** Tue 05 September 2017
TL;DR: I discuss my perspective in the recent BSD+Patents episode with Facebook Open Source.
Disclaimer: I am not a lawyer
Many open source software (OSS) projects led by industry giants use the Apache License 2.0 (henceforth the ASL2.0), compared with the MIT or BSD licenses which also enjoy popularity amongst many other OSS projects. This is the license used by projects in the Apache Software Foundation, but you can use the license without being part of the ASF. TensorFlow and many other important non-ASF projects use this license.
The ASL2.0 has appeal for enterprises for a few reasons. One obvious reason is being a redistribution-friendly, permissive license (like MIT / BSD), so you can include such code in closed source products that you sell. Another reason is that it makes patent grant rights explicit. In other words, the license grants users unrestricted use of any patented IP in the codebase in perpetuity. This patent grant applies transitively to any projects that use or redistribute the project in question.
Having code that is both permissively licensed and patented might seem a bit strange. Some companies may seek patents for IP created in OSS projects to try to protect themselves in future IP litigation . They have no intent of selling or profiting from the patents, but they want the IP distributed in their OSS projects to stay free and commercial friendly.
This is where the ASL2.0’s patent grant is so important; it protects both the OSS authors’ and users’ redistribution rights. Without this, a patent troll could start a lawsuit and potentially force code in an established OSS project to be removed, which would wreak all kinds of havoc on developers and users alike.
In my opinion, software patents are evil because they stifle innovation achieved through incrementalism, and software engineering consists of a lot of this.
Here’s the rub. Facebook has licensed some of its popular OSS projects under a license which is almost like the ASL2.0, except that the language around patent grants is different. I present an abbreviated version of the legalese:
The [patent] license granted … will terminate … if you … initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: (i) against Facebook … (ii) against any party if such Patent Assertion arises … from any software… of Facebook … or (iii) against any party relating to the Software.
TL;DR: You can use Facebook’s OSS patents as long as you never sue Facebook for patent infringement. In the ASL2.0 there are no such restrictions.
The Apache Software Foundation’s legal folks took issue with this provision, as (and this is only my understanding of things) it creates an “IP overhang” in any projects that transitively depend on a Facebook BSD+Patents project, like React or RocksDB. It’s a form of software non-freedom that makes this license onerous for commercial projects.
Software patents are evil, don’t get me wrong. But the Facebook patent termination clause is a nuclear option to fight back against patent trolls. Presumably Facebook has already faced a number of frivolous patent infringement lawsuits over the years, and that may be motivating their stance on this.
Facebook has changed the RocksDB license to ASL2.0 in reaction to public outcry, but the React license remains unchanged, which is causing problems for ASF projects which have React-based user interfaces at various stages of development.
You can see this blog post for a lengthier discussion of the licensing saga from the perspective of one Apache contributor.
On August 18, one of Facebook’s engineering directors wrote directly about the issue:
We believe that if this license [BSD+Patents] were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.
People seem to be of two minds about the situation:
Facebook’s open source lawyers are being nitwits by using a non-standard license, when Google and most other companies in the world have been doing fine under the protections of the Apache License 2.0.
The Apache Software Foundation is creating unnecessary complication for open source developers, for 99% or more of whom these IP concerns will never be a realistic issue.
The situation is justifiably annoying for everyone involved. Accepting BSD+Patents projects as a hard dependency into ASF projects is a slippery slope, and may lead to more projects adopting this license, which I don’t think would be good. It has a viral quality similar to copyleft licenses like the GPL.
The real enemy is software patents. I feel Facebook’s stance on this is ideological, and it seems unjust to make OSS developers pay the price for software patents’ continued legality in the United States. BSD+Patents may stop certain kinds of patent trolls, but the only real solution is to bring about an end to software patents altogether.
Bottom line is that I agree with the ASF’s stance on the BSD+Patents issue, and I hope that React will change its license. Further, I hope that Facebook and other highly profitable multinational companies pool their resources to lobby for an end to software patents.