The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

So Apache broke up with Facebook. How does that affect you?

Black Duck Editorial Staff

Sep 13, 2017 / 3 min read

Although the so-called Facebook BSD+Patents license has been in the wild for nearly three years, it recently became the subject of much commotion because the Apache Software Foundation tagged it as a Category X license, the group of licenses explicitly barred from inclusion in Apache projects. Apache’s decision affects only Apache projects, but the rationale for that decision may be of interest to others, particularly large companies or smaller ones that may have plans to be acquired.

Addressing patent rights in Facebook’s open source

In general, Facebook releases open source software under the 3-clause BSD license with an additional PATENTS file addressing patent rights. (See the new Facebook React license file.) The PATENTS file granted recipients of the covered software an express license to any Facebook patents that would necessarily be infringed through use of the covered software. However, that patent license automatically terminates if the recipient or any of its affiliates asserts a patent claim against:

  1. Facebook or any of its affiliates,
  2. any party if the claim arises from any product or service of Facebook or any of its affiliates, or
  3. any party relating to the covered software.

Facebook has made clear that the automatic termination of the patent license under the PATENTS file would not also terminate the accompanying copyright license.

Patent retaliation provisions aren’t new

Patent retaliation provisions in popular open source licenses are not novel, although the specific contours of the provision in the Facebook license are unusual. For example, the Apache License 2.0GNU General Public License version 3 (GPLv3), and Mozilla Public License 2.0 each contain a provision pursuant to which, at minimum, the patent license granted under the license terminates if the recipient institutes patent litigation alleging infringement based upon the covered software—essentially, clause (iii) of the patent retaliation provision in the Facebook license.

However, the Facebook provision also includes clauses (i) and (ii). Under those clauses, the patent license from Facebook could terminate due to actions wholly unrelated to the covered software, and that broader scope of protection is triggered only if the recipient asserts a patent claim against Facebook or another entity based upon its use of a Facebook product or service, thereby offering Facebook more benefits than other contributors to the covered software.

So what’s the debate about?

The debate about what the greater open source community should take away from Apache’s decision has centered largely on Facebook’s React JavaScript library, a ubiquitous tool for building user interfaces. One commentator has pointed out that Facebook likely does not own a patent covering React, making the patent retaliation provision in the Facebook license inconsequential with respect to React. Another has argued that startups should avoid using React or risk becoming less attractive to acquirers.

Perhaps those in the “nothing to see here” camp are right in substance. Even if Facebook does hold a valid patent covering React, its scope would, presumably, be significantly confined by prior art, given that the creation of React was inspired by AngularJS and other open source tools. The functionalities provided by React could likely be replaced with other open source tools.

A little legal discomfort can go a long way

But as Alonzo Harris, the cynical detective in “Training Day” explained, “It’s not what you know, it’s what you can prove.” Often in M&A transactions, especially with regard to open source, the facts can be less significant than the comfort of the buyer. It would not be surprising if some acquirers were to become more skittish when encountering instances of the Facebook license in a target’s open source inventory, putting the target in the undesirable position of trying to explain away the acquirer’s discomfort. If the acquirer is a Facebook competitor with a large patent portfolio, the task of convincing may become all the more daunting. (The Facebook license’s absence from the list of approved licenses at the Open Source Initiative may add further to the uneasiness.)

And the skittishness may not be unfounded for large companies with unwieldy affiliated divisions that do not do the best job communicating with each other. One division could sue a competitor for infringing its patent, only to find out deep in discovery that a Facebook affiliate provided the infringing materials. All the while, an unrelated division could have been using a library covered by the Facebook license for which Facebook holds a valid patent, yet the patent license from Facebook automatically terminated when the other division filed the infringement suit. That may be a fantastical scenario, but it may be one on the mind of an acquirer.

It may take some time to understand whether and how any of these real or imagined concerns factor into M&A transactions. But we do know that more people are now mindful of the Facebook license.

Solution

Open Source Audit Services

Discover license risk in M&A due diligence

Continue Reading

Explore Topics