License FUD

The threat of Microsoft's shared-source licenses.

A few proprietary software vendors argue that there is something almost un-American about free software and the GPL. Microsoft has been one of the loudest voices in that chorus of fear. That company's web site describes it this way:

The GNU General Public License (GPL)...poses a significant threat to the IP base of companies seeking to build a business around GPL-covered software. Even businesses who may believe they are “mere users” of GPL software are threatened since they combine what they believe to be separate applications with GPL code. This licensing model has the effect of foreclosing a business' choice of what IP to share with the community and on what terms (

I've already argued elsewhere (see that this supposed GPL threat is hogwash. But, there's a deeper irony to this: Microsoft's own shared-source license is an even greater threat to the software development community. That license is a Trojan horse license that can destroy your open-source and proprietary software unless you are very careful.

The simplest version of Microsoft's shared-source licenses is the one they use to distribute their Windows CE 3.0 source code. That license states, in its second paragraph, “You can use this software for any noncommercial purpose, including distributing derivatives.” The license then makes it clear that running your business operations “would not be considered noncommercial”.

Commercial users—and I consider most open-source software developers to be in that category—must look further in the license to determine the restrictions on use that apply to them. The third paragraph of the license conveys the bad news:

For commercial purposes, you can reference this software solely to assist in developing and testing your own software and hardware for the Windows CE platform. You may not distribute this software in source or object form for commercial purposes under any circumstances.

Note that Microsoft has not given you permission to copy their code or to incorporate it into your own software in a derivative work. Your use of their software for commercial purposes is limited to reference purposes only.

Obviously, you can agree not to make a copy of any portion of the Microsoft software or to use it to create derivative works. But what happens if later you, independently and without consciously remembering what you saw in Microsoft's code, create something substantially the same as their code? Can you still be liable for infringement?

That's where the Trojan horse comes into play. The courts have made it clear that, under copyright law, proof of substantial similarity between your work and another work, along with proof of access to the other work, may be enough to prove infringement, even when you don't realize that you're making a copy.

How easy is it to forget something important that you read? A copyright infringement case from the 1970s will illustrate the problem. In 1976, George Harrison's music company was sued for copyright infringement. A music publisher claimed that Harrison plagiarized his successful song, “My Sweet Lord”, from an earlier successful song, “He's So Fine”. In order to prove copyright infringement, the publisher of “He's So Fine” had to prove not only that there was “striking similarity” between the two songs, but that Harrison had copied the original song when composing his. Harrison admitted that he was familiar with the original song, but that while he was working on “My Sweet Lord” he wasn't conscious of the fact that he was using the “He's So Fine” melody. The court concluded:

In seeking musical materials to clothe his thoughts...there came to the surface of [Harrison's] mind a particular combination that pleased him....Did Harrison deliberately use the music of “He's So Fine”? I do not believe he did so deliberately. Nevertheless, it is clear that “My Sweet Lord” is the very same song as “He's So Fine” with different words, and Harrison had access to “He's So Fine”. This is, under the law, infringement of copyright, and is no less so even though subconsciously accomplished.

—Bright Tunes Music Corp. v. Harrisongs Music, Ltd., 420 F.Supp. 177 (S.D.N.Y. 1976).

Subsequently, Harrison's music company was found liable for some $1.6 million in damages.

Anyone familiar with the art of computer programming will recognize that, as with music, there are rather standard ways to express certain thoughts. Having once seen Microsoft's code, will an expert programmer be able to erase that example from his mind? Even if he or she consciously attempts to forget and does not intend to copy, will his or her subconscious memories be expressed in his later code with sufficient similarity that a court will find copyright infringement has occurred?

I encourage open-source programmers to avoid that risk. Don't look at source code licensed under Microsoft's shared-source licenses unless you're one of the rare breed of humans who can control his or her subconscious.

Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and the law of your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.


Lawrence Rosen is an attorney in private practice in Redwood City, California ( He is also executive director and general counsel for Open Source Initiative, which manages and promotes the Open Source Definition (


One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix