The folks at Open Source Risk Management have, for some time now, been
working on indemnification insurance for free software. The idea behind
this offering is that businesses which are worried about an SCO-style lawsuit
can purchase insurance turning that risk into a regular, predictable
business expense. This sort of service may well turn out to be a hard
sell, however; SCO's experience seems unlikely to inspire many copycat
acts. The risk of successful, copyright-based legal attacks against free
software currently seems to be quite low.
Patents may yet prove to be a
different story, though.
Meanwhile, OSRM, in conjunction with Kiln plc and Miller Insurance
Services, has come
up with a new idea: sell insurance to companies which fear GPL
Open Source Compliance Insurance will initially offer cover of up
to $10 million for direct loss suffered by the insured following a
finding of non-compliance with specific license agreements under
which open source code is obtainable. The insurance will indemnify
the insured for the loss of profits associated with the withdrawal
or alteration of a product incorporating non-compliant code or the
impaired valuation of an acquisition agreement exchanging open
source software. In certain circumstances the policy would pay the
costs to mitigate such losses including the expense of repair or
replacement of code that is found to infringe upon the General
Public License (GPL) or other Open Source licenses.
This is, in other words, a 180-degree change from the previous OSRM
offering. The previously-offered indemnification policies addressed concerns that free
software could be infringing on copyrights through the inclusion of
proprietary code. Now, instead, we have insurance to benefit those who
might just infringe the copyrights associated with free software. This
situation is, certainly, more likely to come about; here's another quote
from the press release:
Worldwide, more than thirty legal claims involving infringement of
open source licenses have been brought against corporations in the
last two years. In each case, plaintiffs have prevailed in
enforcing their rights to restrict the use of their code.
This statement, certainly, is a strong statement in favor of the
enforceability of free software licenses.
One might argue that this sort of insurance policy presents a moral
hazard. A company which hopes to ignore the requirements of the GPL could
ship a product without source, secure in the knowledge that, if somebody
calls them on it, they can fall back on the insurance policy to mitigate
their losses. The plan's fine print must certainly have language excluding
deliberate acts of noncompliance, but proving that a specific infringement
was willful could be a challenge.
Others might say that there should be no inadvertent infringement of the
GPL; any such infringement constitutes, at best, an extreme lack of due
diligence. Consider, however, the much-publicized cases where various
wireless routers have used GPL code in noncompliant ways. In these cases,
the final vendor - the one whose name is on the product - often has little
knowledge of what software was used by
the obscure, far-eastern supplier who actually made the product. As more
GPL rulings are handed down, it seems likely that resellers will start
asking more questions of their suppliers, but surprises still seem
possible. This particular risk - being betrayed by a supplier - seems like
a legitimate thing to insure against.
So OSRM and its partners might just find a market for this particular
offering. If, in the process, they make businesses feel more comfortable
about using free software in their products - and, perhaps, even helping
with the further development of that software - it should be a good thing
for the free software community as a whole.
to post comments)