Software companies increasingly are dangling the offer of intellectual-property liability indemnification in front of customers concerned about protecting themselves against the threat of lawsuits. Some may wonder whether the hubbub over software indemnification is just much ado about nothing, but chief information officers know better.
It may seem strange to nonlawyers that U.S. copyright and patent laws do not provide complete protection against the "innocent infringement" of rights. While damages may be reduced for acts performed before notice of rights is given, "innocent" purchasers are liable for damages and subject to an injunction if they continue to use or sell copies of the software.
The SCO Group's lawsuits against large corporate users of Linux have focused attention on Linux and open-source software. What we find is that it is relatively easy for patent and copyright holders to find infringements of their intellectual property in open-source software because of free and unfettered access to the source code.
Elsewhere, intellectual-property holders have had some success in suing proprietary software companies for patent and copyright infringement--witness the recent case by Eolas against Microsoft (though the case is on appeal). And as proprietary software companies increasingly share their source code with partners and customers, it will become easier to identify infringing code.
While the potential liability is clear, some have argued that the SCO case is merely an aberration and that the likelihood of intellectual-property lawsuits against customers is relatively low. The argument is that there is little to worry about because companies like Microsoft and Sun Microsystems are unlikely to sue Linux users for patent infringement. Companies are interested in winning those customers for themselves; they would be reluctant to start the relationship off with a lawsuit.
Undoubtedly, if customers--and not developers or distributors--are the only targets of a patent infringement action, then most rational patent holders would indeed choose not to sue. But rather than wondering which companies might sue, it's more worthwhile to focus on the more pernicious problem posed by what I call patent terrorists.
Patent terrorists are companies whose business models are based on patent litigation as a threat and licensing as a revenue source. With no interest in selling a product or winning new customers, these companies are not bound by the norms of customer relationship building. They would not think twice about suing large software customers if it fit into their legal strategy.
The result is competitive jockeying between companies offering their own indemnification policies in response to the liability risks faced by corporations deploying IT solutions. When it comes to indemnification policies, companies that create open-source and proprietary software are continuously evolving their thinking. Novell, Hewlett-Packard and Red Hat offer varying levels of legal protection to customers for their Linux products. Rather than offering traditional patent infringement indemnification, however, Novell promises to countersue with its own patent portfolio--presumably with the intention of settling on the basis of a cross-license.
If the litigant is a patent terrorist, however, the countersuit would have little deterrent effect. Microsoft has taken indemnification to a new level by protecting its customers against all patent and copyright claims, and promising to pay for any legal fees or damages resulting from those claims.
The burden is on CIOs to seriously consider the indemnification policies of their vendors before concluding big software purchases. Indemnification should not be the primary factor driving purchasing decisions but rather a key factor in calculating the total cost of ownership for any solution.
For those interested in purchasing open-source solutions but unhappy with the indemnification policy of their vendors, new companies are emerging to provide additional insurance against the threat of intellectual-property litigation. This is really the continuation of a trend of insurers providing coverage against intellectual-property infringement suits.
CIOs have traditionally viewed indemnification provisions as standard boilerplate portions of agreements--and often not as something that can even be negotiated. It's time to rethink that assumption. Indemnification policies and insurance can be important tools to reduce or eliminate long-term risk and maximize the present value of the products purchased.
CIOs may increasingly face the very real threat of patent terrorism. But they can only benefit from the growing competition among software providers to better protect customers from intellectual-property lawsuits.