RealTime IT News

Linux's Patent Risk

Open Source Risk Management (OSRM) announced today that it had found 283 issued, but not yet court-validated, software patents in the Linux kernel.

The findings are the result of a thorough Linux patent review sponsored by OSRM, a firm that provides risk mitigation and insurance offerings to the open source community. The review however did not find a single patent infringement that had currently been court validated.

"By saying that these 283 patents could cover Linux means that [patent holders] have claims that could be infringed by practicing the Linux kernel," Dan Ravicher, founder and executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation, told internetnews.com. "When patents get tested in court, the court finds them invalid about half of the time, so the court doesn't just accept the patent office's decision," Ravicher said.

The review looked at 2.4 and 2.6 kernel versions of what is commonly referred to as the "plain vanilla kernel," which is the publicly available kernel from kernel.org. The plain vanilla kernel is rarely included in mainstream distributions like Red Hat and others that provide additional features. Though Ravicher was quick to mention that they'd be happy if asked to review other flavors of the kernel.

OSRM claims that a third of the 283 issued patents are held by Linux-friendly corporations like Cisco, HP, IBM, Intel, Novell, Oracle, Red Hat and Sony. The others are held by groups that may not be as friendly to Linux, such as Microsoft. Ravicher identified Microsoft as the holder of 27 of the patents, which he says have not been court tested.

"None of the 283 that I've identified are actually being litigated so far as I know, but the extent to which Microsoft is asserting its patents through means other than litigation is indeterminable," Ravicher said. "In many cases, there could be confidentiality agreements in place that prohibit us and the public from knowing exactly what Microsoft is doing and how they are trying to go out and assert their patents."

OSRM, however, is not going to reveal any hard specifics on the 283 patents. Ravicher explained that being aware of the particulars of a patent could potentially expose a developer to risk.

"There's what I call a perverse rule in patent law that says if you are aware of a patent and then later [are] found to have infringed on it, the court can punish you for willful infringement by tripling the amount of damages awarded against you," explained Ravicher. "If you can say you weren't aware of it, then the court can't claim that you acted willfully because you didn't have knowledge.

"That's the reason we're not going to tell people what these 283 patents are," he continued. "If we told people, we'd create exposure, which we're trying to avoid."

Linux's patent risk has been acknowledged for some time. In fact, Ravicher points to the GPL license under which the Linux kernel itself is distributed. It was written in 1991 and illustrates the fact that the community has always been worried about software patents.

Having 283 patents does not imply a doomsday scenario, Ravicher said. "That's no more patents than what potentially covers any other product that's as successful and as widely used as Linux. This isn't a surprise result; it's completely typical and manageable and something that OSRM is providing the solution to solve."

OSRM's new patent insurance products are targeted at protecting users with comprehensive policies that protect against what Ravicher believes to be the biggest problem with the 283 patents.

The biggest problem is not that claims may be asserted meritoriously, Ravicher said. The larger issue is the cost of defending against a potential patent infringement claim, which runs on average $2 million to $4 millions dollars.