Insurance Provider Finds Patent Risks in Linux

August 3, 2004

Open Source Risk Management (OSRM), a provider of Open Source risk mitigation and management solutions, announced that there are 283 issued, but not yet court-validated, software patents that could be used in patent claims against Linux.

The results of OSRM’s evaluation of potential patent infringement by the Linux kernel, along with a patent insurance program for enterprise Linux users, reviewed all U.S. software patents that have been litigated through appeal, examining whether the Linux kernel contains technology that could trigger patent claims against end-users. In conclusion, the evaluation found that no court-validated software patent is infringed by the Linux kernel. However, according to patent attorney Dan Ravicher, founder and executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation, the 283 issued, but not yet court-validated software patents that, if upheld as valid by the courts, could potentially be used to support patent claims against Linux. In response, OSRM will be expanding its risk mitigation and insurance offerings to cover this quantifiable risk.

“Patents pose a financial risk to corporate Linux users – just like they do to corporate users of almost any software – because, whether or not a patent is truly infringed, it costs $3 million dollars on average to defend a patent lawsuit,” said Ravicher. “This heavy cost of proving even weak patents invalid could fall on unprepared end-users – who, until now, have often been forced to pay settlements to avoid risking millions on litigation. OSRM’s new patent insurance gives such end-users another way to address the issue, as it is a direct competitive alternative to licensing or litigating.”

Ravicher summed up the findings of his review as follows: “Bottom line, we confirmed what the community already knew; that Linux, like any other wildly successful product, has a patent risk. But, we
also concluded that the Linux patent risks are manageable because of the economies of scale achieved by bringing together large numbers of end-users through a structured program of insurance and loss-control, like that now offered by OSRM. This patent risk is in line with what we expected to find, and likely comparable to the level of risk you would find in comparable proprietary software; the only difference with open source software being that proprietary software vendors typically provide legal backing for their customers.

“So the news is both good and bad,” continued Ravicher. “The bad news is that we identified 283 issued patents that have not yet been llitigated, and contain claims that could conceivably be brought against Linux end-users and create financial exposure if found valid. And, of course, not-yet-issued patents could create similar problems. But, the good news is that none of the fully litigated patents we reviewed contain claims that cover Linux.”

Additionally, Ravicher found that about a third of the 283 issued patents are owned by large corporations that are friendly to Linux – ones with some current financial interest in broad Linux
adoption, including: Cisco, HP, IBM, Intel, Novell, Oracle, Red Hat, Sony, and others. However, to date, no Linux vendor has publicly offered its customers legal protection for patent liability; nor has any
entered into an explicit agreement promising never to use its own patents against Linux users. Also, 27 of the 283 patents are held by Microsoft, an outspoken opponent of Free and Open Source software; and still others by individuals or shell corporations who may have little to lose by making legal threats against enterprise Linux users in pursuit of settlement dollars.

“Current U.S. patent law creates an environment in which vendors and developers are generally advised by their lawyers not to examine other people’s software patents, because doing so creates the risk
of triple damages for ‘willful’ infringement,” said Daniel Egger, chairman and founder of Open Source Risk Management. “This studied ignorance leaves the field open to those who would spread fear and disinformation.”

Insurance, Risk Consulting and Patent Policy Reform

OSRM, applying proprietary risk-models and pricing heuristics, found that, when combined with loss-control methods and resources, corporate use of Linux kernel versions 2.4 and 2.6 is an insurable patent-liability risk. Thus, OSRM plans to underwrite combined copyright and patent insurance for enterprise users by year’s end. According to OSRM, current and potential enterprise Linux users are already putting their names on a confidential waiting list for the first year’s limited capacity coverage, which provides for legal defense and damages if sued for Linux use.

A free OSRM position paper, titled “Mitigating Linux Patent Risk” will is available at: www.osriskmanagement.com.

“The most important message to take away – based on OSRM’s proprietary research and quantitative models and the best independent legal analysis available to us – is that the core of the Linux operating system appears to be a normal, insurable patent risk for the businesses that use it. And, based on our hands-on work with many different types of customers, we have found the total cost of ownership of using Linux to still be dramatically lower than proprietary alternatives for customers that add in the cost of effective risk-management,” said Egger. “What it boils down to is that Linux has patent risks; but they can and will become conventional insured risks, just an everyday cost of doing business.”