DÜSSELDORF, GERMANY -- German has opened the doors wide open to open source software, with the federal government leading
the charge. But users here could face some serious legal issues, according to Gerald Spindler, a professor of law at the Georg-August
University in Göttingen.
Spindler was asked by the German software association Verband der Softwareindustrie Deutschland e.V. (VSI) to examine the
legal implications of open source software. His 123-page, highly-detailed study comes to several conclusions that could make
many existing and potential users of open source software think twice about running the increasingly popular "free" software
on their computers. Among them: The General Public License has no legal validity in Germany.
It's worth noting that VSI is a lobby group for closed source software vendors and that any report from this camp is likely
to be critical of open source.
However, Spindler, a well-known authority on legal issues concerning e-commerce, the Internet, and telecommunication, and
vice chairman of the German Society of Law and Information Science, claims no association with VSI in the way of past or present
employment or sponsorship.
His study, "Rechtsfragen der Open Source Software," is currently available in German at: http://www.vsi.de/inhalte/aktuell/studie_final_safe.pdf.
Spindler can be reached at: lehrstuhl.spindler@jura.uni-goettingen.de
--------------------------------------------
IDGNS: Your study has raised some eyebrows in the open source community. Why so?
Spindler: Regarding such legal principles as liability and warranty, the GPL clauses have absolutely no legal validity. Under
the license, developers and distributors of open software are not liable for any problems with their products. The GPL avoids
any wording that could imply liability. Such a license is simply unenforceable under German, or even European Union law for
that matter.
IDGNS: Your study points to potential risks facing a number of groups involved in the open source value chain: developers,
software companies and users. So, really, just about everyone who comes into contact with open source software in one way
or other should be careful, right?
Spindler: Not everyone -- for instance, users who don't modify the software or distribute it. However, in the software developer
community, liability is an unresolved issue. Consider developers working on a program from different countries. The legal
question is: What sort of company is this? Is each participant liable or the group as a whole? Or consider a project in which
one developer starts writing code and then hands over that code to another who continues writing and hands over to yet another.
In this successive approach to code writing, is the author responsible only for the code he or she wrote or for all code in
the final software product? The answer may differ in each jurisdiction.
IDGNS: And what about software companies developing products based on open source code?
Spindler: This is also unresolved. If, for instance, a company uses open source code to develop a product of its own, there
is legal uncertainty as to what extent the GPL covers the new product. The separation of software that relies on open source
code from software that "stands alone" is tricky. Just think of application software, such as an office system, written for
a Linux system. The office application can't run without the underlying open source code provided by Linux.
In addition, employers are in a tricky legal situation when their employees write open source software. In effect, they are
paying people to write software that must be available for free, as required by the license. This is a latent contradiction.
If you consider the employee as the author, he is obliged under the GPL to offer the source code for free.
All these points are unclear and highly controversial in the GPL.
IDGNS: Some companies, like SuSE Linux AG, have built their entire business model on the development, distribution and support
of open source software, particularly the Linux operating system. Are they at risk?
Spindler: SuSE and other companies dealing with open source software separate the software, which they must provide for free
as part of the license, from the services they offer for a fee, such as the CD containing the software, user manuals, patches
and hotline support. There is some uncertainty in the open source community as to how much companies can charge for commercial
services linked to a free product. And there is, again, a liability issue. SuSE and other open source software companies say
they aren't liable for any problems with open source software. But why can't distributors and dealers be made liable?
For example, under the European Union product liability directive, even the dealer may be held liable for product defects.
Moreover, it remains an open question as to whether distributors can really split up the sale into a part containing the software
and another part containing the CD and the support.
IDGNS: As users, both the public and private sectors in Germany have shown substantial interest in open source. The federal
government, in particular, is a driving force in the country. Should these groups be concerned about the risks of using a
product for whom no one is liable?
Spindler: I would certainly think so. But if governments and enterprises choose to ignore these risks, that's their decision.
The legal situation in Germany today is risky: Assuming the GPL is valid, users of open source software have no one they can
sue for problems with the software.
IDGNS: Why so much talk about liability now? Open source software has been around for a while.
Spindler: Open source hasn't been discussed in the legal camp for long. The debate that has unfolded over the past 18 months
or so is a relatively short time in the legal community. Moreover, the open source license is a new concept that doesn't fit
totally into Germany's traditional legal framework. So new approaches and solutions have to be sought.
IDGNS: And what are your suggestions to overcome the liability issues associated with open source in Germany.
Spindler: First of all, the GPL must be written in German and take into account both German and EU law. This isn't the case
today. Second of all, and most importantly, the liability clause has to be replaced or adapted. This is definitely in the
interest of users, open source developers and competition.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
