The case is the second piece of software patent litigation to directly involve FOSS. The 
first
was a case brought against Red Hat and Novell by IP Innovation for the
inclusion of virtual workspaces in their Linux distributions.
Although
the ClamAV project is not directly involved, the issues in the
Barracuda case have already enlisted the support of such figures in the
community as Eben Moglen of the Software Freedom Law Center (SFLC) and
Richard Stallman, founder of the Free Software Foundation (see
sidebar). Trend Micro, though, insists that the case is a narrowly
focused one, and that the concerns of the FOSS community are premature
and unfounded.
History of the case
The patent allegedly violated is patent 5,623,600,
which is for anti-virus detection on an SMTP or FTP gateway. Applied
for in 1995 and granted in April 1997, the patent shortly afterwards
became the means of forcing out-of-court settlements from both Symantec
and McAfee, two of the leading proprietary manufacturers of anti-virus
software. While information on the settlements is not publicly
available, the fact that Symantec and McAfee have subsequently cooperated with Trend Micro
suggests that the companies pay minimal license fees to Trend Micro. "I
don't see anything in the publicly accessible information that suggests
to me that people who have paid thought that [the patent] was
dangerous," Moglen says. "I've seen some indication in the publicly
accessible information that people who paid for it thought it was a
nuisance."
In 2005, a third alleged violation, this time by Fortinet, was also settled, after a judgment against Fortinet was brought by the US International Trade Commission (ITC).
Although Trend Micro's stated position is that it is simply
enforcing its rights, the case against Barracuda seems more punitive.
Given Barracuda's reluctance to settle -- "it's a lot of money," Drako
comments -- Moglen suggests that it might be an attempt to use patent
law to drive a competitor out of business. If so, this use is more than
a little ironic, considering that patents were originally intended to
encourage innovation for the sake of a free economy, and, in this case,
one is being used as a kind of unofficial government intervention.
In late 2006, Trend Micro began sending a series of increasingly
insistent letters to Barracuda, demanding that the company either
remove ClamAV from its products or pay a licensing fee. Drako tried to
arrange a meeting -- and continues to do so to this day -- but without
success. "I've never got an official refusal," he says. "But somehow
the meeting never seems to happen with someone who actually has
authority. I've been trying to get a meeting with the CEO, the CFO, and
various other people to have a serious talk about his, but their
lawyers won't allow it."
Increasingly concerned by the letters, Barracuda instructed its legal representives, Wilson Sonsini Goodrich & Rosati to file for a declaratory judgment in Northern California federal court. Trend Micro responded with an accusation of patent violation.
However, before the application could be heard, Trend Micro filed a second suit with the ITC
in November 2007 against Barracuda, as well as Panda Software and Panda
Distribution. At Barracuda's request, the federal case was stayed until
the ITC case was heard -- a standard procedure in such circumstances.
Drako suggests that this maneuver was designed to switch
jurisdiction from Northern California, a federal district that is
generally considered a relatively fair jurisdiction for software patent
cases (perhaps because of the high likelihood of knowledgeable jury
members from Silicon Valley), to one that is much more difficult for
the defendant. "The ITC is an extremely onerous court for (the)
defending party," he says. "Because it has unlimited amounts of
discovery, you have seven to ten days to respond to a discovery
request, you have an unlimited number of depositions, and the ITC
effectively guarantees you a one-year resolution."
Presumably in order to have the case fall under ITC jurisdiction, www.barracudanetworks.com/legal">Trend Micro's filing
alleges that, because ClamAV is developed by FOSS developers from
around the world, it is imported software -- despite the fact that it
is readily downloadable from its site on SourceForge.net, a U.S.-based
Web site (owned by the same company that owns Linux.com). According to
Barracuda and its publicists, the filing also claims that Barracuda is
importing unique motherboards and power supplies for its products. In
fact, Drako claims, "They're standard, off-the-shelf components that
you could buy anywhere."
In December, 2007, the ITC agreed to hear the case. More details
about the scheduling in the case are expected by the end of February.
Meanwhile, Barracuda has decided to go public with the case. "This
is not an easy decision emotionally," Drako says, "But, finally, we
said, 'This is so wrong that we have to let everybody know. It's
potentially precedent-setting in the open source community." Drako has
also met with Richard Stallman and consulted the Software Freedom Law
Center, which is considering possible ways of assisting in the case --
including applying for a patent re-examination, as it did with the Blackboard eLearning patent.
Trend Micro's position
Intially, Trend Micro refused to comment on the situation because it
was in litigation. However, after receiving numerous requests from
journalists, the company agreed to let Carolyn Bostick, vice president
and general counsel, and John Chen, intellectual property counsel, talk
with Linux.com.
The company's legal representatives take a narrow view of the case,
refusing to consider any of the potential concerns of the FOSS
community or any precedents that the case might set.
"Open source really isn't at the heart of the issue at all," Bostick
says. "It's really about a company that's selling products for profit
that infringe what we do with a time-tested patent." This patent, she
stresses repeatedly, is not about anti-virus as such, so much as a
specific implementation of anti-virus through an SMTP or FTP gateway.
She notes that the other companies involved in the ITC case are
strictly proprietary, adding, "We think it's a little off the mark to
try and transform this lawsuit, which at heart is about intellectual
property, into something about the open source community."
Reminded that others in the FOSS community are wondering if they are
at risk, Chen replied, "I don't think you can just put a blanket
statement like that."
Bostick agreed, saying, "The patent issue covers a specific
implementation of anti-virus scanning. It's also a U.S. patent, which
means that it's only going to cover intellectual property violations in
the U.S. And frankly, as we sit here now, we're not aware of any other
companies that are using ClamAV in the U.S. This is just not going to
have a negative impact on open source." However, later, in responses to
reworded questions about possible vulnerabilities, Bostick said,
"That's always a possibility. I can only speak about this patent."
"It's really a difficult question to answer," Chen says, "Because that's never been our intention [to threaten FOSS]."
Asked if Trend Micro might take any steps to reduce concerns in the
FOSS community, such as patent protection for FOSS or non-commercial
use, Bostick returned to the basics of the present case, saying, "The
example that we're looking at is not non-commercial use. It's not like
our patent is an unknown quantity." Finally, after the question was
presented in different forms once or twice, Chen said, "I don't think
we're prepared to make a statement on that."
As for concerns about how the definition of importation might affect
FOSS, or the possibility that the ITC might become the preferred venue
for FOSS-related patent cases if the definition is upheld, Bostick
says, "That wouldn't necessarily be the case. That's incredible. I
think people are trying to draw conclusions that logically don't exist."
Chen said much the same, suggesting that "I think people are drawing
too many conclusions about the potential significance of this case.."
"The facts should mitigate people's concerns," Bostick says. "Anyone
should be very cautious about drawing any large conclusions. This is
not about open source, and this is simply a bit of misdirection."
In other words, Trend Micro's legal representatives believe that
Barracuda's appeal to the community is simply a means of confusing what
to them is a very straightforward case.
Critiques of the case
To say the least, FOSS-oriented legal experts disagree
strongly with Bostick and Chen. Although the case is just now being
publicized, FOSS legal experts have been following it for some time.
Like Trend Micro's representatives, they are understandably cautious
about commenting on a case that is still being heard, but the two
experts Linux.com consulted suggest that possible reasons exist for
declaring the patent invalid despite its widespread use in the last
decade.
According to Drako, Barracuda has located "hundreds of pieces that
contribute to the prior art collection" that undermine the suitability
of the patent. SFLC's Eben Moglen concurs, saying, "Despite the
widespread licensing of this patent, it does seem clear that the patent
office had some significant doubts before it was issued, and those
doubts were probably well-founded. We have undertaken a good deal of
research, and I think that more light shed on the condition in 1995
might be enough to demonstrate that this was a patent that ought not to
have been issued."
Nor is the fact that the patent has been successfully defended necessarily relevant. Mark Lemley, a professor at Stanford Law School who teaches intellectual property and Internet law and is a counsel at Keker and Van Nest
in San Francisco, suggests that "it doesn't set a blind precedent."
Rather, he notes, the previous defenses might only come into play if
the patent is upheld.
"They might establish a royalty basis for damage calculation,"
Lemley says. "But the fact that it's open source might mean that we
treat [the Barracuda case] differently. It' s not clear that we should
be paying the same damages, or even how one should calculate damages,
because we normally calculate it as a percentage of the revenue" --
and, of course, FOSS projects have only limited funds at the best of
times."
Another consideration in the case is the definition of importation
in the ITC filing. To Moglen, the idea that international contributions
to a FOSS project could constitute importation is bizarre. "There's no
rhyme nor reason to it at all," he says. "That would tend to confirm my
belief that what we have here is a software company prepared to do harm
to the free [software] world solely for its own profit." Carried to its
logical extreme, he suggests, a computer assembled in the US using
imported screws would also be classified as an imported product.
Lemley is even more skeptical of the proposed definition. "I think
there are numerous problems with that argument," he says. "First is the
question of whether Barracuda did in fact import the software at all
from abroad, as opposed to getting it from a US source. But even if
that weren't true, even if they had imported it, they're making their
software in the United States, so there's nothing for the ITC to
enjoin. The most that the ITC could do is say you're not allowed to
download further copies of the software from the website, but, of
course, Barracuda doesn't need to. They've already got the software. I
would think that the ITC claim, regardless of the merits of the actual
patent claim, just doesn't make any sense."
In short, both Moglen and Lemley suggest that the successful
application of the patent over the last decade is no guarantee of its
success and that both the legal cases and the patent itself could be
vulnerable. Moglen in particular refers to 5,623,600 as an "invalid
patent." He suggests that it is ironic that proprietary software,
having created a situation in which anti-virus is required, should now
be attempting to outlaw an effort to correct the problem.
Larger implications
Beyond the particulars of the case, what concerns Lemley and Moglen
most is that the Barracuda case might be the first of many patent cases
brought against FOSS. "There are a heck of a lot of software patents
out there," says Lemley, "So what we're seeing may be the first edge of
the wedge. If that's true, if there's a lot more software patent cases
coming in the open source world, then I think open source is going to
have some difficulties, because the open source licenses are not set up
to deal with those. Licenses like the GNU General Public License, he
points out, have found an ingenious way around copyright, but don't
"work for patents because, unlike copyright law, you can be sued for
patent infringement even if you didn't copy anything from the patent
owner, even if you you have no connection to the patent owner."
Or, as Eben Moglen puts it, "Patents attack the very idea of free
software. Software, unlike physical devices, process, and equipment,
may put in practice what in theory is tens of thousands of claims. The
results of any application of the patent law to software is a profound
problem of what theorists call anti-commons:
rights that have been so severed up that, at least in theory, there
could be thousands of holders of little statutory monopolies, and
nobody would be able to do anything."
According to Moglen, the nearness of the anti-commons is why most
major software developers have become more skeptical about the
desirability of patents, often holding their own patents primarily as a
defensive measure even as they release some rights to free software or
into the public domain.
"Companies are beginning to act on the assumption that the
protection given by software patents are too much protection even for
their own inventions," Moglen says.
Moglen views software patents as "anti-progressive as well as
anti-consumerist." Moglen explains: "The Internet is being widely and
powerfully transformed by the availability of small, cheap routing
devices. And this is entirely attributable to the embedding of free
software. The free software world is now providing tangible advantages
to millions of customers around the world," and these developments and
conveniences are undermined by patent claims.
"Freedom depends on technology that people control," Moglen says.
"If you can't control the technology of daily life around you, the
technology of daily life controls you."
Given these views, Moglen applauds Barracuda's decision to publicize
the case rather than to seek a private settlement, as others have done
in the past. "Every time someone makes a separate, private peace with a
patent holder," he says, "That subtracts from the community's ability
to defend itself. A patent that has been licensed has a certain weight
of gravitas that seems to attach to it."
"One of the things that I think is good here," Moglen concludes, "Is
to have an opportunity by support to express our gratitude to companies
like Barracuda -- that is, companies that make commercial use of free
software who are willing to take a stand and deal with a problem that
affects us generally."
Richard M. Stallman calls Trend Micro a "despicable predator"
This attack is an example of the threat that software patents impose
on all software developers: at any moment, you can get sued for using
code with the author's permission, or even for the code you wrote.
Today the victim is ClamAV, but tomorrow it could be any program.
A patent is an absolute monopoly on a certain technique or code
structure. Since a large program implements thousands of techniques and
contains thousands of code structures, software patents put the
developers and users of any large program in danger. It is stupid to
allow software patents, and the US should abolish them -- all of them.
As a leader in the free software movement, I'm particularly
concerned with the threat to free software, but custom software is also
legitimate and deserves not to face this danger.
Proprietary software developers are also in danger from software
patents. I think proprietary software is unethical; I launched the GNU
system, in which the kernel Linux is used, to make it possible to run a
computer without proprietary software.
But when it comes to the danger of software patents, we all face the
same threat. I've worked together with proprietary software developers
since the 90s in the campaign against software patents.
Companies that use software patents for aggression, as Trend Micro has
done, are despicable predators -- the lowest of the low. They deserve to be taught a lesson.
-Richard M. Stallman
Story by: Bruce Byfield, Bruce is a computer journalist who writes regularly for Linux.com and IT Manager's Journal. Original artickle can be found at www.linux.com/feature/125807
The Un-X Crew
Printerfriendly display 
