Copyleft: Ultimate Guide for Software Developers

copyleft picture

What’s Copyleft?

In the simplest terms, Copyleft is a type of contract that governs the use of a piece of open-source software.  Copyleft gets a lot of press because it’s a powerful type of contract that can have unintended consequences for companies that use open-source software that’s subject to a Copyleft license – far-reaching consequences, serious stuff.

Isn’t Copyleft different from open source?

Yeah.  Open-source software is software that (i) is made available to the public in source code form, (ii) for free, (iii) under a license that puts certain conditions on its use in other software (potentially including SaaS/PaaS/IaaS) products.  Copyleft is just one type of open-source software license.

Why should I care about Copyleft?

Think of a contract as being like human-readable code that a court is supposed to interpret if anything goes wrong.  When you’re writing code, you can write anything.  Can it be buggy and throw errors?  Yes.  Can it be powerful and do all sorts of crazy stuff?  Well, yes.  Ok, contracts aren’t much different.  You can get pretty creative.  Copyleft licenses impose some pretty creative obligations on companies and people who use the underlying source code, and those obligations depend on the real-life, underlying use case.  In a worst-case scenario, copyleft licenses can result in a company getting sued for lots of money and losing rights in its own, (formerly) proprietary software.  Take your time, you can re-read that last sentence if you need to.  Poof, it’s gone!

I thought Copyleft was a type of license, why are you calling it a contract?

“License,” in legal usage, can be either (i) a synonym for a right or (ii) a shorthand name for a contract, depending on the context.  Open-source software licenses, including Copyleft licenses, are contracts between the copyright holder and whomever chooses to use the open-source software.  Speaking of copyright, if you don’t know much about it, you can quickly get an elementary understanding of copyright before reading further, it will help you get the most out of this article.

python script showing inline comments

Does open-source software even need a license?  Can’t I just make something and put it out there?

The way a lot of open-source software is “born” is that a software engineer or team encounters a technical problem that needs solving.  It could be big and thorny or small and simple, doesn’t matter.  The software engineer then engages in the time-honored tradition of Googling the problem or horsing around on stackoverflow.com.  They come up with nothing and resign themselves to having to solve the problem from scratch, which they do.  They then think to themselves, “I can’t be the only person to have encountered this issue, I wonder if my solution would be useful to others.”  So they decide to give it away – maybe they post the source code on their personal website, if they have one, or maybe they distribute it via a platform such as GitHub.  In either case, to “give something away” the law requires certain things be done.  Let’s take the paste-the-code-on-my-website example.  If that’s all the engineer does, the source code has not been “given away.”  Quite the opposite, in fact.  That source code is protected by copyright law, meaning if someone visited the software engineer’s website and then copied and pasted that source code into their own codebase, that someone has infringed the copyright of the software engineer.  To effectively “give it away” the software engineer needs to announce to the world that it’s being given away.  HOW that announcement is done matters in a big way.

stackoverflow screenshot of question
stackoverflow is a popular forum for software engineers

What are the different ways to “give away” source code and where does Copyleft fit into that?

The simplest way to give away source code is to publish it along with a clear and conspicuous written notice disclosing who you are and a simple statement indicating the transfer of the code to the public domain, such as “This work is dedicated to the public domain.”  Now, many software engineers do not do that, because they think to themselves, “What if someone takes this code I am publishing, puts some lipstick on it, and then starts selling it and makes a ton of money?”  That’s where open-source software licenses come in.  They do things like prohibiting other people from selling the open-source software.  Copyleft licenses are special because they go one step further, they obligate a company who has breached the Copyleft license to turn around and publish the source code of the program in which the company embedded the open-source code.  That newly-published source code is then itself subject to an identical Copyleft license.  This is why Copyleft licenses are sometimes referred to as “viral licenses.”  They can “infect” codebases and “spread” their license to non-open-source code.  That is what all of the fuss is about.

github screenshot
GitHub is a popular open-source software collaboration platform

How does Copyleft compare to copyright?

Copyright refers to the right of the person who created something to control whether and how that something is copied, and by whom.  Copyleft is a type of license (contract) that imposes rights and obligations on the user of the open-source software.  These rights and obligations stem from Contract Law and Copyright Law.

Do people get sued over Copyleft licenses?

They sure do.  For instance, a $100,000,000 claim was filed in 2020 against Panasonic.  Here’s a list of famous lawsuits arising from open-source software licenses.  Note that not all of these lawsuits involved Copyleft licenses, specifically, but they do all involve a company using open-source software in breach of the license to which it was subject.

How do I tell if a given piece of open-source software is under a Copyleft license?

Google is your friend here.  Just google “[Name of software] license” and you’ll often find the applicable license quite quickly.  If that fails, try to find a website associated with the software and look around for the words “license” or “terms of use”, perhaps in the footer.  Now, the best way, although possibly a little more time-consuming, is to look in the files of the open-source software itself.  You’ll often find a license.txt or readme.txt that contains the license information.  Be aware that if you’re using the google way, different versions of a given piece of software can be subject to different licenses.

screenshot of complaint cover page from Jacobsen v. Katzer lawsuit
Jacobsen v. Katzer is a famous open-source software lawsuit

How do I tell if open-source software is already embedded in my codebase?

Free, but hard, time-consuming, and probably incomplete?  Look for comments in your source code.  Fast, automatic, thorough, but costly?  There are companies out there marketing code scanners that can read your code and spot open-source code within it.  The output from these products can also automatically tell you the name of the open-source license that’s applicable to the open-source code found within your codebase.  Some of these tools are better than others, and I have some strong opinions about many of them and can make recommendations.

How do I avoid problems associated with Copyleft open-source software?

The easiest way to avoid problems is to simply not use open-source software as a component in your own software product.  Doing that means standing up standard operating procedures forbidding the practice amongst the engineers working on the codebase.  That said, there are ways to use Copyleft open-source software that avoids all of the problems potentially associated with it.  These ways are fact-and-circumstance dependent, and a good tech lawyer can guide you through options and approaches.

I don’t even have an MVP yet, what’s a quick-and-dirty way to prepare for future compliance?

If you’re not even selling anything yet, one way to save yourself from future headaches is to at least practice good intellectual property hygiene, and in this case that means, at a minimum, document the origin of all of the code that’s being written for a given product.  You can do this a number of different ways, but one way is to simply drop in-line comments and be consistent about it.  Down the line, once you are ready to commercialize your product, you can do a retroactive analysis of the open-source code present in your codebase and the open-source licenses to which it is subject and from there you have options to stay out of trouble.  Again, a good tech lawyer can guide you through options and approaches in terms of remediation.

Google’s Chrome team complies with its open-source software license obligations, in part, by providing end users information about embedded open-source software within Chrome’s Help menu

What’s the risk of not complying with a Copyleft license?

First, it subjects a non-compliant software vendor to litigation (claims can include breach of contract, patent infringement, and copyright infringement).  The dollar amounts involved can be eye-watering (see above). 

Second, and perhaps most importantly, the reputation of a non-compliant software vendor can be irreparably damaged, in part because the vendor’s own customer base could fear being subjected themselves to litigation as a result of using the vendor’s non-compliant software product. 

Third, in the mergers and acquisitions context, every deal involves a due diligence process that can and will assess the health of any software vendor’s intellectual property.  Non-compliance with open-source software licenses could impact the deal price or worse, endanger the transaction.  Even if a software vendor is compliant, a lack of documentation proving as much is nearly as bad as non-compliance itself in the deal context.

Fourth, non-compliance with open-source licenses can culminate, in the case of a strong Copyleft license, in an entire proprietary work which incorporates or is based on the open-source code to itself become open-source code.

Do Copyleft licenses affect SaaS and on-prem software equally?

No, and most people don’t get this, even software industry veterans, so congratulations if you’ve read this far.  The dos and don’ts, the rights and obligations of most all open-source software licenses, including Copyleft licenses, apply or don’t apply depending on the use case.  Many Copyleft licenses require, for example, the software product in which they are being embedded (or to which they are being linked) to be “distributed” before some of the restrictions within the license take effect.  Depending on the architecture and elements of a given SaaS product, that might mean that backend, server-side use of the open-source code is permissible, even in a for-profit application.  Now, I am not saying that in the SaaS context you can go buckwild with open-source software, but the scope and complexity of the compliance efforts are almost always going to be significantly more modest than what’s required to support good intellectual property hygiene for an on-prem software product.  A good tech lawyer can analyze your particular situation and provide the appropriate counsel.

a virusWhy does Copyleft even exist?

Copyleft exists because Contract Law and Copyright Law exists, and specifically because the default state for anything that a human creates that’s original and novel, whether it’s a painting, a song, or a bunch of lines of code, is that nobody can copy it without permission from the person who created it.  And some people want to change, for their particular work, that default state to something else.  They want to tell the world, “Hey, anyone can copy this and use this.  If you do copy this and use this, you have to follow some rules.”

Wait, if anyone who writes code can write practically any rules they want in the license that governs that code, doesn’t that create a complete mess?  Won’t there be millions of different licenses?  Who’s going to read them all?!  Argh!

Order has a way of spontaneously filling vacuums created by Chaos.  Following the advent of open-source software as a concept, “standard” licenses quickly emerged.  Many engineers creating open-source software use one of these “standard” licenses, rather than ginning up their own or hiring a lawyer to write a new license.  This greatly simplifies the landscape of open-source software licensing, but it’s still hugely complex.  Yes, I have seen homemade licenses.  They are out there.  What’s also out there is hybrid licenses, where the engineer decided to borrow a bit from License A and paste it into License B.  Oh, and there’s also dual licensing, where a given piece of open-source software is subject to one license under one use case and another license under another use case.  Yeah, things are still complicated.

What are some examples of Copyleft licenses?

The most famous is a family of licenses known as the GPL licenses (GNU General Public License).  The Eclipse Public License is another Copyleft license that’s fairly common.  Wikipedia has a list of copyleft licenses but I am not sure I entirely agree with its list (and note some omissions).

give a penny take a penny
Photo Credit: Scott Fiddelke (CC BY-NC-SA 2.0)

How should the presence of open source within a given codebase be documented?

If you’re a one-engineer shop just getting started, a spreadsheet and a healthy dose of conscientiousness will do you just fine for the time being – or heck, just inline comments.  If you’re a newly-hired product manager at an established software company and nobody on the team you inherited can spell c-o-p-y-l-e-f-t, well, you’ve got problems.  You should speak to a good tech lawyer.

I understand what I can’t do with Copyleft open-source software, but what must I do?

Most open-source software licenses, including every Copyleft license I’ve ever read, require what’s called “notice and attribution.”  This means you need to disclose to end users of your own product that your product incorporates such-and-such open-source software and then you provide the name of the person or company who licensed it as open source along with a few other details.  These licenses also often require that you redistribute a copy of the source code itself or at least offer to do so.  How these obligations are most easily complied with, exactly, depends on your situation.

I hear “GPL” thrown around when people talk about open source, what does that mean?     

GPL stands for [GNU] General Public License, the most common family of Copyleft licenses.

How many open-source licenses are there?

Unknown and unknowable, but likely on the order of several thousand.  The number of open-source software projects is currently estimated to be in excess of one million.  I would guess that the top 100 most common open-source software licenses account for 98% of the licenses governing the number of open-source software projects in existence.

VLC Media Player About Menu Screenshot

Does Copyleft matter when I am using open-source software as an end user?

Generally no.  Simply using open-source software that is a standalone, compiled program as an end user, does not obligate the end user to do anything special.  The provisions of Copyleft licenses typically apply to use cases that involve modifying or combining the source code of the open-source software with other source code.  If you’re just using VLC Media Player, for example, to play videos so that you can personally watch the videos, you need not worry about the details of the provisions within its license that apply to software development and distribution.

Tooling: is there software out there to help me manage all this Copyleft stuff?

Yes, hop on Google.  Be aware that some of these tools are SaaS and all of these tools need access to all of your source code.  This makes some software engineers, startup founders, and software product managers understandably…nervous.  Consider reading the fine print before exposing your proprietary source code to anyone or anything.  Or hire a tech lawyer to do so.

Call Us
OR

Free Initial Consultation

Leave a Comment