Rónán Kennedy reviews a new edition of the leading text on open source and the law.
In the late 1990s, I worked as a systems administrator as the Internet became an increasingly important phenomenon. Although the ‘free software’ movement had a long history, it was a significant element of a key phase of the development of information technology. Tools provided by commercial vendors were sometimes limited or expensive. Open-source software (OSS) provided a low-cost alternative and a way to pilot new services. Many (including me) adopted it with enthusiasm. It could be used to demonstrate to reluctant management that an innovation was feasible. However, it was often perceived as novel, unfamiliar, even risky, as the enforceability of so-called ‘copyleft’ licences was untested.
With time, OSS has become respectable, even essential, and the law has settled somewhat. This mainstream status has led to the writing of weighty tomes such as this one, which is an edited volume (also available as open access through sponsorship from the Vietsch Foundation) with an impressive list of contributors from the academy, legal practice, business, and technology. Many have a depth of knowledge in multiple fields. The range of topics covered in the twenty-eight chapters is wide, including intellectual property aspects, security, and competition law.
The book does not make it clear who the intended audience is, and the chapters are not connected in any obvious way. There are some gaps that could have been addressed: the history of the movement is not presented, and the distinctions between free, libre, and open-source software are barely touched on (although the debate about their relative merits does not seem to be as fierce as it once was). There is little discussion of the under-resourcing of key projects, some of which are essential Internet infrastructure. The chapter on security discusses vulnerabilities such as the ‘Heartbleed’ bug and the need for more attention to improving and maintaining core tools such as OpenSSL or Log4J but there is no wider reflection on the way in which some major businesses are happy to adopt an open-source tool or library, profit from the innovation which it enables, but then do not contribute to the community.
The chapters are detailed and sometimes quite technical, such as the one on the Software Package Data Exchange. Different readers will doubtless have their own favourites: I particularly enjoyed the one on the enforceability of OSS licences, where there have been considerable developments, although (as with other chapters) what is presented is a specific slice of the field (focused on the decisions of German courts) rather than a comprehensive overview and history (which would include important cases from the US). There are also chapters on trademarks and patents as they relate to OSS, although these are not aspects of intellectual property that are as immediately associated with its development as copyright.
The book is relevant to anyone with a role in the governance of open source, either at the project or industry level, with many rich insights in specific chapters. It would probably be most useful to practitioners with a particular focus on this specific area, particularly those working in-house for a software developer that uses or interacts with OSS.
About the book
Open Source Law, Policy and Practice