What to Do if SCO Comes Knocking

As the battle lines over Linux harden between The SCO Group and the open-source community regarding SCO’s challenge to parts of the Linux kernel, IT managers are being warned to take measures to minimize their potential legal exposure.

The advice, from several industry analysts contacted by internetnews.com, comes amid apparent confirmation that Microsoft has been indirectly supporting SCO.

That news first came to light last week, when open source guru Eric Raymond posted a leaked SCO e-mail. The message, which SCO has confirmed is authentic, alleges Microsoft played a matchmaker role in helping SCO secure some $50 million in financing from the San Francisco venture fund Baystar Capital.

Today, as word of Microsoft’s involvement in the deal appears clearer (BusinessWeek this week confirmed Microsoft referred Baystar to SCO), industry experts don’t expect that SCO’s legal onslaught will diminish anytime soon. Accordingly, IT managers are wondering just how to cope with what could be a persistently litigious environment for Linux users.

Analysts contacted by internetnews.com recommended three general strategies: be sure to consult with legal counsel, keep abreast of existing indemnification programs, and — if your legal adviser deems it appropriate — don’t pay license fees.

The latter is the tack suggested by George Weiss, Gartner’s analyst for Linux and operating systems. “Gartner has recommended that users not pay any license fees,” to SCO, he told internetnews.com, noting that the recommendation is “not trying to pass judgment” on the validity of SCO’s suits.

SCO has sued IBM and Novell over its claims to code in Linux. Last week, SCO filed its first end-user suits, against Autozone and DaimlerChrysler.

Rather, Weiss thinks that immediate payment isn’t wise because the burden of proving that fees are required should be on the SCO camp and not on the user.

But what to do if, as a Linux user, your shop gets a letter from SCO raising issues about use of Linux and its own copyright claim? According to Weiss, the “user only has to respond in some way [to indicate] that they acknowledge being at the end of the threat.”

Indeed, Weiss said the response might go on to note “that they are at this point unclear and uncertain about what the claims are, that no judgment has been rendered in a court, and that SCO needs to clearly state [its] case and show proof.”

Weiss noted that SCO hasn’t yet won any cases in court that clearly give it the right to extract fees from Linux users. So, in that sense, he added, asking for clear proof and evidence of any license claim makes sense. “Otherwise, any company that gets a letter in the mail stating they’ve violated intellectual property (IP) could be paying license fees to quacks.”


(Page 2) The EV1 Experience

Stephen O’Grady, software analyst for Red Monk, pointed to the implications of SCO’s disclosure earlier this month that it had signed up Texas Web-hosting house EV1servers.net as among its first publicly announced IP licensee.

“Obviously there is a tremendendous amount of antagonism towards SCO and its whole mission,” O’Grady said. “Any firm that does take a pro-SCO stand at this point needs to be aware that this is a potential reaction.”

Indeed, that reaction was swift following the EV1servers.net announcement. Dozens of the company’s customers posted notices on its message boards threatening to leave. Others, responding to a poll initiated by the ISP, said they wouldn’t’ leave. Others just weighed in that “the SCO thing upsets me.”

In a posted response, which may provide insight into what Linux users are thinking, Robert Marsch, EV1Servers chief executive, explained his actions. He said his company decided that taking a license was a “prudent business decision” and was intended to bring certainty to its businesses.

He also obliquely indicated that he thought taking the license was preferable to potentially being sued by SCO. “The outcome of every legal action is subject to risk,” Marsh wrote in his post. “There is significant risk on both sides of this equation.”

While Marsh consciously managed his legal risk, the negative publicity suffered by his company was an unintended side effect that may have been stoked by the manner in which SCO trumpeted the news.

Red Monk analyst O’Grady noted that EV1 was “not particularly pleased with the way that SCO announced the contractual specificities.”

For other firms faced with a similar situation, discretion may be the better part of valor. “My advice to any firm that does [take a license] is to absolutely include a confidentiality agreement in those terms, and not to be disclosed as a license recipient,” O’Grady said.

For IT managers, perhaps the biggest, most important liability limiters are the combined efforts of Red Hat, Novell, HP, and others to indemnify their Linux distribution customers against potential lawsuits.

“I would characterize the efforts of Red Hat and others to set up these indemnification programs as a good thing and a potential benefit,” O’Grady said. “I have yet to see a case put in front of me where it really becomes the deciding factor in a sales-side situation.”

Peter Kastner, an analyst at Aberdeen Group, similarly sees indemnification as a focal point when plotting strategy. “While the legal situation is murky, enterprise class customers should carefully consider their investment in Linux technology,” he said. “Getting under the umbrella of a company which offers indemnity protection is one of the factors well worth considering.”

However, for most Linux users, figuring out where they stand may be little more than a shot in the dark. Gardner said customers not covered by any of the indemnification programs may only see potential liability if SCO comes knocking.

“If you’re a very large user and stick out like a sore thumb, [you] may want to rethink your strategies about license and governance,” he said.

One positive for companies, according to Weiss, is that the increased focus on this area has brought about “much more due diligence to understand what licenses” the company has taken in-house. Companies are also focused on making sure they “don’t run afoul of legal issues.”

The bottom line, according to the analysts, is to rely on solid legal advice.

“What we tell firms is to speak with their legal council to determine what their comfort level is with the risk that is out there,” Red Monk’s O’Grady said.

“Much of this depends on the outcome of the pending litigation. Depending on your risk threshold and depending how long you can wait, it may turn out to be a non-issue.”

Erin Joyce contributed to this story

News Around the Web