Those of us who thought maybe Free Software was all about love and peace and breaking with the "tyranny" of copyright and other intellectual property might have been surprised by four recent heavily publicized lawsuits filed by the Software Freedom Law Center (SFLC) on behalf of BusyBox, a lightweight set of unix utilities licensed under version 2 of the Gnu Public License (GPL)

These suits, filed in rapid-fire succession in September, November, and December of 2007 against Monsoon Multimedia, Xterasys, High-Gain Antennas, and Verizon, all involved the same claim that these companies (perhaps inadvertently) distributed the BusyBox program with their products without the source code as required by GPLv2.  The lawsuits all seem to have settled the same way as well: by promising to release the code, appointing an "open-source compliance officer", and paying an undisclosed sum of money to the plaintiffs.  (See links for the settlement details for Monsoon Multimedia, Xterasys, High-Gain Antennas, and Verizon – the Verizon case is unique in that the settlement mostly penalized the third-party company that supplied the product containing the offending BusyBox code).

These lawsuits in the U.S. are mirrored by actions in Europe, most recently the lawsuit brought against Skype, which distributed a flyer with its product listing the internet address where source code could be downloaded by interested consumers, but failed to distribute the text of the gpl with the product.

These companies were all punished for adopting open-source software in their products, but doing so imperfectly.  If these actions seem familiar, you might be thinking of the Business Software Alliance (BSA), which has been criticized for what some call intimidation tactics to "punish businesses that may be trying to play by the rules".  And GPL lawsuits are only going to increase: the people behind the SFLC just formed a for-profit law firm so that open-source businesses can sue for violations as well.  The "free software" folks must be thinking: "why should proprietary software have all the fun?"  It is high irony that the RedHat blog highlighted actions by the SFLC and the BSA within a few days of each other.

What should you do if you receive the dreaded call or letter from the SFLC?  Well, it might pay to take the advice given to those who have received similar

[edited] audit letters from the BSA.  Some good advice from Baseline magazine:

  1. Hire a lawyer.
  2. Cooperate — carefully – "Remember the sole propose of the BSA [and the SFLC] is to get as much money from your business as possible."
  3. Don’t rush out and buy or remove any software – it won’t make any difference at this point.
  4. Preserve confidentiality of evidence by having a lawyer involved in the internal collection of information, which imbues that effort with privilege.
  5. Find your allies.  Baseline suggests involving your software vendors.  Verizon successfully demonstrated that it pays to make sure that the people who helped you get into this mess help get you out of it by involving the vendor who supplied the products containing BusyBox.
  6. Create a compliance plan.  You will have to have one as part of any settlement with either the BSA or the SFLC.
  7. Negotiate non-monetary aspects.  While the BSA might agree not to publicize any settlement, that doesn’t seem to part of the SFLC’s new game plan, which has involved heavily publicizing its settlements with press releases, etc. 

Litigation is expensive.  Both the SFLC and the BSA are well aware of the incredible costs that targeted companies would incur just in discovery, let alone fighting the full case in court.  Be careful out there.

While I am a lawyer, I am not your lawyer.  This is not intended to be legal advice.  I sincerely hope that you do not come within the cross-hairs of either the SFLC or the BSA [edited].