Microsoft would love to have a company like that where they could write a huge check to license the patents, and then let the patent troll do the dirty work. They though they had this sort of company in SCO, but it backfired on them in the end.[/i]

      How curious you should so nearly describe [url=http://www.intellectualventures.com]Intellectual Ventures[/url] -- run by old Microsoftie Nathan Myhrvold.

      What we haven't seen -- [u]yet[/u] is the second shoe drop, where Microsoft transfers its patent portfolio to IV in return for cash, shares, future licenses, or some combination [1].

      Once that happens, buy fallout shelters because the "patent nuclear war" is about to begin.

      [1] MS would, of course, retain a perpetual license to its own patent portfolio.
      Yagotta B. Kidding
      • Re: Funny you should mention that

        [i]Once that happens, buy fallout shelters because the "patent nuclear war" is about to begin.[/i]

        That may be just what we need to get patent reform.


        :)
        none none
    • Of course...

      ...you've just pointed out why there can be no "unilateral disdarmament" where patents are concerned:

      "And, let's not forget that IBM has a lot of patents too that could be used against MS if need be."

      We're caught in a "MAD" cold-war where patents are the WMD. IBM's patent portfolio has been held over Microsoft's head as a possible future weapon for some time now. Is it any wonder that Microsoft is moving into the arena of wielding patents as weapons? They've learned from the best.

      Carl Rapson
      rapson
    • I think you are missing the point

      <p><i><b>I agree with the risks for RedHat, but, killing RedHat does NOT help MS, it</p>
      <p>would hurt them. A new RedHat (with a different name) would form out of the ashes of RedHat, with all infringing code removed from the distribution. Heck, Oracle would even be standing by to help RedHats customers. And, let's not forget that IBM has a lot of patents too that could be used against MS if need be. Really, anything MS could do against RedHat would NOT sit well with MS customers, and another company would form to take RedHats place anyway. So, while RedHat has a lot to fear, the customers do NOT.</p>

      <p>The real risk is a patent troll type company that has no customers. Microsoft would love to have a company like that where they could write a huge check to license the patents, and then let the patent troll do the dirty work. They though they had this sort of company in SCO, but it backfired on them in the end.
      </p></b></i>

      <p>Microsoft isn?t worried about hurting themselves, they?ve been doing it for years to achieve their goal. They want to rid themselves of Novell and this would be the perfect way to do so. By partnering with them, the result would be no Novell. They don?t care about Red Hat, it?s not a threat yet. And yes it will rise above the ashes. But you have to keep in mind what is the real target here. Microsoft has tried for years to destroy Novell and now Microsoft bows and offers a partnership out of the blue. </p>

      <p>The funny part is anyone who knows Microsoft knows how this deal will end up. I wish it wasn?t true but history will repeat itself. It?s a known fact that any partnership with Microsoft has ended up with Microsoft breeching contract, and marketing the product that was a joint venture for themselves regardless of lawsuit.</p>
      mypl8s4u2
  • Always assuming

    You are, of course, assuming that Microsoft hasn't effectively extended a free pass to everyone via the GPL. Not surprising; I thought so too since MS isn't exactly licensing their (unenumerated, please note) patents to Novell, much less explicity to the world of GPL code.

    However, I found [url=http://www.groklaw.net/comment.php?mode=display&sid=20061102175508403&title=Novell%20Sells%20Out%20-%20Patents%20allow%20selective%20enforcement%20-%20parent%20wrong&type=article&order=&hideanonymous=0&pid=498417#c500261]this[/url] this morning. Marbux is a retired lawyer and seems very confident that Microsoft's waiver to Novell [i]is[/i] effectively transitive because MS knew in advance that Novell's SuSE is licensed under the GPL and that Novell [u]must[/u] convey all of their rights to those who receive SuSE from them. Marbux seems to think that he could win on any of three different legal grounds if the case came to trial.

    Well, IANAL. Neither are you -- but things look rather interesting on that front, don't they?
    Yagotta B. Kidding
    • Define SuSE.

      I think this is where things could descend into some legal hairsplitting over what in "the box" constitutes GPL-licensed SuSE (GNU Linux) and what in the box is considered accoutrements (licensable under other means).

      As far as I know, SAMBA, OpenOffice, and Evolution are not technically considered to be a part of GNU/Linux. They're just distributed with it. Good question for Novell: will the next versions of SuSE have different licensing language on those components?

      db
      dberlind
      • Machts nichts

        [i]As far as I know, SAMBA, OpenOffice, and Evolution are not technically considered to be a part of GNU/Linux. They're just distributed with it.[/i]

        Makes no difference. Either:

        * there aren't any MS patents involved, in which non-Novell parties are OK,
        * there are MS patents involved and the agreement doesn't cover them, in which case Novell gets the shaft,
        * there are MS patents involved and the agreement does cover them but only them, in which case Novell doesn't have distribution rights under the GPL and again Novell gets the shaft, or
        * there are MS patents involved, the agreement does cover them, and Marbux' reasoning applies so that MS can't enforce those patents because they knowingly waived them with regard to GPL code.

        [i]Good question for Novell: will the next versions of SuSE have different licensing language on those components?[/i]

        Since Novell isn't the sole copyright holder, we'll hear about it long before that happens as Novell tries to line up all of the copyright holders to get them into a private licensing deal.

        Novell holds big chunks of Evolution (but not all); Sun holds joint copyright on OO.o (but might not feel like helping Novell stake out turf), but SAMBA has [i]lots[/i] of stakeholders, including quite a bit by Red Hat.

        Don't bet your retirement savings on it.
        Yagotta B. Kidding
        • My question would be

          whether direct lineage of the code makes any difference.

          Yes, Samba from Red Hat comes from the same original source as does Samba from SuSE, but Samba from Red Hat did not come directly from Samba from SuSE (actually I don't know that for a fact, but I think it's a safe assumption, and even if it weren't you can swap Samba out of this argument from some other package). Could MS argue that because they only licensed Samba from SuSE that only direct derivatives of Samba from SuSE are covered? Or does the GPL state that if you license your technology to one derivative you give that license to all derivatives (which in essence means you license it to all GPL code, derivative or not)?
          Michael Kelly