Branding is an increasingly important issue in FOSS, both for individual contributors to FOSS projects and to the projects themselves.
In this article, I use the term ‘branding’ to encapsulate the personal and the corporate:
- Named individuals. If your software is popular, you will become well known and respected in the software community. You acquire this tech-fame because of attribution – your name is on and associated with the software.
- Software brands. One thing that the most popular free/open source software often has in common with its proprietary cousins is a great brand name. This is true whether the FOSS is supported by an independent developer community or by a benevolent business (and countless businesses are pouring money into FOSS projects).
What follows is an overview of the main issues.
1. Protecting the individual’s brand
Whilst businesses make a significant contribution to FOSS, individual programmers still contribute the majority of FOSS code.[1] Whilst the reasons that those individuals contribute are diverse, one reason regularly cited is the recognition that can result from releasing a popular piece of software into the FOSS community . Whilst we can easily sneer at wanting to be a ‘rock star programmer’ as a reason for going FOSS, on a more serious note, being well known and respected for one’s coding skills is likely to increase your prospects of securing gainful employment. For these reasons to be realistic, mechanisms have been devised to protect the ‘personal brand’. In FOSS, these mechanisms take the form of licences and the law.
1.1. What the licences say
Many of the most popular FOSS licences take steps to protect and enhance the reputation of software creators.
GPL2 and GPL3, the most commonly used FOSS licences according to Black Duck (http://www.blackducksoftware.com/oss), both contain provisions designed to help protect the copyright holder’s personal brand. Both forms of licence oblige those distributing the software to place an ‘appropriate copyright notice’ on verbatim copies of the licensed program’s source code. Such notices include the author’s name. This obligation means that the author’s personal brand is distributed and will be known to other programmers who edit and use the source code.
The BSD and MIT licences, ranked third and fifth respectively in the Black Duck chart, also seek to protect the programmer’s personal brand. A key provision in both licences is the requirement on distributors to keep the copyright notice that the software came with.
Of course, the majority of users of FOSS will never see the source code. With the object code, most licences leave it to the programmers to protect their own reputations. If you are going to go to the effort of creating new software and you’re confident enough to distribute it, hopefully, somewhere in the interface to that software you’ve stated that you wrote it. This is not something that a licence can force you to do, it’s a matter of common sense. BSD deals with the point explicitly, requiring distribution in binary form (ie object code) to reproduce the copyright notice
1.2 Modified code
So, you’ve taken steps to shout out your name in the source and the object code. Can someone else, modifying the code and then distributing it, remove your name and claim the software as their own? Under the most popular licences, they cannot .
Both GPL2 and 3 provides that the files of modified versions of a licensed program, when distributed, must contain a prominent notice stating that the program is modified and the date of modification. For programs that ‘read commands interactively’ when in use, the object code must also display an ‘appropriate copyright notice’. Both BSD and MIT contain protection for the author’s brand, but it is less than that offered under GPL.
The BSD obligation to keep the copyright notice applies to modified code, meaning that the original author should always remain acknowledged in modified code. This obligation applies to both the source code and object code, meaning that the level of personal brand protection under BSD is roughly equivalent to that under GPL. More narrowly, the MIT licence requires that the copyright notice (including the author name) must remain in place on any ‘substantial portions’ of the source code that you distribute; a requirement applying to ‘substantial portions’ is more narrow than one that applies to the broader concept of ‘modified code’. The licence does not deal with including/keeping copyright notices in the object code. MIT therefore does not offer programmers as much protection of their personal brand as GPL or MIT.
1.3 Further protection offered by common FOSS licences
Some FOSS licences contain additional protection for the personal brand.
Useful for the rock star programmer, BSD provides that: ‘Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.’ GPL3 allows the licensor to add this type of prohibition as an ‘additional permission’ to the licence.
GPL3 also allows other ‘additional permissions’ that are useful in this context, including:
‘b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or…
e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks’
1.4 Copyright law and moral rights
Earlier, we saw that MITs afford programmers less personal brand protection than GPL or BSD. This being the case, are FOSS programmers issuing code under MIT left without a remedy from those unscrupulous enough to remove acknowledgement of the original author from the redistributed software?
Here, copyright law does not ride to the rescue. The Copyright, Designs and Patent Act 1988 gives authors of various types of works:
- a ‘paternity right’ – the right to be identified as the author of the work – authorship must have been asserted for an author to claim this right
- a ‘right to object to derogatory treatment’ – treatment that distorts/mutilates a work or is otherwise ‘prejudicial to the honour or reputation of the author’.
Unfortunately, these rights do not apply to computer programs,[2] a phrase which appears to cover both source code and object code.
One moral right that does apply to computer programs is the right of false attribution; the right to not have a work falsely attributed to you.[3] Whilst this right is useful for those rock star programmers, it is not a right to prevent someone from claiming that your software was written by them. This is something that you might or might not be able to tackle with a claim for copyright infringement and, depending on the facts, possibly also defamation.
The CDPA is an implementation of the Berne Convention, which contains no exceptions to the moral rights; these exceptions led to one commentator describing the CDPA’s moral rights as ‘rights that are well below the Berne Convention standard’.[4] The lack of moral rights in computer programs is not something unique to the
What we have is a situation where the law does not adequately protect the ‘personal brand’. For the FOSS programmer wanting his name to be on, and remain on, his work, my suggestion would be to use one of the more protective licences such as GPL.
2. Protecting the software/corporate brand
In the FOSS world, the brand name of the software and the organisation/project behind it is just as important as it would be if the software was ‘proprietary’.
Trade marks are a potentially powerful way of protecting the brands given to free software. Trade marks are a registered right, meaning that you need to successfully register your brand as a trade mark in order to receive protection. They apply to the services and/or goods covered by the particular registration. A mark is infringed if it (or something similar) is used for services/goods identical to or similar to the services/goods covered by the mark. In addition, a mark with a national reputation can be infringed if it is used in a way that is detrimental to or takes unfair advantage of the mark, even if this use is not for similar/identical services or goods. In all these cases, the use must be in the course of trade. (Given that all the major FOSS companies do use their brands to make money, I will assume that giving away branded software for free would be considered by the Courts to be use in the ‘course of trade’.)
Provided that the claimant has goodwill (the ‘attractive force which brings in custom’), the UK tort of passing off also provides a means of protecting reputation, and applies to the situation where a defendant sells goods or services in such a way as to misrepresent that the goods/services are the goods/services of the claimant. As a means of brand protection, for free software projects, passing off is arguably less useful than trade mark infringement. For those projects with a vague (or no) legal structure, establishing that the project owns the goodwill to the brand could prove tricky. Claimants could also struggle to prove that damage has occurred or will occur. Passing off is therefore a more difficult remedy to rely on.
Some organisations in the FOSS have obtained trade marks and use trade mark policies to control and protect their projects.
2.1 FOSS trade mark policies
Control of software brands might seem at odds with FOSS’ free and open nature, but trade mark schemes are common for the major FOSS project. There is even a scheme for the LINUX name.[6] FOSS projects aim (at least in theory) to get as many programmers on board as possible, to get the software developed. This being the case, why would a project seek to control usage of the name of the software?
The same reasons for seeking protection and control apply as apply to brands in the ‘corporate’ world:
1. Distinctiveness. As a project team, why spend a lot of (your own) time and effort successfully developing a piece of software, only to give it a generic name? Without a unique brand, how can potential users find the software?
2. Quality control. PR agencies and branding consultants tend to consider a brand in the widest sense – not just the name and logo, but also the values, message, and even ethos and philosophy of a brand (I’ll call these ‘the message’). If your brand doesn’t have a consistent and defined message, or has a confusing mix of messages, even the best trade mark in the world will be commercially weak.
With a business, control of the message is achieved through marketing and communications policies and the internal culture. With FOSS projects, brand control isn’t that simple. Such projects, by their nature, involve an international, broad church of people, and the licences give anyone the freedom to take the software, modify it, and even use it as the basis for entirely new software. In an attempt to avoid a situation where multiple people circulate multiple different varieties of a particular piece of software, all with the same name, the major projects have sought trade mark protection for their brands and have issued trade mark policies setting out how the brands may (or may not) be used.
Below is an overview of a two such policies.
Mozilla
The Mozilla Organization was launched by Netscape a decade ago to create the Mozilla internet suit, including a cut-down website browser. Over many years, this website browser developed into Firefox. Firefox is currently the world’s second most popular browser, just behind Internet Explorer.[7] Firefox is a big-name browser and is FOSS-licensed.[8]
With a big name brand comes the need for brand protection, and this is something that the Mozilla Foundation (as the Organization is now known) has borne in mind since the browser was renamed from Firebird in 2004.[9] Other software supported by the Foundation, while not having the massive profile of Firefox, shows the same understanding of what makes a great brand; Thunderbird for email, Sunbird for calendar, and Seamonkey is now the name of that internet suite.
The Mozilla Trademark Policy[10] is a lengthy document, covering a range of scenarios and types of trade mark usage. It has an ‘overarching requirement’ that ‘your use of Mozilla’s trademarks be non-confusing and non-disparaging’. Non-confusing is defined as ‘people should always know who they are dealing with, and where the software they are downloading came from. Websites and software that are not produced by the Mozilla Foundation shouldn’t imply, either directly or by omission, that they are’. Non-disparaging is defined as ‘outside the bounds of fair use, you can’t use our trademarks as vehicles for defaming us or sullying our reputation’.
The Policy seeks to define levels of permitted Mozilla trade mark usage, including:
- Unmodified Mozilla code: full permission
- ‘Community Editions’. These are modified versions of Mozilla software that meet certain strict criteria. Here, permission is granted under a separate Community Edition Policy[11] to use the software trade mark in a specified manner (eg ‘Firefox Community Edition’). No permission is given to use the Mozilla name itself;
- Code with ‘significant functional changes’: the software may be described as ‘based on Mozilla technology’, or ‘incorporating Mozilla source code.’ Other than that, no permission is given to use Mozilla trade marks.
The overall picture is that Mozilla gives only very limited permission to use its brands. There are various ambiguities in the Policy’s drafting. To take a couple of examples: what is ‘significant’ is always going to be open to opinion; the Community Edition Policy requires software to ‘meet (or exceed) the quality level people have come to associate with Mozilla’. Mozilla has sought to minimise the ambiguities by includes examples of what it means, and with practical measures. One such measure, to take the previous example, is that Mozilla states it will work with those issuing what it regards as ‘low quality’ Community Edition software and will only revoke the permission to use the trade mark if efforts to resolve the problem fail.
The Mozilla trade marks were enforced in 2006 when Mozilla required the Debian Linus distribution to rename its adaptations of Firefox, Thunderbird and Seamonkey. Firefox was rebranded ‘Iceweasel’ (as Rolf Harris would say, can you see what they did there?). The other two were also given ‘Ice’ brands.
Gnome
Gnome Foundation has registered ‘GNOME’ as a trade mark in the
Gnome is a graphic user interface, distributed as part of the popular Ubuntu distro of the Linux operating system. (As an aside, if you’re new to Linux, in my view this is the one to go for.)
The Gnome project is supported by the Gnome foundation, which has issued the ‘Trademark Usage Guidelines for Third Parties’ http://foundation.gnome.org/licensing/guidelines/. The main rule of the Guidelines is ‘fair use’:
‘You may make fair use of GNOME word marks to make true factual statements… or to truthfully communicate that your product or service is compatible with, designed for use with, or was designed using, GNOME.’
Provided you pass the ‘fair use’ rule and none of the 11 prohibited uses apply, you can use the Gnome brand.
The Guidelines are much shorter than the Mozilla Trademark Policy, but this brevity comes at the expense of the type of usage subtleties and scenarios that the Mozilla Policy covers. Instead of having levels of permission, the Guidelines are in the main a list of ‘do’ and ‘do nots’. This brevity and simplicity probably reflects the more limited usage made of the Gnome brand in the developer community.
Do trade mark policies conflict with FOSS licences?
From one perspective, you could view these trade mark policies as conflicting with the freedoms given to you by the FOSS licences. When a licence gives you the right to do pretty much anything you want with a piece of software, how can a policy stop you from doing those things?
Clause 12 of GPL3 seems to say it writ-large: ‘If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all.’
So, do trade mark policies really conflict with the licences? From a technical perspective, the answer is ‘no’. Although modifying or making additions to a piece of free software may – because of a trade mark policy – mean that the software can no longer be distributed under its original brand, that policy does not stop you from doing those things to the free software. You simply need to re-brand the software, or (depending on the trade mark policy) at least refer to the original brand of the software in a permitted manner.
Mozilla, which makes heavy use of logos as part of its branding, addresses this issue in the FAQs to its policy:
‘We are following the interpretation that the logo files are not part of the program itself (e.g., the Firefox browser), they are simply data used by that program, and changing the logo data has absolutely no effect on the functional use of the program. We therefore believe that licensing of the logo files themselves is outside the scope of any GPL terms that might be applied to other Mozilla source files (i.e., under the Mozilla tri-license).’[12]
Some would go as far as to say that strong, restrictive, trade mark policies such as the Mozilla policy are needed to ensure the validity of trade marks for FOSS. The purpose of trade marks is to denote the trade origin of goods and services. Without a strong policy dictating the use of a FOSS trade mark, that mark is open to challenge because it does not indicate origin.
Trade mark policies are always going to be criticised by sections of the FOSS community that regard them as being generally a bad thing or breaching the ‘spirit’ of free software. Those developing trade mark policies for their free software can only mitigate the level of such negative feeling in the community by discussing any concerns with the community.
Conclusions
The law and policies enforceable by law offer both individual programmers and free software businesses and projects some means of protecting and enforcing their brands. I have argued that the protection offered by copyright law to the ‘personal brand’ is at present inadequate; whilst the legal notice requirements contained in common FOSS licences afford some degree of protection to individuals, these constitute a short-term licence-specific patches.
Given the importance of ‘freedom’ to FOSS, the means of brand protection available are not always without their controversies. The scrutiny given to such means and their enforcement is only likely to increase as the part played by FOSS in the IT world increases.
Alex Newson is an IT lawyer at Shoosmiths: www.shoosmiths.co.uk
[1] At the OSCON 2007 conference, as part of his presentation, researcher Rishab Aiyer Ghosh is reported to have claimed that, at that time, companies had contributed 20% of FOSS code (http://www.oreillynet.com/onlamp/blog/2007/07/open_source_convention_you_hav.html). The rest of the code is therefore from individuals.
[2] Sections 77, 79(2), 80 and 81 CDPA
[3] CDPA, s 84
[4] McCartney S, as quoted by Mike Holderness’ excellent article ‘Moral Rights and Authors’ Rights: The Keys to The Information Age’, Journal of Information Law & Technology, http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1998_1/holderness/#noteMcCartney 1991
[5] See Ian Eagles, Louise Longdin,’Technological creativity and moral rights: a comparative perspective’, J.L. & I.T. 2004, 12(2), 209-236
[6] http://www.linuxfoundation.org/en/Trademark_Usage_Guidelines. This scheme is probably a bad example to use. It is questionable whether LINUX is even registrable as a trade mark (for example ‘’Linux’ too generic for Australian trade mark’, Out-Law.com http://www.out-law.com/page-6134). In addition, the way that Linus Torval’s Linux Foundation has sought to enforce the trade mark has not been without controversy: http://news.zdnet.co.uk/software/0,1000000121,39214339,00.htm
[7] The W3Schools browsers statistics for July 2008 (http://www.w3schools.com/browsers/browsers_stats.asp) give Internet Explorer 6 and 7 a combined percentage of 51.7% of users, whilst Firefox comes in at 42.6%
[8] In fact, you can choose to receive Firefox under one of three FOSS licenses: Mozilla Public License, version 1.1 or later; GNU General Public License, version 2.0 or later; and GNU Lesser General Public License, version 2.1 or later: http://www.mozilla.org/MPL/
[9] The renaming of ‘Firebird’ to ‘Firefox’ was itself as a result of branding issues; the Firebird database community didn’t like the fact that a browser had the same name: http://www.mozillazine.org/talkback.html?article=4278
[10] http://www.mozilla.org/foundation/trademarks/policy.html
[11] http://www.mozilla.org/foundation/trademarks/community-edition-policy.html
[12] http://www.mozilla.org/foundation/trademarks/faq.html