decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


To read comments to this article, go here
The Michael Davidson Email/Swartz Memo - SCO v. IBM [3 updates]
Thursday, July 14 2005 @ 04:12 PM EDT

If this doesn't make your blood boil, see your doctor right away.

We have obtained the August 13, 2002 Michael Davidson email to Reg Broughton, who forwarded it to Darl McBride with a cover note. It was previously sealed, and you can see why SCO would want it to be. It records Davidson's memories of Bob Swartz' earlier months-long code comparison between Linux and several versions of AT&T's Unix for oldSCO.

[Note that there are three updates to this story, and the third update includes the Swartz memo regarding the code comparison.]

Davidson reports:

The project was a result of SCO's executive management refusing to believe that it was possible for Linux and much of the GNU software to have come into existance without *someone* *somewhere* having copied pieces of proprietary UNIX source code to which SCO owned the copyright. The hope was that we would find a "smoking gun" somwhere in code that was being used by Red Hat and/or the other Linux companies that would give us some leverage. (There was, at one stage, the idea that we would sell licenses to corporate customers who were using Linux as a kind of "insurance policy" in case it turned out that they were using code which infringed our copyright).

So, Darl's SCOsource scheme wasn't even original, was it? SCO *hoped* to find copyright infringement so they could make some money selling "insurance" for Linux, the email says. Sound familiar? And after all that effort, what did they find?

At the end, we had found absolutely *nothing*. ie no evidence of any copyright infringement whatsoever.

This email is dated August 13, 2002, and Darl became CEO June 28, 2002. So now what do you think he was hired for? I note Davidson says he no longer has the report. My favorite sentence is Davidson saying that once you find evidence of copyright infringement, it's easy to prove. Indeed. And two years and counting, we're still waiting for any evidence. We first heard about this email at the September 2004 hearing, and now we get to read it for ourselves. Davidson was on the list of SCO people IBM deposed that we saw last June, 2004, and now we likely know why. More on Davidson here, where we learn SCO did eventually dig up the study the Davidson email is describing and turn it over in discovery.

This email may explain why SCO said originally, in the very beginning, that there were no issues with the Linux kernel until 2.4. But if they already knew there were no issues from its inception until quite late in its development, why did they tell the court they needed all versions of Linux since the world began? And why did their complaint repeat the by-then discredited theory that Linux *must* have been helped by someone to get where it was, when that was the theory behind the Swartz comparison of code, and he found "absolutely nothing"? Linux code was clean as a whistle.

And why did Darl tell the world, and Congress, that because Linux was written by volunteers, there was no way to know if it was clean code, that it was a "free-for-all", that "there's not a policeman to check in the code at the Linux kernel level to ensure that there are not violations", when they already knew that it presented very clear evidence of purity? Yet, by May of 2003, VarBusiness wrote, "No version of Linux passes legal muster yet, believes Darl McBride":

Q: Is there anyway to get a real Linux version from your perspective without violating SCO IP?

McBride: Based on the understandings we have right now, we don't see how.

Here's another example:

I believe the way the open-source community works right now has some fundamental flaws that have got to be addressed. We need to address how this open-source intellectual property is developed, routed, and sold. Thousands of software developers send code to contribute to open-source projects -- but there isn't a protective device for the customer using the software to ensure they're not in violation of the law by using stolen code.

Basically it's a "buyer beware" situation. The one holding the hot potato is the end-use customer. If the process can't provide more guarantees for customers, I don't think it will pass the long-term test at the customer level. You need some comfort level other than "We can warrant none of this, we don't know where it came from. And because you got it for free, you shouldn't complain about it.

Aside from all the factual errors, now we know he had good reason to know that Linux had been looked at very carefully earlier, and it was clean up until then, so they were clearly doing something right. Evidently, the development process worked very well. Even if it were true that later there were isolated issues with code, and so far there is no proof of anything like that, why was the rhetoric what it was? And do you remember how the media responded? Here's Stephen Shankland's article when SCO's attack began in May of 2003:

McBride's accusation cuts to the heart of the open-source movement's legal and philosophical underpinnings. . . .

"We're finding...cases where there is line-by-line code in the Linux kernel that is matching up to our UnixWare code," McBride said in an interview. In addition, he said, "We're finding code that looks likes it's been obfuscated to make it look like it wasn't UnixWare code--but it was."

McBride refused to detail which specific code had been copied but said there were several instances--"some of them go back several years, and others are recent"--and said the copying was "not minor." SCO, however, won't publish what it's found.

"We feel very good about the evidence that is going to show up in court. We will be happy to show the evidence we have at the appropriate time in a court setting," McBride said. "The Linux community would have me publish it now, (so they can have it) laundered by the time we can get to a court hearing. That's not the way we're going to go."

I added the emphasis, to highlight that if you went back "several years", you'd bump into the study saying there was no copyright infringement at that time. Perhaps SCO's answer would be it happened later. Or they found it later. But they'd best make it known, then.

Proprietary software has infringement issues all the time. Microsoft just settled a patent infringement case with Alacritech, for example. But it is Linux that was said to have problems with its development methods? Based on what? Why didn't SCO ever mention this study's results and tell the world about it, or at least qualify their statements more carefully? To sell "insurance"? To smear Linux?

If SCO had issues with IBM over contract matters, that is one thing, but why did it throw in the virulent anti-Linux copyright nonsense? Would you call it honest? I reviewed what Darl said in the early days in our Quote Database, by the way, in case you'd like to do the same. I hope Red Hat shows this to the judge in Delaware.

This is a paper exhibit, which Frank Sorenson obtained from the court, scanned for us, and did the HTML. There are misspellings in the original. Thank you, Frank.

UPDATE:

CNET's Ina Fried got a reaction from SCO:

A SCO representative told CNET News.com that the e-mail was authentic, but noted that the e-mail doesn't say when the SCO investigation took place or what tools were used.

"That e-mail probably creates a lot more questions than it answers," SCO spokesman Blake Stowell said. "We'll be fully prepared to address that, but we will be doing that in a court setting if it is necessary."

An IBM representative declined to comment. . . .

Stowell said that IBM has brought up the e-mail in court and noted that a judge has refused to dismiss SCO's suit.

"It doesn't really spell out anything," Stowell said of Davidson's e-mail.

As I am sure you know, SCO folk never talk to the media about this case, saving it instead for a court setting.

Not.

2d UPDATE:

Now SCO has released a 1999 email from Swartz, in the updated version of Fried's story:

Late Thursday, SCO released an e-mail from Swartz that it points out shows the analysis dates back to 1999 and that SCO says shows that Swartz did find possible issues with Linux.

In the e-mail, dated Oct. 4, 1999, Swartz said that there was some code that was line-for-line identical to Unix and other code that appeared to be rewritten, perhaps to disguise that it was copied. However, Swartz also noted that it was not entire programs, but rather "fragments of code."

"The fact however that there are pieces of code which are identical to those in the Unix source and others which appear to be simply a rewriting of Unix code is clearly disturbing," Swartz wrote in his e-mail.

SCO said in a statement late Thursday that this memo "shows that there are problems with Linux."

"Thus, even aside from the fact that SCO's central contract claims in the IBM litigation involve later Linux versions and different conduct, it would simply be inaccurate--and misleading--to use Mr. Davidsonís e-mail to suggest that SCO's internal investigation revealed no problems," SCO said.

ZDNET calls it a memo, not an email, and Fried contributed to the report, so presumably it is a memo, not an email. That is also what IBM's attorney called in at a September 2004 hearing, as you will see, so I'll call it a memo. It's too late for "possible issues" with Linux, for starters. By now, those code fragments, or whatever they are, should have been on the court's desk. Whatever Swartz found was presumably presented to Kimball, and he found no credible evidence of infringement. Second, does this 1999 memo justify the smearing of Linux, on the basis of possible issues, issues that in 2002 Mr. Davidson said were absolutely nothing? Had SCOfolk said that there were possible issues, that would be one thing. That isn't at all what they said in public, and even with the 1999 memo, there appears to remain a huge gap between what they said and what they had, at least as far as I can see so far.

Mr. Davidson read the report, and whatever information Mr. Swartz characterized in his 1999 memo, the fragments, etc., Mr. Davidson considered it all, and he says the study found "absolutely nothing". He acknowledges some similarities, but with his expertise, he concludes that while there is "a lot of code that is common between UNIX and Linux", upon investigation "invariably it turned out that the common code was something that both we (SCO) and the Linux community had obtained (legitimately) from some third party."

If SCO has evidence to the contrary, where is it? The ZDNET story provides this statement from SCO:

"Even more importantly, this memo shows that there are problems with Linux. It also notes that additional investigation is required to locate all of the problems, which SCO has been continuing in discovery in the IBM and Autozone cases," said SCO.

Looking now to try to locate those problems doesn't explain the public statements about millions of lines of code, does it? What evidence of infringement did they have in hand in 2003 to back up their public statements, listed only in part in my original article, attacking Linux in the media? Remember this threat, that SCO would pursue all companies that use or contribute to Linux?

". . .McBride warned Unix licensees and Linux users that SCOsource would legally pursue all companies that contribute to or use Linux. By the end of January, McBride said, companies using Linux have three choices: 1) Cease and desist any use of Linux; 2) obtain a license from SCO to use Linux at $699 per CPU (the licensing fee to go up to $1,399 at some time in the future); or 3) continue to use Linux, and lose all rights to the company's Unix license and face SCO in court. McBride couldn't characterize how much income this move would bring in, but he said he hoped it will be substantial.

Surely they didn't demand money based just on the 1999 memo with its vague claims of possible issues and fragments of code, particularly when later Mr. Davidson reviewed the study and said it added up to nothing. They didn't turn over the study until after the lawsuit was well along, remember, the morning of the hearing in September of 2004, as I recall, and Davidson says in the 2002 email, he didn't have it. So even if the 1999 memo said more than it does, surely they didn't go after companies and demand money based on just that, did they? Perhaps SCO might consider releasing the study itself or any studies on which they did base their public statements.

But let's take a look at what IBM's attorney David Marriott said when SCO presented apparently the same 1999 material at that hearing:

"SCO seeks to explain away the e-mail to which I referred by reference to a 1999 memorandum. Now, Mr. Hatch says that he understands that we have this memorandum. We have it because it was given to us hours before today's hearing. We got it this morning. It should have been produced a long time ago, but IBM is supposedly a party in breach of its discovery obligations.

Your Honor, the memo was dated five years ago. It was written three years before the e-mail which I have showed to Your Honor. It is a draft. It says on its face that it is provided, quote, 'subject to the further analysis of Mr. Davidson'. That's on page 5 of the fax sent to us this morning by Mr. Hatch. On the last page of the document, page 6 of the fax, he says, 'I'm awaiting analysis from Mike Davidson on some of these issues since he has a better feel for the history of much of this company.'

"Well, Your Honor, Mr. Davidson weighed in, in the e-mail we provided to Your Honor. In that e-mail, he makes abundantly clear in the last two paragraphs what he said when he weighed in.

I think SCO is doing the same thing now -- trying to explain away the 2002 Davidson email by presenting the 1999 memo. But the 2002 email comes *after* the memo, not before, so the earlier memo, evaluated by Davidson, doesn't trump what Davidson told SCO in 2002.

I think it must be pointed out that oldSCO did the study with a purpose, according to Mr. Davidson, and that purpose is described in his email as being to try to shake down business users of Linux, if they found any copyright infringement. Is it likely that if they had found anything that mattered, that they just somehow would have failed to proceed to cash in on their plan?

There is one more issue, pointed about to me by Dr. Stupid. The 2002 email refers to a study carried out in 1999. As I pointed out in my original article, it doesn't exclude the possibility of infringements occurring after that date or getting copyright claims on the back of SCO's contract claims, so to speak, or proving contract breach. Those are separate issues.

But what about the ABI files -- errno.h, the ELF headers and so forth? As I understand it from Dr. Stupid, they are essentially unchanged in today's kernel from how they looked in 1999. A naive automated code comparison between Linux and SysV does turn up matches in these files, he says. It thus seems hard to believe that Swartz would not have come across these similarities. Yet Davidson concluded they were "absolutely nothing." Would not that statement directly contradict SCO's public claims regarding the ABI files?

To review what SCO said about ABI files, you can review these articles:

This doesn't even go into the simple truth, pointed out by Linus, that the header files don't contain any code anyway:

"As you can see, it's basically something like five files, it's just that several of them are replicated for every single architecture out there. And the thing is, those files don't even contain any code. They contain things like the error number lists--and, yes, we made the error numbers match with traditional Unix on purpose, since, for example, Linux/alpha wanted to be binary-compatible with OSF/1. Ask any programmer what this is, and he'll tell you it's just a C header file that gives symbolic names to static error numbers."
And then there is another issue, as pointed out by Eben Moglen, that SCO released the code under the GPL themselves and that it is available under the same license from Novell:

"Many of the large, sophisticated enterprises who are the targets of SCOís efforts responded to their claims last summer by taking copies of the Linux program, under GPL, from SCOís own FTP server, where the code remained publicly available. They therefore have an auditable license from SCO to use, copy, modify and redistribute the code about which SCO continues to threaten legal action. For such enterprises, which now can also get a copy of the same program, under the same license, from Novell, any action by SCO to bring a copyright infringement claim would be particularly foolish."

3d UPDATE:

Here's the Swartz memo [PDF]. I think you will readily see why Swartz deferred to Davidson. First he says this, in describing his method:

Additionally we investigated the settlement of The Regents of the University of California and BSDI. It is my understanding that anything in BSD Lite tape which was distributed by the University of California, is free of any legal encumbrances from SCO. Further any code which is necessary to meet the POSIX standard is also free of encumbrances.

But then, if you look at his list of similarities, and it's a remarkably short list, his table includes the matches from elf.h and shm.h, which by his stated standard ought to have been excluded. It's clear that he hasn't tried very hard to find why bits of code are similar. (Perhaps he intended that to be left up to Mr. Davidson. Swartz says his findings are "subject to the further analysis of Mike Davidson" since "he has a better feel for the history of much of this code." That raises the question: if Davidson knows more about the history of the code than Swartz, even in Swartz's opinion, on what basis would SCO ignore Davidson's opinion in favor of Swartz's? ) There is another issue about elf, namely that Novell put it in the public domain by 1994, according to this Novell employee email. There are many more reasons why elf isn't an example of infringement in this article on Groklaw from a year ago.

He also contradicts himself by writing, "One of the questions .. is what is the history of the identical code" and then going on to say, "there can be no doubt that parts of the Linux distribution were derived from Unix." By his own admission, there *can* be doubt, because he does not know the reason for the similarities until he answers the question of what is the history of the code. Here's the full quotation:

One of the questions which remains to be answered is what is the history of the identical code. It is possible that some of the code came from Berkeley or other third party. It is also possible that the code is exempted by the BSDI/Berkeley settlement. Additionally there are a number of other legal issues. I am awaiting analysis from Mike Davidson on some of these issues, since he has a better feel for the history of much of this code.

And as Davidson already told us that upon investigation, in his opinion it all turned out to be absolutely nothing, I don't see how the memo helps SCO.

And then there is the later study in 2004 by the world-renowned Dr. Randall Davis, who concluded in his 2nd Declaration:

"Despite an extensive review, I could find no source code in any of the IBM Code that incorporates any portion of the source code contained in the Unix System V Code or is in any other manner similar to such source code."

With that, here is the 2002 Davidson email:

********************************

From: Reg Broughton
Sent: Tuesday, August 13, 2002 10:05 PM
To: Darl McBride
Subject: Fwd: Re: Patents and IP Investigation

DARL

we can probably track down Bob Swartz if you want to dig further. Based on our last conversation, this summary of the code investigation probably closes that discussion.

This of course does not invalidate any of your statements on Caldera owning the central IP, and being the core provider of key technology and IP over the years into the UNIX and Linux communities.

REG

Date: Tue, 13 Aug 2002 13:26:51 -0700
From: Michael Davidson
Organization: Caldera International
X-Mailer: Mozilla 4.6 [en] (Win98; I)
X-Accept-Language: en
To: Reg Broughton
Subject: Re: Patents and IP Investigation

The actual investigation itself was done by an outside consultant (Bob Swartz) hired by SCO. I worked with him and reviewed his findings.

My recollection is that Bob produced an initial proposal for the project which outlined the methodology to be used, and he *may* have also provided a final report, but I don't have copies of either.

The project was a result of SCO's executive management refusing to believe that it was possible for Linux and much of the GNU software to have come into existance without *someone* *somewhere* having copied pieces of proprietary UNIX source code to which SCO owned the copyright. The hope was that we would find a "smoking gun" somwhere in code that was being used by Red Hat and/or the other Linux companies that would give us some leverage. (There was, at one stage, the idea that we would sell licenses to corporate customers who were using Linux as a kind of "insurance policy" in case it turned out that they were using code which infringed our copyright).

Note that the scope of the project was limited to looking for evidence of copyright infringement (we didn't consider patents because SCO didn't own the rights to any patents, and more general IP issues were just too vague - besides SCO was *sure* that it was going to find evidence of copyright violations which are comparatively straightforward to prove once you have found them)

An outside consultant was brought in because I had already voiced the opinion (based on very detailed knowledge of our own source code and a reasonably broad exposure to Linux and other open source projects) that it was a waste of time and that we were not going to find anything.

Bob worked on the project for (I think) 4 to 6 months during which time he looked at the Linux kernel, and a large number of libraries and utilities and compared them with several different vesrions of AT&T UNIX source code. (Most of this work was automated using tools which were designed to to fuzzy matching and ignore trivial differences in formatting and spelling)

At the end, we had found absolutely *nothing*. ie no evidence of any copyright infringement whatsoever.

There is, indeed, a lot of code that is common between UNIX and Linux (all of the X Windows system, for example) but invariably it turned out that the common code was something that both we (SCO) and the Linux community had obtained (legitimately) from some third party.

md


  View Printable Version


Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )