If you ask Chris Sontag, a vice president at the SCO Group, how his tiny software firm decided to launch a billion-dollar lawsuit against IBM and became, in the process, the most reviled name in the open-source programming world, he’ll tell you that the whole thing started rather innocently. Sontag says that SCO did not go looking for trouble with fans of free software; instead, trouble found SCO. In January the company, which makes most of its money from the sale of Unix and Linux operating system software, embarked on a routine review of its business holdings. And during the review, “we identified some concerns we had in terms of our intellectual property.”
Specifically, the company determined that some source code in Linux had a lot in common with code in Unix — and SCO says that in 1995, it purchased rights to all the original Unix source code from the software firm Novell. In other words, SCO believes that Linux, an OS that can be freely copied and modified by anyone, is illegal. Linux is, SCO says, “an unauthorized derivative of Unix.” If SCO’s accusations are affirmed in court, the millions of companies and individual users who have increasingly built their lives around Linux over the last decade might have to start scrambling for an alternative or face costly penalties.
But that was not all. During its examination of Linux source code, SCO says it found that it could trace what it believes was Unix code in Linux to one of its longtime partners in the Unix business: IBM. Sontag says that SCO immediately tried to notify IBM of copyright violations in Linux, but “we effectively got no response.” So on March 7, SCO filed suit against IBM, alleging “misappropriation of trade secrets, tortious interference, unfair competition and breach of contract.” In its complaint, SCO claims that IBM took parts of SCO’s Unix code and illegally inserted the code into Linux. Last month, to warn end users about its findings, SCO sent about 1,500 corporate Linux customers a letter saying they could be in legal hot water if they continued to use Linux, which SCO told them was “developed by improper use of proprietary methods and concepts.”
SCO’s war on Linux has become a hot topic in open-source circles, inspiring heated discussions on developer listservs and almost daily posts on Slashdot. Opinion in these forums, as well as among more dispassionate industry observers, runs about 99 percent anti-SCO. Nobody believes Sontag’s story, and it’s not hard to see why. SCO’s version of the history of Unix and Linux — as the company has explained it to reporters and as it outlines in its legal complaint against IBM — comes off as a one-sided and self-serving account. Critics say the company misstates and exaggerates its own contributions to Unix, and SCO has yet to provide a single example of infringing code it says it has found in Linux.
Industry watchers have attributed SCO’s actions to economic desperation. The firm’s products have not been doing well recently; the company lost about $25 million last year. SCO now has a stated goal of trying to make money by selling licenses to its Unix intellectual property, and critics see the IBM suit as perhaps only the first of many litigious efforts SCO will attempt. IBM intends to fight the case, but SCO may hope that escalating its rhetoric will make business for Linux companies so difficult that they’ll cave in — either by paying SCO licensing fees or buying the firm out.
The strategy is not entirely illogical, and SCO’s efforts have met with some initial success. In mid-May, Microsoft, which considers Linux its main software rival, made headlines when it decided to purchase a Unix license from SCO. The sum Microsoft paid for the license was not disclosed but is thought to be around $10 million — pocket change for Microsoft. Microsoft says it purchased the license “to ensure [intellectual property] compliance across Microsoft solutions,” but many Linux advocates and industry observers view the move as an obvious flanking attack on its open-source competitor. The company denied any unseemly ulterior motives. “Our agreement with SCO is independent of any other industry action and solely designed for the benefit of our customers and our products,” a spokesman said in an e-mail.
Whatever Microsoft’s intentions, its involvement in the case clearly didn’t help SCO. Indeed, what’s interesting about this story is that, no matter what SCO does, virtually nobody in the industry appears to take the company seriously. SCO was likely not expecting this reaction; when you sue one of the world’s biggest firms for a billion dollars, you expect the world to give you some respect! Yet when SCO filed its case, people laughed. And when it threatened Linux users, and sold Microsoft on its plans, people still didn’t come around to SCO’s worldview. They only seemed to laugh some more.
Why isn’t the open-source software community cowering in the face of a billion-dollar lawsuit and a threat against all corporate users of Linux? Some part of their confidence has to do with the general weakness of SCO’s case. Even though SCO has hired David Boies as its attorney — the legal star whose past clients include Al Gore and Napster — few experts who’ve read SCO’s complaint consider the argument convincing. The case seemed to be further weakened on Wednesday, when Novell, the firm from which SCO says it purchased the copyrights to Unix, denied that it had sold any such thing to SCO.
But the reaction to SCO’s claims may also reveal a larger truth about Linux, one that goes beyond this specific case: Virtually no one is buying the line that Linux is an amateurish OS and that open-source software is unsafe and possibly illegal. Open-source advocates might not consider this consensus remarkable, but it is. For years, Microsoft has tried to push the notion that Linux offers none of the legal protections of proprietary software, and that companies should therefore be wary of it. But the widespread dismissal of SCO’s arguments proves that few people are taking those claims seriously. For most people, the idea that Linux is illegal seems absurd.
Indeed, in a quirk of fate, the SCO lawsuit may do more to ratify Linux’s ascendant position in the software universe than anything else. Amateurs tend not to create software that inspires billion-dollar lawsuits. SCO’s frantic scrambling to salvage something out of its Unix holdings — with Microsoft’s support — is the clearest sign yet that Linux has arrived.
The company now known as SCO is an amalgam of two firms: the original Santa Cruz Operation, a company founded in 1979 that mainly sold Unix software; and Caldera, which came along in 1994 and was chiefly a Linux vendor. For much of their lives, both firms were thought of as also-rans in their respective businesses. During the ’80s and ’90s, the old SCO tried to compete with the major Unix vendors like IBM, Hewlett-Packard, and Sun, but it didn’t do very well; it settled into what some have called the niche business of offering Unix on Intel servers. In the late 1990s, Caldera pitted itself against the host of Linux firms popping up during the brief period of stock-market enthusiasm for open-source software. Caldera didn’t do terribly — at least it survived, which is more than can be said of many other Linux companies. But the firm, which went public in March 2000, the very month in which the Dow and NASDAQ peaked, has been overshadowed by bigger Linux vendors like Red Hat.
In 2001, Caldera purchased SCO’s Unix business. The move puzzled many industry analysts — why was a Linux company buying a supposedly outdated Unix company? — but Caldera thought SCO had some unique assets that could be leveraged for its Linux business. SCO had cultivated an extensive list of Unix resellers who Caldera hoped could be switched to Linux. SCO’s Unix servers could also serve as a bridge, Caldera thought, for customers who had more high-end needs and who were wary of Linux’s then not-stellar performance. In effect, then, Caldera was trying to set itself up as a complete software shop for Intel users, one that catered to fans of both Unix and Linux. The combined company called itself Caldera International, but — in a way that tech firms sometimes do — it decided to change its name in 2002. It would now be called the SCO Group. (For folks keeping score, “SCO” doesn’t stand for “Santa Cruz Operation” any longer, and it’s to be pronounced not as three separate letters but as a word that rhymes with “fiasco.”)
A key question that has arisen in the SCO fight against IBM concerns the ownership of Unix code. This is a complicated issue, as it involves both a messy dispute of fact and a more philosophical argument over the very concept of owning software. The dispute of fact is this: SCO says that in 1995, it purchased the rights to the Unix source code from Novell, which had itself bought the code from AT&T, the original developer of Unix. Blake Stowell, a SCO spokesman, says that SCO enjoys all legal rights stemming from its purchase of Unix — the copyright to the Unix code as well as contracts with various Unix firms, including IBM, that spell out what can be done with the Unix code. In its lawsuit against IBM, SCO is only claiming a violation of those contracts, not of copyright, Stowell says.
Novell, though, sees the situation differently. “SCO is not the owner of the Unix copyrights,” Jack Messman, Novell’s CEO, wrote in a letter to SCO on Wednesday. “To Novell’s knowledge, the 1995 agreement governing SCO’s purchase of Unix from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected.”
Determining which of the firms is right isn’t easy. SCO says that the document it has from its 1995 deal with Novell indicates that SCO acquired all rights to the Unix code. So why would Novell say otherwise? According to SCO’s Stowell, there’s one section of this 1995 document that lists certain Novell assets that were to be “excluded” from the agreement, and the word “copyright” is listed in that section. The two companies disagree on the interpretation of this section of the 1995 agreement. SCO says this section is not important, and Novell says it is. It is a hyper-technical, legalistic fight, one that seems destined to be decided, in the end, by a cadre of expensively dressed lawyers. Stowell says SCO’s attorneys will be in touch with Novell’s attorneys to discuss the issue. But when asked about this claim, Bruce Lowry, a spokesman for Novell, said, “That’s the first we’re hearing of this.”
SCO says that the outcome of the fight over who owns the copyright for Unix code will have no bearing on its case against IBM, which concerns contracts, not copyrights. There is, though, a more substantive debate over Unix. Is it possible for any firm to claim complete ownership of an operating system that, as many veterans note, has always been marked by collaboration across organizations? This idea was most eloquently explained by Eric Raymond, the president of the Open Source Initiative, in a recent position paper he wrote on the SCO case.
“Even during the early days of Unix commercialization, the Unix code base was widely regarded as a commons worked by many hands,” Raymond wrote. “As time went on and Unix evolved, possession of an AT&T source license came to be seen as more a pro-forma gesture in the direction of history than a concession that AT&T’s intellectual property still contributed a dominating part of the value … Thus, the community of Unix hackers that had grown up around the pre-commercial releases never lost the conviction that, ethically, the Unix code belonged to them — the people who had the ideas and wrote the code — regardless of what the legal paperwork said.”
But when he was presented with this view, Chris Sontag, SCO’s vice president, rejected the idea. Invoking the recent Jayson Blair scandal at the New York Times, Sontag asked, “Is it appropriate for someone to take your work that you do for Salon and put it in another publication without attribution and with someone else’s name on it? The obvious answer is no. What if someone takes your research and the effort you put into your work and then munges it around — changes the paragraphs and the words around so it doesn’t look like it’s the same work, although it’s effectively your work? Is that appropriate? Still the answer is no.” Sontag says that this is essentially what happened to SCO — all the work that it had put into Unix has been compromised by Linux.
SCO’s case against IBM hinges on the idea that in the late 1990s, Linux seemed to get very good very fast. Too good, too fast — Linux, which could run only on single-processor machines when it was created in 1991, worked on high-performance platforms by the decade’s end. Open-source software developers take pride in such speedy development; it’s one of the main advantages of the open-source model, they say. But in SCO’s view, the fact that Linux evolved so quickly speaks to darker forces at work. Linux could simply not have improved the way it did without the help of IBM, SCO says, and everything IBM knew, it learned from SCO.
SCO’s attorneys lay out this argument in paragraph 84 of the company’s complaint: “Prior to IBM’s involvement,” they write, “Linux was the software equivalent of a bicycle. Unix was the software equivalent of a luxury car. To make Linux of necessary quality for use by enterprise customers, it must be re-designed so that Linux also becomes the software equivalent of a luxury car. This re-design is not technologically feasible or even possible at the enterprise level without (1) a high degree of design coordination, (2) access to expensive and sophisticated design and testing equipment; (3) access to Unix code, methods and concepts; (4) Unix architectural experience; and (5) a very significant financial investment.”
The complaint also says that engineers at IBM had access to SCO’s intellectual property because the two firms had once worked together on something called Project Monterey, a joint effort to create a Unix OS for a 64-bit Intel chip. The companies worked on the Monterey for a few years, but in 2001, SCO says, IBM told SCO it wanted out. Then, SCO says, “in violation of its obligations to SCO, IBM chose to use and appropriate for its own business the proprietary information obtained from SCO.” The complaint adds: “It is not possible for Linux to rapidly reach Unix performance standards for complete enterprise functionality without the misappropriation of Unix code, methods or concepts to achieve such performance, and coordination by a larger developer, such as IBM.”
An IBM spokesman declined to comment on the SCO case. The company’s legal response to SCO, however, leaves little doubt about IBM’s feelings: The filing is an almost comically terse list denying all but the most indisputable claims that SCO makes. For example, one line reads that IBM “denies the averments of paragraph 19, except admits that IBM markets a Unix software product under the trade name ‘AIX.’” IBM also candidly admits that its principal place of business is in New York, that it maintains an office in Salt Lake City, and that some of its microchips are more powerful than chips made by Intel. It gives no more ground than that, however.
“I’m no lawyer, but I suspect there is a little bit of aggressive flippancy in that response,” says Jonathan Eunice, an analyst at Illuminata, a technology research firm in New Hampshire. Eunice has been closely following the SCO case, and he says that IBM’s response “does signal a feeling that they think this is not a serious lawsuit. If IBM thought, ‘We may have a material problem here — golly, they may have a point!’ I think IBM would take it more obviously seriously.”
But Eunice does not believe that IBM has anything to worry about. He says there’s one word for SCO’s argument that Linux needed IBM to help it get where it is today: “Bullshit.” He continues, “Let’s say that IBM never touched Linux. So Linux would probably be less successful because IBM’s stamp of approval was key in getting corporate approval for it — but IBM doesn’t deserve much credit for the quality of the Linux kernel as its stands today. Both HP and IBM have contributed to the 2.6 version, the forthcoming version, so you could make a claim about a future version of Linux if you like. But for the current version — Linux got good fast long before IBM had a broad systematic commitment to it.”
The more difficult thing about SCO’s argument is that the company has not provided any proof supporting it. “They’ve made a general claim of infringement,” Eunice says, “but they have declined to say, ‘Here are the sections where there are problems.’”
Many in the open-source community have echoed this complaint — if SCO has found copied code, why won’t it prove it? In response, Sontag says that the company will soon try to address the issue. “What we’re talking about is showing Unix System V code, and we have strict confidentiality with that and it has to be maintained,” he says. “But we do realize and understand that people want to see that we have proof, and we are going to be making that proof available as soon as we can. We’ll probably make it available to some people” — for instance, financial analysts or reporters — “under NDA so they can make their own evaluations.” On Friday, SCO spokesman Stowell said that the firm would be conducting these meetings “all through June.” He said that people who sign a non-disclosure agreement and examine the code that SCO presents will be prevented from disclosing where in the Linux program the code in question appears; but the NDA would allow people to publicly say, in a general way, whether there was any merit to SCO’s claims.
What would happen if SCO confidentially presented its code to a panel of experts who then concluded that, indeed, SCO was right and Linux did have some copied stuff in it? Don Marti, the editor of the magazine Linux Journal, says, “I frankly don’t think that people are going to make that big of a deal of it — as soon as the actual evidence of what SCO claims to have been copied is out there, then those sections of Linux are going to be replaced with unambiguous original code effectively immediately.” This is, in fact, the beauty of open-source software — if there are problems with it you can fix them. But SCO worries that if Linux is washed of any plausibly copied code, it could lose its courtroom claims. “And that’s the apparent reason why SCO is sitting on the code,” Marti says. “The kernel developers, if they find out what it is, they’ll say, ‘We’ll re-implement it.’”
It might seem odd that SCO believed it could claim Linux to be an illegal derivative of its software without feeling the need to provide any proof. Did SCO really think that all those companies to whom it sent letters would change their technology without asking any questions?
Perhaps SCO really did think so. Not long ago, after all, when the likes of IBM, HP and other huge firms weren’t standing behind Linux, it might have been plausible that Linux posed a danger. If you were a lawsuit-fearing tech officer at a risk-averse firm, wouldn’t you shiver at the notion that your software was designed in such a way that “does not prevent inclusion of code that has been stolen outright”? Wouldn’t the following phrase scare you: “Legal liability that may arise from the Linux development process may also rest with the end user.”
What’s intriguing is that, according to many people in the Linux industry, SCO’s campaign has had no effect on the behavior of consumers. “I have not heard about anyone rethinking an order based on this,” says Larry Augustin, the chairman of VA Software. “I haven’t seen anyone express a fear. The only thing I have seen is people say we need to be careful about where source code comes from — and that statement was true in the past and it’s just as true now.”
Research analyst Eunice says, “I don’t think anyone knows how it’s going to play out, and I believe in the end it may start to be troublesome in sales. But I have not heard of any sales where it has been a problem so far. And I can easily see that where the customer may get antsy and say, ‘I don’t want to get sued if I buy this thing,’ what would happen in this case is it might only delay a sale. In the end I think IBM starts indemnifying its customers. It starts to say, ‘Listen, this is bullshit but we understand your concerns about this and if anything happens, we’ll take the hit for you.’”
And if IBM does do that, it would be quite a win for Linux; all those claims, so often casually mentioned by the likes of Microsoft, of Linux being somehow dangerous for business would be wiped away.
Raymond, the Open Source Initiative president, says that although he’s not privy to IBM’s strategy, he recently had an opportunity to speak to Dan Fry, who directs IBM’s Linux efforts. “I didn’t get the impression that they were going to settle this case,” Raymond says. “And I told Dan, ‘We want you to crush these guys. You go after them foot, horse and marines. And we will cheer.’”