GROKLAW

We Have Moved Permanently -- Please Join Us in Our New Home

Sat, 22 Nov 2003 10:53:07 GMT

We Have Moved Permanently

Groklaw has moved. We are < a href="http://www.groklaw.net"> here now. Please join us there. We outgrew Radio and thankfully Ibiblio offered to host us. There we have bandwidth galore, and software that can handle hundreds of comments per article. I had a wonderful experience with Radio blogging, and I was sorry to have to move, but Groklaw's amazing popularity made it necessary.

For those of you who subscribe to the RSS feed, please come to the new site and subscribe there. I've been trying to keep up both sites, specificallly for you, but I get so much email now, hundreds a day, that I simply have to let this go. I apologize for the inconvenience and look forward to welcoming you in our new digs. Thank you for making Groklaw such a success.

SCOForum Slides vs. SCO's Memorandum -- A Closer Look

Tue, 04 Nov 2003 09:13:38 GMT

SCOForum Slides vs. SCO's Memorandum -- A Closer Look

In SCO's Memorandum of Law in Opposition to IBM's Motion to Compel Discovery, there is one section entitled "IBM's Characterization of the Presentation at the SCO Trade Show is False and Misleading."

Let's examine this one paragraph and see if that is true or if the shoe is on the other foot.

In order to do that, we'll be comparing what SCO wrote in its Memorandum with the slides in SCO's SCOForum presentation. In order to follow along, you will likely wish to look at the slides themselves. If you go here you can find them as a Powerpoint presentation, and they can be viewed here as html. You can alternatively go to this page where we covered IBM's Motion to Compel Discovery, and you will find links to the Motion, the Memorandum of Law in Support, and all the exhibits, including the SCOForum slideshow.

I will present text from the slides as appropriate so you can follow along without skipping back and forth. First, here is the paragraph from the Memorandum of Law we will be looking at carefully, and I have highlighted the points we will address most particularly to compare with the slides:

"1. IBM's Characterization of the Presentation at the SCO Trade Show is False and Misleading.

"Throughout its memorandum, IBM makes repeated reference to SCO's trade show and a particular presentation about SCO's contractual rights made at that trade show. IBM incorrectly asserts that during that presentation, SCO identified 'four categories of alleged "misappropriation" by IBM: (1) literal coping; (2) derivative works; (3) obfuscation; and (4) non-literal transfers.' (IBM Mem., p. 6)(parentheticals omitted). The slides from the SCO Forum trade show relied upon by IBM (IBM Mem., Exhibit F), corroborate that SCO has not publicly made any such allegation against IBM. Slide 8, which is the only one to contain the terms 'literal copying,' 'derivative works,' 'obfuscation,' and 'non-literal transfers' does not mention IBM, or indeed anyone else. In fact, Slide 8 does not mention trade secrets at all, but rather illustrates SCO's bases for a potential copyright infringement action. What makes IBM's use of this trade show material particularly misleading to this Court is that the code in question identified by SCO at the trade show and elsewhere was code from a licensee other than IBM. In fact, it was widely reported after the trade show that the example of improperly contributed code was from SGI, which has since publicly acknowledged its improper contribution. It is inconceivable that IBM is unaware that the code identified by SCO in its presentation was from SGI, not IBM. In any event, as code contributed by another licensee, it should be obvious to IBM that, despite its demands for this code, the identity of such code is not responsive to any of IBM's interrogatories."

As you can see, they accuse IBM of misleading the court. Let's see who is misleading whom, and we'll take it a piece at a time and look at the slides as we go along. First, SCO claims that the presentation was about contractual rights:

"Throughout its memorandum, IBM makes repeated reference to SCO's trade show and a particular presentation about SCO's contractual rights made at that trade show."

So, it's about contractual rights overall, according to SCO. However, a little further down, SCO characterizes Slide 8 as being a list of SCO's bases for a potential copyright infringement action:

"Slide 8 does not mention trade secrets at all, but rather illustrates SCO's bases for a potential copyright infringement action."

They appear to be distinguishing Slide 8 from the rest of the presentation, saying this particular slide wasn't about contractual matters or trade secrets, rather about copyright, which they haven't accused IBM of. And in fact they pointedly say that IBM is not mentioned at all on Slide 8, and that further it's the only slide that mentions the four infringement terms IBM says SCO has accused them of and which SCO here is denying having ever publicly accused IBM of having done:

"IBM incorrectly asserts that during that presentation, SCO identified 'four categories of alleged "misappropriation" by IBM: (1) literal coping; (2) derivative works; (3) obfuscation; and (4) non-literal transfers.' (IBM Mem., p. 6)(parentheticals omitted). The slides from the SCO Forum trade show relied upon by IBM (IBM Mem., Exhibit F), corroborate that SCO has not publicly made any such allegation against IBM. Slide 8, which is the only one to contain the terms 'literal copying,' 'derivative works,' 'obfuscation,' and 'non-literal transfers' does not mention IBM, or indeed anyone else. In fact, Slide 8 does not mention trade secrets at all, but rather illustrates SCO's bases for a potential copyright infringement action."

This may come as quite a surprise to those of us who have followed this story closely from the beginning, because it feels like that's all we've heard SCOfolk say and imply for about seven months. If you look at Slide 8, it's true that IBM is not mentioned by name on that slide. Here is the text:

"8. SCO UNIX System V Copyright Infringements in Linux®

"Linux is a registered trademark of Linus Torvalds
"Contracts, Agreements, and the Law

"Non-literal transfers
"Methods, structures and sequence from System V contributed to Linux kernels 2.4+

"Obfuscation
"Copying, pasting, removing legal notices, reorganizing the order of the programming structures

"Derivative Works
"Modifications of System V created by vendors contributed to Linux kernels 2.4+ in violation of contracts

"Literal Copying
"Line-for-line code copied from System V into Linux kernels 2.4+"

They are telling the judge that this slide is only about copyright, apparently so as to claim it couldn't be an accusation about IBM. But what does the slide itself say? -- "Contracts, Agreements and the Law." So is it really only about copyright? What did the author of the slide believe? As for their claim that this is the only slide to mention these four terms, this is a rather slick argument. It is true it is the only one to mention all four together on the same slide, but as you go through the slides one by one, you will see that in fact this Slide 8 is a summary of the four terms, but subsequent slides, beginning with Slide 9, mention each term in turn, and the subsequent slides give examples of each of these four terms, and the later slides do mention IBM by name, specifically on Slides 21 and 22.

For example, let's look at Slide 21. Here is the text:

"IBM Claimed Copyright Attribution for Transferring Dynix Code to Linux

"Copyright (c) International Business Machines Corp., 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. Author: Dipankar Sarma (Based on a Dynix/ptx implementation by Paul Mckenney )
"See: http://lse.sourceforge.net/locking/rcu/patches/rclock-2.4.1-01.patch

"Derivative Works"

This Slide 21, then, is an example they offer in the category of "derivative works" and IBM's name is used in the title. If Slide 8 is only about copyright when it mentions "derivative works" and it has nothing to do with IBM, what is this Slide 21 talking about? What about the next slide, Slide 22? It's an example of "non-literal transfers", another of the 4 terms listed in Slide 8, and again IBM is mentioned by name:

"Non-Literal Transfers - Methods and Concepts

"From: Niels Christiansen (nchr@us.ibm.com)
"Date: Thu Dec 06 2001 - 11:10:47 EST

"Hi Kiran,

"Are you concerned with increase in memory used per counter Here? I suppose that must not be that much of an issue for a 16 processor box.... Nope, I'm concerned that if this mechanism is to be used for all counters, the improvement in cache coherence might be less significant to the point where the additional overhead isn't worth it.

"...which may be true for 4-ways and even 8-ways but when you get to 32-ways and greater, you start seeing cache problems. That was the case on AIX and per-cpu counters was one of the changes that helped get the spectacular scalability on Regatta.

"Niels Christiansen
"IBM LTC, Kernel Performance

"Non-Literal Transfers [^] Methods and Concepts"

Whether this email can legitimately be used to prove an infringement is another discussion, but it is clear they used it for that purpose, and they pointed at an IBM employee. "Non-literal transfers" is one of the four terms on Slide 8, and this is an example of such a transfer, according to SCO, and yet they tell the judge that Slide 8 isn't about IBM?

Derivative works are also the topic addressed on Slide 18, "Use is Infringing if Scope of License Grant for Derivative Work is Exceeded", and Slide 19, "Examples of Significant Infringing Derivative Works Contributions to Linux 2.4/2.5", both listing NUMA, RCU, JFS, and XFS, and one adds NUMA and the other adds "Schedulers, Linux PPC 32- and 64-bit support, and Enterprise Volume Management System". Obviously, IBM is at a minimum under a cloud in this list. And Slide 20 lists exact numbers of files and lines of code under the title "Derivative Works" for RCU, NUMA, JFS, SFX, and SMP for a precise total of 1,549 files and 1,147,022 lines. Maybe more than a cloud, considering what Aberdeen Group analyst Bill Claybrook wrote SCO told him:

"One example of derivative code that SCO says IBM has released to Linux is IBM's AIX journaling file system (JFS) . . . Two other examples of derivative code that SCO says IBM has released to Linux is NUMA (nonuniform memory access) code and RCU (read, copy, and update) code developed by Sequent prior to IBM's acquisition of Sequent in 1999."

What about the other two terms on Slide 8, line-by-line copying and obfuscation? Let's take a look. Literal copying is handled on several slides, not just one. Slides 9-14, to be exact. SCO's assertion is that the code they showed later turned out to be SGI code, not IBM, so IBM has no reason to ask for SCO to hand it over in discovery. But if you look at the slides titled "Literal Copying", each one says this: "Line by Line Copying [~] One Example of Many", so SCO is pretending there was only one code example used at the slide show but we see several examples and in any case, the examples used were presented as just a sample of many others SCO could show. IBM is asking to see all of them, not just the sample code that turned out to be SGI code.

Obfuscated copying is addressed on Slide 15, but not being a programmer, I'm not qualified to analyze this slide. Others have already done so. With regard to the code examples later turning out not to be IBM code, the issue isn't what they turned out to be, but what SCO represented them to be at their slide show. We presented news articles of the show in our article on Saturday, SCO Tells IBM: No, You Show *Your* Code First that indicated that what SCO representatives said at the show was that IBM was guilty of infringement, and that was what attendees expressed their understanding was from the presentation. So we need not cover that ground again here, except to repeat this small example:

"At the SCO Forum on Monday, the company pulled out its latest weapon: lines and lines of disputed code that were allegedly copied from SCO's Unix into IBM's version of Linux. The company claims that IBM illegally copied Unix code into its version of Linux . . . "

But that isn't the only time SCO has accused IBM of infringing their IP. They accused IBM of directly copying their System V code into Linux, according to two news articles, first one in MozillaQuest, which quoted analyst Bill Claybrook as saying SCO told him IBM was a violator:

"I don't have a list of any of the alleged violators, except SCO did say that IBM has copied Unix System V code into Linux. I personally find that hard to believe because IBM has one of the best screening processes of any major supplier for making sure that code does not move into Linux. And SCO said no to IBM's copying the first time I asked the question and then several hours later changed their answer to the one that I just gave."

Here is the Newsfactor account:

"'I specifically asked SCO if they had any evidence that IBM directly copied System V source code into Linux. The reply was no,' Claybrook wrote in his report. 'SCO has subsequently changed that reply to, "We have that code but we have not presented it at this time."'

"When asked if the confusion about this issue is odd, given that this is the central tenet of SCO's lawsuit against IBM, Claybrook agreed. 'Whenever I asked the question, Chris Sontag, the VP there, told me no,' Claybrook said. 'But then I got an e-mail 8 to 10 hours later from Blake Stowell, director of PR, that said they had "misspoken" -- they did have evidence that IBM had directly copied code.'"

Here's what Darl McBride said on 07/03/2003 according to The Register:

"IBM has taken our valuable trade secrets and given them away to Linux."

In the press release SCO put out when it "terminated" IBM's AIX contract, McBride said IBM was continuing to "violate our source code". And SCO's attorney Mark Heise said:

"Through contributing AIX source code to Linux and using UNIX methods to accelerate and improve Linux as a free operating system, with the resulting destruction of UNIX, IBM has clearly demonstrated its misuse of UNIX source code and has violated the terms of its contract with SCO."

And here McBride made a direct accusation:

"In the last 18 months, we found that IBM had donated some very high-end enterprise-computing technologies into open-source. Some of it looked like it was our intellectual property and subject to our licensing agreements with IBM. Their actions were in direct violation of our agreements with them that they would not share this information, let alone donate it into open-source. We have examples of code being lifted verbatim.

"And IBM took the same team that had been working on a Unix code project with us and moved them over to work on Linux code. If you look at the code we believe has been copied in, it's not just a line or two, it's an entire section -- and in some cases, an entire program."

When SCO wrote that they have never accused IBM publicly of the four categories of alleged misappropriation, literal copying, derivative works, obfuscation, and non-literal transfers, was that truthful? The accusation ended up in Claybrook's report, and SCO not only didn't correct it, it corrected Sontag's orginal denial that they had proof of IBM's literal copying.

And they did it privately too, according to Ian Lance Taylor's report of his visit to look at the code, which report SCO never corrected to the best of my knowledge and, if I remember correctly, I believe McBride actually referred to this account in a teleconference. During his visit, he took notes and says that this is what SCO (mostly Chris Sontag) told him:

"SCO has a list of about 20 IBM engineers who are, it claims, using AIX methods in Linux. SCO claims that some of these engineers literally are looking at AIX source code as they discuss Linux issues and making recommendations based on the AIX code.

"SCO claims this is inappropriate because everything built on top of AIX or using methods developed in AIX is really a derived work of Unix. As we talked, I realized this is a key part of SCO's argument. SCO claims that anything built on top of Unix is itself a derived work of Unix. I will discuss this further below.

"SCO said that besides IBM, Sequent has contributed code to Linux which is derived from Unix. Sequent is now a subsidiary of IBM.

"SCO also claims that some of the derivative works IBM contributed to Linux include NUMA, RCU, JFS, SMP, performance measurement and improvements, serviceability, scheduler improvements, LinuxPPC 32 and 64 bit support, logical partition support. Sontag moved on to the next slide before I typed down the rest of the list."

Finally, about the SGI matter, SCO characterizes what happened like this:

"What makes IBM's use of this trade show material particularly misleading to this Court is that the code in question identified by SCO at the trade show and elsewhere was code from a licensee other than IBM. In fact, it was widely reported after the trade show that the example of improperly contributed code was from SGI, which has since publicly acknowledged its improper contribution."

Here's what SGI actually said about the code:

"When a question was raised by the community earlier in the summer about the ate_utils.c routine, we took immediate action to address it. We quickly and carefully re-reviewed our contributions to open source, and found brief fragments of code matching System V code in three generic routines (ate_utils.c, the atoi function and systeminfo.h header file), all within the I/O infrastructure support for SGI's platform. The three code fragments had been inadvertently included and in fact were redundant from the start. We found better replacements providing the same functionality already available in the Linux kernel. All together, these three small code fragments comprised no more than 200 lines out of the more than one million lines of our overall contributions to Linux. Notably, it appears that most or all of the System V code fragments we found had previously been placed in the public domain, meaning it is very doubtful that the SCO Group has any proprietary claim to these code fragments in any case.

"As a precaution, we promptly removed the code fragments from SGIs Linux website and distributed customer patches, and released patches to the 2.4 and 2.5 kernels on June 30 and July 3 to replace these routines and make other fixes to the SGI infrastructure code that were already in progress at SGI. Our changes showed up in the 2.5 kernel within a few weeks of our submission, and the 2.4 changes were available in the production version of the 2.4 kernel as of August 25 when the 2.4.22 kernel was released. Thus, the code in question has been completely removed.

"Following this occurrence, we continued our investigation to determine whether any other code in the Linux kernel was even conceivably implicated. As a result of that exhaustive investigation, SGI has discovered a few additional code segments (similar in nature to the segments referred to above and trivial in amount) that may arguably be related to UNIX code. We are in the process of removing and replacing these segments.

"SCO's references to XFS are completely misplaced. XFS is an innovative SGI- created work. It is not a derivative work of System V in any sense, and SGI has full rights to license it to whomever we choose and to contribute it to open source. It may be that SCO is taking the position that merely because XFS is also distributed along with IRIX it is somehow subject to the System V license. But if so, this is an absurd position, with no basis either in the license or in common sense. In fact, our UNIX license clearly provides that SGI retains ownership and all rights as to all code that was not part of AT&Ts UNIX System V."

Does that match what SCO said to Judge Kimball about SGI and this code? No? One thing I think we can all agree on. Someone is being false and misleading. I will leave it up to you to decide who.

Now, about the "it's not about trade secrets", here is how SCO characterized its lawsuit against IBM in its SEC 10Q filing for the quarter ending April 30, 2003:

"On March 6, 2003, the Company filed a complaint against IBM alleging breach of contract, misappropriation of trade secrets, tortious interference, and unfair competition. The complaint centers on IBM[base ']s activities regarding the UNIX operating system that underlies both the Company[base ']s UNIX-based operating systems and IBM[base ']s AIX, its UNIX-based operating system. The complaint alleges that IBM obtained information concerning the UNIX source code from the Company and inappropriately used and distributed that information in connection with its efforts to promote the Linux operating system." [emphasis added]

And IBM is misleading the court and mischaracterizing the case as being about trade secrets? They said themselves that's what it was about. And they never publicly accused IBM? SEC filings are public. Interviews with the media are public. The SCOForum slide presentation was public.

Maybe the explanation is as simple as this snip from an exclusive interview McBride gave:

"In an exclusive interview, McBride told vnunet.com that SCO was about to embark on the discovery process of its legal case, when it looks for material related to the case.

"'As we move into discovery, this will be very nice for us because now we get to go in and talk to all their people, their customers. We get to really shake things up and get in to find out what really is going on over there,' he said.

"McBride claimed that SCO has the right to audit IBM's customers. 'We have other rights under the contract we are looking at. For example, we can audit IBM customers. SCO has audit rights on its customers,' he said.

"'The reality is that we are going into discovery right now and that might be the vehicle to be able to investigate what we need there anyway.'"

Normally, when I write about the SCOSaga, I try to be entertaining, but I have to confess to being old-fashioned enough that I can't find anything funny or witty to say about this story. You just don't mislead a judge. I'm shocked, actually. Not in the Casablanca-I'm-shocked-shocked kind of way. I mean I'm really stunned by the slide comparison. I keep thinking, maybe I've misunderstood. Maybe it's written so sharply I've missed something. It's possible. I actually hope so.

I've never worked for an attorney who misled a judge. This may amaze those of you who hate lawyers, but it's true. The whole legal system is based on honor, corny as that might sound. That is one of the things I like about it. I've seen lawyers lie to their wives, sadly, to their creditors, maybe, to their clients even, but never to a judge.

I guess it's true, what Lily Tomlin said. No matter how cynical you get, it is impossible to keep up.

SCO Tells IBM: No, You Show Your Code First

Tue, 04 Nov 2003 09:11:13 GMT

SCO Tells IBM: No, You Show *Your* Code First

It's time to analyze SCO's Memorandum of Law in Opposition to IBM's Motion to Compel Discovery, which we posted as text yesterday. If I had to characterize it in a brief sentence or two, the sentence would be that SCO tells the court, "How are we supposed to know what code IBM misappropriated? It's up to them to prove our case for us. It's not for us to hand over the code; it's up to them to show us every bit of code they ever donated to Linux. Then, we'll go over it and find whatever we can find. And anyway, we've given them plenty of stuff just today, so who needs a motion to compel? Let's just forget the whole thing."

In short, they don't want to show the code this exact minute.

They bad mouth IBM some more, tell a fib or two, by my reckoning, and then sit down, saying the motion should be denied. Let's go over the document piece by piece.

"It has been said that things have both an ostensible and a real reason. Ostensibly, IBM filed its motion to Compel to force SCO to answer interrogatories and produce documents because it had failed to do so. The reality, however, is that SCO not only timely responded to IBM's discovery requests, it then engaged in weeks of lengthy conversation, correspondence, and emails to resolve and clarify discovery issues and ultimately agreed to supplement its responses. But supplemental responses were not all that IBM was seeking. If that were the case, IBM would have waited until today, when supplemental responses were promised and were in fact served. No, what IBM really desired was a forum within which it could construct its stilted and inaccurate mischaracterization of SCO's claims, behind which it could hide its own failure and refusal to provide meaningful discovery responses. As detailed below, IBM's motion is without merit and should be denied."

Here SCO tells the judge that there is no need for any Motion to Compel. They told IBM they'd give them their supplemental answers (that they should have given them from the beginning but didn't until after "weeks of lengthy conversation, correspondence, and emails" made them agree to do it) by today. We did, so why did they file a Motion to Compel? There are pretend reasons used as a cover, they say, and then the real reason. And the real reason was so IBM could have a forum to mischaracterize SCO's claims and so it could hide from their own failure to give SCO meaningful answers to *their* discovery requests. In short, the defense is, IBM hasn't answered all our questions either. Never mind that IBM sent its interrogatories to SCO weeks before SCO sent IBM its interrogatories.

This is certainly a novel way to respond to a Motion to Compel Discovery. SCO has been accused of refusing to turn over information and documents it must turn over, and their answer is, well, they didn't either. Their secondary answer is that although they had not turned the materials over by the date of the filing of the Motion, IBM should have been able to trust SCO's word. Heh heh. IBM already told the judge in its Motion to Compel that the reason they were filing was because SCO had absolutely refused to tell them that they would produce the materials requested, not that they were pokey.

So now, somebody's mistaken or lying. Either SCO told IBM it'd turn over everything IBM asked for by the 23rd, or they refused to commit themselves to doing so, which is IBM's story. So, who do you believe? I think the rest of the document makes clear that when SCO says it offered supplementals, it still didn't mean it would answer all IBM's questions or provide everything IBM asked for.

"At its core, IBM's Motion to Compel Discovery asks for answers to interrogatories that fit its own mischaracterized theories of the case, rather than answers that relate to the actual allegations made by SCO in the Complaint."

IBM is asking us things that don't relate to our theory of the case as presented in our complaint, they whine. IBM has brought into the picture the statements that SCO has made in the press and at SCOsource showings, and SCO is protesting, as well they must, since they have said a lot more in the press than in the court papers, and not everything they have said in public is going to be helpful in court, so they are trying to keep IBM inside their own complaint's four walls. But SCO seems to forget that IBM has a case also. A counterclaim is a case on its own two feet. Even if SCO withdrew its charges, IBM's counterclaims stand. So IBM can ask away with respect to their own claims, just as SCO has asked for and received materials from IBM.

"IBM's baseless arguments begin as an effort to smear SCO and end with a newly created justification of why IBM has failed to provide any meaningful discovery responses itself. While IBM's improper litigation tactics are discussed in detail below, the Motion to Compel can be denied on the simple basis that SCO has actually provided supplemental answers, pursuant to earlier agreement, and this motion is therefore moot."

Here, they say, you can deny their motion, because we've turned over our supplemental answers anyway. But that doesn't really cut it, because IBM in its Motion to Compel already told the judge that SCO had offered the supplemental answers but that the answers they planned to give were not all that IBM has requested. And how can the judge possibly know, from this SCO document, what has actually been turned over and whether it is sufficient? Obviously, he can't, and SCO knows it, but they make the argument anyway.

"THE LAWSUIT

"Contrary to IBM's efforts to recast SCO's Amended Complaint as one limited to trade secret violations, the Amended Complaint contains six counts--the first three counts are for IBM's numerous breaches of licensing agreements. The remaining counts, including Count VI for misappropriation of trade secrets, flow from this transgression and are ancillary to the breach of the license agreements. Thus, notwithstanding IBM's mischaracterization, trade secret misappropriation is not the gravaman of the Complaint (IBM Mem., p. 2), but it is merely one count that recasts one aspect of the injuries caused by IBM's breach. These injuries would exist even in the absence of any trade secret misappropriation."

This is a strange argument. They seem to be saying that they aren't actually talking about trade secrets, at least not primarily. What they are really complaining about is breach of the licensing agreements. I note the plural of agreements, but I don't know exactly what they mean by that. If they mean things like Amendment X and the Side Letter, they are surely sunk, and indeed they never refer to either document. It seems someone has bonked them over the head with great force and now they are suffering total amnesia about those two documents, so what they mean by agreements as opposed to an agreement, we'll have to wait and see. What I'm guessing they mean is the Sequent agreement and the IBM agreement, holding IBM responsible for any breach in the Sequent agreement. They could also be referring to the fact that there have been supposedly many, many agreements over the years. Or it's a Freudian slip of the pen, and they do remember the 1985 side agreement and Amendment X, which well they might, since they themselves attached them to their Complaint as exhibits.

So, trying to parse the logic of their sentence, they are claiming that their accusation of trade secret misappropriation isn't the main part, or gravamen, of their Complaint. Gravamen means the heart of the argument, the part that the case is really all about. They misspell the word, actually, but I've heard Boies is dyslexic, so perhaps he wrote it that way and no one dared to challenge him. IBM is guilty of "numerous breaches of licensing agreements", and counts one through three list them, they say. The rest of the counts are ancillary to counts one through three, showing one of the aspects of the harm SCO maintained as a result of the breaches.

This, of course, makes no sense, but we'll move on, except to note that they don't at all want this case to stand or fall on being able to prove misappropriation of trade secrets, probably because they have no ability to prove IBM is guilty of any such thing. So here they are saying, we were damaged, but we shouldn't have to prove it with respect to trade secret violations. Good luck getting a judge to agree that you don't have to prove one of the claims in your complaint.

Here's what Darl McBride said on 07/03/2003:

"IBM has taken our valuable trade secrets and given them away to Linux."

Here's another quotation, from June 3, 2003, Darl McBride:

"'IBM has been happily giving part of the AIX code away to the Linux community, but the problem is that they don't own the AIX code,' he said. 'And so it's a huge problem for us. We have been talking to IBM in this regard since early December and have reached an impasse. This was thus the only way forward for us.'"

Oh. So which is it? Is this what the case is about or isn't it? And did IBM mischaracterize the case? Did they have no basis for thinking it was about trade secrets being misappropriated? or are SCOfolk speaking with forked, situational tongues?

The problem SCO has is, it has covered the media in press releases and statements for months saying that IBM has done what it now says it wasn't really talking about. They are in a pickle. The code they showed at SCOForum, that they said at the time was proof of IBM's misappropriating their code, turned out to be BSD and maybe SGI code, which IBM had nothing to do with, so they are left with their pants down in front of the judge, and there is a lot of holding newspapers or anything handy in front of embarrassing body parts going on here.

"In its Amended Complaint, SCO alleged that IBM and Sequent (now part of IBM and herinafter collectively referred to as IBM) were licensees of UNIX System V source code ('UNIX'). As part of this license grant, IBM was given certain rights and also agreed to certain restrictions upon its use of UNIX. IBM agreed, for example, that UNIX code and methods would be solely for its own internal business purposes (§ 2.01), [1] that UNIX code and methods would not be used for others and by others (§ 2.05), and that IBM would maintain the code and methods related thereto in confidence (§ 7.06). Similarly, IBM further agreed it would not sell or otherwise dispose of UNIX in whole or in part (§ 7.10). Significantly, IBM also agreed that any modifications or derivative works of UNIX prepared by IBM, would be treated by IBM 'as part of the original Software Product.' (§ 2.01). Thus, all of the foregoing restrictions on UNIX also apply equally to any modifications or derivative works created by IBM. [2]"

Well, now, everything hinges on what you mean by derivative works. But first, the contract itself. As you can see, the amnesia is interfering with their total recall, poor things. I've heard if you tell historic facts to an amnesiac over and over, sometimes their memories return, so let's give it a try.

If they look at their own Exhibit C, attached to their own Complaint, they will find that by means of this Side Letter, IBM was given the right to develop products and services "employing ideas, concepts, know-how, or techniques relating to data processing embodied in SOFTWARE PRODUCTS...provided that the LICENSEE shall not copy any code from such SOFTWARE PRODUCTS...and employees of LICENSEE shall not refer to the physical documents and materials compromising SOFTWARE PRODUCTIONS..."

Got that, SCO? Derivative works are not yours, according to this letter, so long as none of your code is in the derivative work, and the confidentiality requirement is lifted on any such code as well by this letter. And as for trying to lasso every programmer's thoughts and methods and ideas, well, that's just silly. That really would be the end of the software business, because no programmer could ever leave his job and go to work for anyone else unless they gave him a lobotomy first. Maybe just a hard bonk on the head would do, but to be on the safe side, a lobotomy is better.

I know. Maybe they could just kill all programmers who try to leave their jobs. If SCO shows their code to a programmer, they'd have to kill him to make sure their ideas and methods don't escape with him. This news report indicates that SCO is worried about programmers' memories:

"At the time McBride said SCO was concerned that programmers who had signed agreements to see proprietary SCO source code had moved on to other projects and might be incorporating his company's proprietary code into other projects."

They just can't build walls high enough around their precious IP, and these programmers are such brainiacs, they might remember methods even if you get them sloppy drunk, and then who knows who they might whisper their secrets to? So, all in all, I think killing them is best for the bottom line. Shareholders expect you to think pragmatically, after all.

Outsourcing makes available a seemingly limitless pool of underpaid talent that could be used to fill the shoes of the dead coders, like ants that just crawl right over the corpses of their dead comrades and keep marching forward. There is one problem with this plan. You might think you'd never run out of new coders, but I think it'd be like polluting the ocean. At first, it seems you could never accomplish such a monumental task, but somehow mankind has overcome all odds and achieved it. I think they'd find, similarly, that the hordes of Chinese and Indian programmers, at first a seemingly limitless pool of exploitable, cheap labor, in fact are a finite resource, so I guess we can rule that plan out as impractical long-term. OK, no killing off coders who've seen SCO code. But that leaves SCO with its worrisome problem. How to protect its really old, old ideas?

Getting back to planet earth, Section 2 of the letter means, quite simply, that IBM can take code from AIX and give it to someone else, provided that it contains no original System V code. Are they hoping the judge doesn't read? Doesn't know about Exhibit C? It's very puzzling they don't even mention it, unless they have some reason up their sleeve why they don't agree with this interpretation of the side letter.

"Pursuant to these restrictions, IBM agreed that AIX, IBM's 'own version of UNIX' (IBM Mem., p.2 n.1), and Dynix, Sequent's version of UNIX, would be used solely for internal business purposes, would be maintained in confidence, and would not be disposed of in whole or in part. IBM, contrary to these clear and unambiguous limitations on its use of UNIX, including modifications and derivatives thereof, has publicly touted its contributions of AIX and Dynix into Linux, the free, 'open source' operating system that IBM has heavily supported, both financially and technologically. [3] Specifically, IBM improperly contributed these protected UNIX materials into the Linux 2.4 and 2.5 kernels (in lay terms, the 'brain' of the operating system)--a decidedly public disposition of these protected materials. This action is a clear breach of IBM's obligations under the agreements with SCO governing the use of UNIX, and derivatives such as AIX and Dynix."

This is the gravamen of their current claim, then, that IBM was supposed to keep code confidential and instead it made it public by donating it to open source. seems a lame metaphor for kernel. They call it a kernel because the word is, in itself, a description of what it is. But why quibble? And anyway, we want to plow forward, and this is only the end of their preamble. Now comes their actual response to IBM's motion.

"IBM'S MOTION

"IBM's Motion begins with a seven page 'preliminary' statement that makes unfounded attacks on SCO and its counsel. This gratuitous commentary was inserted by IBM in the apparent hope that innuendo and sniping may add weight to its motion. IBM begins by claiming 'SCO has obfuscated its claims to foster fear, uncertainty and doubt about its rights and the rights of others.' (IBM Mem., p. 3). In fact, SCO has done nothing other than assert its contractual and legal rights. [4]"

Heavens to Betsy! Do you mean to tell me IBM has used innuendo and sniping and unfounded attacks? Why, this is an absolute outrage. Call the police.

SCO would never do such a thing, so righteous indignation is understandable and very appropriate for them. You can practically see them shaking with the anger of the upright wronged. Either that, or they hope Judge Kimball doesn't read Groklaw.

"IBM then incorrectly attributes as a purported quote from SCO's counsel that SCO 'doesn't want IBM to know what they [SCO's substantive claims] are.' Even a casual review of the article IBM relies upon (IBM Mem., Exh. C) reveals that no such statement was made by SCO's counsel. Indeed, the one paragraph 'article' is nothing more than a gripe by a reporter who failed to obtain information from counsel about the case. More importantly, SCO's counsel, through communication with IBM's counsel and through its Amended Complaint, has made perfectly clear to IBM what its substantive claims are. That IBM chooses to ignore the statements and the actual claims detailed in the Amended Complaint does not give rise to a motion to compel. [5]"

Didn't they get the news that Groklaw has a searchable database of quotations? As lawyers say to witnesses on the stand when they pretend they have forgotten something, would this refresh your memory? This is what the reporter Maureen O'Gara wrote about what she described in the March 21, 2003, article as a charming conversation with Mark Heise by phone:

"We had a charming conversation with the lawyer who's handling the SCO v IBM suit for SCO, a guy by the name of Mark Heise in the Florida office of Boies, Schiller & Flexner. His wife is expecting their first child any minute now. It's safe to say we now know more about his wife's pregnancy than we do about any substantive claims SCO can make against IBM. Heise claims to have them - and isn't proposing to go on discovery fishing expedition - but doesn't want IBM to know what they are. At the time, and this was a week ago, he said he had spent more time talking to us than to IBM, that there had been no contact."

As you can see, she wasn't griping about not getting any info about the case. She was saying that Heise told her something, and what he told her was that he didn't want IBM to know what SCO's claims were. Ms. O'Gara is a reputable reporter. And SCO is misrepresenting what she reported.

Additionally, there is this confirmation of Heise's position in a quotation by Darl McBride back in January:

"'We feel very good about the evidence that is going to show up in court. We will be happy to show the evidence we have at the appropriate time in a court setting,' McBride said. 'The Linux community would have me publish it now, (so they can have it) laundered by the time we can get to a court hearing. That's not the way we're going to go.'"

"The 'Preliminary Statement' repeats over and over that SCO purportedly has failed to answer the series of questions arising from the 'trade secrets and any confidential or proprietary information that Plaintiff alleges or contends IBM misappropriated or misused.' SCO, however, previously provided appropriate answers. Nonetheless, SCO has filed supplemental answers to interrogatories, served today consistent with its agreement to do so, which specify the source code files that contain the information IBM and Sequent agreed to maintain as confidential and proprietary."

This is a trick answer. Here, SCO says IBM is accusing them of not answering their questions, but SCO says they did, too, answer. And then they agreed to answer them better and have now done so, so as of today, SCO has provided IBM with the specifics about which files they allege are infringing....Nah. Just checking to see if you were still awake. They don't say any such thing, and they didn't turn over the info IBM asked for. They told them instead exactly which source code files "contain the information IBM and Sequent agreed to maintain as confidential and proprietary." That's not the same thing at all. That would be every line of code, if you stop and think about it. It's all, according to them, confidential and proprietary, even programmers' thoughts. And, excuse me, but that isn't what IBM asked for. What they asked for, as SCO acknowledges, is "to answer the series of questions arising from the 'trade secrets and any confidential or proprietary information that Plaintiff alleges or contends IBM misappropriated or misused.'"

This is SCO dancing as fast as it can. It wants the judge to think they have complied when they have not. They still haven't shown the code they think is infringing.

"Much of this information was developed by IBM and Sequent and, pursuant to their license agreements with SCO, both IBM and Sequent agreed it would be held as confidential. As a result, some of the information IBM requested will be known only to IBM, so the specifics of who at IBM was involved with improperly contributing this code to the public, how they did so, and the like will not be known until SCO gets the information from IBM, the party who contributed the protected materials in violation of its contractual obligations.

"Such a situation does not create grounds to grant a motion to compel. As the court explained in a case cited by IBM, O'Connor v. Boeing N. Am., Inc. 185 F.R.D. 272,281 (C.D. Cal. 1999), a toxic tort case, 'the clear inference from the reponse is that [respondents] do not yet know exactly how they were exposed to contaminants, but exposure occurred. When additional information is known to [respondents], they must supplement their response under Rule 26(e).' Likewise, SCO is presently attempting to ascertain, through the interrogatories and requests for production it has propounded to IBM, the associated background information and details that it needs to prepare its case as well as to fulfill IBM's request. Thus, to the extent certain portions of the answers are not currently available, they can be supplemented upon receiving the information from IBM, the party that improperly made the contributions to Linux in violation of its obligations to SCO and the party that presumably can identify who at IBM made the unlawful contributions to Linux, to whom they were made, when they were made, and other related details. To date, however, IBM has failed to provide this information, despite its agreement and obligation to do so."

Huh? They don't know of any infringing code, but they just know it must be in there somewhere? They want IBM to show them the smoking gun so SCO can build its case? Their argument is: we can't tell you what code is infringing, because you haven't told us yet. IBM wrote the code themselves, so we don't know what they wrote, but it must be ours. We hope to find it after IBM answers our interrogatories, and if we do, then we'll tell IBM where it is. On that basis, they say the motion need not be granted.

What happened to the spectral analysts and the MIT mathematicians and the physicists who deep-dived, as McBride put it, and analyzed the code and found "millions" of lines of infringing code? Just a couple of days ago, McBride said the same thing in a French interview, and now they don't know of any specific lines of infringing code?

This is a new tack. They use a toxic tort case, meaning someone got hurt by a toxin of some kind, and say, "That's us, your honor. We've been hurt, but we aren't sure yet exactly where."

Here's what they used to say, first Heise:

"We're educating the public in general that, well, there is in fact infringing code, both direct line for line and obfuscated code, derivative works, non-literal -- it's there. [We] just don't want the rest of the world to believe that it's not [there], that this is some sort of smoke and mirrors. It's not."

Now, they say it *is* smoke and mirrors, and the smoke won't clear without IBM stepping up to the plate and showing where their crime is hidden. SCO is complaining that IBM did not keep the code confidential, yet they can't find it because IBM kept it so confidential SCO can't locate it. But here is what they told attendees at SCOForum:

"Those prepared to sign a non-disclosure agreement were treated to select chunks of code that SCO claims were copied from its Unix operating system into IBM's version of Linux. . . .

"At the SCO Forum on Monday, the company pulled out its latest weapon: lines and lines of disputed code that were allegedly copied from SCO's Unix into IBM's version of Linux. The company claims that IBM illegally copied Unix code into its version of Linux, and it's warning Linux customers that they may be violating copyright by using the operating system without paying SCO. It's also recently rolled out a new licensing plan that would require Linux customers to pay between $199 (£125) and $699 per computer. . . .

"As of the end of the day on Monday, more than 150 had seen the code presentation, which the company said includes a small portion of the infringing code it's found so far. Sontag said the company has uncovered more than a million lines of copied code in Linux, with the help of pattern recognition experts.

"A compelling case? According to those who viewed the code at SCO Forum, company representatives showed off several categories of code that allegedly infringed its copyrights, including some lines that appeared to be directly copied, some that were derivative works, and some that were obfuscated, such as code from which legal disclaimers had been removed. . . . .

"After viewing the code, Don Price, the general manager of Price Data Systems, said he was surprised at the volume that was allegedly copied. 'It's compelling,' he said. 'Some people were either extremely sloppy, or copied and thought no one would go after them.'"

"Neil Abraham, with SCO reseller Kerridge Computer, said SCO made the right decision to pursue IBM. 'I think they've got a very firm case,' he said, after looking at the code. 'It's not just one line. It's huge chunks.'"

OK. That was then. This is now. And now, SCO with a straight face tells the judge they just don't know where infringing code might be hiding. That's why they haven't turned it over.

"As noted earlier, because SCO long ago indicated it would supplement its answers to interrogatories, IBM's motion should be denied as premature. Having provided the supplemental answers, IBM's motion is also rendered moot. Under these circumstances, normally there would be no further reason to address any of the remaining statements in IBM's memorandum. Here, however, IBM has advanced two arguments that so egregiously distort the facts and circumstances of this case that SCO is forced to respond."

This is just the sum-up of why they feel the motion should be denied: it's too soon, they've already provided supplemental answers, and IBM's motion is moot. If you weren't convinced already, this won't do it either. But now they launch into a counterattack on IBM. They are "forced" to do it because of two arguments IBM has made.

Sigh. This is like when your kid gets such a knot in his shoe, you hardly know where to begin. First, you just read the SCOForum news report. Is SCO being truthful in saying the slides don't say IBM on them? Yes. But did they verbally say all the things they are now denying? According to the news reports, they did.

"Nevertheless, McBride and other attorneys including Mark Heise, another hired gun from Boies, Schiller & Flexner LLP, presented SCO's pending case against IBM, this time to a jury of hundreds of Unix resellers and solution providers gathered at SCO Forum 2003.

"The cameras flashed when SCO attorneys briefly highlighted on screen alleged examples of "literal" copyright infringement and improper use of derivative works of Unix System V code that appear in Linux 2.4X and Linux 2.5X.

"While it was difficult to ascertain the exact code being shown on screen, attorneys pointed to exact copying of some code from Unix to Linux and claimed that IBM improperly donated almost a million lines of Unix System V code to the Linux 2.4x and Linux 2.5x kernel that infringe on its Unix System V contract with SCO -- and SCO's intellectual property."

Those reporting and those attending agree with IBM that SCO accused them. So is SCO being truthful to this judge? Like a car salesman, maybe. They say they have not publicly made any such allegation against IBM.But the news stories prove otherwise.

Folks, I mean no disrespect, but don't these allegedly religious men pray at night? If so, how do they raise their eyes to heaven?

Judge Kimball strikes me as an honorable man, so maybe there is hope that he will be shocked and disturbed that SCO has the unmitigated gall not only to lie about what it said but to attack IBM for "misleading" the court by pointing out that SCO said it and asking them for proof of the public accusations. Why, the whole world knows it was SGI, they disingenuously say, who wrongfully put that code in, because they have admitted it.

First, that isn't what SGI said at all. They said the code appeared to be most, if not all, public domain code. Anyway, whatever happened afterwards doesn't change what SCO said at the show. SCO accused IBM publicly and now they want to pretend they didn't say it. And what they said at the show wasn't the only time they have made such accusations against IBM. Just check our quote database.

"2. IBM's Claim It Will Not Respond to Discovery Until It Receives Supplemental Answers is Belated and Improper.

"Most problematic is IBM's claim that it cannot repond to discovery until SCO supplements its answers to interrogatories. SCO's discovery requests directed to IBM have been outstanding for four months. Raised for the first time in this motion, IBM's manufactured excuse for failing to respond is absurd and contrary to its previous representations that it will provide the discovery requested.

"Now, after mischaracterizing the breadth of SCO's complaint as detailed above, IBM suddenly claims '[w]hether a given document ultimately will be responsive to SCO's extensive requests turns on which trade secrets SCO identifies as being at issue in this case.' (IBM Mem., p 18). No, it does not. The example used by IBM to support its recently created excuse for not providing any additional documents since October 2, 2003, makes clear that whatever may be a trade secret does not limit IBM's obligations to provide full and fair discovery responses. Specifically, IBM points to SCO's Document Request number 11 and claims it needs guidance on the trade secret issue before it can repond. Request 11 is as follows: 'All contributions made without confidentiality restrictions by IBM or anyone under its control including, but not limited to, source code, binary code, derivative works, methods and modifications to Open Source Development Lab, Linus Torvalds, Red Hat or any other entity.' There is nothing on the issue of trade secrets that this Court needs to 'clarify' for IBM to produce this information. As noted earlier, IBM contractually agreed to maintain certain information as confidential and proprietary. That includes all of UNIX System V, UnixWare, IBM's verison of UNIX, called AIX, and Sequent's version of UNIX, called Dynix. IBM cannot unilaterally alter SCO's claims by pretending the clear and unambiguous allegations in the Complaint and contractual obligations detailed therein do not exist. IBM must provide the requested documents and cannot avoid or alter its production obligation through the filing of a Motion to Compel that improperly seeks to alter the claims as pleaded by SCO."

This is really low. IBM has told the judge that it can't respond to SCO without knowing what they are accused of specifically. SCO now says this is "absurd", as if it were a novel notion that an accused defendant has the right to know the charges against him. And all these arguments are irrelevant to this motion. SCO didn't bring a Motion to Compel, although knowing SCO, no doubt they'll try that next. This is IBM's Motion to Compel, not the reverse. Why SCO's attorneys inserted all this stuff about IBM not answering is a genuine mystery. It won't mean a thing to anyone, and I'm sure they must know it, unless they are playing to the peanut gallery.

SCO has asked IBM to provide all the code it has ever donated to Linux. It makes a big fuss about their failure to do that. Why, the nerve of IBM asking SCO to reveal what trade secrets it has allegedly violated. IBM is saying, you can't just go fishing. Tell us what you think we've done wrong and we will respond. And SCO says, we want to go fishing.

Imagine if you could just accuse a software company of wrongdoing and without providing any specifics or having any proof, you could make them turn over all their proprietary code so you could comb through it and try to find infringement. I'd say if courts allowed that, we'd have even more business-model-by-litigation than we already have to endure. Discovery is most particularly not supposed to be abused that way. You aren't supposed to use it as a way to go on fishing expeditions. Anyway, all SCO has to do is go through the Linux code itself and look for IBM copyrights. Or look on the internet. It's all public.

"CONCLUSION

"Based on the fact that SCO voluntarily supplemented its answers and that IBM's Motion to Compel is premature and wholly inaccurate, SCO respectfully requestes that this Court deny IBM's Motion to Compel."

Wholly inaccurate? By what yardstick? There are four footnotes too, but they are self-explanatory. Offensive, but self-explanatory. One footnote requires a reply:

"[2] These restrictions are fundamental to any license for software. In the absence of such restrictions and the ability to enforce them, a licensee can simply modify or rewrite code and then give it away thereby eliminating any value of the original source code. Thus, there can be little doubt that the gravaman of SCO's Complaint arises out of these critical restrictions on the use of the software and modifications and derivative works thereof."

Um. Did they forget about copyright? That most holy of holy laws? Nobody can take copyrighted code and modify, rewrite it, or give it away. You don't need a license to protect code from that.

Shucks. These folks just don't understand IP law. That's the bottom line. Well, never mind. They'll find out.

SCO's Memorandum of Law in Opposition to IBM's Motion to Compel Discovery

Tue, 04 Nov 2003 09:08:21 GMT

SCO's Memorandum of Law in Opposition to IBM's Motion to Compel Discovery

Plaintiff's Memorandum of Law in Opposition to IBM's Motion to Compel Discovery
October 23, 2003

The SCO Group ("SCO") submits this memorandum of law in opposition to International Business Machines Corporation's ("IBM") Motion to Compel Discovery.

INTRODUCTION

It has been said that things have both an ostensible and a real reason. Ostensibly, IBM filed its motion to Compel to force SCO to answer interrogatories and produce documents because it had failed to do so. The reality, however, is that SCO not only timely responded to IBM's discovery requests, it then engaged in weeks of lengthy conversation, correspondence, and emails to resolve and clarify discovery issues and ultimately agreed to supplement its responses. But supplemental responses were not all that IBM was seeking. If that were the case, IBM would have waited until today, when supplemental responses were promised and were in fact served. No, what IBM really desired was a forum within which it could construct its stilted and inaccurate mischaracterization of SCO's claims, behind which it could hide its own failure and refusal to provide meaningful discovery responses. As detailed below, IBM's motion is without merit and should be denied.

At its core, IBM's Motion to Compel Discovery asks for answers to interrogatories that fit its own mischaracterized theories of the case, rather than answers that relate to the actual allegations made by SCO in the Complaint. IBM's baseless arguments begin as an effort to smear SCO and end with a newly created justification of why IBM has failed to provide any meaningful discovery responses itself. While IBM's improper litigation tactics are discussed in detail below, the Motion to Compel can be denied on the simple basis that SCO has actually provided supplemental answers, pursuant to earlier agreement, and this motion is therefore moot.

THE LAWSUIT

Contrary to IBM's efforts to recast SCO's Amended Complaint as one limited to trade secret violations, the Amended Complaint contains six counts--the first three counts are for IBM's numerous breaches of licensing agreements. The remaining counts, including Count VI for misappropriation of trade secrets, flow from this transgression and are ancillary to the breach of the license agreements. Thus, notwithstanding IBM's mischaracterization, trade secret misappropriation is not the gravaman of the Complaint (IBM Mem., p. 2), but it is merely one count that recasts one aspect of the injuries caused by IBM's breach. These injuries would exist even in the absence of any trade secret misappropriation.

In its Amended Complaint, SCO alleged that IBM and Sequent (now part of IBM and herinafter collectively referred to as IBM) were licensees of UNIX System V source code ("UNIX"). As part of this license grant, IBM was given certain rights and also agreed to certain restrictions upon its use of UNIX. IBM agreed, for example, that UNIX code and methods would be solely for its own internal business purposes (§ 2.01), [1] that UNIX code and methods would not be used for others and by others (§ 2.05), and that IBM would maintain the code and methods related thereto in confidence (§ 7.06). Similarly, IBM further agreed it would not sell or otherwise dispose of UNIX in whole or in part (§ 7.10). Significantly, IBM also agreed that any modifications or derivative works of UNIX prepared by IBM, would be treated by IBM "as part of the original Software Product." (§ 2.01). Thus, all of the foregoing restrictions on UNIX also apply equally to any modifications or derivative works created by IBM. [2]

Pursuant to these restrictions, IBM agreed that AIX, IBM's "own version of UNIX" (IBM Mem., p.2 n.1), and Dynix, Sequent's version of UNIX, would be used solely for internal business purposes, would be maintained in confidence, and would not be disposed of in whole or in part. IBM, contrary to these clear and unambiguous limitations on its use of UNIX, including modifications and derivatives thereof, has publicly touted its contributions of AIX and Dynix into Linux, the free, "open source" operating system that IBM has heavily supported, both financially and technologically. [3] Specifically, IBM improperly contributed these protected UNIX materials into the Linux 2.4 and 2.5 kernels (in lay terms, the of the operating system)--a decidedly public disposition of these protected materials. This action is a clear breach of IBM's obligations under the agreements with SCO governing the use of UNIX, and derivatives such as AIX and Dynix.

IBM'S MOTION

IBM's Motion begins with a seven page "preliminary" statement that makes unfounded attacks on SCO and its counsel. This gratuitous commentary was inserted by IBM in the apparent hope that innuendo and sniping may add weight to its motion. IBM begins by claiming "SCO has obfuscated its claims to foster fear, uncertainty and doubt about its rights and the rights of others." (IBM Mem., p. 3). In fact, SCO has done nothing other than assert its contractual and legal rights. [4] IBM then incorrectly attributes as a purported quote from SCO's counsel that SCO "doesn't want IBM to know what they [SCO's substantive claims] are." Even a casual review of the article IBM relies upon (IBM Mem., Exh. C) reveals that no such statement was made by SCO's counsel. Indeed, the one paragraph "article" is nothing more than a gripe by a reporter who failed to obtain information from counsel about the case. More importantly, SCO's counsel, through communication with IBM's counsel and through its Amended Complaint, has made perfectly clear to IBM what its substantive claims are. That IBM chooses to ignore the statements and the actual claims detailed in the Amended Complaint does not give rise to a motion to compel. [5]

The "Preliminary Statement" repeats over and over that SCO purportedly has failed to answer the series of questions arising from the "trade secrets and any confidential or proprietary information that Plaintiff alleges or contends IBM misappropriated or misused." SCO, however, previously provided appropriate answers. Nonetheless, SCO has filed supplemental answers to interrogatories, served today consistent with its agreement to do so, which specify the source code files that contain the information IBM and Sequent agreed to maintain as confidential and proprietary. Much of this information was developed by IBM and Sequent and, pursuant to their license agreements with SCO, both IBM and Sequent agreed it would be held as confidential. As a result, some of the information IBM requested will be known only to IBM, so the specifics of who at IBM was involved with improperly contributing this code to the public, how they did so, and the like will not be known until SCO gets the information from IBM, the party who contributed the protected materials in violation of its contractual obligations.

Such a situation does not create grounds to grant a motion to compel. As the court explained in a case cited by IBM, O'Connor v. Boeing N. Am., Inc. 185 F.R.D. 272,281 (C.D. Cal. 1999), a toxic tort case, "the clear inference from the reponse is that [respondents] do not yet know exactly how they were exposed to contaminants, but exposure occurred. When additional information is known to [respondents], they must supplement their response under Rule 26(e)." Likewise, SCO is presently attempting to ascertain, through the interrogatories and requests for production it has propounded to IBM, the associated background information and details that it needs to prepare its case as well as to fulfill IBM's request. Thus, to the extent certain portions of the answers are not currently available, they can be supplemented upon receiving the information from IBM, the party that improperly made the contributions to Linux in violation of its obligations to SCO and the party that presumably can identify who at IBM made the unlawful contributions to Linux, to whom they were made, when they were made, and other related details. To date, however, IBM has failed to provide this information, despite its agreement and obligation to do so.

As noted earlier, because SCO long ago indicated it would supplement its answers to interrogatories, IBM's motion should be denied as premature. Having provided the supplemental answers, IBM's motion is also rendered moot. Under these circumstances, normally there would be no further reason to address any of the remaining statements in IBM's memorandum. Here, however, IBM has advanced two arguments that so egregiously distort the facts and circumstances of this case that SCO is forced to respond.

1. IBM's Characterization of the Presentation at the SCO Trade Show is False and Misleading.

Throughout its memorandum, IBM makes repeated reference to SCO's trade show and a particular presentation about SCO's contractual rights made at that trade show. IBM incorrectly asserts that during that presentation, SCO identified "four categories of alleged 'misappropriation' by IBM: (1) literal coping; (2) derivative works; (3) obfuscation; and (4) non-literal transfers." (IBM Mem., p. 6)(parentheticals omitted). The slides from the SCO Forum trade show relied upon by IBM (IBM Mem., Exhibit F), corroborate that SCO has not publicly made any such allegation against IBM. Slide 8, which is the only one to contain the terms "literal copying," "derivative works," "obfuscation," and "non-literal transfers" does not mention IBM, or indeed anyone else. In fact, Slide 8 does not mention trade secrets at all, but rather illustrates SCO's bases for a potential copyright infringement action. What makes IBM's use of this trade show material particularly misleading to this Court is that the code in question identified by SCO at the trade show and elsewhere was code from a licensee other than IBM. In fact, it was widely reported after the trade show that the example of improperly contributed code was from SGI, which has since publicly acknowledged its improper contribution. It is inconceivable that IBM is unaware that the code identified by SCO in its presentation was from SGI, not IBM. In any event, as code contributed by another licensee, it should be obvious to IBM that, despite its demands for this code, the identity of such code is not responsive to any of IBM's interrogatories.

2. IBM's Claim It Will Not Respond to Discovery Until It Receives Supplemental Answers is Belated and Improper.

Most problematic is IBM's claim that it cannot repond to discovery until SCO supplements its answers to interrogatories. SCO's discovery requests directed to IBM have been outstanding for four months. Raised for the first time in this motion, IBM's manufactured excuse for failing to respond is absurd and contrary to its previous representations that it will provide the discovery requested.

Now, after mischaracterizing the breadth of SCO's complaint as detailed above, IBM suddenly claims "[w]hether a given document ultimately will be responsive to SCO's extensive requests turns on which trade secrets SCO identifies as being at issue in this case." (IBM Mem., p 18). No, it does not. The example used by IBM to support its recently created excuse for not providing any additional documents since October 2, 2003, makes clear that whatever may be a trade secret does not limit IBM's obligations to provide full and fair discovery responses. Specifically, IBM points to SCO's Document Request number 11 and claims it needs guidance on the trade secret issue before it can repond. Request 11 is as follows: "All contributions made without confidentiality restrictions by IBM or anyone under its control including, but not limited to, source code, binary code, derivative works, methods and modifications to Open Source Development Lab, Linus Torvalds, Red Hat or any other entity." There is nothing on the issue of trade secrets that this Court needs to "clarify" for IBM to produce this information. As noted earlier, IBM contractually agreed to maintain certain information as confidential and proprietary. That includes all of UNIX System V, UnixWare, IBM's verison of UNIX, called AIX, and Sequent's version of UNIX, called Dynix. IBM cannot unilaterally alter SCO's claims by pretending the clear and unambiguous allegations in the Complaint and contractual obligations detailed therein do not exist. IBM must provide the requested documents and cannot avoid or alter its production obligation through the filing of a Motion to Compel that improperly seeks to alter the claims as pleaded by SCO.

CONCLUSION

Based on the fact that SCO voluntarily supplemented its answers and that IBM's Motion to Compel is premature and wholly inaccurate, SCO respectfully requestes that this Court deny IBM's Motion to Compel.

[1] All references are to the Software Agreement executed by IBM and attached to the Amended Complaint as Exhibit A.

[2] These restrictions are fundamental to any license for software. In the absence of such restrictions and the ability to enforce them, a licensee can simply modify or rewrite code and then give it away thereby eliminating any value of the original source code. Thus, there can be little doubt that the gravaman of SCO's Complaint arises out of these critical restrictions on the use of the software and modifications and derivative works thereof.

[3] The Amended Complaint details IBM's repeated boasting of how it has contributed the protected materials to Linux. See, e.g., Amended Complaint, ¶¶91, 93-97.

[4] It is particularly rich irony to witness IBM complain about the sowing of "fear, uncertainty, and doubt," given that the term originated from IBM's tactics. "Defined by Gene Amdahl after he left IBM to found his own company: 'FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering Amdahl products.' The idea, of course, was to persuade buyers to go with safe IBM gear rather than with competitors' equipment. This implicit coercion was traditionally accomplished by promising that Good Things would happen to people who stuck with IBM, but Dark Shadows loomed over the future of competitors' equipment or software." From The Jargon File available at http://catb.org/~esr/jargon/html/F/FUD.html

[5] Indeed, in conference calls with counsel that lasted hours, IBM's counsel was told repeatedly about the basis of the claims. In fact, when directed to the pertinent allegations of the Complaint detailing IBM's improper contributions to Linux, the response was that IBM's counsel lacked the technical proficiency to determine if the answers were sufficient. The answers are sufficient. The Amended Complaint and the prior answers detail the critical contributions by IBM to Linux, including NUMA (Non-Uniform Memory Access) and RCU (Read Copy Update). These technologies improperly contributed to Linux by IBM allowed Linux to make the quantum leap into high-end corporate enterprise use; a place it did not and could not occupy before IBM's unlawful contributions.

HP Wishes to Explain Sponsoring the SCO Tour

Fri, 24 Oct 2003 14:32:37 GMT

HP Wishes to Explain Sponsoring the SCO Tour

Here is HP's explanation for sponsoring the SCO city-to-city tour, which I reproduce in full:

"External Statement Concerning HP's Sponsorship of the SCO City to City Tour

"In light of statements by SCO concerning potential intellectual property problems in the current Linux software development model, HP has been asked whether our sponsorship of the SCO City-to-City tour represents an endorsement of SCO's position.

"HP's adaptive enterprise computing strategy is based upon providing customers with choice and flexibility to enable them to adapt to business change. HP's commitment to customers includes ensuring HP has the best platforms, solutions and partnerships for different operating system environments, with strategic focus on Windows®, HP-UX and Linux. This commitment also extends to the large installed base of HP customers who have deployed solutions based on SCO UnixWare®. Participation with SCO allows HP to help these customers adapt and grow with products and solutions based on this operating system.

"HP has a broad range of industry partners and sponsors many events all over the world. Participation in partner events does not imply endorsement or agreement with the business strategies of all of these partners; in fact, HP specifically does not comment on partner strategies, but provides the level of participation and commitment consistent with supporting HP's customers.

"HP's own commitment to Linux and the Open Source community has been demonstrated continuously over the past decade. At the same time, HP is the market leader in servers running Microsoft® Windows® and has a large number of customers deploying applications using the HP-UX operating system. HP has taken a leadership position in driving Linux for the enterprise, and recently assumed the risk of offering qualifying customers indemnity against potential SCO lawsuits relating to alleged copyright infringements within Linux. This is another move driven by HP's commitment to put the needs of its customers first.

"As the leader in industry-standard computing, HP supports its customers' choices in terms of the operating system they choose to use."

A Few More Crumbs Along the RBC Trail

Fri, 24 Oct 2003 14:31:31 GMT

A Few More Crumbs Along the RBC Trail

A lot of folks have been asking why the Royal Bank of Canada would invest in SCO. Some are unhappy about it:

"'This is an irresponsible decision that the Royal Bank is making, both financially and morally,' said Mike Gifford, co-founder of Ottawa-based Linux firm Open Concept Consulting. 'I can't understand why any bank would decide it was a good decision to go off and invest in a failing company that's pursuing a very weak legal argument against a community of developers.'

"RBC spokesman Chris Pepper refused to explain the investment, or how it would respond to any potential complaints from customers who make their living selling open source products. 'We have a policy of not commenting on anything we do for clients,' he said.

"SCO Group spokesman Blake Stowell said BayStar Capital is a private equity crossover fund that makes direct investments in late stage privately held companies, but he had few details surrounding RBC's involvement. 'I'm not sure who approached whom,' he said."

One explanation may be that this isn't the first time RBC has been involved in business with a Canopy Group company. If you note this August 13, 2003 press release from Altiris, you'll see that RBC was one of the underwriters for Altiris' recent stock offering:

"FOR IMMEDIATE RELEASE - 8/13/2003

"Altiris, Inc. (Nasdaq: ATRS) today announced that it has priced the sale of 3,000,000 newly issued shares of its common stock by the Company and 2,000,000 shares of its common stock by a selling stockholder at $18.75 per share. The Company will not receive any of the proceeds from the sale of shares by the selling stockholder. The Company has also granted the underwriters a 30-day option to purchase up to an additional 750,000 shares of common stock to cover over-allotments, if any.

"Credit Suisse First Boston is acting as lead manager in the offering, and the co-managers are Deutsche Bank, RBC Capital Markets, First Albany Corporation and D.A. Davidson & Co."

Wait. Deutsche Bank is listed too, along with RBC. Hmm. That's the same Deutsche Bank that recently put out a buy recommend on SCO that briefly sent the SCO stock price up to the clouds above. If you check the Altiris SEC Amended Registration Statement for Form S3, sure enough, both companies are listed.

And then one more crumb. According to this article in CSO Online, Microsoft's new chief security officer comes to them from RBC:

"'You can have great security without privacy I suppose,' says Peter Cullen, former chief privacy officer of Royal Bank of Canada and newly appointed chief privacy strategist for Microsoft, 'but you can't have great privacy without great security.'"

Well, well, well. Small world, isn't it?

Then, just so you can't say Groklaw isn't thorough, here's one more piece. One of the directors of RBC is Douglas T. Ellis, Senior VP at IBM.

In India, Red Hat Shows SCO the Door and Darl Talks Turkey, in French

Fri, 24 Oct 2003 14:30:37 GMT

In India, Red Hat Shows SCO the Door and Darl Talks Turkey, in French

Our own eagle-eyed belzecue submitted this article from The Financial Express, which reports that the largest insurance company in India is dumping SCO and going with Red Hat Linux:

"It is Linux time for the financial sector. Life Insurance Corporation of India (LIC), the largest insurance company of the country, is implementing Linux, the open source code operating system, replacing SCO Unix across its 2,048 branches. . . . Said Mr H Nanda, deputy secretary, software development centre, IT department, LIC, 'We chose Linux over some popular proprietary OS like Windows as we wanted to run all our existing in-house applications without spending much and at the same time did not want to be tied to license based OS. We will have the necessary freedom in future to develop various applications according to customers[base '] requirements.'

"LIC officials believe that by choosing Linux the company will save a huge amount of money in terms of licence fees, minimum use of third party applications and customisation cost of existing applications."

So it's bye bye, SCO. Hello, Red Hat:

"Red Hat will provide centralised support and training along with helping LIC[base ']s software developers develop Linux based business applications."

The reason this has got to be hurting SCO is LIC India just happens to be listed on their web site as one of their prized "success stories". They had 6,000 servers running UnixWare, according to the success story. Let's see. The story indicates they were wanting to dump UNIX and considered Windows and Linux and finally decided on Linux. Presumably, then, had SCO not stopped selling their Linux products, they could have held on to this customer, by just swapping in Linux. Woops.

Well, perhaps they consider that a small loss, compared to their pie-in-the-sky dreams of unimaginable wealth from litigation, the new SCO business model. Marc sends us a report from France, with a Darl McBride interview in French, in which he tells us how much money he figures he will get from IBM if SCO wins. His calculation is $1 billion per week. The interview is here, in French. My rusty French, with support from an English translation by computer, and some help from Groklaw readers, informs us that he apparently said that SCO is fighting for the good of the computer industry. It's like the early US history, he says. First they just took the land and then things got organized later. I gather he plans to organize the software industry.

More like strip mine it.

He says IBM will owe them maybe 50 billion dollars a year, so delay, while a negative in one way, is not hurting them financially if they win the IBM case. Then there are all those servers using Linux they can license. Ka-ching. Ka-ching.

Judge Kimball might like to know what a week's delay is worth to SCO, since they are currently requesting several delays in the discovery process. Hopefully, the judge won't let them keep the meter running for all the delays SCO itself caused when calculating damages if, in some alternate universe, SCO is able to win anything. Here's the French on that answer, so you can translate for yourself:

"Ce délai nous fait du mal. D'un autre côté, étant donné que nous avons révoqué le contrat Unix d'IBM, ce dernier nous devra, selon nous, de 40 à 50 milliards de dollars par an si la justice nous donne raison. Parallèlement, cinq millions de serveurs avec un noyau Linux 2.4 ou supérieur ont été déployés. Ce qui représente des milliards de dollars..."

He again says Linux companies can't realistically remove the code, because there's millions of lines, not thousands, but if they did remove it, that's fine with SCO, as is dropping down to any version of Linux below 2.4. Wait. Didn't they just tell the judge it's about methods and ideas, not ... I'm confused.

Maybe he's fund-raising among the French. Financially, SCO is doing fine, he says, and again he says the company has no long-term debt. And they plan on sales of licenses. Open source means freedom, not getting code free, he says. Ha ha.

I must have misunderstood the French and/or the computerlingo, because I can't match any definition of the word freedom with what he is planning for Linux. If accuracy matters to you, get a real translation, please. I'm just pointing you to the source.

Speaking of methods and ideas, there is a really interesting article by an attorney, Douglas L. Rogers, of Vorys, Sater, Seymour and Pease, on trade secrets and SCO's claims, and he touches on the methods and ideas angle. Maybe SCO should drop the trade secret claims. After reading the article, I don't think things are looking so good for them on that score.

In contrast to Darl's rah rah talk, there is this TechNewsWorld story, in which Neil Macehiter, research director at Ovum, says analysts were largely right in predicting that not many would buy a license from SCO:

"'Reality is dawning on SCO. They've yet to release details of exactly what is the subject of the case; no litigation has gone ahead as yet and, in the meantime, Hewlett Packard has said it will indemnify HP Linux users against any litigation with SCO,' he said. 'Apart from a handful of enterprises, businesses aren't playing ball with SCO, which is not seeing the success it anticipated with the legal case against IBM.'"

UPDATE: James Sauve has stepped up to the plate and offered us a line-by-line translation of the McBride interview. For copyright reasons, I will quote significant snips only:

"Linux contains portions of UNIX, of which SCO is the sole proprietor. We are aware that many are unhappy. But, this is the battle of the century : things are going to change when it comes to intellectual property of digital information, and we are mounting this campaign for everyone's benefit. It's somewhat like the birth of the United States of America : at first people just took the land, then things got organized."

"Q:How do you feel about the fact that the IBM case won't go to trial until 2005?

"The delay is hurting us. On the one hand, given that we have revoked IBM's Unix license, they owe us, according to our calculations, 40 to 50 billion dollars per year, if we win our case. On the other hand, 5 million Linux servers with the Linux 2.4 kernel or higher have been deployed. This represents billions of dollars...

"IBM chose to over posture themselves by putting forward the GPL, a matter we hadn't yet raised. We think that the use of our code is governed by copyright law, not the GPL. That will be the second round of the battle.

"Replacing the illegal code seems unimaginable, even if we would be the first to approve such a solution. But we're talking about millions of lines of code and not a few dozen. On top of that, the pieces that were taken are precisely what makes Linux a viable solution for enterprise deployment, like SMP and NUMA. We therefore invite enterprise users to properly license Linux by purchasing our run-time-only Linux license or downgrading to a version of Linux prior to 2.4, which will probably be enough for some companies."

The most interesting part of the new translation is that it makes clearer what they mean by copyright trumping the GPL. I understand now that they mean their code, which was distributed by them under the GPL, they now claim, wasn't really distributed that way, because they didn't mean to so distribute the code and copyright law protects them from having to GPL it forever. Now, since Linus and the FSF told them from the beginning that if they had inadvertently released any code it would be removed, why are they litigating the point instead of just accepting that generous offer?

SCO: It's IBM's Fault We're So Slow with Discovery

Fri, 24 Oct 2003 14:29:28 GMT

SCO: It's IBM's Fault We're So Slow with Discovery

Here you are. Plaintiff's Substitute Motion for Enlargement of Time to Respond to Defendant IBM's Motion to Compel Discovery. In it, SCO explains to Judge Kimball why it should get more time to answer IBM's Motion to Compel. It's here as a pdf and below is a text version.

Everything they say is to buttress their claim that they need more time. They say it isn't just about lines of code; it's about methods, ways of doing things, and from their standpoint it's about IBM violating a license agreement. They need time to properly frame their response. It's not that they are stalling. It's just that IBM has phrased things so contentiously, they need to answer in detail. Oh, if only it were as simple as just turning over some documents!

The trade secrets issue is not the main thrust of their case, despite IBM trying to mischaracterize it that way, they add. And they admit they goofed when they brought up the local Utah rule, implying IBM didn't give them proper notice of what they were after. They were working from an incomplete fax, they claim, but happily they have since found IBM's addendum and "SCO apologizes to this Court for filing a motion deficient in that manner." They acknowledge they did have notice.

They tell the judge the case is so complex that just turning over the code IBM is demanding wouldn't tell the complete story and that is why they need more time. Translation: we don't want to turn over the code this exact minute. And when we do, don't expect it to be convincing.

It looks to me like they are quite worried about IBM being too effective in telling the judge why SCO shouldn't get more time to respond to IBM's Motion to Compel, and it also sounds like they are trying to spin the ball just right, because they know they have to hand over the code, and we all know how effective that will be. Not. So here they are preparing the judge, and the world, by saying that it isn't central to their case anyhow.

It all comes across as a kid telling the teacher why he didn't do his homework. How convincing do you find this, for example?:

"The drafters of the first Motion for Enlargement worked largely from faxed documents that were incomplete and did not contain the Addendum to IBM's Motion to Compel. Since the filing of the original motion, the contents of the Addendum were discovered."

Your dog ate your homework. They frame it all in a way that the judge won't be totally able to ignore, though because they are saying, unless they have more time, the judge won't understand the issues properly.

This is just my impression of the document. Here it is in full so you can form your own:

Plaintiff's Substitute Motion for Enlargement of Time to Respond to Defendant IBM's Motion to Compel Discovery

October 20, 2003

Plaintiff/Counterclaim Defendant, The SCO Group, Inc. ("SCO"), through its undersigned counsel, pursuant to Rule 6(b) of the Federal Rules of Civil Procedure and applicable Local Rules, respectfully submits this Substitute Motion for Enlargement of Time to Respond to IBM's Motion to Compel Discovery. [1]

The issue underlying IBM's Motion to Compel is not really a dispute about one party's intransigence in turning over documents in its possession. Such motions are relatively straightforward. Rather, as SCO will amplify in its response, IBM has framed the facts underlying the motion in such a tendentious way that it leaves SCO little choice but to address numerous contentions outside the proper scope of a discovery matter.

Specifically, IBM's Motion to Compel attempts to reframe the entire subject matter of SCO's dispute with IBM as the misuse of trade secrets. [2] Yet, SCO's amended complaint has six counts. The first three constitute the core of the complaint, and are for breach of the licensing agreements to which SCO is a successor in interest. The remaining counts -- including Count VI for misappropriation of trade secrets under Utah Code Ann. § 13-24-1 et seq. -- flow from this transgression and are ancillary to the breach of the agreements. Thus, contrary to IBM's mischaracterization, trade secret misappropriation in this case involves merely one count that recasts one aspect of the injuries caused by IBM's breach. These injuries would exist even in the absence of any trade secret misappropriation.

IBM's frustrations, expressed in its Motion to Compel, seem to flow from its unwillingness to admit that SCO's claims about trade secret misappropriation extend beyond merely lines of source code and computer files to methods, that is, to ways of doing things. Thus, contrary to IBM's assertion that "the only dispute here is whether SCO can meet its obligation to provide meaningful responses to the interrogatories through a general reference to the documents it has or will produce," IBM Memorandum 10, the dispute appears to be of a completely different magnitude. To properly apprise this Court of these facts and the applicable case law, SCO respectfully requests an extension of time to October 24, 2003 to respond to IBM's Motion to Compel Discovery.

No prejudice will come to IBM by the granting of this Motion; nevertheless, IBM has opposed it.

Respectfully submitted,

DATED this 20th day of October, 2003.

[1] The drafters of the first Motion for Enlargement worked largely from faxed documents that were incomplete and did not contain the Addendum to IBM's Motion to Compel. Since the filing of the original motion, the contents of the Addendum were discovered. The Addendum does provide the requisite notice as to IBM's objections to SCO's responses. SCO apologizes to this Court for filing a motion deficient in that manner. This substitute motion again addresses the need for a brief enlargement of time without reference to the procedural requirement imposed by DUCivR 37-1(b).

[2] For example, IBM has claimed that "[t]he gravamen of SCO's complaint is that IBM misappropriated or misused alleged trade secrets," IBM Memorandum 2; IBM likewise implies that trade secrets are the fundamental issue at stake when it claims that "[i]nterpreting SCO's discovery requests absent identification of the trade secrets at issue has, however, proven very difficult." IBM Memorandum 18.

Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line

Fri, 24 Oct 2003 14:25:59 GMT

Ballmer Says Commercial Software is Better Because Someone's Rear End is on the Line

You know I couldn't resist covering this story. Microsoft's Steve Ballmer picked up his glove and slapped Linux across the face in a speech given at an industry conference thrown by...who else, Gartner?

In his speech, he said some peculiar things about security:

"Ballmer ... disputed the notion that open-source code is more secure than Windows. 'The data doesn't jibe with that. In the first 150 days after the release of Windows 2000, there were 17 critical vulnerabilities. For Windows Server 2003 there were four. For Red Hat (Linux) 6, they were five to ten times higher,' he said.

"'The vulnerabilities are there. The fact that someone in China in the middle of the night patched it--there is nothing that says integrity will come out of that process. We have a process that will lead to sustainable level of quality. Not saying we are the cat's meow here--I'm saying it is absolutely not good reasoning to think you will get better quality out of Linux.'"

Ballmer's being a naughty boy again. China indeed. "In the middle of the night." Trying to frighten the children with overtones. And playing with numbers. What year is it again? Red Hat 6? Pardon me for pointing it out, but they are up to 9 now. He's choosing a 150-day period from back in the day -- and I wonder how long it took to pick the best segment of time to use -- and using that for comparison? There is a lot that can be said about this, but it's not really necessary to do any research on this sad subject, I don't think. Everyone on a Windows box just went through the worst summer and fall of security issues of all time. They already know he's just ...well, what would be the precise word here? You hate to say lying. It's so cold.

However, let's do a little research, just for fun.

Judge for yourself which operating system is more vulnerable to security problems by going down the list on CERT's Incident Notes page. It goes back to 1998. And here is their Current Activity page. It's almost all Microsoft issues. Here's their Vulnerabilities Notes page. It's all Microsoft, except for one, which isn't Linux. Here is their most recent quarterly summary. And here is a chilling article. After you look at all the data, what do you think now? Was Mr. Ballmer accurate? The only way I could find Linux prominently on any list was to type it into the Customized Search engine by itself on this page , and then when you get to the list, it's a list for all vulnerabilities of all the distributions of Linux, not just Red Hat. I couldn't find anything equivalent to Microsoft announcing a vulnerability and then saying there was no patch and you should just shut that particular functionality down. Ballmer said there were 17 critical vulnerabilities in Windows 2000 in the 150-day period and that Red Hat had considerably more. But look at the list: it shows only 16 vulnerabilities for all flavors of Linux for the entire year of 2000. CERT only lists the big ones, but Ballmer did say "critical". It makes you wonder where he got his numbers from or how he defines "critical".

Funny he would choose such an old time period, don't you think, for his comparison? Maybe it's because looking at July through October of this year would be devastating? I see only two Linux vulnerabilities on the list for that time period, both buffer overflow vulnerabilities, so evidently there has been considerable improvement on the Linux side.

Look at what could happen to you on a Windows box in the first two weeks of September 2003, though, just using a handful of the many recent vulnerabilities here and here and here and here and here and here and here. I didn't include July and August or October or the rest of September, out of kindness. Now, what Mr. Ballmer needs to do is show me anything like that kind of news coverage of security vulnerabilities in GNU/Linux, for any two week period. And speaking of critical, look at what the results could be from the Windows security issues:

"'An attacker who successfully exploited these vulnerabilities could be able to run code with local system privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges,' Microsoft warns."

Defying these facts, here's what Ballmer said about the built-in superiority of commercially produced software:

"The Microsoft chief executive also contrasted the quality of software that's produced by commercial makers to that of software that's developed under the open-source model. 'Should there be a reason to believe that code that comes from a variety of people around the world would be higher-quality than from people who do it professionally? Why is its pedigree better than code done in a controlled fashion? I don't get that,' he said.

"'There is no road map for Linux, nobody who has his rear end on the line. We think it's an advantage a commercial company can bring--we provide a road map, indemnify customers. They know where to send e-mail. None of that is true in the other world. So far, I think our model works pretty well,' Ballmer said."

Oooo. Scary. "The other world." More ominous overtones.

He doesn't get it, or claims he doesn't, so I will explain. The very openness he and SCO criticize is what makes Linux more secure. Why? First, there are no artificial roadblocks. All their moats and chains and gates and laws and terror tactics to make sure no one looks at their code or "steals" it create blockades that can get in the way of fixing problems. In GNU/Linux, anybody can fix anything and offer it to the world as a cure. Then someone else can test it and verify it, and pass on that info. You don't have to use what they write, but you can if you want to. Someone is awake somewhere 24 hours a day, and so things tend to get fixed fast. As George Bernard Shaw pointed out, talent can crop up anywhere, and anyway, not even MS can hire all the talented people in the world.

And here's another secret: Linux users help out with bug reports. Yes. We do that. For nothing. Just to help. Millions of us. This is the secret sauce of GNU/Linux, a significant part of its power. If we users try software and something doesn't work perfectly, we let the authors know. That is Linux' secret. Hidden problems don't stay hidden, when anyone can bump into them and let the authors know they need to fix it. If the user knows how to fix it, he or she can fix it and send the fix back to the author. And the author doesn't charge you to contact them either. It's a very efficient system. Ever try to call Microsoft?

As someone wrote me the other day, Windows comes from a box. Linux comes from a community.

So the result is, although Mr. Ballmer can't believe it, Linux really is more secure. And the data does jibe. It appears IT professionals are catching on now. They just released the results of a survey of IT pros, and their opinions of Linux security versus Microsoft does not match Mr. Ballmer's views. There has been a rise in confidence in Linux in the past 6 months:

"New research shows that confidence in Linux as a secure platform is up. A recent survey conducted by the research firm Evans Data shows that Linux's reputation as stable and secure operating system is growing among people who write code for a living. . . .

"The survey also found that open source code, modules and tools are used more widely among developers than they were a few years ago. In a 2001 survey, Evans Data found that 38% of the 500 developers it surveyed said they used open source code in the applications they write. The most recent findings showed that 63% of developers incorporate open source today.

"Overall confidence in Linux as a mission-critical serving platform was also up from past year's surveys. While 34% of the 500 developers surveyed in 1999 said they thought Linux was ready for prime time, 64% said in the latest survey that they would trust mission critical applications to run on Linux."

So when Ballmer says the "data doesn't jibe", the question is, which data? Or, more precisely, whose?

Look at the spike in security incidents this year, compared with last year, 114,855 in the first three quarters of this year and only 82,094 incidents for all of last year. It's a good time to be thinking about security.

Have you been thinking about trying Linux? HP will let you test drive various Linux environments to see how you like them. It's really a tool for developers, but the web site doesn't list any restrictions as to who can do a test drive. They offer Red Hat, Debian, Mandrake, SuSE, and others. If any of you journalists or CEOs out there have never tried Linux, why not give it a whirl? (I hope the rest of you leave them room by not crowding ahead of them. Obviously, there's limits to how many can do this at once.) Or get yourself a Knoppix CD and try Linux on your own computer here. It runs off the CD, so when you are finished, your Windows software is still there, if you insist. Knoppix is a Debian version of GNU/Linux, by the way, and some consider Debian a very secure environment indeed. It's fun. If you try it just one time, it will open your eyes.