6 minute read | June.22.2023
Companies (including through the use of AI) are increasingly reliant on open source software to expedite their software development. A recent case filed in California, SFC v. Vizio, calls upon the state court to interpret two common open source software licenses in a manner that could aggressively expand the number of individuals who can bring a lawsuit to enforce the terms of open source software licenses and the scope of the disclosure requirements in these open source software licenses. If the plaintiffs prevail, then any downstream purchaser of a product incorporating open source software subject to certain licenses may be able to bring a lawsuit to force the disclosure of the proprietary source code in that product.
In October 2021, the Software Freedom Conservancy (SFC), a New York-based nonprofit consumer rights organization, filed a complaint against Vizio, Inc., maker of, among other things, smart TVs that incorporate Vizio’s SmartCast operating system, known as SmartCast OS. In developing SmartCast OS, Vizio embedded certain open source software (OSS) subject to the GLPv2 and LGPLv2.1 licenses (the GPL Licenses). The GPL Licenses state that “if you distribute copies of [the open source software], you must give the recipients all of the rights you have. You must make sure that they, too, receive or can get the source code.” By failing to provide its SmartCast OS source code, SFC argues that Vizio has breached the terms of the GPL Licenses.
SFC’s complaint is novel since SFC is not suing as the licensor of the OSS. Instead, SFC asserts that, as a member of the public intended to benefit from the GPL Licenses, SFC is entitled to seek enforcement of those licenses against Vizio as a third-party beneficiary to the GPL Licenses.
SFC argues that the plain language of the GPL Licenses supports SFC’s reading that Vizio must disclose the SmartCast OS source code, but what makes SFC of all parties entitled to sue and seek this disclosure? In the past, litigation enforcing the terms of OSS licenses have been brought by the rights holders, e.g., the authors or licensors of the OSS code. SFC admits that it does not have any copyright ownership interest in the OSS at issue and that SFC is not the licensor of any software used by SmartCast OS.
Instead, SFC argues that the GPL Licenses were created to ensure free and open access to software by the public, and that by purchasing a Vizio TV which uses the SmartCast OS, SFC becomes a third-party beneficiary of the GPL Licenses. A third-party beneficiary is someone who benefits from a contract without being a party. SFC argues that when Vizio sells a TV running the SmartCast OS, it distributes the SmartCast OS subject to the GPL Licenses, and all distributions of OSS under the GPL Licenses require disclosure of the entire SmartCast OS source code. SFC asserts that, as a purchaser of applicable Vizio TVs, it is therefore entitled to receive the source code under the terms of the GPL Licenses.
Vizio made several arguments in an attempt to dismiss SFC’s complaint. However, none were successful, and the case is now scheduled for trial in September of this year. If SFC is successful, this case could open the floodgates to third-party beneficiary enforcement of OSS licenses and, downstream purchasers of products or services including OSS governed by copyleft OSS licenses could bring a lawsuit to require the sellers to disclose their proprietary source code. Additionally, the proliferation of AI-powered tools and services may add a new dimension of risk in using OSS. One difficulty with enforcing OSS licenses has been detecting OSS usage by third parties. The development of AI systems capable of reverse engineering black box functions of programs could provide third parties unprecedented abilities to monitor and detect OSS usage. A decision in SFC’s favor, paired with the rapid innovations brought by AI, would significantly increase the risks associated with non-compliance of OSS licenses due to both: (1) the cost of defending against claims brought by third-party beneficiary plaintiffs, and (2) the burden of complying with any resulting settlement or court order (including the possible disclosure of source code).
While the Vizio case is still pending, SFC recently took aim at John Deere in a blog post accusing the farm equipment manufacturer of similar GPL violations and calling on them to disclose the source code of the software integrated into their products to downstream recipients of those products. According to the blog post, SFC has privately sought for over two years to convince John Deere to comply with its GPL obligations and disclose its complete source code to no avail. SFC has not yet filed a complaint against John Deere seeking to force disclosure of the source code.
Until we have more clarification from the court, what are some things that businesses could do to reduce the risk around the use of OSS?
Whether your business needs help understanding OSS obligations, complying with OSS licenses, or negotiating agreements involving OSS, Orrick’s Technology Transactions team (or one of the authors) can help.