This Penguin May Bite
Linux's Counterattack Against SCO

By ANUPAM CHANDER
Thursday, Nov. 13, 2003

Is everyone who uses the popular, cost-free "open source" computer operating system Linux a thief? A small computer software company called SCO believes so.

Since March, SCO has claimed that Linux is an "unauthorized derivative" of UNIX -- another operating system. Moreover, SCO also claims it owns the relevant versions of UNIX. Thus, it urges, Linux users must either pay up, since they are using a product that incorporates SCO-owned code, or else SCO "may consider litigation against them."

Put another way, though for years it has been gospel that Linux is free to all, SCO insists it is proprietary, and is threatening to extract royalties from users. And worse, this may not be an idle threat. In March, SCO sued IBM, alleging that IBM had violated its contracts with SCO by working to further develop Linux. (I discussed the suit in a prior column for this site.)

So is Linux (whose mascot is a penguin) now an endangered species? I don't think so. IBM and a leading Linux company named Red Hat are fighting back with lawsuits of their own.

We should welcome this, because it is in the public interest that Linux remain free. Increasingly, governments and companies are adopting Linux as the operating system on personal computers. (The city of Munich, Germany is one example.)

Moreover, Linux is already popular among the computers that power the Internet; it represents a significant share of the market for computer servers. If running these servers requires paying SCO royalties, then cyberspace will suddenly become a lot more costly.

But, to protect the government and the Internet's ability to rely on Linux, it's not enough that SCO's claims -- and the claims of IBM and Red Hat -- be fought out in court.

Instead, it's time for U.S. authorities to intervene to force SCO to disclose the basis for its claim to own Linux -- so we can all see if that claim is bogus (as seems very likely) or legitimate.

SCO's Demands and Their Results

To begin, what does SCO want, what has it claimed, and what has the result been so far?

According to its website, it wants $199 from every user who uses Linux as the operating system on his or her personal computer. Worse, it wants thousands of dollars from anyone using Linux the way it is widely used: as an operating system to run a computer server, to which numerous computers are connected.

To make its threat plain, SCO sent letters to 1,500 of the world's largest companies, suggesting that they face liability. Then, as noted above (and explained in my earlier column), SCO filed a breach of contract suit against IBM.

Interestingly, however, SCO never filed suit against IBM for copyright infringement. Nor has it ever set out in public what parts of the Linux code it believes violates its rights.

Threatening litigation -- even in light of this lack of specificity -- was financially helpful to SCO, producing significant licensing revenue. After five years of producing nothing but losses, it finally had a profitable quarter earlier this year.

Through the first half of this year, SCO reports, this licensing initiative has resulted in revenue of $15 million. Meanwhile, SCO's share price has climbed from a low of $1 in February to about $14 today.

How could SCO make money without even saying what part of the Linux code infringes its copyrights? Simple. Companies are finding it easier to pay off SCO than to litigate the issue: Why not pay mere thousands to avoid liability that SCO is claiming would be in the millions -- as well as costly attorney's fees? It's a cost-benefit decision. It's likely to be cheaper to pay SCO to go away than it is to pay lawyers to examine whether SCO's claim is meritorious.

And not suing on its copyright claims is crucial to SCO's business: if it sues and loses, it will never be able to collect any royalty payments from anyone ever again.

If no one challenges SCO's claims, then SCO will inevitably move from demanding royalties from the world's largest corporations on to mid-sized corporations. And so on.

But two companies, both with large stakes in the matter, have decided to fight back.

How IBM and Red Hat Have Fought Back Against SCO

IBM, which has invested more than a billion dollars into Linux, has filed its own lawsuit against SCO. IBM alleges that SCO is engaged in unfair competition and deceptive trade practices; is breaching IBM's copyrights and patents; and is interfering with IBM's prospective business opportunities.

And recently, Red Hat, a North Carolina company that is a leading distributor of Linux, also sued SCO, alleging that it is engaged in false advertising and deceptive trade practices; and interfering with SCO's prospective business opportunities.

Both IBM and Red Hat want court orders directing SCO to stop its public campaign of claiming ownership in Linux. Both also want SCO to pay for the damages they have suffered because of SCO's campaign against Linux.

SCO has responded to Red Hat's claims by arguing that there is no "actual controversy" requiring judicial resolution, because it never threatened to sue Red Hat specifically (Red Hat disputes this).

But this is an odd argument. It suggests that as long as SCO never specifically identifies any particular target of its suit, then it can continue to threaten everyone.

Put another way, if SCO is correct, then no one could seek a declaration from a court to stop such a campaign of generalized threats, no matter how much damage such a campaign might do to thriving businesses. That cannot be right.

U.S. Legislators Should Demand that SCO Reveal the Basis for Its Claim

Authorities worldwide have responded to SCO's threats by asking SCO to substantiate its claims. The Australian consumer authorities have sought clarification of SCO's claims. In Germany, SCO has been fined 10,000 Euros for violating temporary orders to cease disparaging Linux.

Authorities in the U.S. should also crack down on SCO, asked it to substantiate its claims to own Linux. Otherwise, SCO may just keep on threatening to sue, and its targets may keep on settling, simply because settling is an order of magnitude cheaper than defending a lawsuit. It can continue to threaten companies while the litigation proceeds.

The Federal Trade Commission has the authority to call SCO to account for its claims. State attorneys general, who are charged with protecting against deceptive trade practices, might inquire into SCO's claims. New York Attorney General Eliot Spitzer, fresh from his campaign to improve the honesty of the securities markets, might lead such an inquiry. Bill Lockyer of California (home to Silicon Valley) and Roy Cooper of North Carolina (home to Red Hat) might also lead an investigation. And in examining these claims, the FTC and attorneys general should draw upon the community of programmers worldwide, who offer an amazing brain trust of public interested experts.

SCO claims its silence is based on confidentiality agreements. But that's unpersuasive. The Linux code -- which, again, is free and "open source" -- is about as public as humanly possible. Pointing out the allegedly offending lines in Linux -- so that their actual source, public or proprietary, can be discerned -- should not violate such agreements. How can it violate confidentiality to "reveal" portions of open-source Linux?

SCO's threats to sue are no longer just private disputes. They have become a matter of intense public interest. They threaten the ability of any and all of us to have access to a free, open source operating system. They threaten the very servers that support the Internet, and the computer systems that support governments and companies. It's time to make SCO show its cards, or fold its hand.


A graduate of Yale Law School and Harvard College, Anupam Chander is Visiting Professor at Cornell Law School and Professor of Law at the University of California, Davis, School of Law. Chander refers readers interested in following the SCO saga to Pamela Jones's weblog, GrokLaw, www.groklaw.net.

Ads by FindLaw