Confidentiality and copyright

The SCO group's law-suit with IBM revolves around some subtleties of a contract under which IBM licensed UNIX source code from AT&T. The SCO group (which is in some (allegedly relevant) respects AT&T's successor in interest) claims IBM has violated confidentiality obligations by which it is bound by its license to use that source code. Interpretation of the contract is somewhat complicated both by its use of the term the software product and by its use of the term derivative. The latter has a well-defined meaning in copyright law, but the proper bearing of that meaning on the case becomes confused by its relationship with the former. Clearing up that confusion is a necessry step in making sense of the contorted mess of the case; in particular, in preventing any party to the case from exploiting the confusion to fool someone into believing things taht aren't true.

What AT&T licensed to IBM was the UNIX System V source code (which is a software product); however, the license allowed for IBM to build a software product (its own operating system) around that licensed code. In order to do so, IBM was allowed to modify the supplied code as it saw fit; for example, to simplify integrating it with other software they had developed in-house. AT&T wanted to make sure that IBM would not release its source code to third parties; the contractual wording for this naturally addressed itself to the potentially modified version of the UNIX code, since that would just as thoroughly disclose AT&T's material. Thus this modified form of the UNIX code is a third software product involved. My reading of what I've seen of the contracts between AT&T and IBM is that they use the term software product to refer to the original UNIX source code.

In copyright law, the UNIX source code is AT&T's copyright work and the modified form of it within AIX (IBM's operating system built on UNIX) is a derivative work (of the UNIX sources). When taken as a whole, i.e. including this derivative, AIX is thus a derivative work; however, the code in AIX which is not part of the results of modifying the UNIX code is a separate copyright work, to which IBM owns all right and title, provided it is separated from the modified UNIX sources. However, we're concerned with confidentiality here, not copyright: IBM is obliged to keep AT&T's code confidential.

I'm a computer programmer by profession. If you showed me IBM's code, without ever showing me either the original UNIX source code or IBM's modified form of it, I still would be able to work out quite a lot about the UNIX code. The IBM code would call functions defined by the UNIX source code; from the ways the IBM code called those functions (and from their names) I could discover the types of its parameters and return value (quite easilly); from clues in the names of the variables used as parameters, and from careful analysis of the code calling the UNIX functions, I could infer what the UNIX function does and what the parameters and return value mean. The IBM code would access data structures defined in the UNIX code (e.g. before and after calling UNIX functions); from the way IBM accesses those data structures, I'd be able to infer quite a lot about them. While I doubt I (with no experience in operating system design or implementation) would probably not find this very useful, it is likely that the information I could glean by these means would prove highly useful to someone familiar with operating system design and implementation. Thus even releasing IBM's code could leak information about the UNIX source around which it was built.

The contract between AT&T and IBM requires IBM to keep the UNIX source code, and IBM's modification of that code, confidential. It requires IBM not only to abstain from publishing the UNIX source code, or IBM's modified form of it; it also requires IBM to limit publication of its own code in so far as this would reveal the kinds of information that would let a programmer infer materially useful information – the methods and concepts of UNIX – as outlined above. At least, that's my reading of what I've seen of the contracts.

The SCO group's lawyers appear to be arguing that the contract's wording causes IBM's confidentiality obligation to stretch to the whole of AIX, or at least to the JFS (a file-system which records what it's doing in ways that make recovery after a crash very much more robust), which IBM has donated to Linux. It is quite likely that the JFS code inside AIX does include significant parts that that call the modified version of UNIX within AIX, which would preclude IBM from publishing that exact version of JFS verbatim. However, the version it has published is one which works with Linux – which is a replacement for the UNIX code. In order to make it work with Linux, it is entirely certain that IBM would have to replace its uses of UNIX data structures and calls to UNIX functions with their Linux equivalents. For a piece of IBM's code, that references the (modified) UNIX code, to not need changing could only arise in so far as Linux does the relevant thing in exactly the same way that UNIX does. For that to happen, the relevant part of how UNIX works would necessarily need to have been made public (as a very great deal of how UNIX works has) prior to IBM's contribution of JFS to Linux; and this naturally voids IBM's obligation to keep that detail confidential.

IBM in fact attests that the version of JFS it put into Linux came from OS/2 (another operating system, which owes nothing to AT&T's UNIX code). Their first version of JFS was written for a version of AIX that pre-dates their deal with AT&T; for OS/2, they completely re-wrote JFS; and (derivatives of) that version of JFS has since been put into both Linux and the more recent UNIX-based versions of AIX.

I suspect the SCO group's lawyers are confused by (or, to be cynical, are hoping to confuse others using) the nature of derivative works, in copyright law. AIX contains (and so, when taken as a whole, is) a derivative work of the UNIX code. IBM has a duty of confidentiality which restricts what it can do with the version of JFS inside AIX (because of what that version of JFS likely reveals about UNIX). The relevant restrictions are very similar to those which would apply to a derivative work of UNIX. However, this does not make JFS a derivative work of UNIX, except in so far as it's distributed with (IBM's modified version of) UNIX. If a particular version of JFS were a derivative work of UNIX, IBM would indeed be restricted in what it could do with derivatives of that particular version of JFS. All the same, even then, IBM could remove the parts of JFS that make it a derivative of UNIX (and likely replace them with something else); the result (if it contained nothing derived from UNIX) would not be a derivative work of UNIX.

I hope the above may be of some help in avoiding confusion about what's going on in this case – the SCO group has been has been remarkably unclear in what it's talking about, leading many to suppose that they are, in some way, claim to control all of AIX. If they can obfuscate their argument enough that it sounds like it leads to that confusion, but dress it up in the right lawyerly language to make it seem legitimate, innocent jurors might be mislead into believing they have a case.

Valid CSSValid HTML 4.01 Written by Eddy.