GPL may be unenforceable under German law

Study concludes liability of software developer community is unresolved issue

DÜSSELDORF, GERMANY -- German has opened the doors wide open to open source software, with the federal government leading the charge. But users here could face some serious legal issues, according to Gerald Spindler, a professor of law at the Georg-August University in Göttingen.

Spindler was asked by the German software association Verband der Softwareindustrie Deutschland e.V. (VSI) to examine the legal implications of open source software. His 123-page, highly-detailed study comes to several conclusions that could make many existing and potential users of open source software think twice about running the increasingly popular "free" software on their computers. Among them: The General Public License has no legal validity in Germany.

It's worth noting that VSI is a lobby group for closed source software vendors and that any report from this camp is likely to be critical of open source.

However, Spindler, a well-known authority on legal issues concerning e-commerce, the Internet, and telecommunication, and vice chairman of the German Society of Law and Information Science, claims no association with VSI in the way of past or present employment or sponsorship.

His study, "Rechtsfragen der Open Source Software," is currently available in German at: http://www.vsi.de/inhalte/aktuell/studie_final_safe.pdf. Spindler can be reached at: lehrstuhl.spindler@jura.uni-goettingen.de

--------------------------------------------

IDGNS: Your study has raised some eyebrows in the open source community. Why so?

Spindler: Regarding such legal principles as liability and warranty, the GPL clauses have absolutely no legal validity. Under the license, developers and distributors of open software are not liable for any problems with their products. The GPL avoids any wording that could imply liability. Such a license is simply unenforceable under German, or even European Union law for that matter.

IDGNS: Your study points to potential risks facing a number of groups involved in the open source value chain: developers, software companies and users. So, really, just about everyone who comes into contact with open source software in one way or other should be careful, right?

Spindler: Not everyone -- for instance, users who don't modify the software or distribute it. However, in the software developer community, liability is an unresolved issue. Consider developers working on a program from different countries. The legal question is: What sort of company is this? Is each participant liable or the group as a whole? Or consider a project in which one developer starts writing code and then hands over that code to another who continues writing and hands over to yet another. In this successive approach to code writing, is the author responsible only for the code he or she wrote or for all code in the final software product? The answer may differ in each jurisdiction.

IDGNS: And what about software companies developing products based on open source code?

Spindler: This is also unresolved. If, for instance, a company uses open source code to develop a product of its own, there is legal uncertainty as to what extent the GPL covers the new product. The separation of software that relies on open source code from software that "stands alone" is tricky. Just think of application software, such as an office system, written for a Linux system. The office application can't run without the underlying open source code provided by Linux.

In addition, employers are in a tricky legal situation when their employees write open source software. In effect, they are paying people to write software that must be available for free, as required by the license. This is a latent contradiction. If you consider the employee as the author, he is obliged under the GPL to offer the source code for free.

All these points are unclear and highly controversial in the GPL.

IDGNS: Some companies, like SuSE Linux AG, have built their entire business model on the development, distribution and support of open source software, particularly the Linux operating system. Are they at risk?

Spindler: SuSE and other companies dealing with open source software separate the software, which they must provide for free as part of the license, from the services they offer for a fee, such as the CD containing the software, user manuals, patches and hotline support. There is some uncertainty in the open source community as to how much companies can charge for commercial services linked to a free product. And there is, again, a liability issue. SuSE and other open source software companies say they aren't liable for any problems with open source software. But why can't distributors and dealers be made liable?

For example, under the European Union product liability directive, even the dealer may be held liable for product defects. Moreover, it remains an open question as to whether distributors can really split up the sale into a part containing the software and another part containing the CD and the support.

IDGNS: As users, both the public and private sectors in Germany have shown substantial interest in open source. The federal government, in particular, is a driving force in the country. Should these groups be concerned about the risks of using a product for whom no one is liable?

Spindler: I would certainly think so. But if governments and enterprises choose to ignore these risks, that's their decision. The legal situation in Germany today is risky: Assuming the GPL is valid, users of open source software have no one they can sue for problems with the software.

IDGNS: Why so much talk about liability now? Open source software has been around for a while.

Spindler: Open source hasn't been discussed in the legal camp for long. The debate that has unfolded over the past 18 months or so is a relatively short time in the legal community. Moreover, the open source license is a new concept that doesn't fit totally into Germany's traditional legal framework. So new approaches and solutions have to be sought.

IDGNS: And what are your suggestions to overcome the liability issues associated with open source in Germany.

Spindler: First of all, the GPL must be written in German and take into account both German and EU law. This isn't the case today. Second of all, and most importantly, the liability clause has to be replaced or adapted. This is definitely in the interest of users, open source developers and competition.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies