SCO's Lawsuit Sends a Warning to Linux
16 April 2003
Document Type: Research Note
Note Number: E-19-7659
The SCO Group's suit against IBM could be a way to make SCO a more attractive takeover target. Two key questions are whether Linux is safe from encumbrances and how IBM will ensure AIX's future.
What You Need to Know
IS departments using Linux or other open-source code should have an internal process, possibly with advice from their legal departments, to perform due diligence (see Note 1) on the nature and origin of open-source code for possible infringement of patents. System administrators must be admonished to submit open-source code to inspection for potential violation of patents. An open-source quality assurance process should determine and approve allowable code for production systems. Such efforts may slow adoption of Linux in high-end production systems of critical applications.
If IBM is found to be in violation according to the complaint, its options will be to settle on a compromise in damages or to buy out SCO. It is unlikely IBM will acquire SCO and add to an already complex portfolio with SCO's aging OSs, especially with Linux as IBM's mainstream direction. However, IBM is committed to protect its users and maintain Unix license rights. Thus, IBM would opt for a settlement (0.8 probability if the suit is upheld).
Regardless of the outcome of the suit, SCO has lost significant goodwill in the Linux community. SCO's lawsuit can be construed as an attempt to raise shareholder value through claims of intellectual-property infringement or to pressure IBM into an acquisition. If the SCO lawsuit is not upheld, the SCO installed base would face a potentially weakened SCO and should then plan for migration from OpenServer and UnixWare within the next five years.
On 7 March 2003, the SCO Group, which holds all the intellectual property rights to the Unix operating system (OS), filed suit against IBM for more than $1 billion in the State Court of Utah alleging that IBM made "concentrated efforts to improperly destroy the economic value of Unix, particularly Unix on Intel, to benefit IBM's new Linux services business."
The SCO complaint alleges that IBM deliberately undermined and sought to destroy the market value of Unix in the enterprise market to promote Linux. The complaint claims that IBM was privy to trade secrets, in part from the Monterey project, which was aimed at developing an enterprise version of Unix for Intel. The complaint further claims that IBM abandoned Monterey for Linux and contributed Unix code to the open-source community. SCO claims misappropriation of trade secrets, unfair competition and breach of contract.
IBM has stated that its Unix license is expressly worded as "irrevocable and perpetual." However, SCO believes it has grounds to revoke IBM's AIX license contract because IBM made parts of the System V code in AIX available to the open-source community, and SCO claims that "irrevocable and perpetual" only apply if the conditions on misappropriation are not violated.
In addition, SCO has cautioned Linux users who may knowingly or unknowingly have used SCO's shared libraries in enabling Unix applications to run under Linux. Although Linux distributors such as Red Hat are denying this, Red Hat, like most other independent software vendors, uses indemnification clauses in the end-user license agreement to absolve itself from liability or damages based on the content of the software. SCO has indicated that the libraries are available from SCO for $149, or lower with discounts. The most exposed Unix vendor is IBM. Hewlett-Packard has a different type of agreement, according to SCO, but also includes a misappropriation restriction on the source. Sun Microsystems made a buyout, but with an agreement not to make source code available.
SCO maintains that IBM has offered code from AIX, which included SCO's intellectual property, to the Linux open-source community to build Linux into an enterprise OS, and effectively killed SCO's Unix market for Intel. The Monterey project, in 2000, was an initiative through which IBM, SCO, Intel and original equipment manufacturers were to produce a single-source, high-volume Unix for IA-64. At the time, Linux was still too immature to determine its fate as an enterprise OS, but, according to SCO, with IBM's contributions, Linux has rapidly progressed into an enterprise-capable OS. Nevertheless, SCO could have also benefited from the rise of Linux. SCO's claim against IBM of theft of intellectual property contributed during Monterey for a high-end Unix OS for Intel is arguable. Sequent (later acquired by IBM) was another member of the Monterey Project that had expertise in high-end Unix capability for scalable Intel servers — for example, nonuniform memory access (NUMA) scaling. However, Sequent was a licensee of System V source code.
SCO has yet to provide Gartner with specific details of stolen or misappropriated intellectual property. In Gartner's opinion, SCO's claim that IBM misappropriated trade secrets from AIX will be difficult to prove, because an enterprise OS consists of many components, including high-availability features, diagnostics, security, kernel hardening, scheduling and queue management. Linux began as a project by a university student, using a community-based development model with contributions from programmers worldwide. How important IBM's contributions may be and whether they were based on licensed intellectual property remain subjects for speculation. However, one thing is certain: The community process is fraught with risk to users. How well does the open-source community examine its code and weed out potentially misappropriated intellectual property? Richard Stallman's Free Software Foundation's policy is to replace contested code claimed to be violating patents and intellectual property. Regardless of the actual outcome, the suit is a warning to IS organizations about the potential legal exposures in using open-source code.
Gartner believes that, pending the outcome of the lawsuit, two communities may be at risk: AIX users and Linux users. If the court decides in favor of SCO's complaint, then IBM's AIX license agreement could be suspended. This could place AIX users in future jeopardy regarding upgrades and maintenance. Also, Linux users who may be using shared source libraries with their distributions could be asked to pay for the shared libraries on every server deployed. It is important to note that even enterprise servers using Red Hat or other distributions with no intellectual-property infringement may be exposed due to the possibility that misappropriated code was used for application deployment.
Although it is unlikely that SCO will be able, or necessarily want, to police the market, the lawsuit has wider ramifications for future misappropriation of code. Clearly, there will be more scrutiny on how the open-source community develops and derives code for the future improvements of the Linux OS environment.
Due Diligence Options
1. Name and reputation of source and origin of software code
2. Names of the contributors and developers
3. If outside libraries are included, the source of the code, its use and deployment
4. Checks with the Free Software Foundation on patent infringement claims
5. Negotiations for indemnification from liabilities, or support from the vendor
6. References and contacts
How will centralized and distributed servers evolve during the next five years?
Recommended Reading and Related Research
"Red Hat: An Appraisal and Outlook" — Red Hat, the leading Linux distributor, is challenged to leverage market share into higher profitability and revenue growth. By George Weiss
"Linux Makes Inroads in Midrange Server Magic Quadrant" — There are four separate Linux categories in Gartner's latest midrange server Magic Quadrant. By Andrew Butler and George Weiss