Tuesday, August 26, 2003
SuSE Says SCO Licensing Invoices Are Without Merit
Of course, they said it in German. A friend of Groklaw at BYU has stepped up to the plate and volunteered his brother-in-law to do the following unofficial translation, which you can check with the original here:
"SCO-License Invoicing Without Merit
"SCO's recently announced billing of Linux users for proportedly using SCO Code in the Linux kernel, according to the LIVE Linux Association, is completely without merit.
"'This new attempt obviously is a pure public relations maneuver,' said LIVE-Board member Daniel Reik. 'SCO can obviously lay out no proof for their allegations. As we already laid out, SCO itself has been distributing the Linux kernel as free software under the GPL. Therefore there is no way for SCO to make any valid claims.'
"This view is also shared by the industry publication 'Computerwoche' (Computer Week), and referred to Open Source advocate Bruce Perens. One of the presentations SCO made at the SCOforum convention was supposed to prove that Unix code was illegally copied into Linux. Bruce Perens inspected the origin of the 15 lines of code in question, which according to SCO were copied without permission from System V, for which SCO has authorship rights.
"According to Perens, these lines of code were also released under the BSD (Berkeley Software Distribution) License. Therefore it is allowable to use the code in Linux. The 15 lines of code are in a portion of the memory management components of Linux.
"In Germany, according to a legal order, SCO has already committed itself to stop claiming Linux operatingsystems contain illegally gained intellectual property from SCO Unix. The SCO Group will, according to the order, also stop claiming that end users are liable for the use of Linux, that they have to fear fines or punishments, or that Linux is unauthorized derivative of Unix. The punishment in Germany would have been a fine of 10,000 Euros.
"The Linux-based enterprise operating system United Linux, that was jointly developed by SuSE, Turbolinux, Conectiva, and SCO, will continue to be supported by SuSE without reservation. We fulfill all UnitedLinux commitments regarding our customers and partners, regardless of any actions that SCO undertakes, or any claims that they announce.
"We have asked SCO to release statements indicating specific infringements. SCO has still refused to do this. Furthermore, we have no indication that SCO has tried to directly inform us that SuSE Linux products contain unauthorized code.
"We use routine processes to thoroughly verify that we conform to all legal
requirements for all code released in our products, whether they are Open
Source or proprietary components."
SCO and Red Hat Stipulate to Extend Time to Answer
A check with the courthouse indicates that both sides have agreed to allow SCO more time to answer Red Hat's Complaint. The Answer was due yesterday, but they've agreed to extend the time. This is very normal in a court case. Unfortunately, Delaware doesn't seem to be offering digital copies of the documents, unlike Utah's courts. But the page lists the following:
"8/26/03 STIPULATION to extend time for dfts to respond to complaint; with proposed order (ft)"
SCO Site Down Today Again --
But They Say it Wasn't an Attack
Whatever happened over the weekend, today's outage definitely was not an attack, according to a SCO spokesman:
"The Web site of embattled software maker The SCO Group Inc. was inaccessible again on Tuesday, fueling reports of another denial of service attack. . . .
"The outage prompted Netcraft to declare that SCO was again the target of a DoS attack. However, the outage was actually due to preventative measures taken by SCO and its hosting service to mitigate the effects of future attacks, according to company spokesman Marc Modersitzki."
As usual, the press isn't quite correct. Here's what Netcraft actually has up on its news site now:
"The SCO site was up for a few hours during business hours in Utah, but has since failed again. Many news sites carried the story that Eric Raymond had spoken to a group responsible for a Distributed Denial of Service attack on the www.sco.com site and that they agreed to stop. However it appears that this may have been a hoax, or they subsequently changed their minds, or another person decided to continue the attack."
Or, the one guess they didn't think of, SCO did it themselves. It's good that at least Netcraft made it clear that they were only guessing.
SCO Sending Invoices
According to this report, SCO is mailing out invoices. If they actually use the mails this way, it raises a number of interesting issues in my mind, so I asked attorney Webster Knight what recourse a recipient might have. Obviously, he suggests you ask your own attorney with respects to any particular situation but he did think of something I hadn't, which isn't surprising, since he's a lawyer and I am not. He writes:
"What about the Linux purchasers of SCO Linux? Shouldn't that 'class' demand a refund? Since they purchased SCO Linux under the GPL, SCO can't now change the rules on them. Their remedy would be a complete refund OR SCO would have to reinstate the GPL . . . "
I also asked if it is possible to ask your state's Attorney General for protection, and his opinion is yes:
"The state AG's would tell SCO that the end users have acted in good faith. Leave them alone. SCO should only go after the vendors who are presumed to warrant the safety, license, validity etc of their product. The state can protect their consumers."
State law varies, so what is possible in one place isn't in another, but the state's attorney general will know. Whether RICO enters the picture is a complex question, one best left to your attorney or your attorney general. My understanding is that SCO has refused to tell callers that they need a license, referring that issue to the caller's attorney. If you rely on your attorney's advice and not SCO, they may be thinking this would shield them from accusations of fraud, etc. Obviously, I can't address that, but I can point it out as an issue. You might find the case I posted the other day where a RICO claim was brought of interest.
And so far, this is just a news story, and we all know how much that may be worth.
Harlan Wilkerson has also informed me that he has filed a complaint with the General Accounting Office's Fraudnet, and he also has asked his Senator to investigate SCO's actions. Here is a portion of what he sent to his Senator, Sam Brownback:
"Dear Senator Brownback,
"I am retired from the U.S. Air Force, and I am acquainted with some of
the details of this case from first hand knowledge. I am concerned that
The SCO Group's claims against the US Government are fraudulent.
"I 've read a number of recent news articles which stated that the Government would be asked to pay The SCO Group licensing fees for using the Linux computer operating system. The claims are based on allegations that Linux might contain some of the old AT&T Unix System VR4 source code that was purchased by The SCO Group. They claim these licensing fees have nothing to do with the outcome of their suits with IBM and RedHat Software. Their CEO also seems to tacitly admit that some source code from the US Government financed Berkeley Software Distributions is included in the proprietary Unix System V source code. He has made several statements like 'We are not talking about the BSD code'.
"I found this very interesting since the Regents of the State of California had a license to make derivatives of AT&T's Unix version 32V. Unix first became a popular operating system as a result of their Berkeley Software Distributions (BSD). The development work on these
Unix distributions was done by Berkeley's Computer Systems Research Group under a US government DARPA contract.
"A subsidiary of AT&T subsequently filed a lawsuit against the Regents Of California. The Regents had filed an amicus brief with the court in the case of USL v BSDI Inc. explaining that AT&T had invalidated their copyright on Unix 32V by distributing it for fourteen years without registration or any copyright notices, and further that they intentionally removed all copyright notices from each of the source
files prior to distribution. Under Title 17, section 405(a) Unix 32V would then be in a work in the public domain. The Regents also claimed that 50 percent of the files in Unix System VR4 were misappropriated from BSD 4.3 (developed by the State University under the DARPA
contract). Despite those facts The SCO Group seems to claim that their software products including their Unix System V derivatives Unixware and Open Unix were developed 'entirely at private expense' in accordance with the FAR 12.212. They recently registered an asset transfer that included copyrights for Unix System VR4 and 32V. Those registrations might have been invalid or fraudulently obtained.
"My concern is that the Government should have a fully paid-up perpetual license to use the DARPA-funded Berkeley Computer Systems Research Group work, and shouldn't pay licensing fees for any works in the public
"During a recent slide show, at The SCO Forum in Las Vegas, some of the so-called misappropriated Unix System V source code that SCO claims has
been improperly included in Linux was shown. Both examples were of very old code. One was from the Berkeley Packet Filter. Obviously the government shouldn't pay an additional Linux licensing fee in order to use this code. It was derived from development for hire by a California state entity working on a DARPA contract . It is available for anyone to use under one of the BSD licenses at no additional cost.
"Many of the Court documents from the USL v BSDI case have been posted at the Bell Labs web site of Mr. Dennis M. Ritchie the co-creator of the Unix operating system. http://cm.bell-labs.com/cm/cs/who/dmr/bsdi/bsdisuit.html
"My concerns fall into several areas:
"a. Should the government pay licensing fees for any of the code from Unix 32V? This code appears to be in the public domain. SCO's copyright application would appear to be invalid based on the facts and the law in Title 17 section 405a.
"b. Was AT&T Unix System VR4 comprised of as much as 50 percent source code misappropriated from the DARPA-funded Berkeley Software distributions and some of the public domain sources from 32V? How can
this be called, or qualify, as "software developed entirely at private expense" under FAR 12.212?
"c. Some of the code which SCO recently revealed as the basis for their
government Linux licensing claims is in fact derived from the DARPA-funded work done by Berkeley's Computer Systems Research Group, i.e. the Berkeley Packet Filter. Doesn't the government already have a fully paid-up perpetual license to use this code? If not, why is the same code available at no additional cost under a BSD license?
"d. The SCO Groups copyright registrations for Unix 32V may have been based on claims they knew were materially false. AT&T/Western Electric appears to have removed all of the copyright notices from the files prior to distribution. According to the testimony of the the witnesses
deposed in the USL v BSDI case: In at least some instances, like Unix System VR4, this may have been done in an attempt to conceal misappropriation.
"e. The settlement between the California Regents and AT&T is under court seal. Was DARPA notified of it's terms or that USL's UNIX System V contained source code funded under the Berkeley Computer Systems Research Group contracts? If not how can the US Government avoid paying licensing fees for code that it paid to have developed under a DARPA contract?
"The truth of these matters can and should be verified before any licensing fees are paid. None of The SCO group claims depend on the outcome of the pending court cases involving IBM or RedHat Software."
There is quite a bit more in the letter, but I thought this would be sufficient to highlight the issues he raises. While it may be too early to be certain about the code, it surely isn't too early to ask questions. Another reader, Thomas Downing, has sent me his letter to his state's attorney general, in this case Connecticut. This is what he wrote to Richard Blumenthal, CT's AG:
"Dear Mr. Blumenthal,
"I am writing to express my concern over the actions of The SCO Group, Inc. Certain of these actions may have significant negative effect on Connecticut individuals and businesses.
"In brief, in March of this year SCO filed a complaint against IBM (amended complaint filed June 16) in the US District Court for the District of Utah, alleging contract violations by IBM. In general SCO claims that IBM added intellectual property of SCO to the open source operating system Linux, in violation of the terms of various contracts to which SCO is the successor in interest. Since then IBM filed a counter claim in the same court (August 7), and Red Hat Inc., a Linux vendor has filed for declaratory judgment and injunctive relief in the US District Court for the District of Delaware.
"My concern arises from actions taken by SCO since these filings. SCO has shifted their focus from IBM to all users of Linux, claiming that as Linux contains unlicensed intellectual property of SCO, all such users must pay SCO for a license to use Linux. They have further stated that they will vigorously pursue such users, and prosecute them should they not buy this license.
"The problem is that the claims that SCO has put forward are generally held to have little, if any merit by expert technical and legal opinion. If this is true, then SCO demanding license fees from users of Linux is questionable at best. Further, if one reads the public statements of SCO executive and SCO press releases on this matter, one sees that SCO has adopted a deliberately and unnecessarily threatening stance.
"One responsibility of a party seeking redress in such matters is to mitigate. This SCO has consistently refused to do. The developers of Linux have been unanimous in their request that SCO tell them what parts of Linux are infringing upon SCO IP, so that they may remove it. SCO has stated that they will not reveal this information. In this light, the demand for license fees from Linux users borders on the extortionate.
"I believe that it is appropriate for the Office of the Attorney General to make an initial assessment of this situation, with a view to possible further investigation. There are many users of Linux in our state, they use Linux because of the many benefits it confers. All these are under threat by SCO. Private users, charitable institutions, churches and schools may use it by reason of it's cost [^] it is free. SCO wants all such users to pay them $200 for every desktop, and $700 or more for every server. This price will last till only October 15, after which the prices will approximately double. If they do not pay, SCO promises to sue them for damages.
"Corporations choose Linux for technical reasons, not primarily for cost. SCO's actions include a challenge to the GNU General Public License, the terms under which Linux is distributed and developed. Besides the financial burden SCO's licensing would place on small business, SCO would also destroy the mechanism that was fundamental to Linux realizing the technical superiority which caused it's adoption.
"In conclusion, I feel that the actions of SCO are unjustified and unwarranted, and if allowed to continue unchecked, will cause material harm to private and corporate citizens of our state. I have presented here only the briefest summary; as with any such controversy there are many factors and issues bearing on one's ultimate conclusions [^] but any study, even brief will tend to support my position.
"Should your office make such assessment as I have asked, I urge you not to stop with media pundits, but consult expert and informed opinion. To this end, I have attached a list of resources that that can serve as jumping off points for further research.
"Please feel free to contact me at any time. Also please note that I am writing as a private citizen of Connecticut, not as an agent of my employer.
"Thank you for your consideration of my letter."
So there you have it. A lot is going on. I'm not ignoring the "attack" news, but I won't report anything as fact until something a bit more solid as far as evidence is presented. We've criticized the mainstream press for reporting as fact something someone merely asserts. There can be no double standard.