Educational Unix licenses, derived works, and employability

Path: sparky!uunet!hoptoad!gnu
From: g...@hoptoad.uucp (John Gilmore)
Newsgroups: alt.suit.att-bsdi
Subject: Re: Educational Unix licenses, derived works, and employability
Message-ID: <34596@hoptoad.uucp>
Date: 31 Aug 92 08:47:02 GMT
References: <Bt5CJK.I2H@cstest.cs.vt.edu: <KANDALL.92Aug26171753@globalize.nsg.sgi.com>
Organization: Cygnus Support, Palo Alto
Lines: 71

Universities cannot do proprietary research using the Unix operating
system unless they buy a commercial Unix license for all machines
involved.  It need not be a source license.

The educational license is a great tradeoff.  I wish I knew the person
who wrote it, to congratulate them.  The deal is that you get all this
great software, in source, for a pittance -- if and only if you make
everything you do with it, available to the world.  It tends to select
for people who really *do* educate and publish research; such people
like widespread distribution, while most business folks want to limit
distribution.

There is a requirement that you not distribute the *licensed software
programs* beyond licensees.  But it has been clear for years that it was
OK to distribute "diffs" of your changes to licensed software programs
to everyone.  This has been the standard way of posting bug-fixes from
the earliest days of the Usenet.  In other words, *your changes* were not
derived works.  Your changes *combined with AT&T's programs* were a
derived work, which could not be revealed.

This is an important distinction.  Let's say that the bug you fixed was
from some program using a bogus routine to determine the current directory,
which overflowed a fixed-size buffer if you were sufficiently deep in the
file system.  Your fix is to write a new getcwd() routine that malloc's its
result, and to make two one-line changes to fix the callers.  

Your new getcwd is not derived from the AT&T program; it's original
with you.  The changes needed to fit it into the callers are not
copyrightable (you can't copyright a 5- or 10-word phrase -- though you
can trademark one).  You have no derived code in your bug fix.

But clearly if you were to *apply* the fix and distribute the resulting
program, the resulting program would be copyrightable and based on the
original program.  Therefore the original owner would have some right
to control your distribution (by trade secret, copyright, or whatever).
If your contribution was substantial (the new getcwd was more than a
few lines), the resulting program would also be a derived work of your
contribution, and you too could limit its distribution.

This has been the computer community's understanding of copyright law
for years now.  AT&T has a new theory in their amended suit though --
which goes something like "If you have ever seen our code, you can
never write a product that competes with us, unless you pay us
royalties."  This is more along the lines of employer/employee
relations theory, like if I designed disk drives for IBM for years, can
I quit and form a startup designing disk drives?  There is a lot of
case law around this and while there is some murk here and there, it
comes down to the difference between portable skills that you developed
in working for them, versus secret information that you had access to.

The employer can't prevent you from using skills that you happened to
develop while working for them.  Similarly, AT&T can't prevent you from
using programming skills that you developed while working on AT&T Unix
code.  If you learned how disk drives work, you can go out and design
your own (avoiding any patented technology and any trade-secrets of
your ex-employer).  If you learned how file systems work, you can go
out and design your own (ditto).  And if you find a book in a bookstore
that contains an alleged "trade secret", it ain't secret any more, and
you are free to use it.

USL's demand that BSDI never hire anyone who has ever seen Unix source
code (demand 1 (d)) is a blatant attempt to circumvent this case law.
I doubt it will survive, and USL should be censured for even trying.  I
don't blame a lawyer for thinking up nasty dirty tricks like this --
lawyering is like security testing, you have to think about all the
possible holes and attacks.  I blame the guy who the lawyer works for,
for actually deploying those tricks against his neighbors.
-- 
John Gilmore   {sun,uunet,pyramid}!hoptoad!gnu   g...@toad.com   g...@cygnus.com
"It isn't given to us to know those rare moments when people
 are wide open and the lightest touch can wither or heal."