Chrysler’s experience with Linux makes for a classic open-source software success story. By choosing the free, flexible operating system over a proprietary system, the company saved money and time; the story would make a good ad for Red Hat and IBM. And that’s probably why the SCO Group — the small software company in Linden, Utah, that has been Linux’s biggest detractor during the last year — decided to punish Chrysler.

SCO claims that Linux is actually an illegal derivative of the Unix operating system, which SCO says it owns. In a lawsuit filed on March 3, SCO accused DaimlerChrysler, Chrysler’s corporate parent, of violating the terms of a Unix license Chrysler signed in the 1980s — the violation, SCO suggested, stemmed from Chrysler’s adoption of Linux in place of Unix. At the same time, SCO sued AutoZone, the giant car parts retailer, which uses Linux in each of its 3,000 stores; SCO claims that by using Linux, AutoZone is “willfully” infringing upon SCO’s intellectual property.

To fans of Linux, SCO’s latest moves are both silly and a little bit scary. The company’s case is widely thought to be extremely weak. Of course, people say, SCO is never going to stop AutoZone and DaimlerChrysler from using Linux! But the scary part is that it might not matter much whether SCO’s case is weak, because even frivolous lawsuits demand an (often expensive) defense. Consequently, some in the open-source community wonder whether SCO’s case indicates a real cause for concern with free software.

“They sued AutoZone and DaimlerChrysler even though those companies didn’t do anything wrong and acted in good faith,” says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn’t write the code. But “because of a quirk in our legal system,” Egger says, “you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights.”

This is a problem, Egger says. Corporations take risks all the time, but they’re not fans of unquantifiable risks. Companies don’t want the free software they install today to become a hundred-million-dollar legal boondoggle five years from now. And that’s why what the open-source world could really use, Egger says, is a financial mechanism to measure and eliminate the “risk” associated with using software like Linux. There’s a word for such a complex-sounding system: “insurance.” And if you’re the IT manager at a big company and you’re thinking of installing Linux, Daniel Egger would like to sell you some coverage.

Egger is the founder of Open Source Risk Management, or OSRM, an innovative new firm that will soon begin offering insurance protection for Linux. At the cost of $30 per $1,000 of coverage, OSRM promises to defend Linux against all infringement claims, exactly the kind of suits that Chrysler and AutoZone are now facing. If SCO represents the biggest threat to Linux in its existence so far, then OSRM is a classic example of how the flexible open-source world reacts to every new threat — by innovating a new, widely distributed, from-the-bottom-up solution.

Insurance is crucial for Linux, Egger says. Unlike proprietary software, the free operating system is vulnerable to third-party infringement claims. When large corporations buy applications from proprietary software firms such as Microsoft, they are usually sold rock-solid “indemnification” packages — clauses that let the customer off the hook in the case of any legal question surrounding the software. But it’s not the same for Linux, which was written by many developers all over the world and can’t be guaranteed by a single firm. It wouldn’t be fair to ask Red Hat, say, to indemnify you of any claims against Linux, Egger points out. “You would be asking them to guarantee something which they have no more knowledge of than you do,” he says. “You’re asking them to do something where they might be in the position of having to guarantee what their competitors wrote.”

Egger believes that only a neutral firm can guarantee the legality of Linux, and only one that has strong ties to the developer community. In order to guarantee that Linux isn’t infringing on anyone else’s property, OSRM is inspecting the OS’s code with the help of many developers. The firm is being advised by such open-source gurus as Bruce Perens, and it has hired Pamela Jones, a paralegal who runs the popular Groklaw discussion site, to help with legal strategies. Jones is the pioneer of what she terms “open legal research” — complex legal research done in the open, on the Web, by groups of people with varied expertise in law and code. During the past year, Groklaw has been the center of such research aimed at thwarting the SCO case; Jones and others on Groklaw plan to do similar work for OSRM.

It’s these ties to the open-source community that make OSRM most interesting. The firm, says Bruce Perens, gives open-source developers a chance to stand by their work. “What we are saying is, for a very small amount per year we will put our money where our mouth is,” Perens says. IT managers “will not have to defend this use to their bosses again.”

There’s no evidence, yet, that SCO’s efforts against Linux have been effective. For several months, SCO has been asking corporate users of Linux to pay it for the right to use the free operating system — but in the first quarter of the fiscal year, the company only managed to sell $20,000 worth of licenses for Linux, which suggests that most firms don’t believe SCO’s claim that it owns Linux. (In order to sell these $20,000 worth of licenses, SCO spent about $3.4 million on litigation during the quarter.) Meanwhile, the Linux market seems as strong as ever. Don Marti, the editor of Linux Journal, points out, for example, that the Linux server business experienced double-digit growth during the past year.

But Marti also says that he knows of some companies that are at least delaying plans to migrate from Unix to Linux, which is understandable considering SCO’s attacks. Both AutoZone and DaimlerChrysler were once celebrated for their adoption of Linux; now they’re being sued for it. If you were a large corporation thinking about Linux, wouldn’t you wait until the dust settled?

Well, if you were a lawyer at one of those Linux-leaning corporations, one thing you might consider doing first is reading Groklaw. Groklaw was founded about a year ago by Pamela Jones, a paralegal and a techie who became intrigued by SCO’s $5 billion case against IBM. SCO claimed that IBM engineers had secretly stolen code from SCO’s Unix software and stuffed the code into Linux, making Linux an illegal copy of SCO’s property. Jones, who was skeptical of this claim, began blogging about it. “I thought maybe, in my wildest scenario, a hundred people would ever read what I was doing, and I was thinking exclusively of a blog, not a Web site,” Jones told Salon in an e-mail interview. “Blogs are more casual and have more leeway editorially. So I was just breezing along with panache, without a care in the world. It felt like I was writing ‘Dear Diary, today SCO did thus and so.’” But as the SCO case heated up, Jones saw her site catapulted into the spotlight — i.e., it was getting frequent links from Slashdot — and the content morphed into something more than breezy blogging. Soon, she says, groups of people with expertise in various areas of the law and software development began offering her tips, and in a short time these readers began working together on Groklaw projects aimed at undoing SCO’s case.

For example, in January, a group of Groklaw regulars published an exhaustive examination of a set of files in Unix System V called the Application Binary Interface; the team looked at the legal and technical history of these files, as well as SCO’s role in their development, in order to determine whether SCO could reasonably sue others for using the ABI files. Their conclusion: “I think you will see from this article alone that if SCO is planning to sue anyone over the ABI files, unless there are facts we haven’t unearthed, they seem to be leaning on a rickety bamboo reed.”

“I couldn’t do that definitive research without the community,” says Pamela Jones. “I don’t think IBM could either, for that matter. I believe we have established that there is no point in SCO pursuing the ABI files.”

Jones has been praised by just about everyone in the open-source world for her efforts to undermine SCO. Linus Torvalds, the creator of Linux, has said that Groklaw shows “how the open-source ideals end up working in the legal arena, too, and I think that has been very useful and made a few people sit up and notice.” Bruce Perens calls Jones “paralegal to the world.” Clay Shirky, the influential tech pundit, points out that “Groklaw may also be affecting the case in the courts, by helping IBM with a distributed discovery effort that they, IBM, could never accomplish on their own, no matter how many lawyers they throw at it.”

About the only party not happy with Groklaw is SCO. The firm’s CEO, Darl McBride, has publicly accused IBM of secretly funding Groklaw (Pamela Jones denies this.) In an interview with Salon, Blake Stowell, a spokesman for the firm, dismissed the idea that Groklaw can be a source for well-researched insight into the SCO case; in his view, much of what goes on at Groklaw is unabashed SCO-bashing. “One of Groklaw’s biggest roles is to provide an opinion,” Stowell said. “I think they have been successful in having an awful lot of people come to their site to gain an opinion on things. But it’s a very one-sided opinion, and if that’s the only thing that people read to gain an opinion on things they’re getting a very one-sided view.” Stowell doesn’t think that Groklaw has uncovered anything of lasting import legally. “I don’t think they’ve influenced at all what we’ve done in our lawsuit,” he said.

Reading through Groklaw, it’s certainly easy to see Stowell’s point. You’d be hard-pressed to find a pro-SCO word on the site, and, as on Slashdot or any other discussion board, “there’s a lot of chatter and noise in the comments,” notes Don Marti, of Linux Journal. But it’s also true that readers of Groklaw often point to valuable primary sources of new information concerning complex legal controversies, Marti says, and for a lawyer looking into Linux, these resources are probably very helpful.

It’s this aspect of Groklaw that attracted Egger, of OSRM. One part of establishing Linux’s legality in order to offer insurance for it, Egger says, is sorting out the complicated legacy of Unix; Egger considered Groklaw the perfect forum to conduct this research. “The history of Unix is very tangled and confused,” Egger says. Anybody who owns a bit of Unix can say, “There’s something in Linux that is similar, so I’m going to sue!”

That’s what SCO did, Egger says, “and if SCO can do this, there are about 30 other Unix product lines besides the ones that are in dispute in the SCO case, and we better find out what happened to those, who owns them and what happened to them.” Through OSRM, Egger will fund part of Jones’ work on building this “Unix timeline,” but all of the information the project digs up will be given to the public domain, Egger says. The timeline project will also include the work of hundreds of volunteers who asked to help after Jones announced it on Groklaw. In an article to be published in a forthcoming issue of Linux Journal, Jones says that the volunteers include “most of the published historians of Unix and many of the people who actually contributed to Unix in the first place.” She adds that one Groklaw reader has called her “the maintainer of the Linux anti-lawsuit kernel,” which Jones says is a “good description of what our project is all about.”

The core of the Linux operating system — the “kernel” — is made up of millions of lines of code written by programmers of varying ethical and professional obligations; it is not a piece of software designed to satisfy lawyers, as is probably the case with much of the code written at proprietary firms, but instead to satisfy developers. So how can OSRM ever be sure enough of what’s inside Linux — and of where it came from — to offer insurance for the system? Egger says that the company has launched an extensive “certification process” of the operating system. The process is labor intensive, but, he says, not all that difficult.

“We look at the origin of the code and make sure it was written by reputable people,” he says. “We make sure we know they weren’t involved in litigation, and that the companies they worked for agree that they were authorized to contribute this code to Linux. So we look at who wrote the code and what documentation there is around that.” OSRM also maintains a “huge database” of both proprietary and open code from other software, Egger says, and the company is comparing that code with the Linux code “to look for possible copying.” The company has not yet completed its certification of Linux, but so far, Egger says, “I have not found anything that would cause me to be concerned — it looks very, very clean.” But Egger adds that if he did find something, “we wouldn’t tell you — we would just quietly work with the developers to fix it.”

Egger considers this part of the process key to the success of OSRM. There are probably some in the open-source community who look askance at Egger’s project; part of the business of selling insurance for a product, after all, is convincing customers that there’s a risk associated with using that product, and many open-source developers don’t think there’s anything risky about using Linux. But Egger insists that he’s not looking to profit from weaknesses in Linux — and, indeed, he says he’ll do everything he can to work with Linux developers to make the system safe from legal attacks. “We’ll quietly identify places where better documentation, a better record will reduce the risk of future litigation,” he says. “We call it ‘papering the kernel.’ We’re engaged in these activities at a very high level. That’s the value of insurance companies — we’re involved with the community in risk mitigation activities, in developing best practices for reducing exposure, and in proactive research.” All of this, he says, makes Linux safer.

And slowly, fans of open-source software — even the ones who think SCO’s claims are bogus — are coming around to the idea that Linux has got to be made safer from third-party infringement suits. Last year, Pamela Jones was somewhat skeptical of the idea that open-source software needed legal protection; now, she’s changed her mind. “I haven’t changed my mind about the strength of the GPL, [GNU General Public License] which is what really protects you,” she notes. “But I became convinced, when I saw the stock price shooting up, that there will be copycat SCOs. I know my business enough to know that it is pretty much inevitable. Nuisance lawsuits are a fact of life. How do you protect against that threat?” OSRM, she says, offered “a way for the community to fight and win against future nuisance lawsuits … Nuisance lawsuits will come. So we must be realistic.”

Then Jones added this analogy: “When you buy insurance for your car, is it because you don’t trust the workmanship or have doubts if Ford had the rights to the machinery that built it? Or is it because you realistically know there are bad people in the world who might steal your car or your radio or scratch your windshield by throwing a rock at your car?

“It’s the same with software. There’s nothing dangerous about GNU/Linux software. What you need protection from is people, bad people.”

Labeling the political philosophy and legal strategies of the free-software movement “ill-founded” and “contrary to [the U.S.] system of copyright and patent laws,” McBride has been unafraid to frame his company’s legal battle as an all-or-nothing crusade. His bold statements are a major reason that the SCO-vs.-IBM battle has dominated open-source news coverage throughout 2003. Looking back at the “year in open source,” it might even seem that SCO was the only story anyone was paying attention to.

But while it’s true that the SCO-IBM battle does have long-term legal implications — a victory on SCO’s part would certainly jeopardize the popularity of Linux as a low-cost software tool for U.S. and European information technology (IT) departments — extending those implications to the world at large hits a stumbling block as soon as you consider the other major open-source storyline of 2003.

Here’s a brief recap: In March, the same month SCO filed its lawsuit, a Japanese daily newspaper, Nihon Keizai, revealed that more than 100 Asian software developers were meeting in Thailand to lay the groundwork for an Asian offshoot of Linux. In September, the month McBride launched his first open letter, which attacked “structural flaws” in the Linux development process, technology ministers from China and Korea confirmed joint plans to underwrite the earlier-mentioned localized version of Linux in the hopes of building a regional wireless network capable of supporting 200 million low-cost (that is, Linux-powered) devices.

And finally, in November, as McBride was preparing his latest open letter, Sun Microsystems CEO Scott McNealy announced to a Las Vegas Comdex audience that his company had forged a deal with the Chinese government to ship up to 1 million desktop versions of the Java Desktop System — Java tools bundled with Linux and the open-source StarOffice application suite — by the end of 2004, a deal that, when completed, would automatically make Sun a front-runner in the Linux desktop market.

“That’s not the only opportunity,” boasted McNealy, alluding to similar upcoming deals. “We’re out calling on every [technology] ministry on the planet.”

In other words, what we have here are two diverging storylines. In one, the future of open source is in jeopardy or, at the very least, a cause of division among corporations. In the other, open source is becoming a unifier of markets, governments and the companies eager to serve both. These warring realities offer as much proof as one could beg for that free software is relevant to today’s technology sector. And McBride is right — the future of the global economy is at stake. But as far as a vast portion of the world is concerned, SCO’s CEO is fighting for the wrong side.

Tossing aside the parochial biases of the U.S. news media, the split nature of open source’s growth trajectory is troubling, because it parallels the much more significant geopolitical schism that finally broke to the surface in 2003. If you take a look at the governments that have officially embraced open source over the past five years — governments in China, India, France, Germany and Brazil — you get a rough outline of the “against us” camp in the current Bush administration world view. The overlap isn’t perfect, of course, but it’s close enough to suggest both a linkage and a set of ideological tensions that go beyond the issues of terrorism and international security.

This tension was evident in the run-up to this month’s World Summit on the Information Society in Geneva. Hosted by the International Telecommunication Union, a U.N. agency, the WSIS was originally billed as a Kyoto-style gathering of government officials and nongovernmental organizations who wanted to address the “digital divide” separating citizens in technology-driven economies from their counterparts in the developing world. That billing proved ominous, however, as U.S. and non-U.S. contributors to the summit’s framing documents repeatedly clashed over language that would have put U.S. proprietary software corporations at a future disadvantage.

A good example of this clash was the summit’s draft “Plan of Action.” As recently as August, preliminary versions were calling on governments to “encourage” the “development and deployment of open-source software” as a way to facilitate access to information technology “at an affordable cost.” When U.S. representatives argued this encouragement overlapped with the regulatory power of the World Intellectual Property Organization, drafters neutered the language in the final document. Instead, they called on governments to “encourage research and promote awareness” of the “possibilities offered by different software models,” namely proprietary, open-source and free-software development models.

According to Evan Leibovitch, president of the Linux Professional Institute, a Canadian nonprofit that was one of only a few open-source advocacy groups to be represented at the summit’s trade fair, the similarities between Kyoto and Geneva are far from accidental.

“Countries are almost starting to look at open source as an environmental issue,” says Leibovitch, whose organization gave out more than 5,500 CDs containing free copies of Linux. “They can see for their own eyes, regardless of what anybody says to them, that open source is giving the ability to create jobs, to create opportunities, to create an IT industry independent of any outside control.”

Bob Rogers, founder and president of the Global Information Infrastructure Commission, a consortium of IT and telephony executives, and another summit attendee, sees the U.S./non-U.S. schism from a different viewpoint. As a former telephone company executive used to looking to the Federal Communications Commission for guidance, he has spent the better part of the past year tuning into alternate frequencies just to keep up with his overseas commissioners.

“This open-source issue has just become so big,” Rogers says. “I’m a telecom guy and I’m just inextricably being drawn into it.”

One way to look at the schism is to see it as an inevitable consequence of the global economic downturn triggered, in part, by the U.S. technology crash in early 2000. As was true in the last big slowdown, the Great Depression of the 1930s, governments have grown more aggressive in protecting their domestic markets. None, however, have broken away from the global marketplace as some did in the 1930s. The commitment to free trade remains strong in places like China, India and Brazil, where governments have learned to balance state socialism with market-based incentives.

Adopting the philosophy that the best defense is a good offense in the current global economy, these same countries have followed the Keynesian path of pouring money into infrastructure improvements as a spur for future economic growth. Viewed from this perspective, open source becomes almost a no-brainer: a way to build your domestic software industry on the cheap.

Ironically, it is the United States that has most closely followed the old 1930s recovery model. Steel tariffs, increased military spending, and the recent exclusionary economic moves in Iraq all have a decidedly “retro” feel, even if driven by necessity.

That such responses have been coupled with a hands-off policy on communications and information technology has already caught the attention of those, like Rogers, who prefer not to bash the White House but hate to see the United States lose a step in the global marketplace.

“You get somebody like the secretary of commerce speaking about things IT, and it feels like a speech somebody else has prepared,” says Rogers. “When it comes to tax cuts, though, he can speak off the cuff for minutes on end.”

Foreign observers such as Colin Teese, a former deputy trade secretary in the Australian government, are even more concerned. In a magazine column written last month, Teese lamented that the 1990s global economy is already breaking into three major trading blocs: Europe, the Americas and East Asia. If such a trend continues, he said, peripheral players who pledge allegiance to the world’s No. 1 economy by default might be doing their countries a disservice.

“Those countries which ignored the economic prescriptions of the English-speaking Western world have done better — in terms of economic growth — than those who followed them,” argues Teese. “It is hard to imagine that the U.S., whether or not it clings to its present economic policies, can hope to match the combined growth rates of the emerging Asian countries.”

Economic downturns and fears of Asian supremacy tend to run on the same periodic cycle. For all we know, another bubble might already be in place. China’s government spending and dodgy bank loans have already created a money mirage good enough to lure foreign investors with short memories of the dot-com collapse.

That said, a government that pays only $50 per Linux desktop can certainly spread its money a lot further than a government that insists on paying retail prices for, say, Microsoft Windows. The big question is already in place: Which government economic stimulus package will prove the wisest by the end of the decade?

Such questions are a long way removed from the SCO-vs.-IBM legal dispute, but they tie in well with the argument advanced by McBride: The middle ground is disappearing, and the future of the global economy is at stake. The only uncertainty is whether such a “stake” can be divvied up in the narrow confines of the U.S. judicial system.

On Aug. 5, SCO made its boldest claim yet: Because the company believes that everyone using Linux is illegally using SCO’s technology, the company released a price list detailing how much money Linux users should pay SCO if they want to continue using their beloved open-source OS without facing any legal troubles. SCO wants $199 for every desktop computer running Linux and $699 for every server (though that price will rise to $1,399 in October).

According to SCO, these prices are reasonable — Linux is, after all, a pretty good operating system. “We compared Linux to our Unixware product,” says Blake Stowell, a company spokesman, referring to SCO’s Unix-based server system. Since Unixware sells for $1,400, SCO determined that a Linux server at $700 would be a steal.

But wouldn’t Linux users balk at paying hundreds of dollars to use an operating system they’d long believed was free? SCO is unmoved by this question. To the people who thought they could get a good operating system for nothing, “I guess all I can say is, if it sounds too good to be true, it probably is,” Stowell says.

According to SCO, many major corporations have expressed interest in buying its Linux licenses, and one firm, a Fortune 500 company that SCO says “recognizes the importance of paying for SCO’s intellectual property,” even purchased licenses for its Linux servers. Blake Stowell says that terms of the deal prevent SCO from naming the company or disclosing how much money it paid, but he notes that SCO considers the amount “significant — it was not a small number.” He adds that he’s confident that the company will soon announce more sales, and “hopefully we’ll be able to name some of those companies.” On Thursday, SCO announced that during the third quarter of 2003, it made more than $7 million from its efforts to license its Unix code.

News that SCO has made some money selling rights to its code failed to convince many of its critics that the company has a valid case against Linux. “I think it’s amusing that they were willing to put out a press release for one licensee, and on top of that it’s a licensee who’s ashamed of doing business with SCO,” says Don Marti, the editor of Linux Journal.

Marti and other critics see the licensing announcement as just one more rhetorical escalation by the company — just about every week, SCO puts out statements crowing about another apparently trivial “development” in its case, an effort designed, open-source advocates say, to garner ever more public attention for its claim that using Linux is illegal and somehow dangerous. This is particularly galling to Linux devotees since, in their view, SCO has not publicly provided any real evidence of infringing code in Linux.

In the first few months after SCO filed its case, many large firms selling open-source software seemed to be staying out of the imbroglio; even IBM was not very vocal in its defense of Linux. But on Aug. 6, IBM filed a forceful countersuit in the SCO case, charging SCO with violating IBM’s own software patents and with causing unnecessary harm to IBM’s Unix and Linux businesses.

In an argument that many others in the open-source community have long been making, IBM also noted that because SCO had itself once sold a version of Linux under the GPL (General Public License) for open-source software, it had explicitly disclaimed any rights to all code in Linux. (On Thursday, the Wall Street Journal reported that SCO’s lawyers plan to argue that the GPL violates copyright law and is therefore invalid.) On Aug. 4, Red Hat, the top Linux company, also filed suit against SCO. The company claimed that SCO’s public comments had damaged Red Hat’s business, and it asked a judge to issue a declaratory judgment stating that Red Hat’s products do not infringe on any of SCO’s copyrights.

The lawsuits — both the SCO-IBM case and Red Hat’s separate suit — are destined to be long-term affairs, and to the extent that SCO is successful at creating actual uncertainty in the marketplace regarding the legality of Linux, the worries are going to linger. So far, according to almost every reliable expert on the matter, Linux users don’t seem to be very nervous. But if SCO keeps up its rhetorical war — and especially if a few more big firms decide to pay SCO off just to make it go away — Linux could face some problems in the marketplace. Risk-averse corporations, especially, might think twice about using the system.

“It really wouldn’t make sense for a company to rip out its Linux servers and put something else in right now,” says Gordon Haff, the tech analyst who contrasted this case with the O.J. trial (Haff works at Illuminata, a research firm in New Hampshire). “But if they’re thinking of a Linux rollout a year from now and they’re also considering alternatives like Windows and maybe Solaris and others, then they might consider this small risk associated with Linux.”

Can IBM, Red Hat and other Linux firms successfully combat SCO’s claims in the media? Foes of open-source software — with Microsoft taking the lead — have long been saying essentially what SCO says now: If Linux seems too good to be true, maybe it is. Maybe there’s a catch to it. Maybe using it could land you in trouble. And maybe paying for your operating system is not such a bad idea after all.

It is not quite true, as SCO’s opponents say, that the company has refused to provide any proof of its claims. Since June, SCO has been offering to show its code to anyone willing to sign a strict nondisclosure agreement requiring them to keep what SCO presents confidential. But by many accounts, this provision has greatly limited the number of qualified people who can see the code.

According to Ian Lance Taylor, one developer willing to sign the NDA, the contract prevents the signer from revealing anything you see in SCO’s presentation, even code that you previously knew about. People who work on Linux, then, would not be able to sign the NDA, “as it easily could prevent them from ever again working on the kernel,” Taylor wrote in an account of his visit to SCO’s headquarters that was published in Linux Journal in June.

Taylor’s article, which was cited in many blogs and discussion sites, has become proof to some people that SCO is blowing smoke. Chris Sontag, a vice president at SCO, showed Taylor two source files — one he claimed was from SCO’s Unix code, and one from Linux. “The identical portions of the code were highlighted,” Taylor wrote. “There were indeed substantial similarities in the code: very similar comment text, the same variable names, the same algorithm. There also were some differences, but it seemed quite plausible that both pieces of code came from the same source.” But SCO refused to show Taylor a “revision history” of the files, meaning that it was impossible for him to tell which code appeared where first. Was the code in the Linux file taken from the Unix file, or was it the other way around?

Taylor noticed another chink in SCO’s argument: “The code is fairly trivial — the kind of stuff I wrote in school,” he wrote in Linux Journal. “The similar portions of the code were some 80 lines or so. Looking around the Net, I found close variants of the code, with the same comments and variable names, in sources other than Linux distributions. The code is not in a central part of the Linux kernel. The code does not appear to have been contributed to Linux by SCO or Caldera. The code exists in current versions of the Linux kernel.” (Taylor also added that “SCO’s example unsettled me by what it implies. Although in itself trivial, it does suggest that some Linux contributors may have been careless about copyright infringement. That is unfortunate.”) In an interview, Taylor said that SCO told him there were many more examples of infringing code, but he wonders, he said, “why they wouldn’t lead with their best stuff.”

When asked about reactions like Taylor’s, Blake Stowell, of SCO, gave a puzzling answer. Many of the people who have been unimpressed by SCO’s presentation “have not been developers,” he said, and they may not have understood the importance of what they were seeing. (Taylor, in fact, is a developer.) Stowell then pointed to several technology analysts who had seen the code and came away thinking that SCO could possibly have a case — but none of these people are developers.

One analyst Stowell cited was Laura DiDio, of the Yankee Group. DiDio, a personable woman who has been covering technology for decades, first as a journalist and then as an analyst, says that one of her strengths is that “I call it as I see it — I have no qualms about criticizing any vendor.” And when it comes to companies who have bet their fortunes on Linux and other open-source software, Didio says she sees much to criticize.

“The thing about Linux is, you can talk about a free, open operating system all you want, but you can’t take that idea of free and open and put it into a capitalist system and maintain it as though it is some kind of hippie commune or ashram,” she said in a phone interview from her home in Massachusetts. “Because if you can do it like that, at that point I’m like, ‘Pass the hookah please!’”

DiDio did not sign an NDA to see SCO’s code — doing so is against the Yankee Group’s policy — but she says she did give the company her word that she would not violate the terms of the agreement. It is not clear whether she was shown the same code that Taylor was shown, but she was slightly more impressed by what she saw. “It appeared as though the Unix System V code” — that is, SCO’s code — “complete with the developer notes had been copied and pasted right into Linux,” she said. “OK now, that said, that is not empirical proof of anything. It’s just what it looked like to me, and they showed us snippets of things, so I can’t state with absolute certainty what it meant. But what I came away thinking was that if this is what it appeared to be, then SCO has a credible case.”

Taylor and DiDio did not react especially differently to SCO’s presentation; they both say that what they saw did not either prove or disprove SCO’s case, and they only appear to differ in which side they’re more willing to accord the benefit of the doubt. At the very least, it can be said that SCO’s case is not cut and dried — but neither, it seems, will IBM’s case be a slam dunk.

But DiDio makes an additional argument: If SCO is right, she says, then Linux customers all over the world could be in hot water. Why, then, aren’t IBM, Red Hat and other Linux vendors addressing this apparent risk with their customers? She notes that “neither IBM nor Red Hat are offering their customers any indemnification” — that is, insurance against the lawsuits threatened by SCO or, for that matter, any other company that might come along at some point to claim that Linux might be infringing on a copyright. “Why is the world’s No. 1 computer company not willing to offer any type of indemnification for Linux? Why are they not saying so publicly? They’re afraid that they could lose, and so if they lose that would be a very big payout.” What does it say about Linux if the big companies who sell it aren’t willing to warrant that it’s legal?

Red Hat, despite repeated requests, was not available for comment on the SCO case. When asked about indemnification, Trink Guarino, a spokeswoman for IBM, said that because Linux is an open-source program, “no single company provides it, and users understand that there are no warranties or indemnities that come with it, and that no single company can indemnify it.” Guarino also sent Salon an internal memo that IBM’s executives recently sent to its sales team. The letter tells salespeople that they should inform customers that SCO’s case is baseless and that they have nothing to fear from Linux. “Make no mistake, SCO will continue to look for ways to create fear, uncertainty and doubt — FUD, not facts, remains the focus of SCO’s efforts,” Bob Samson, an IBM vice president, wrote. “As the lawsuit continues, understand that the industry will resolve it. In the meantime, if you get questions, as always, send them to this ID or contact your local counsel.”

But if IBM truly believed that SCO’s case was FUD, Laura DiDio wonders, why isn’t it telling its customers that it will assume any legal risks they incur in using it? DiDio notes that this is a standard practice for proprietary operating system sales. “If Linux is going to take its place as an enterprise server and desktop operating system alongside Unix and Windows and Netware and Apple Macintosh, it has got to be certified ready and worthy not just from a technical standpoint but from a business standpoint,” she says.

What DiDio does not note, though, is that indemnification, like any form of insurance, costs money. Part of the reason proprietary operating systems cost as much as they do is that the companies you purchase them from pay for this insurance and then they pass the cost on to customers. And for software released under the GPL, indemnification might cost more — not because open-source software carries any measurably greater risk, but because, in a highly technical, actuarial sense, the risks associated with open-source software might just be harder to calculate, says Gordon Haff. If IBM and Red Hat refuse to indemnify their customers, they’re not necessarily saying they believe their customers are at risk; “they’re saying that there are unknowable things in the world — including potential intellectual property issues — and for them to stand up and offer a potentially open-ended indemnification would be fiscally irresponsible,” he says. “I think executives and lawyers get very nervous about indemnification clauses.”

That may be a reasonable explanation for why Linux comes without indemnification, but it is not one likely to satisfy folks who might be just a bit wary about using the free OS when, every day, SCO is calling it illegal. If you keep using Linux and then, contrary to all expectations, SCO wins big in court, could you find yourself owing SCO a great deal? How much will you be liable for if you simply ignore SCO?

“I’m confident you’ll owe nothing,” says Lawrence Rosen, the general counsel of the Open Source Initiative. Under several theories of law, even if SCO wins against IBM, it will not be able to recoup money from users of Linux, he says.

For one thing, Rosen says, if IBM pays SCO its damages, then SCO is, in a legal sense, no longer damaged — and can’t claim money from anybody else. “There’s a principle in the law that says that you can’t double dip for your damages,” Rosen says. “Lets suppose that you get into a three-car pileup and you sue one driver and he pays you out in full. Are you entitled to sue the other car? No. That would be paying twice for your damages.”

If SCO proves and wins its case, then you, as the buyer of Linux, will have essentially purchased stolen goods — though you believed it to be legitimate. Can someone sue you for using a product that you believed was legal but that later turned out to be stolen? That’s unlikely, Rosen says. “This is unlike the big debate that’s going on in music,” he says. “Remember, you’re not an infringer just because you played a piece of copied music — you’re an infringer because you copied it or distributed it. With Linux, you’re typically just using it, not selling it or copying it. If I’m just using it, how am I infringing?”

Rosen’s position seems logical, and if you’re using Linux, there appears to be little to fear. SCO can’t get you just for running an operating system, even if it insists that it can, and even if IBM won’t indemnify you against its lawsuits.

But there is still a risk for Linux, Rosen says: It’s that, in the apparent uncertainty created by SCO and others, people just don’t know whom to believe. “I think that’s the real problem of the SCO lawsuit is that it raised all these concerns,” he say. “A company or a product has to deal with fear — fear exploited by its enemies, its competitors. This fear has to be explained away by the company. What we have to do is tell people, ‘Look, software is written by human beings and human beings do things — and we are undertaking a process to minimize risks.’”

The question for Linux is, can people overcome the fear?

Specifically, the company determined that some source code in Linux had a lot in common with code in Unix — and SCO says that in 1995, it purchased rights to all the original Unix source code from the software firm Novell. In other words, SCO believes that Linux, an OS that can be freely copied and modified by anyone, is illegal. Linux is, SCO says, “an unauthorized derivative of Unix.” If SCO’s accusations are affirmed in court, the millions of companies and individual users who have increasingly built their lives around Linux over the last decade might have to start scrambling for an alternative or face costly penalties.

But that was not all. During its examination of Linux source code, SCO says it found that it could trace what it believes was Unix code in Linux to one of its longtime partners in the Unix business: IBM. Sontag says that SCO immediately tried to notify IBM of copyright violations in Linux, but “we effectively got no response.” So on March 7, SCO filed suit against IBM, alleging “misappropriation of trade secrets, tortious interference, unfair competition and breach of contract.” In its complaint, SCO claims that IBM took parts of SCO’s Unix code and illegally inserted the code into Linux. Last month, to warn end users about its findings, SCO sent about 1,500 corporate Linux customers a letter saying they could be in legal hot water if they continued to use Linux, which SCO told them was “developed by improper use of proprietary methods and concepts.”

SCO’s war on Linux has become a hot topic in open-source circles, inspiring heated discussions on developer listservs and almost daily posts on Slashdot. Opinion in these forums, as well as among more dispassionate industry observers, runs about 99 percent anti-SCO. Nobody believes Sontag’s story, and it’s not hard to see why. SCO’s version of the history of Unix and Linux — as the company has explained it to reporters and as it outlines in its legal complaint against IBM — comes off as a one-sided and self-serving account. Critics say the company misstates and exaggerates its own contributions to Unix, and SCO has yet to provide a single example of infringing code it says it has found in Linux.

Industry watchers have attributed SCO’s actions to economic desperation. The firm’s products have not been doing well recently; the company lost about $25 million last year. SCO now has a stated goal of trying to make money by selling licenses to its Unix intellectual property, and critics see the IBM suit as perhaps only the first of many litigious efforts SCO will attempt. IBM intends to fight the case, but SCO may hope that escalating its rhetoric will make business for Linux companies so difficult that they’ll cave in — either by paying SCO licensing fees or buying the firm out.

The strategy is not entirely illogical, and SCO’s efforts have met with some initial success. In mid-May, Microsoft, which considers Linux its main software rival, made headlines when it decided to purchase a Unix license from SCO. The sum Microsoft paid for the license was not disclosed but is thought to be around $10 million — pocket change for Microsoft. Microsoft says it purchased the license “to ensure [intellectual property] compliance across Microsoft solutions,” but many Linux advocates and industry observers view the move as an obvious flanking attack on its open-source competitor. The company denied any unseemly ulterior motives. “Our agreement with SCO is independent of any other industry action and solely designed for the benefit of our customers and our products,” a spokesman said in an e-mail.

Whatever Microsoft’s intentions, its involvement in the case clearly didn’t help SCO. Indeed, what’s interesting about this story is that, no matter what SCO does, virtually nobody in the industry appears to take the company seriously. SCO was likely not expecting this reaction; when you sue one of the world’s biggest firms for a billion dollars, you expect the world to give you some respect! Yet when SCO filed its case, people laughed. And when it threatened Linux users, and sold Microsoft on its plans, people still didn’t come around to SCO’s worldview. They only seemed to laugh some more.

Why isn’t the open-source software community cowering in the face of a billion-dollar lawsuit and a threat against all corporate users of Linux? Some part of their confidence has to do with the general weakness of SCO’s case. Even though SCO has hired David Boies as its attorney — the legal star whose past clients include Al Gore and Napster — few experts who’ve read SCO’s complaint consider the argument convincing. The case seemed to be further weakened on Wednesday, when Novell, the firm from which SCO says it purchased the copyrights to Unix, denied that it had sold any such thing to SCO.

But the reaction to SCO’s claims may also reveal a larger truth about Linux, one that goes beyond this specific case: Virtually no one is buying the line that Linux is an amateurish OS and that open-source software is unsafe and possibly illegal. Open-source advocates might not consider this consensus remarkable, but it is. For years, Microsoft has tried to push the notion that Linux offers none of the legal protections of proprietary software, and that companies should therefore be wary of it. But the widespread dismissal of SCO’s arguments proves that few people are taking those claims seriously. For most people, the idea that Linux is illegal seems absurd.

Indeed, in a quirk of fate, the SCO lawsuit may do more to ratify Linux’s ascendant position in the software universe than anything else. Amateurs tend not to create software that inspires billion-dollar lawsuits. SCO’s frantic scrambling to salvage something out of its Unix holdings — with Microsoft’s support — is the clearest sign yet that Linux has arrived.

The company now known as SCO is an amalgam of two firms: the original Santa Cruz Operation, a company founded in 1979 that mainly sold Unix software; and Caldera, which came along in 1994 and was chiefly a Linux vendor. For much of their lives, both firms were thought of as also-rans in their respective businesses. During the ’80s and ’90s, the old SCO tried to compete with the major Unix vendors like IBM, Hewlett-Packard, and Sun, but it didn’t do very well; it settled into what some have called the niche business of offering Unix on Intel servers. In the late 1990s, Caldera pitted itself against the host of Linux firms popping up during the brief period of stock-market enthusiasm for open-source software. Caldera didn’t do terribly — at least it survived, which is more than can be said of many other Linux companies. But the firm, which went public in March 2000, the very month in which the Dow and NASDAQ peaked, has been overshadowed by bigger Linux vendors like Red Hat.

In 2001, Caldera purchased SCO’s Unix business. The move puzzled many industry analysts — why was a Linux company buying a supposedly outdated Unix company? — but Caldera thought SCO had some unique assets that could be leveraged for its Linux business. SCO had cultivated an extensive list of Unix resellers who Caldera hoped could be switched to Linux. SCO’s Unix servers could also serve as a bridge, Caldera thought, for customers who had more high-end needs and who were wary of Linux’s then not-stellar performance. In effect, then, Caldera was trying to set itself up as a complete software shop for Intel users, one that catered to fans of both Unix and Linux. The combined company called itself Caldera International, but — in a way that tech firms sometimes do — it decided to change its name in 2002. It would now be called the SCO Group. (For folks keeping score, “SCO” doesn’t stand for “Santa Cruz Operation” any longer, and it’s to be pronounced not as three separate letters but as a word that rhymes with “fiasco.”)

A key question that has arisen in the SCO fight against IBM concerns the ownership of Unix code. This is a complicated issue, as it involves both a messy dispute of fact and a more philosophical argument over the very concept of owning software. The dispute of fact is this: SCO says that in 1995, it purchased the rights to the Unix source code from Novell, which had itself bought the code from AT&T, the original developer of Unix. Blake Stowell, a SCO spokesman, says that SCO enjoys all legal rights stemming from its purchase of Unix — the copyright to the Unix code as well as contracts with various Unix firms, including IBM, that spell out what can be done with the Unix code. In its lawsuit against IBM, SCO is only claiming a violation of those contracts, not of copyright, Stowell says.

Novell, though, sees the situation differently. “SCO is not the owner of the Unix copyrights,” Jack Messman, Novell’s CEO, wrote in a letter to SCO on Wednesday. “To Novell’s knowledge, the 1995 agreement governing SCO’s purchase of Unix from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected.”

Determining which of the firms is right isn’t easy. SCO says that the document it has from its 1995 deal with Novell indicates that SCO acquired all rights to the Unix code. So why would Novell say otherwise? According to SCO’s Stowell, there’s one section of this 1995 document that lists certain Novell assets that were to be “excluded” from the agreement, and the word “copyright” is listed in that section. The two companies disagree on the interpretation of this section of the 1995 agreement. SCO says this section is not important, and Novell says it is. It is a hyper-technical, legalistic fight, one that seems destined to be decided, in the end, by a cadre of expensively dressed lawyers. Stowell says SCO’s attorneys will be in touch with Novell’s attorneys to discuss the issue. But when asked about this claim, Bruce Lowry, a spokesman for Novell, said, “That’s the first we’re hearing of this.”

SCO says that the outcome of the fight over who owns the copyright for Unix code will have no bearing on its case against IBM, which concerns contracts, not copyrights. There is, though, a more substantive debate over Unix. Is it possible for any firm to claim complete ownership of an operating system that, as many veterans note, has always been marked by collaboration across organizations? This idea was most eloquently explained by Eric Raymond, the president of the Open Source Initiative, in a recent position paper he wrote on the SCO case.

“Even during the early days of Unix commercialization, the Unix code base was widely regarded as a commons worked by many hands,” Raymond wrote. “As time went on and Unix evolved, possession of an AT&T source license came to be seen as more a pro-forma gesture in the direction of history than a concession that AT&T’s intellectual property still contributed a dominating part of the value … Thus, the community of Unix hackers that had grown up around the pre-commercial releases never lost the conviction that, ethically, the Unix code belonged to them — the people who had the ideas and wrote the code — regardless of what the legal paperwork said.”

But when he was presented with this view, Chris Sontag, SCO’s vice president, rejected the idea. Invoking the recent Jayson Blair scandal at the New York Times, Sontag asked, “Is it appropriate for someone to take your work that you do for Salon and put it in another publication without attribution and with someone else’s name on it? The obvious answer is no. What if someone takes your research and the effort you put into your work and then munges it around — changes the paragraphs and the words around so it doesn’t look like it’s the same work, although it’s effectively your work? Is that appropriate? Still the answer is no.” Sontag says that this is essentially what happened to SCO — all the work that it had put into Unix has been compromised by Linux.

SCO’s case against IBM hinges on the idea that in the late 1990s, Linux seemed to get very good very fast. Too good, too fast — Linux, which could run only on single-processor machines when it was created in 1991, worked on high-performance platforms by the decade’s end. Open-source software developers take pride in such speedy development; it’s one of the main advantages of the open-source model, they say. But in SCO’s view, the fact that Linux evolved so quickly speaks to darker forces at work. Linux could simply not have improved the way it did without the help of IBM, SCO says, and everything IBM knew, it learned from SCO.

SCO’s attorneys lay out this argument in paragraph 84 of the company’s complaint: “Prior to IBM’s involvement,” they write, “Linux was the software equivalent of a bicycle. Unix was the software equivalent of a luxury car. To make Linux of necessary quality for use by enterprise customers, it must be re-designed so that Linux also becomes the software equivalent of a luxury car. This re-design is not technologically feasible or even possible at the enterprise level without (1) a high degree of design coordination, (2) access to expensive and sophisticated design and testing equipment; (3) access to Unix code, methods and concepts; (4) Unix architectural experience; and (5) a very significant financial investment.”

The complaint also says that engineers at IBM had access to SCO’s intellectual property because the two firms had once worked together on something called Project Monterey, a joint effort to create a Unix OS for a 64-bit Intel chip. The companies worked on the Monterey for a few years, but in 2001, SCO says, IBM told SCO it wanted out. Then, SCO says, “in violation of its obligations to SCO, IBM chose to use and appropriate for its own business the proprietary information obtained from SCO.” The complaint adds: “It is not possible for Linux to rapidly reach Unix performance standards for complete enterprise functionality without the misappropriation of Unix code, methods or concepts to achieve such performance, and coordination by a larger developer, such as IBM.”

An IBM spokesman declined to comment on the SCO case. The company’s legal response to SCO, however, leaves little doubt about IBM’s feelings: The filing is an almost comically terse list denying all but the most indisputable claims that SCO makes. For example, one line reads that IBM “denies the averments of paragraph 19, except admits that IBM markets a Unix software product under the trade name ‘AIX.’” IBM also candidly admits that its principal place of business is in New York, that it maintains an office in Salt Lake City, and that some of its microchips are more powerful than chips made by Intel. It gives no more ground than that, however.

“I’m no lawyer, but I suspect there is a little bit of aggressive flippancy in that response,” says Jonathan Eunice, an analyst at Illuminata, a technology research firm in New Hampshire. Eunice has been closely following the SCO case, and he says that IBM’s response “does signal a feeling that they think this is not a serious lawsuit. If IBM thought, ‘We may have a material problem here — golly, they may have a point!’ I think IBM would take it more obviously seriously.”

But Eunice does not believe that IBM has anything to worry about. He says there’s one word for SCO’s argument that Linux needed IBM to help it get where it is today: “Bullshit.” He continues, “Let’s say that IBM never touched Linux. So Linux would probably be less successful because IBM’s stamp of approval was key in getting corporate approval for it — but IBM doesn’t deserve much credit for the quality of the Linux kernel as its stands today. Both HP and IBM have contributed to the 2.6 version, the forthcoming version, so you could make a claim about a future version of Linux if you like. But for the current version — Linux got good fast long before IBM had a broad systematic commitment to it.”

The more difficult thing about SCO’s argument is that the company has not provided any proof supporting it. “They’ve made a general claim of infringement,” Eunice says, “but they have declined to say, ‘Here are the sections where there are problems.’”

Many in the open-source community have echoed this complaint — if SCO has found copied code, why won’t it prove it? In response, Sontag says that the company will soon try to address the issue. “What we’re talking about is showing Unix System V code, and we have strict confidentiality with that and it has to be maintained,” he says. “But we do realize and understand that people want to see that we have proof, and we are going to be making that proof available as soon as we can. We’ll probably make it available to some people” — for instance, financial analysts or reporters — “under NDA so they can make their own evaluations.” On Friday, SCO spokesman Stowell said that the firm would be conducting these meetings “all through June.” He said that people who sign a non-disclosure agreement and examine the code that SCO presents will be prevented from disclosing where in the Linux program the code in question appears; but the NDA would allow people to publicly say, in a general way, whether there was any merit to SCO’s claims.

What would happen if SCO confidentially presented its code to a panel of experts who then concluded that, indeed, SCO was right and Linux did have some copied stuff in it? Don Marti, the editor of the magazine Linux Journal, says, “I frankly don’t think that people are going to make that big of a deal of it — as soon as the actual evidence of what SCO claims to have been copied is out there, then those sections of Linux are going to be replaced with unambiguous original code effectively immediately.” This is, in fact, the beauty of open-source software — if there are problems with it you can fix them. But SCO worries that if Linux is washed of any plausibly copied code, it could lose its courtroom claims. “And that’s the apparent reason why SCO is sitting on the code,” Marti says. “The kernel developers, if they find out what it is, they’ll say, ‘We’ll re-implement it.’”

It might seem odd that SCO believed it could claim Linux to be an illegal derivative of its software without feeling the need to provide any proof. Did SCO really think that all those companies to whom it sent letters would change their technology without asking any questions?

Perhaps SCO really did think so. Not long ago, after all, when the likes of IBM, HP and other huge firms weren’t standing behind Linux, it might have been plausible that Linux posed a danger. If you were a lawsuit-fearing tech officer at a risk-averse firm, wouldn’t you shiver at the notion that your software was designed in such a way that “does not prevent inclusion of code that has been stolen outright”? Wouldn’t the following phrase scare you: “Legal liability that may arise from the Linux development process may also rest with the end user.”

What’s intriguing is that, according to many people in the Linux industry, SCO’s campaign has had no effect on the behavior of consumers. “I have not heard about anyone rethinking an order based on this,” says Larry Augustin, the chairman of VA Software. “I haven’t seen anyone express a fear. The only thing I have seen is people say we need to be careful about where source code comes from — and that statement was true in the past and it’s just as true now.”

Research analyst Eunice says, “I don’t think anyone knows how it’s going to play out, and I believe in the end it may start to be troublesome in sales. But I have not heard of any sales where it has been a problem so far. And I can easily see that where the customer may get antsy and say, ‘I don’t want to get sued if I buy this thing,’ what would happen in this case is it might only delay a sale. In the end I think IBM starts indemnifying its customers. It starts to say, ‘Listen, this is bullshit but we understand your concerns about this and if anything happens, we’ll take the hit for you.’”

And if IBM does do that, it would be quite a win for Linux; all those claims, so often casually mentioned by the likes of Microsoft, of Linux being somehow dangerous for business would be wiped away.

Raymond, the Open Source Initiative president, says that although he’s not privy to IBM’s strategy, he recently had an opportunity to speak to Dan Fry, who directs IBM’s Linux efforts. “I didn’t get the impression that they were going to settle this case,” Raymond says. “And I told Dan, ‘We want you to crush these guys. You go after them foot, horse and marines. And we will cheer.’”