Despite the prevalence of open source software and its ubiquitous use in the software industry, there has been little litigation in the United States analyzing and interpreting the terms of open source licenses. On April 25, 2017, the U.S. District Court for the Northern District of California issued an opinion in Artifex Software, Inc. v. Hancom, Inc.,1 confirming that copyright owners who distribute their software under an open source software license may be able to enforce violations of the terms and conditions of the license both as a breach of contract and infringement of copyrights. The case underscores the critical importance of ensuring proper hygiene and compliance in open source intake, usage, and distribution.
Artifex Software provides "Ghostscript" software that interprets Adobe PDF (Portable Document Format) files and other page description language files. Artifex distributes Ghostscript under a "dual license" model, offering its customers two licensing options: they can either use Ghostscript for free under the terms of the GNU General Public License v 3.0 (GPL), or purchase a commercial license to use the program without the restrictions of the GPL.2
GPL is one of the most commonly used open source licenses, and grants licensees broad freedom to view, use, modify, and redistribute the source code of the software they have received. Like most open source licenses, GPL requires that when licensees distribute copies of that software, they include certain attribution and notices. In addition, the GPL includes what is commonly referred to as a "copyleft" requirement, which requires that distributions of the software by licensees also be made under the terms of the GPL, including those terms that require the licensee to make the source code of the software available to recipients.
The copyleft requirement of the GPL purports to cover any software that copies or adapts GPL software "in a fashion requiring copyright permission."3 A commercial developer's own proprietary programs, when combined with GPL-licensed programs in certain ways, may therefore become subject to the GPL license when distributed. In that instance, the commercial developer might be in violation of the terms of the GPL (and potentially infringe the licensor's intellectual property rights) if it does not provide the proper notices, or make portions of its own proprietary source code available to recipients under the GPL.
Artifex v. Hancom highlights some of the risks faced by commercial users of GPL software. Rather than pay for Artifex's commercial license, Hancom incorporated the "free" GPL version of Ghostscript into its own Hancom Office software, which Hancom then distributed to its customers. Artifex alleged that Hancom's distributions of Ghostscript as a part of its products failed to include the required notices and accompanying source code, and as a result, those distributions were both in breach of contract and an infringement of Artifex's copyrights.4
Hancom sought to dismiss the case, arguing that: (1) using software licensed under GPL does not constitute entering into a contract since Hancom never signed an agreement; (2) breach of contract claims based on open source software licenses are preempted by federal copyright law; and (3) the fact that Hancom is a South Korean company that does all of its software development outside of the U.S. prevents Artifex from seeking damages under U.S. copyright law. The court denied Hancom's motion to dismiss and allowed the case to proceed.
Although this ruling does not directly address the merits of Arifex's claims, it does reconfirm that courts are willing to enforce the terms of the GPL and other open source software licenses as binding contracts.
Analysis: Implications for the Use of Open Source Software
While the district court's denial of Hancom's motion to dismiss does not necessarily mean that Artifex will win its breach of contract and copyright infringement claims on the merits, the ruling suggests that:
Plaintiffs wishing to enforce their rights under open source software licenses may now have more avenues under which to sue and recover, broadening the scope of potential damages for open source license non-compliance.
Breach of contract claims for non-compliance with open source licenses give plaintiffs more flexibility to enforce their rights, and will make it more difficult for non-U.S. companies to hide behind territorial or jurisdictional limitations.
In addition to remedies for copyright infringement (which, in the case of willful infringement, can include statutory damages that range up to $150,000 per infringed work), plaintiffs may also be entitled to a variety of damages under contract law.
Given that the GPL does not provide the licensee with liability protection like disclaimers of consequential damages and limitations on overall liability, damages in contract, including for indirect harms such as unjust enrichment, reputational damage, lost profits, and consequential damages, could be significant.
The Artifex ruling may also increase the likelihood that owners of open source projects will bring lawsuits against users who fail to comply with the applicable open source license. Even unintentional use of software licensed under the GPL or other open source licenses in violation of the license may result in significant liability to the user, so it is important that users of open source software proactively implement practices to avoid the potential cost of remedying non-compliance.