SCO Owns Your Computer

By Trevor Marshall
June 16, 2003

This article is freely available to all readers.

It is now three months since SCO filed a lawsuit against IBM, and a month since SCO declared "Linux is an unauthorized derivative of UNIX," yet we still don't fully understand SCO's claims. BYTE.com contributing editor Trevor Marshall recently sat down with SCO Senior Vice President Chris Sontag, and was told that SCO not only "owns" AIX, IRIX and Linux, but it also has its eyes on BSD.

sources :
http://www.byte.com/documents/s=8276/byt1055784622054/0616_marshall.html
http://www.trevormarshall.com/


SCO Owns Your Computer

By Trevor Marshall
 

June 16, 2003

All Your Base Are Belong To Us

Fittingly, it was Friday the 13th. A sunny San Francisco morning. But my discussion with Chris Sontag, SCO's Senior Vice President, Operating Systems Division, was driving the sunshine from our room, creating an atmosphere appropriate for the 13th. Let me summarize in a parable…

In the beginning was AT&T Bell Labs, staffed by a benevolent team of PhDs and research scientists. AT&T produced this really neat operating system—System V—which computer manufacturers wanted to license and use. Everybody was happy to sign tough contracts with these benevolent scientists—licenses which deeded all derivative works back to AT&T, licenses that covered all "methods" and "concepts" of operating systems. But now those licenses are owned by SCO and its team of lawyers who are certain that AIX and all the other derivative IXs belong to SCO. And the company now wants royalties from users of all these operating systems—especially Linux.

Specifically, Sontag believes the "SCO technologies" which were misappropriated into AIX, IRIX, and the derivative UNIX-alikes (including Linux) are:

  • JFS (Journalling File System).
  • NUMA (Non Uniform Memory Access), a SGI/Stanford collaboration.
  • RCU (Read-Copy-Update).
  • SMP (Symmetrical Multi-Processing).
  • "But what about BSD?" I asked. Sontag responded that there "could be issues with the [BSD] settlement agreement," adding that Berkeley may not have lived up to all of its commitments under the settlement.

    "So you want royalties from FreeBSD as well?" I asked. Sontag responded that "there may or may not be issues. We believe that UNIX System V provided the basic building blocks for all subsequent computer operating systems, and that they all tend to be derived from UNIX System V (and therefore are claimed as SCO's intellectual property)."

    "So is anybody clean? What about Apple and Microsoft?" I wondered. "Sun is clean," he said—but he gave no answer in regards to Apple and Microsoft.

    "But I thought that Microsoft had signed a license agreement?" "No," Sontag said. Microsoft merely licensed an "applications interface layer."

    So Why is Linux Being Targeted First?

    SCO is targeting Linux first primarily because the Linux source code is open. SCO's lawyers have been poring over the Linux code for much of the past year, looking for fragments and routines which are substantially identical to code from the various releases of UNIX. SCO's "experts" have also found sections of code which SCO believes have been obfuscated—where the order of code execution has been rearranged in a direct attempt to hide its SCO pedigree.

    But SCO has been even more thorough. After sifting through e-mails from the Linux developers' mailing list, Sontag says SCO has examples of programmers from AT&T licensees offering to write UNIX code into Linux, and can identify where those UNIX fragments turned up in the codebase.

    I was shown a little of the copied code. Admittedly, I can't tell you what I saw, but I did form the opinion that it was not in the kernel proper. In all probability, the code is more important to Silicon Graphics' Altix servers than to average x86 Linux users.

    Sontag explained that Linux has "no gatekeeper mechanisms to check the code getting into Linux." Furthermore, it is SCO's position that Linux used to be a "hobbyist" OS, and the "vast majority" of Linux developers had "good intentions." But now that Linux is entering the commercial arena, SCO wants to collect on its royalties.

    Not Just One Base—ALL Your Base

    At this point I started to think about the public interest and about restrictive monopolies laws. It was almost as though Sontag was reading my mind—and yes, SCO has that base covered too.

    I listened to how IBM has bypassed U.S. export controls with Linux. How "Syria and Libya and North Korea" are all building supercomputers with Linux and inexpensive Intel hardware, in violation of U.S. export control laws. These laws would normally restrict export of technologies such as JFS, NUMA, RCU, and SMP—and, (I was waiting for this) "encryption technologies." "We know that is occurring in Syria," I heard, even though my mind was fogging over at this point.

    "So are you saying that the U.S. government might file a "Friend of the Court Brief" to support your case against IBM?" I blurted out. "Don't be surprised" was Sontag's answer.

    GPL

    "GPL has the same derivative rights concept [as UNIX]," according to Sontag: "Once contributed, code cannot be removed." But Sontag says that the UNIX code which was GPL'ed by AT&T licensees was GPL'ed illegally, without the permission of the copyright holder—allegedly SCO.

    Sontag explained that the GPL makes it quite clear that only the copyright holder can contribute code. So if the contributor did not actually own the code then it was never actually GPL'ed.

    You see? Even that base is covered…

    Linux Does Have a Soft Underbelly

    On June 3, 2003, BusinessWeek ran the headline "Does Linux Have a Dark Secret?" stating that "Open-sourcers will gain when a lawsuit questioning the origin of Linux's code is settled. Until then, issues of legal liability are a big worry."

    BusinessWeek is a journal with unquestioned influence amongst the corporate executives Linux desperately needs to woo to the open-source platform. Headlines like this will have a disastrous effect on the rate of adoption of Linux into the enterprise, and the IP uncertainties highlighted in the BusinessWeek article make things even worse.

    Did SCO primarily intend its allegations to hurt Linux? Or does SCO really think it can win an intellectual property (IP) lawsuit against IBM and SGI? Here is my perspective.

    Weaknesses in SCO's Arguments

    AT&T contracts were unusual, in that they were perpetual. Courts generally require a sunset on contracts. Sontag said that most of SCO's lasted for only 20 years.

    Here we can see exactly why courts prefer sunset contracts, and usually insist that any IP rights lapse unless they are continually and consistently enforced. Here we have a company which has acquired contract rights from AT&T and is seeking to interpret them more strictly than has been done in the past. The integrity of OS engineering efforts spanning 20 years of computing are being cast into doubt by this change in enforcement. An entire industry is (potentially) being thrown into chaos.

    Linux has not been able to mount an effective response for two reasons:

  • Linux has a multinational disparate "ownership."
  • Until now, nobody has detailed the SCO arguments.
  • If Linux had been owned by a single corporate entity, then that entity would have filed countersuit (or at least mounted an effective PR campaign). But there are a heck of a lot of different people and companies who draw their livelihood from Linux, and unified action is very difficult to coordinate.

    SCO's Threats

    Why did SCO write a threatening letter to 1500 (potential) Linux customers? When I asked Sontag to confirm if he told me that "Linux endusers are innocent bystanders," he responded "no," that he was speaking in terms of AIX, not Linux. He added that Linux users know they are getting an OS totally without IP warranties of any kind. AIX users are innocent bystanders, but SCO had to exert pressure on IBM.

    Linux's Strength

    Univention GmbH has already gained a legal injunction against SCO in Bremen, Germany, and Tarent GmbH won another in a Munich court. These injunctions forbid SCO from trying to shake the confidence of Linux users in the IP integrity of the Linux codebase until after SCO has proven its claims to the IP. Sontag told me that there has also been an action against SCO in Poland.

    These injunctions precede actions for damages in which I think that SCO will find bluster and bluff are relatively ineffective tactics in Europe. I did not get the feeling from Sontag that there was an overwhelming amount of "copied" code in the Linux codebase which could not be quickly written-out, once SCO deigns to identify the code in question. But I certainly got the impression that it would be extremely difficult—maybe impossible—for Linux to maintain its stellar performance while trying to hastily rewrite all the code for JFS, NUMA, RCU, and SMP.

    I believe that SCO will have even more trouble enforcing its AT&T contracts internationally than in the U.S. For a start, the contracts are all written under U.S. federal and state law. I cannot predict their applicability to international developers (or integrators), but, based on my experience defending my own company's IP on an international stage, I do not like SCO's chances of success.

    It is also undeniable that the business climate in the U.S. lets someone take a far more aggressive attitude towards a competitor's customers than does the climate in Europe. SCO should have anticipated this, but Sontag seemed to be quizzical about what these European lawsuits are demanding, and how SCO should react to them. I got the impression that SCO's management was thinking entirely in terms of U.S. law, and have not thought through the international implications of their actions.

    I find this amazing, especially considering that SCO's latest 10Q filing with the U.S. Securities and Exchange Commission reveals that "revenue from international customers accounted for 48 percent of operating system platform revenue."

    A few of these David-sized stones hitting truly upon Goliath's forehead might well bring him tumbling to the ground.


    Trevor Marshall is an engineering management consultant, with interests ranging from RF and hardware design to Linux internals, Internet infrastructure, MPEG, and digital video. He can be contacted at http//www.trevormarshall.com/.