The Big Legal Issue Blockchain Developers Rarely Discuss

If blockchain projects seek adoption by enterprises, their open-source license will have a material impact on the rate of adoption, say legal experts.

AccessTimeIconSep 8, 2018 at 10:30 a.m. UTCUpdated Sep 13, 2021 at 8:21 a.m. UTC
AccessTimeIconSep 8, 2018 at 10:30 a.m. UTCUpdated Sep 13, 2021 at 8:21 a.m. UTC

Mark Radcliffe and Victoria Lee are partners at the law firm of DLA Piper. 


Software licensed under open source licenses (OSS) is fundamental to the success of blockchain projects. Such licenses permit collaborative, decentralized development, encourage swift adoption by users and enable the community to "fork" the project to resolve strategic disputes.

In fact, OSS licenses are used by both of the two major public blockchains, ethereum and bitcoin, as well as many other major blockchain projects, including the HyperLedger programs and R3's Corda.

However, OSS licenses are generally quite different from traditional proprietary software licenses. The importance of selecting the right OSS license and complying with the terms of that license is rarely discussed by the blockchain community.

If blockchain projects seek adoption by enterprises, the OSS license for the project will have a material impact on the rate of adoption. Even for established projects like ethereum, potential enterprise users carefully consider the OSS licenses that may be used.

For example, Jerry Cuomo of IBM recently noted on Frederick Munawa's Blockchain Innovation podcast that the complexity of the OSS licenses for ethereum was one of the reasons IBM decided to shift from ethereum to its own blockchain project, which eventually became part of the HyperLedger project.

Prospective enterprise users of a blockchain project will decide which blockchain project to adopt by applying the same criteria that they use for adopting other OSS licensed projects: (1) the complexity of the OSS project license or licenses; (2) the potential difficulty of complying with the obligations of such OSS license; and (3) the potential challenges of integrating a blockchain project with other software projects.

OSS licenses vary dramatically in their terms. The Open Source Initiative (OSI) has approved 83 licenses as "open source."

However, the full complexity of OSS licensing is suggested by the SPDX project, managed by the Linux Foundation, which has identified 345 "major" licenses; Black Duck Software lists 2,500 versions of OSS type licenses in its Knowledge Base, which covers more than 530 billion lines of OSS code from over 9,000 forges and repositories of open source projects. Black Duck notes that 94 percent of OSS projects are licensed under the top 10 OSS licenses.

The two major types of OSS licenses are "copyleft" and "permissive." Ethereum is primarily licensed under two copyleft licenses: the Lesser General Public License version 3 (LGPLv3) and the General Public License version 3 (GPLv3). On the other hand, Bitcoin Core is licensed under the MIT license, the most popular permissive license.

Copyleft licenses

Copyleft licenses impose the most restrictive terms on the use of the OSS. The best-known example of a copyleft license is the General Public License version 2 (GPLv2), which is used for Linux operating system program.

According to Black Duck Knowledge Base, the GPLv2 is the second most popular license, adopted by 14 percent of OSS projects. The GPLv3 used by Ethereum is the updated version of the GPLv2, published in 2007. The most fundamental characteristic of a copyleft license is its "reciprocal" provision: the legal requirement that both the original OSS and all "derivative works" of the original OSS be distributed solely under the terms of the copyleft license. "Derivative work" is a technical term under U.S. copyright law, describing work based on one or more preexisting works that represent an original work of authorship.

Copyright law was originally designed to protect books, songs and films, but also protects software. One example is the series Game of Thrones which is a derivative work based on the novel series of the same name. Although derivative work generally means a modification of the software, a derivative work may be created in other ways: for example, two programs that are compiled together are frequently considered a derivative work.

However, the application of copyright law to software continues to be uncertain. Consequently, the integration of copyleft licensed projects with projects licensed under other OSS licenses or proprietary licenses involves a complex legal analysis.

Compliance with copyleft license is significantly more challenging than compliance with permissive licenses: copyleft licenses have more complex obligations, and the lack of clarity of copyright law as applied to software creates other problems. The OSS community that supports copyleft licenses is very concerned about misuse of OSS by proprietary vendors.

This community is quite aggressive in seeking compliance with such licenses from users. Virtually all of the litigation concerning OSS licenses has been brought over enforcement of copyleft licenses.

Permissive licenses

"Permissive" licenses impose very few terms on the use of the OSS, generally only requiring a user to include notices and a copy of the license. Unlike copyleft licenses, they do not include "reciprocal" obligations.

The OSS community that supports permissive licenses generally believes that permissive licenses encourage more rapid adoption of an OSS project and that the "reciprocal" terms of copyleft licenses are not necessary for the successful development of a blockchain project.

The best-known example of a permissive license is the MIT license used by bitcoin. According to Black Duck Knowledge Base, 38 percent of OSS projects have adopted the MIT license, making it the most popular OSS license.

Most blockchain projects have not historically focused on the importance of an OSS license choice. However, carefully considering the choice of license and taking the time to understand the differences in compliance requirements and approach to enforcement should allow projects to reap long-term benefits.

Not only will the license choice affect the willingness of enterprises to adopt the project but the chosen license will also dictate the compliance philosophy and community culture of the project.

Code syntax image via Shutterstock

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
First Mover Asia: Bitcoin Holds Above $21K in Weekend Trading; Solana Web3 Phone Faces Long Odds

Ether stays over $1,200; prior blockchain phones have failed because the market has realized their functionalities are already available via apps that can be loaded onto any old phone.

CoinDesk - Unknown
2
CoinDesk - Unknown
Opaque Platforms and Intertwined Protocols Pose Big Risk to Crypto

Second article in a series about risks we’re thinking about during these crypto down days.

CoinDesk - Unknown
3
CoinDesk - Unknown
Putin Weaponizes Inflation

Examining a recent propaganda speech from the Russian leader.

CoinDesk - Unknown
4
CoinDesk - Unknown
Morgan Creek Is Trying to Counter FTX’s BlockFi Bailout, Leaked Call Shows

FTX’s $250 million credit facility offer – if inked as initially proposed – stood to effectively wipe out all BlockFi shareholders, including Morgan Creek Digital, the firm told its investors.

CoinDesk - Unknown