| Will violating the GPL get you in deep SOX? |
Mar. 07, 2006
You may never have even considered how the popular GPL open-source license might interact with the Sarbanes-Oxley Act of 2002, but embedded systems seller Wasabi Systems claims that Sarbanes-Oxley has made "GPL violations a federal crime."
SOX (Sarbanes-Oxley) is a set of federal laws that spell out the financial disclosure and fiscal reponsibilites of a company's executives. It's designed to prevent the kind of white-collar looting, which first pumped up, and then killed, companies like Enron and WorldCom.
The Software Freedom Law Center (SFLC) disagrees with Wasabi's assessment. Eben Moglen, the center's chair and a leading open-source lawyer, said that the recent discussions regarding the GPL and SOX (Sarbanes-Oxley) pushed the group into issuing its own whitepaper, since discussions of the matter "have been wrought with false information."
"The idea that a GPL violation could result in jail time is unreasonable. You take away this unlikely threat, and the argument is reduced only to compliance, and GPL compliance is remarkably simpler than that of alternative licenses," said Karen Sandler, an attorney at the Software Freedom Law Center, said in a statement.
So, under SOX could someone who violates the GPL be liable for a federal crime and jail time? Or, is this just "FUD" from a company that supports BSD and the BSD license over what it calls "Linux's troublesome GPL License?"
Lawyers disagree on the matter.
"The recent statements of Wasabi Systems and others claiming that use of software licensed under the GPL creates a particular Sarbanes Oxley risk is a red herring," said Stephen M. Fronk, intellectual property attorney and partner with Howard Rice Nemerovski Canady Falk & Rabkin in San Francisco.
"All companies that are subject to Sarbanes-Oxley, regardless of whether they are using any free or open source software, are required to establish and maintain internal controls and to make disclosures that are material to their business. Accordingly, every such company, if it in-licenses software, should be ensuring that it is complying with the terms of the license under which it received such software. The analysis will differ depending on the license (e.g., the GPL versus a proprietary license), but there is no particular difference in terms of meeting the obligations imposed under Sarbanes-Oxley," Fronk said.
Larry Rosen, founding partner in the law firm Rosenlaw & Einschlag and author of "Open-Source Licensing: Software Freedom and Intellectual Property Law," is franker.
"The Wasabi paper is ridiculous. I think the SFLC paper appropriately addresses all the issues and should reassure companies that their GPL-licensed software is safe. Compliance with license terms should be important to all software companies. Emphasizing the GPL in this context is to exaggerate the risks of the GPL and minimize the risks for all other licenses. That's silly," Said Rosen.
He's not the only one who sees Wasabi's claims as being on the silly side.
"No one will ever be sent to jail in America for unknowingly breaching a GPL agreement," said John S. Ferrell, founder of Carr & Ferrell LLP, a Silicon Valley intellectual property and corporate law firm.
Ferrell added, "The Wasabi paper argues that cheating on the GPL is widespread. This is completely contrary to my experience, where the overwhelming majority of companies I see pay significant attention to legally working within the contours of their GPL obligations."
However, Thomas Carey, chairman of the business practice group at Boston-based law firm Bromberg & Sunstein LLP points out that despite all the negative reaction in the open-source community to the Wasabi whitepaper, the company does make some legitimate points.
"The Wasabi paper does not argue that GPL software is especially dangerous. Its primary point is that lawyers, not engineers, should be making the decisions concerning how a company should go about complying with the GPL. It asserts that non-compliance is often the path of least resistance taken by engineers (or their superiors) who do not wish to publish the source code of the products that they build on top of GPL code. The Wasabi white paper points out that, for software companies, this is playing with fire because of the potential for this non-compliance to be overlooked as the Company prepares and certifies its financial statements. All of this is correct," said Carey.
"Some in the open source community are now taking offense at a paper pointing out that GPL compliance is a serious matter. How strange is that? The technical points raised by the Software Freedom Law Center are largely correct, but they are incorrect in saying that the Wasabi paper is anti-GPL FUD. The Wasabi white paper exaggerates the SOX point a bit, but it is not anti-GPL. It is pro-GPL, and takes the position that lawyers should be reviewing matters of GPL compliance, just as they review matters of compliance with proprietary licenses, so that SOX violations do not occur."
"Maybe this is just a lawyer versus engineer battle. If so, the lawyers will come out on top. They usually do," Carey concluded.
You can find the complete Wasabi paper here, and the complete SFLC response here.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
NOTE: Please post your comments regarding our articles using the above link. Be sure to use this article's title as the "Subject" in your posts. Before you create a new thread, please check to see if a discussion thread is already running on the article you plan to comment on. Thanks!
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed