December 4, 2003
An Open Letter:
Since last March The SCO Group ("SCO") has been involved in an increasingly rancorous legal controversy over violations of our UNIX intellectual property contract, and what we assert is the widespread presence of our copyrighted UNIX code in Linux. These controversies will rage for at least another 18 months, until our original case comes to trial. Meanwhile, the facts SCO has raised have become one of the most important and hotly debated technology issues this year, and often our positions on these issues have been misunderstood or misrepresented. Starting with this letter, I'd like to explain our positions on the key issues. In the months ahead we'll post a series of letters on the SCO Web site ( www.sco.com ). Each of these letters will examine one of the many issues SCO has raised. In this letter, we'll provide our view on the key issue of U.S. copyright law versus the GNU GPL (General Public License).
SCO asserts that the GPL, under which Linux is distributed, violates the United States Constitution and the U.S. copyright and patent laws. Constitutional authority to enact patent and copyright laws was granted to Congress by the Founding Fathers under Article I, ? 8 of the United States Constitution:
Congress shall have Power ? [t]o promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.
This Constitutional declaration gave rise to our system of copyrights and patents. Congress has enacted several iterations of the Copyright Act. The foundation for current copy protection in technology products is grounded in the 1976 Copyright Act. The 1976 Act grew out of Congressional recognition that the United States was rapidly lagging behind Japan and other countries in technology innovation. In order to protect our ability to innovate and regain global leadership in technology, Congress extended copyright protection to technology innovations, including software. The 1976 Act had the desired effect. The U.S. economy responded rapidly, and within 10 years had regained global technology leadership.
Most recently, Congress has adopted the Digital Millennium Copyright Act ("DMCA") to protect the intellectual property rights embodied in digital products and software. Congress adopted the DMCA in recognition of the risk to the American economy that digital technology could easily be pirated and that without protection, American companies would unfairly lose technology advantages to companies in other countries through piracy, as had happened in the 1970's. It is paramount that the DMCA be given full force and effect, as envisioned by Congress. The judgment of our elected officials in Congress is the law of the land in the U.S. copyright arena, and should be respected as such. If allowed to work properly, we have no doubt that the DMCA will create a beneficial effect for the entire economy in digital technology development, similar to the benefits created by the 1976 Copyright Act.
However, there is a group of software developers in the United States, and other parts of the world, that do not believe in the approach to copyright protection mandated by Congress. In the past 20 years, the Free Software Foundation and others in the Open Source software movement have set out to actively and intentionally undermine the U.S. and European systems of copyrights and patents. Leaders of the FSF have spent great efforts, written numerous articles and sometimes enforced the provisions of the GPL as part of a deeply held belief in the need to undermine or eliminate software patent and copyright laws.
The software license adopted by the GPL is called "copy left " by its authors. This is because the GPL has the effect of requiring free and open access to Linux (and other) software code and prohibits any proprietary use thereof. As a result, the GPL is exactly opposite in its effect from the "copy right " laws adopted by the US Congress and the European Union.
This stance against intellectual property laws has been adopted by several companies in the software industry, most notably Red Hat. Red Hat's position is that current U.S. intellectual property law "impedes innovation in software development" and that "software patents are inconsistent with open source/free software." Red Hat has aggressively lobbied Congress to eliminate software patents and copyrights. (see http://www.redhat.com/legal/patent_policy.html ).
At SCO we take the opposite position. SCO believes that copyright and patent laws adopted by the United States Congress and the European Union are critical to the further growth and development of the $186 billion global software industry, and to the technology business in general.
In taking this position SCO has been attacked by the Free Software Foundation, Red Hat and many software developers who support their efforts to eliminate software patents and copyrights. Internet chat boards are filled with attacks against SCO, its management and its lawyers. Personal threats abound. At times the nature of these attacks is breathtaking ? the emotions are obscuring the very clear and important legal issues SCO has raised. This is to be expected when the controversy concerns such deeply held beliefs. Despite the raw emotions, however, the issue is clear: do you support copyrights and ownership of intellectual property as envisioned by our elected officials in Congress and the European Union, or do you support "free" ? as in free from ownership ? intellectual property envisioned by the Free Software Foundation, Red Hat and others? There really is no middle ground. The future of the global economy hangs in the balance.
As SCO prepares new initiatives to protect our intellectual property rights, we do so with the knowledge that the most powerful voices in our democratic process give clear support to the intellectual property laws we seek to enforce. As stated above, the United States Congress has adopted the Digital Millennium Copyright Act to give clear and unequivocal protection to copyright management information distributed with software. We are also in accord with important decisions of the United States Supreme Court in the copyright area. In the case of Eldred v. Ashcroft, decided earlier this year, the United States Supreme Court gave clear and unequivocal support to Congress's authority to legislate in the copyright arena. The European Union remains firmly in support of intellectual property laws, as embodied generally in the Berne Convention.
Thus, SCO is confident that the legal underpinning of our arguments is sound. We understand that the litigation process is never easy for any party involved. Our stance on this issue has made SCO very unpopular with some. But we believe that we will prevail through the legal system, because our position is consistent with the clear legal authority set down by the U.S. Congress, the U.S. Supreme Court and the European Union.
To understand the strength of this authority, it is interesting to read the recent U.S. Supreme Court case, Eldred v. Ashcroft , 123 S.Ct. 769 (2003). In Eldred , key arguments similar to those advanced by the open source movement with respect to copyright laws were fully considered, and rejected, by the U.S. Supreme Court. This suggests that however forcefully Open Source advocates argue against copyright and patent laws, and whatever measures they take to circumvent those laws, our intellectual property laws will carry the day.
The majority opinion in Eldred was delivered by Justice Ginsberg, in which Chief Justice Rehnquist and Justices O'Connor, Scalia, Kennedy, Souter and Thomas joined. Dissenting opinions were filed by Justice Stevens and Justice Breyer. In Eldred , the petitioner argued that the Copyright Term Extension Act enacted by Congress in 1998 was unconstitutional. The U.S. Supreme Court disagreed, ruling that Congress had full constitutional authority to pass the Extension Act. The Court's analysis of the constitutional foundation of the Copyright Act applies directly to the debate between SCO and FSF / Red Hat regarding intellectual property protection for software.
SCO argues that the authority of Congress under the U.S. Constitution to "promote the Progress of Science and the useful arts?" inherently includes a profit motive, and that protection for this profit motive includes a Constitutional dimension. We believe that the "progress of science" is best advanced by vigorously protecting the right of authors and inventors to earn a profit from their work.
The Free Software Foundation, Red Hat and other GPL advocates take the contrary position. The FSF and Red Hat believe that the progress of science is best advanced by eliminating the profit motive from software development and insuring free, unrestricted public access to software innovations. The Free Software Foundation was established for this purpose. The GPL implements this purpose. Red Hat speaks for a large community of software developers dedicated to this purpose. However, the U.S. Supreme Court has dramatically undercut this position with its guidance in Eldred in how to define the term "promote the Progress of Science and the useful arts?" under the Constitution.
In Eldred , the U.S. Supreme Court addressed for the first time in recent history the Constitutional meaning of the term "promote the Progress of Science and the useful arts?" Seven Supreme Court justices defined the term one way ? and SCO agrees with this definition. Two dissenting justices defined the term differently.
Let's consider the dissenting view. Justice Breyer articulated a dissenting view that the Constitutional objective of "promot [ing] the Progress of Science" is oriented to benefit the general public good, rather than create a private reward for authors. Justice Breyer posited:
The Clause does not exist "to provide a special private benefit," ? but to "stimulate artistic creativity for the general public good?. The "reward" is a means, not an end.
123 S.Ct. at 802-03. Under this view of the U.S. Constitution, Justice Breyer would find a Congressional act unconstitutional if, among other things, "the significant benefits that it bestows are private, not public." Of course, this argument is at the very core of the positions advanced by the Free Software Foundation, Red Hat, and the General Public License. According to the FSF, Red Hat and under the GPL, private benefits are impediments to the general advancement of science and technology, and need to be eliminated entirely from the software industry and the process of software development.
But, unfortunately for the FSF, Red Hat and others, this dissenting view was squarely rejected in the majority opinion delivered for the Court by Justice Ginsberg. The majority position specifically acknowledges the importance of the profit motive as it underpins the constitutionality of the Copyright Act. In expressing this position, the majority opinion stated as follows:
Justice Stevens' characterization of reward to the author as "a secondary consideration" of copyright law ? understates the relationship between such rewards and the relationship between such rewards and the "Progress of Science." As we have explained, "[t]he economic philosophy behind the [Copyright [C]lause ? is the conviction that encouragement of individual effort by personal gain is the best way to advance public welfare through the talents of authors and inventors." ? Accordingly, "copyright law celebrates the profit motive, recognizing that the incentive to profit from the exploitation of copyrights will redound to the public benefit by resulting in the proliferation of knowledge?. The profit motive is the engine that ensures the progress of science."? Rewarding authors for their creative labor and "promot [ing] ? Progress" are thus complementary; as James Madison observed, in copyright "[t]he public good fully coincides ? with the claims of individuals." The Federalist No. 43, p. 272 (D. Rossiter ed.1961.) Justice Breyer's assertion that "copyright statutes must serve public, not private, ends" ? similarly misses the mark. The two ends are not mutually exclusive; copyright law serves public ends by providing individuals with an incentive to pursue private ones.
123 S.Ct. at 785, fn. 18; emphasis in original.
Based on the views of the U.S. Congress and the U.S. Supreme Court, we believe that adoption and use of the GPL by significant parts of the software industry was a mistake. The positions of the Free Software Foundation and Red Hat against proprietary software are ill-founded and are contrary to our system of copyright and patent laws. We believe that responsible corporations throughout the IT industry have advocated use of the GPL without full analysis of its long-term detriment to our economy. We are confident that these corporations will ultimately reverse support for the GPL, and will pursue a more responsible direction.
In the meantime, the U.S. Congress has authorized legal action against copyright violators under the Copyright Act and its most recent amendment, the Digital Millennium Copyright Act. SCO intends to fully protect its rights granted under these Acts against all who would use and distribute our intellectual property for free, and would strip out copyright management information from our proprietary code, use it in Linux, and distribute it under the GPL.
We take these actions secure in the knowledge that our system of copyright laws is built on the foundation of the U.S. Constitution and that our rights will be protected under law. We do so knowing that those who believe "software should be free" cannot prevail against the U.S. Congress and voices of seven U.S. Supreme Court justices who believe that "the motive of profit is the engine that ensures the progress of science."
Sincerely,
Darl McBride
President & CEO
The SCO Group, Inc.
In the real world the point of a dirty bomb is the resource waste created by fear of repetition and exposure rather than the bomb itself - much as fear of air terrorism now cripples airline, airport, and air travel efficiency around the world while fear of spam and network attack clogs both our networks and our computers with useless traffic and unproductive software.
In the IT context the analogies we all repeat with respect to things like computer viruses are quite wrong: the Lamarckian nature of computer viruses means they’re not virus analogs at all - but I’ve been wondering whether dirty bomb analogs might not be possible.
Bear in mind, please, as you think about this that you can’t fight a threat you don’t recognize - and so thinking about how the bad guys are likely to attack you is the first step to figuring out how protect your organization.
In terrorism the dirty bomb, to be effective, has to be many orders of magnitude cheaper to deliver than prevention and remediation - so in the IT context you think naturally of adapting today’s virus ideas to render whole networks unusable for extended periods of time. All jokes about Vista aside, that’s actually harder to do than you might think: you can, for example, use the email blacklisters to reduce the usefulness of email for whole IP blocks - but the effect wears off in a month or two and the hidden truth is that whitelisting combines with bureaucracy to guarantee that many target organizations wouldn’t even notice the problem.
Direct intervention techniques are probably more effective: today’s reliance on wireless communication suggests, for example, that a spray containing micrometer tuned antennae that get triggered, and powered, by harmonic EM fields in the right frequency ranges could be cheaply made, easily delivered, and prove devastatingly hard to find and remove while blanketing every signal around them in static.
As you go down the list of candidate methods and technologies looking for opportunities for the bad guys one thing becomes clear very quickly: there are lots of glitsy tech opportunities, but their direct effects are generally transient and their usage predictably leads to new equilibria in which attrition works against the attackers while continuing defense costs rise, but not cripplingly so.
Have recourse to traditional social engineering, however, and opportunities seem to multiply while costs and risks arguably go down. Getting a few hundred of your bright young engineering students in as long term residents working in major corporations and agencies might seem to mean, for example, that you could temporarily shut down the target economy at any time.
Fortunately for the defense, however, this only works up to a point, and generally only in the short term - because in the longer term mutual dependence sets in and the relationship becomes parasitic. In the legitimate commercial variant, for example, it’s possible to make an entire group of people so dependent on the job value of their knowledge of your technology (and only your technology, of course) that getting one of them in place as a customer decision maker gives you control of that customer’s technology spending and infrastructure - but doing this creates a parasitic relationship characterized by mutual dependence: imagine, for example, how long Microsoft or IBM would last if their stuff actually killed the customer quickly instead of just siphoning off money and competitive opportunity.
Recognize that infiltration tends toward stability and the conclusion is obvious: the manchurian candidate approach is cheap and low risk - but can be effective in the longer term only if the period during which the damage done is too short and too obvious for mutual dependence to become an issue.
Notice that this applies to deployment, not set-up. The feasibility of a plan to plant hidden functionality in PC devices by taking manufacturing control over twenty or even thirty years is not affected by this - but the ability to act broadly on the existence of that functionality is largely a one time thing and even very limited use of the technology to achieve finely targeted goals carries some risk of exposure despite the natural cameoflage provided by the normal wintel experience.
At least one usage pattern possible with this, however, perfectly illustrates the notion of an IT dirty bomb: imagine that a third party which has the attack planner pretty completely infiltrated, decides that exposing this is in its best interest and so gives information on how to deploy the technology to a large, but unrelated, group of political terrorists.
The latter then deploy it as a true dirty bomb: bringing down IT operations at more or less randomly chosen agencies and businesses in their target countries to create world-wide panic amid the usual press gibbering, official impotence, and executive over-reaction.
That’s an imaginary scenario, of course; but not, I think, an impossible one - and particularly not in today’s IT monocultural world where most of the technology is made by the same people and hardly any businesses and agencies have truly diversified IT hardware, software, methods, and staffing in place to protect themselves.
Tonymcs that is my first name and initials not a pseudonym - Paul Murphy is a pseudonym that Rudy persists in using for some (probably paranoid) reason. I think if you must blog, then people should at least know your indentity. 
