GPL may be unenforceable under German law

DÜSSELDORF, GERMANY -- German has opened the doors wide open to open source software, with the federal government leading the charge. But users here could face some serious legal issues, according to Gerald Spindler, a professor of law at the Georg-August University in Göttingen.

Spindler was asked by the German software association Verband der Softwareindustrie Deutschland e.V. (VSI) to examine the legal implications of open source software. His 123-page, highly-detailed study comes to several conclusions that could make many existing and potential users of open source software think twice about running the increasingly popular "free" software on their computers. Among them: The General Public License has no legal validity in Germany.

It's worth noting that VSI is a lobby group for closed source software vendors and that any report from this camp is likely to be critical of open source.

However, Spindler, a well-known authority on legal issues concerning e-commerce, the Internet, and telecommunication, and vice chairman of the German Society of Law and Information Science, claims no association with VSI in the way of past or present employment or sponsorship.

His study, "Rechtsfragen der Open Source Software," is currently available in German at: http://www.vsi.de/inhalte/aktuell/studie_final_safe.pdf. Spindler can be reached at: lehrstuhl.spindler@jura.uni-goettingen.de

--------------------------------------------

IDGNS: Your study has raised some eyebrows in the open source community. Why so?

Spindler: Regarding such legal principles as liability and warranty, the GPL clauses have absolutely no legal validity. Under the license, developers and distributors of open software are not liable for any problems with their products. The GPL avoids any wording that could imply liability. Such a license is simply unenforceable under German, or even European Union law for that matter.

IDGNS: Your study points to potential risks facing a number of groups involved in the open source value chain: developers, software companies and users. So, really, just about everyone who comes into contact with open source software in one way or other should be careful, right?

Spindler: Not everyone -- for instance, users who don't modify the software or distribute it. However, in the software developer community, liability is an unresolved issue. Consider developers working on a program from different countries. The legal question is: What sort of company is this? Is each participant liable or the group as a whole? Or consider a project in which one developer starts writing code and then hands over that code to another who continues writing and hands over to yet another. In this successive approach to code writing, is the author responsible only for the code he or she wrote or for all code in the final software product? The answer may differ in each jurisdiction.

IDGNS: And what about software companies developing products based on open source code?

Spindler: This is also unresolved. If, for instance, a company uses open source code to develop a product of its own, there is legal uncertainty as to what extent the GPL covers the new product. The separation of software that relies on open source code from software that "stands alone" is tricky. Just think of application software, such as an office system, written for a Linux system. The office application can't run without the underlying open source code provided by Linux.