A recent article discusses trademark issues in open source software, published in the International Free and Open Source Software Law Review (Volume 1, Issue 2). The article is readable by non-lawyers and should be quite interesting to people who produce or modify free and open source software. One thing that interested me is how the fuzzy areas in current law are comparable to fuzzy areas in software distribution; that's what I'll discuss in this blog.
The main issue driving the article by Harvey Anderson and Tiki Dare is that trademark law was designed for fixed products and services left under the control of the vendor. For instance, if you sell wine, you don't expect someone to mix in a few ingredients and resell it under your trademark. Anybody who did so would bring out the sheriffs real quick.
The authors point out that trademarks are intimately tied up with trust. In fact, you can lose your trademark if you let someone else manufacture your product and fail to exert quality control over them. The authors cite a lawsuit over a wine trademark, Barcamerica Int'l USA Trust v. Tyfield Importers et al., where a trademark was lost just because of that.
Let's turn now to free software. People modify and redistribute it all the time, but to be honest about it, they shouldn't do so under the name chosen by the original developers. Practice is very fuzzy in this area, where few developers trademark their work--it takes whale of an effort, because even after spending thousands of dollars for a trademark you have to police its use--and those that do often have liberal policies. (There's a trademark policy for Ubuntu and a whole trademark organization for Linux.) Anderson and Dare go over the licenses of the Free Software Foundation and the Open Source Initiative and find a wide range of practices, or lack thereof.
In one case, the Debian developers wanted to alter the code of Firefox and redistribute it under the same name. The Mozilla Foundation refused to let them do it--quite properly, in my opinion, because the last one who touches the software should take responsibility for its flaws. The Debian project, with a typically Debian sneer, released the software under the name Iceweasel.
But at this point, every programmer--and a lot of everyday computer users as well--realizes that putting out a properly vetted, trademarked piece of software does not isolate you from quality problems. This is because Firefox runs on libraries provided by Debian, as well as other projects. Problems turn up all the time in such arrangements. That's the "DLL hell" of Windows systems, which no amount of trademark enforcement (there are zillions of them in this situation--just read the licenses some time) can prevent.
Anderson and Dare suggest that trademark law should change to account for the new complexities of open source software. I think we need a wider discussion of trust and how to achieve it in software systems that interlock so tightly. Not only does free software call for an examination; so do the APIs and plugins used on so many web sites and applications. A lot of us won't even download a Facebook app because we don't trust what it's going to do. But the age of vertically integrated systems is over, even in the highly controlled mobile environment.
Certification won't help. The U.S. government tried that with Orange Book security certifications. Certifying a system takes longer than producing a new version, and all you've validated is a snapshot of the system in time. Downloading a new version of something (possibly to fix a security flaw) or a new application (possibly to fulfill a legal mandate) puts you almost back to square one.
Liability also won't help. Nobody expects to punish developers or vendors for errors.
Crowdsourcing provides a kind of quality control. If a new version of Firefox blows up on a new version of Debian, somebody posts that to the Web right away. This is great public service, but many people don't do it as a public service; it's done with more an attitude of "Help! I've got a deadline and my system's crashing!"
So we can quickly get a rough sense of how stable each new software release is, but the sleuthing project of finding out which project is responsible takes longer.
In terms of project collaboration, something like Canonical's Launchpad makes it easier to share bug reports. But we still have mistrust between many projects, and "not my problem" attitudes.
So while lawyers scope out the interaction between trademarks and open source software, they will run on a parallel track with developers who have been dealing with issues of quality and trust on the technical side.