Monday, May 31, 2010

Open Invention Network (OIN) demystified

An organization that was founded in 2005 and pompously claims in a press release to be "the company formed to enable and protect Linux" is the Open Invention Network (OIN). But at a closer look it's not nearly as useful as its backers would like to make us all believe. There's absolutely no evidence it has ever helped any FOSS company.

What's beyond doubt is that the OIN's structure is fundamentally flawed and unbalanced.

Above all, the OIN is under the exclusive control of half a dozen companies who have funded it with (presumably) hundreds of millions of dollars and who just use it for their own purposes rather than advancing the cause of software freedom. Therefore, I believe company-independent defense initiatives such as the Defensive Patent License are a fairer, more transparent and more reliable approach than the OIN.

Only six companies call the shots

The OIN's name starts with an utterly misleading term: "open".

In reality, the organization is owned and run by a closed circle of six companies, some of whom have a terrible background concerning software patents:
  • IBM (the world's largest patent holder and one of the most ruthless ones, recently in the news for betraying its own "patent pledge" by infringement assertions made against open-source startup TurboHercules)

  • Philips (a company that once benefited from the temporary abolition of patents in its country but later lobbied extremely aggressively for software patents, left the World Wide Web Consortium because of the latter's royalty-free patent policy, and threatened politicians with killing software development jobs in Europe if they weren't going to allow software patents, even though patents are always related to a target market in which they're valid and 100% independent from where in the world the patented invention is made)

  • NEC (a large patent holder)

  • Sony (a large patent holder)

  • Novell (which never supported any serious push against software patents and instead told EU officials in 2004 that it liked software patents a lot except that a proposed EU law on them appeared to limit "customer choice" a bit too much)

  • Red Hat (which lobbied to keep the aforementioned EU bill alive when we had already formed a majority for its rejection, and which partners with IBM on a number of initiatives that appear to protect FOSS but are either ineffectual or even potentially harmful)
When it comes to patents, would you buy a used car from those fellows?

Everyone else may join as a second-class citizen who won't have a say

The six-pack that controls the OIN invites everyone else to become a mere "licensee". There's only one benefit for a licensee: OIN licensees can't use some patents against each other in some context. If "some patents [...] in some context" sounds strange to you, then that's because the whole OIN is based on an arbitrary definition of the "Linux System". If an OIN member has patents that are infringed by that arbitrary definition of the "Linux System", then it can't use those particular patents against other members as far as those use or distribute the "Linux System" (in whole or in part). If those other members use or distribute software that's not part of the "Linux System", then even those patents could be used against them in that context.

The wording used by the OIN on its About page is:
"Patents owned by Open Invention Network are available royalty-free to any company, institution or individual that agrees not to assert its patents against the Linux System."
Unfortunately, the OIN's six owners decide in a completely intransparent process what is and what isn't part of that "Linux System". The OIN publishes that list, which can and does change from time to time, on its website. The OIN's License Agreement doesn't provide any definition or criteria other than pointing to that list. That list contains not only Linux but also some applications (not all Linux applications), and once again, there's no transparent basis on which the OIN makes or modifies that list at its whim. That's what they mislabel as "open".

[Update] In the meantime I've published this detailed explanation of the arbitrarily-changing definition of "the Linux System" and its implications, and in that posting I have also outlined four alternative ways to address the problem identified. [/Update]

This combination of intransparency and arbitrariness puts licensees into a weak take-it-or-leave-it position. If the OIN changes the list based on the strategic goals of its six owners, all others can stay or leave but they have no basis on which to require the OIN to include certain components in that list or to exclude some from it.

That's not the only important way in which licensees are disadvantaged as compared to owners.

Owners can use the OIN as a patent troll -- but the retaliatory strength of licensees remains unchanged

There are two fundamentally different approaches to patent defense: non-aggression pacts related to a certain range of patents, which is what the OIN's licensees get (with the serious flaws and limitations previously described), and the concept of mutually assured damage (deterrent/retaliatory potential). The latter is much more powerful. While nothing really helps against a "troll" (non-producing entity), a retaliatory arsenal can indeed deter a strategic patent holder from attacking, provided that the attacked entity disposes of patents that the would-be aggressor also needs for his own products/services.

Unfortunately, the OIN doesn't add anything to the retaliatory strength of its licensees. They don't get access to any additional patents that they could assert against an aggressor. But the OIN's six owners could use the OIN as a "troll" that would attack third parties because the OIN itself acquires patents (currently owns a few hundred) for that purposes. OIN licensees can use those patents in connection with Linux; OIN members can use their influence to make the OIN assert those patents against others.

There are no obligations on the OIN or its owners concerning how they would have to strike back against an aggressor. Just like the definition of the "Linux System", it's a backroom process without any transparency or published and binding criteria. They could use those patents for purposes that have nothing at all to do with Linux or other FOSS, and no third party, such as a mere OIN licensee, would have any basis to either get them to help or to make them refrain from a harmful way to use those patents.

They make vague statements on the OIN website as to what they plan to do and that they don't plan to build licensing revenue. None of that is legally binding. If you then look at the patent-related positions and history of that group of companies, you better be careful. The most frightening example is IBM, which never apologized for its assertion of patents against TurboHercules.

A look at the list of OIN licensees

The OIN lists its licensees (starting with the six owners, but that changes nothing about the privileges those have). There are two large players among those licensees: Google and Oracle.

Google provided an official reasoning for becoming a licensee that's fundamentally wrong:
"OIN members can focus their energy on writing and releasing software rather than vetting their code for intellectual property issues."
This is incorrect in two ways at the same time:
  1. The use of those patents is tied to that "Linux System" definition, so the OIN's members still have to be equally careful for all software they develop that isn't part of that definition (which only the OIN's six owners determine and modify, and that definition is always related to particular program versions, so even a contributor to Linux wouldn't have any guarantees if upgrading an existing component).

  2. No one who might want to assert his patents against OIN members will join, and since the OIN controls only a small portion of all patents worldwide, the reasoning of not having to perform patent clearance anymore makes no sense whatsoever, at least for the foreseeable future and probably for all eternity.
It's more likely that Google, the world's largest-scale Linux user, thought that any measure to reduce -- even if just marginally -- the risk of being sued for infringement of patents on hundreds of thousands or even millions of computers was worth trying. But that's their specific situation and doesn't validate the OIN as a whole.

One of OIN's medium-sized licensees is TomTom. That maker of navigation systems became an OIN licensee at a time when it had a dispute with Microsoft. That one was actually settled very quickly at any rate, and part of the agreement was that TomTom would have to stop the infringement of certain Microsoft patents within two years. Apparently, TomTom also agreed to pay royalties. So TomTom recognized it had a problem that the OIN couldn't solve.

What happened later is that some propagandists close to IBM and other OIN owners tried to fool the FOSS community into believing that the OIN played any role in that settlement. That's downright absurd because TomTom only became an OIN licensee, not an owner. By becoming a licensee, TomTom changed its patent licensing situation vis-à-vis other OIN members but nothing changed for the siuation between Microsoft and TomTom.

If the OIN were the kind of magic wand that would do the trick, then why would Amazon and HTC and many others have agreed to pay Microsoft royalties on patents that are considered to read on Linux? They could have joined the OIN, but quite apparently they found out the truth, which is that it doesn't strengthen them at all in their dealings with companies outside the OIN.

So what is the OIN good for?

The fact of the matter is that today, almost five years after its foundation, the OIN still hasn't proven its ability to help any Linux (or other FOSS) company in any meaningful way. Totally unsubstantiated and illogical claims by propagandists aren't a substitute for a single convincing success story. That success story would have to consist in some company potentially hostile to open source (and with a dangerous patent arsenal) accepting the OIN's licensing terms. That hasn't happened and I have serious doubt that it ever will.

The OIN continues to buy patents at auctions that might otherwise be acquired by regular trolls. At first sight, that may sound good. But given the intransparent and arbitrary structure of the OIN, it's not clear whether that's actually the lesser or the greater evil than a conventional troll. In the end, the OIN is under the control of those six companies who could decide to use some of those patents against competitors, including FOSS competitors. By controlling the definition of what the OIN calls the "Linux System", they can always ensure that their competitors don't benefit from it, even if they were or became OIN licensees.

Buying those patents at auctions is really expensive. So far the OIN has spent hundreds of millions of dollars. Given the way businesses operate, that's not the amount of money that one would spend unselfishly. Instead, that level of investment, intransparency and unbalanced rights suggests ulterior motives, if not a long-term hidden agenda.

In closing I can only repeat what I said further above: company-independent defense initiatives such as the Defensive Patent License are a fairer, more transparent and more reliable approach than the OIN. And with the Fair Troll business model, that reliability can be fully preserved while sharpening the DPL's teeth. By contrast, a small group of companies can turn the OIN into an unfair troll anytime, and the rest of the world -- including the FOSS community -- wouldn't find out until it's too late.

If you'd like to be updated on patent issues affecting free software and open source, please subscribe to my RSS feed (in the right-hand column) and/or follow me on Twitter @FOSSpatents.