OSRM's patent study

Open Source Risk Management has been in the limelight for a while as a result of its Linux insurance policies. This group has, just in time for LinuxWorld, issued a press release on software patents and the Linux kernel. The PR describes a survey performed by Dan Ravicher; it contains both good and bad news. The good news is that Mr. Ravicher performed a study of all U.S. software patents which had actually been litigated, and concluded that the Linux kernel infringes none of them. On the other hand, 283 patents were found which have not seen a day in court, but which could, perhaps, be used to make claims against Linux.

It will, doubtless, come as a great surprise that OSRM is now gearing up to sell insurance policies to Linux users who fear patent infringement suits. A mere $150,000 per year buys $5 million in coverage.

There are certainly good things to be said about what OSRM is doing. Insurance against patent suits may give some large users the confidence they need to go forward with Linux development and deployment. The insurance pool could be used to aggressively challenge the validity of patents which are brought to bear against Linux - if the insurers choose to take that approach. The invalidation of a couple of patents could be a powerful deterrent for any other litigious patent holder who has thoughts of going up against the Linux community.

A white paper (PDF format) published by OSRM suggests that invalidation of patents is not the only, or even first approach that OSRM will take. An alternative which is discussed there is obtaining a license for the patent which applies to GPL-licensed software. This license might even be purchased:

The interesting fact here, of course, is that the GPL would make it very hard for OSRM to solve a patent problem only for its policy holders. If patent holders decide to target those users who are insured by OSRM (because that's where the money is), the entire community could benefit from the settlements. But OSRM could find itself in a situation where everybody waits for somebody else to buy the insurance and be the target.

The OSRM white paper also talks about rewriting code to sidestep patent suits. But, says OSRM:

One can only hope that they think very carefully before going out and issuing "recommendations" to the kernel development community.

OSRM describes itself as "vendor-neutral" more than once in its PR. But that is not entirely true: OSRM is a vendor of insurance products that, by some strange coincidence, address just the threat that the PR describes. Just to be sure you don't miss the point, the PR also discusses the multi-million dollar cost of defending a patent suit in court. This work may not be FUD in the normal sense, but it cannot be denied that OSRM's press release does seek to inspire a certain amount of fear, uncertainty, and doubt in Linux users.

OSRM is not without a potential conflict of interest here. A long list of scary patents can only help to sell OSRM's products, so its researchers have every incentive to be as inclusive as possible. The list itself is not directly available to the public. Interested parties can apparently get it, but only after being warned about exposure for triple damages for "willful" infringement. That is a risk that many will choose to avoid, so most of us will have to trust Mr. Ravicher when he says 283 problematic patents exist. Then again, many people see that number as implausibly small, given the large number of bogus software patents in the U.S.

The PR claims that "OSRM is active in promoting systematic patent policy reforms to address the issue at its roots, patent policies themselves," but is not particularly forthcoming on what form that activity takes. So we asked:

Here is another statement from the PR:

Who wouldn't like to become part of the "everyday cost of doing business" with Linux? OSRM only stands a chance of collecting its piece of that "everyday cost" as long as Linux users and developers see patent suits as a threat. That should be kept in mind when pondering the company's motivations and actions. The community is little served by headlines throughout the mainstream media that Linux violates almost 300 patents, but an insurance business may well benefit.

So is OSRM guilty of spreading FUD? They say not:

OSRM also pointed out to us that it can only be successful as long as free software is successful. Since fewer users means fewer customers for OSRM, the company has no interest in scaring people away. People in the free software community have been warning about patent threats for years; all OSRM has done is to try to quantify the risk.

It is worth noting that OSRM's patent insurance will be restricted to the kernel. The kernel, however, is a very small part of any deployed Linux system, and litigious software patent holders will certainly not restrict themselves to that one piece. Purchasers of OSRM's patent insurance will not have decreased their exposure by much.

And that exposure does exist. There is no doubt that Linux will be the target of a high-profile patent suit sooner or later. We (and many, many others) have been saying that for a very long time, to the point that many people may not believe it anymore. The SCO case has shown the world just how strongly the community will fight back when it is attacked, and how good the community is at digging up interesting history - such as prior art. The prospect of going up against the community may well deter a number of casual patent shakedowns. Even so, somebody will eventually give in to the perceived promise of easy money (or, perhaps, the salvation of a failing business) and go on the attack. It is just a matter of time.

Anything we can do to prepare ourselves for that day is good. Insurance policies are almost certainly a useful part of that preparation, and it is good that companies like OSRM are stepping up to provide those policies. But we should not forget that OSRM's interests are not precisely aligned with those of the community; if software patents went away, so would that part of OSRM's insurance business. A company like OSRM must walk a fine line; let us hope that they continue to stay on it.

---

to post comments

OSRM's patent study

Posted Aug 5, 2004 4:54 UTC (Thu) by BrucePerens (guest, #2510) [Link] (8 responses)

Jon,

My first article on the patent problem was published at LinuxWorld.com in 1996. This is hardly a new message, but it's been total hell getting the industry to take it seriously enough for them to work on reform. Today's announcement from IBM that they wouldn't assert their own patents against the kernel was a direct result of my work on this issue and I will keep pushing. Note that IBM has not yet made any similar promise regarding anything but the kernel, and we have nothing similar from HP or others yet, and of course we need much more than just assurances from our friends, so pushing is necessary.

Regarding OSRM's activities to reform the patent system: so far, under OSRM sponsorship, I have done two press tours. One in NY talking with NY Times, Wall St. Journal, Forbes, etc. about the patent problem, one in DC talking with policy organizations like Cato Institute, Center for Democracy and Technology, etc. I got to set the agenda, nothing was dictated to me by OSRM. OSRM put a very effective PR firm at my disposal which has a policy arm in D.C. that deals with folks like Cato and a conventional publicity arm that gets me in to see the gentlemen from the Times. OSRM paid all the bills, many thousands of dollars for just these two press tours so far.

The program I chose to deliver was about how Open Source works economicaly, how it is actually beneficial to the economy, and why Software Patents are a very serious problem. I got Cato, CDT, and other conservative organizations to buy my economic argument! I will publish it soon. It's important because evidence about economic benefit will help legislators understand that it's important to support us. And we walked through the software patent problems, which they also understood. I have been doing more similar work at LinuxWorld Expo, and will keep at this.

My position on OSRM's board allows me to keep OSRM honest and conformant to our community's ethos. Daniel Ravicher is a pro-bono attorney for the Free Software Foundation, working with Eben Moglen, and has put in many hundreds of hours of legal work for Free Software. And you know PJ. We are making sure that OSRM is a benefit to the community rather than detriment.

OSRM will aggregate the risk of high-risk companies (those big enough to be lawsuit targets but not big enough to be able to squash an upstart, not unlike Autozone in character). This will be used to support a legal team to defend Open Source, which will not be tied to a hardware or software vendor. So this isn't like the HP-offered indemnity that applies only to the stuff you get from HP and only when you don't modify a single line. The very existence of OSRM will dissuade some who would otherwise be bringing nuisance suits, because they will know that we'll defend vigorously while individual companies would be much more likely to settle.

The industry is astonishingly complacent about the software patent problem. Hopefully the events of the past few weeks, including the entirely unrelated city of Munich announcement in which the conclusions about patents reading on Linux are not unlike those of OSRM, will get them awake and get us on the road to solving the problem.

Thanks

Bruce

OSRM's patent study

Posted Aug 5, 2004 10:39 UTC (Thu) by james (guest, #1325) [Link]

I'm very glad to hear that you're managing to get corporate and governmental America to listen to you. Thank you very much for all your hard work.

James.

OSRM's patent study

Posted Aug 5, 2004 13:07 UTC (Thu) by rjw (guest, #10415) [Link] (1 responses)

What non law changing measures could be taken to counter a bit of the patent threat?

An assurance from IBM or HP that they will immediately enforce all their patents against any company suing a free software project for patent infringement was the best I could come up with. This only really helps against mid sized enemies - MS would probably feel they could weather it if they felt they were fighting a death battle (but it might discourage them), and "Pure IP" scumbags remain productless.... so it probably would not really help against the likely culprits.

Other than that PubPat is about the only thing that seems any good.

We really need the law changed....

OSRM's patent study

Posted Aug 5, 2004 15:49 UTC (Thu) by BrucePerens (guest, #2510) [Link]

The biggest problem with having IBM or HP enforce patents against whoever goes after us is that they may be cross-licensed with the bad guy, which would make them ineffective in that case. If the bad guy is Microsoft, that' s the case.

HP also has some sort of non-agression agreement with MS which they made up once I left HP. The director of Revolution OS told me that he had to change the DVD jacket photos due to that agreement! He removed a windows logo in a slashed circle from the DVD that HP sponsors. If you have a new and old copy of the disc you can see what changed. No doubt the terms of the non-agression agreement apply to more than DVD jackets.

We must keep in mind that MS is a valued business partner of our biggest friends.

They can help us somewhat, but they won't necessarily blow their Windows partnership while Linux is in legal trouble.

Bruce

OSRM's patent study

Posted Aug 5, 2004 13:31 UTC (Thu) by jabby (guest, #2648) [Link]

Thank you, Bruce!

Thank you for clearing up the picture on OSRM and for all of your work behind the scenes. We really appreciate it.

I met with OSAIA (http://osaia.org/) in D.C. this year after they had just made their first official announcement (defending us after SCO sent letters to Congress). They were just getting themselves pulled together then. Since then they've apparently limited themselves to praising certain policies and legislation. I hope that this organization can find its niche so we have complementary and not redundant efforts. Are you working with them at all?

Jason

OSRM's patent study

Posted Aug 5, 2004 15:49 UTC (Thu) by coriordan (guest, #7544) [Link] (2 responses)

I'm not convinced of OSRM's net benefit to the fs community. (But I'm open to convincing.)

Patent litigation insurance creates bounties for patent holders to attack fs companies, and it may increase the cost of starting up a company since "due diligence" for investors may require companies to purchase OSRM's product.

I know the money from such purchases will fund PR campaigns for people like yourself, but that comes at a cost to many others. (kinda like a forced donation where the donor doesn't choose the recipient and the taxman gets his share.)

Most fs distributors are non-commercial or low budget, so the only incentive to attack us with patents was to prevent competition (this motivates monopolies), but the introduction of insurance adds a financial incentive to attack us (this motivates parasitic IP law firms).

I'm holding back on my criticism a little since the board has yourself, Ravicher, and PJ. Am I missing something?

OSRM's patent study

Posted Aug 5, 2004 15:57 UTC (Thu) by BrucePerens (guest, #2510) [Link] (1 responses)

I think the main thing you are missing is that insurance companies do not increase the risk of the people they insure. If you sue an Autozone-like company and they have OSRM insurance, the suit is still against the Autozone-like company and you still collect from them. Then they get reimbursed by OSRM. You can sue them whether or not they are insured, it is probably going to be easier to collect if they are not insured because they may settle. OSRM has an incentive to help their customer win the case rather than see the plaintiff collect from all of the other OSRM customers. So, people who might have brought a suit may be dissuaded because OSRM is there.

The insurance is for firms with pockets deep enough to be picked by patent holders. Please don't shoot the messenger for reporting that there is a patent problem, we aren't the only folks doing that and the problem is unfortunately very real.

Bruce

OSRM's patent study

Posted Aug 5, 2004 16:09 UTC (Thu) by coriordan (guest, #7544) [Link]

> > Am I missing something?
>
> the suit is still against the Autozone-like company and you still collect from them

Aha. I was missing that bit. Thanks & good luck.

Sleeping with the enemy

Posted Aug 12, 2004 9:42 UTC (Thu) by xoddam (subscriber, #2322) [Link]

> OSRM paid all the bills, many thousands of dollars for just these two
> press tours so far.

> ... I got Cato, CDT, and other conservative organizations to buy
> my economic argument!

Cato wasn't buying, it was selling.

You've paid good money for the qualified good opinion of a bunch of think
tanks. Rest assured that Microsoft, RIAA, MPAA and the rest of the
Intellectual Property lobby will be happy to pay far, far more.

<rant>
Getting into bed with the likes of the Cato Institute is morally dubious.

Remember that these are the people who defend the privilege of today's
private elite, by insisting that there's nothing wrong with the world as
it is, except for do-gooders trying to meddle with it. They say we'll
never run out of oil (because one day it will be too expensive to extract
any more) -- supporting existing oil cartels (except of course for the
evil OPEC). They oppose affirmative action (insisting that existing
structural biases are either nonexistent or justifiable) -- thus
supporting the privileged access to education and employment of the
children of the beneficiaries of past oppression. They oppose media
diversity legislation (on the ground that people can read whatever they
choose, if only they know where to look) -- and thus ensure the continued
ability of News Corporation, Disney and AOLTimeWarner to spoon-feed the
vast majority of the populace.

It's such a simple technique that they can afford to be totally
consistent about it. Defending the status quo from misguided [insert
whichever agency of public policy threatens your valuable customer here]
will always be convincing to people in a somewhat similar position
themselves. Now that Free Software is a major contributor to (eg. IBM's)
private wealth, perhaps it has become worthy of being defended from the
threat of the Patent Office -- but don't underestimate the buying power
of the IP lobby.

Better to leave such think tanks to their own kind and let Eric Raymond
talk to them.
</rant>

OSRM's patent study

Posted Aug 5, 2004 7:05 UTC (Thu) by Xman (guest, #10620) [Link] (2 responses)

$150,000/year for $5 million in coverage... That suggests a chance of being sued in any given year of 1 in 50 (maybe 1 in 100 if you have a massive margin). It also assumes that such a suit will cost you >= $5 million to take care of (if the average cost was only $2.5 million it'd be just 1 in 25 odds). That seems more than a little bit pessimistic if you ask me. I would love to see how their actuarials came up with those numbers. Think about how many companies use Linux, and for how many years. Think of how many of those companies have been the target of patent suits involving the Linux kernel. Okay, now make a buying decision. ;-)

OSRM's patent study

Posted Aug 5, 2004 8:37 UTC (Thu) by pkolloch (subscriber, #21709) [Link]

Well, I am no insurance expert at all. Yet, I think the main idea her is to pool money from different customers to defend the same patent violations. Thus there are synergies and you cannot directly convert this into the assumed probabilities.

OSRM's patent study

Posted Aug 5, 2004 16:02 UTC (Thu) by BrucePerens (guest, #2510) [Link]

OSRM expects to make money on the coverage. It also has expenses like employing attorneys and buying reinsurance. So, your financial analysis is simplistic.

This initial policy is just that - the first one. We are building up a risk analysis process that today is only valid for the kernel, and we don't have lawsuit history to go on right now although we know one can happen.

The companies that will buy this policy are the ones interested in putting the attorney team together.

Bruce