Conventional wisdom about the SCO/IBM dustup is that it demonstrates a serious flaw in the open-source model – an asserted lack of “quality control” on open-source code that leaves end users open to potential copyright and patent infringement suits. If any pimply-faced teenager can contribute code to open-source projects, how can you be sure that that code isn’t copyrighted or patented by somebody?

SCO charges that IBM took code from a SCO-owned version of Unix and copied it into the open-source Linux operating system, in violation of a contract between IBM and SCO. There is also some ambiguous evidence that SCO may own copyrights on some of the allegedly-copied code, in which case IBM might be liable for copyright infringement.

It may well turn out that SCO’s claims are hooey, in which case the only lesson to be learned is that we shouldn’t take the claims of desperate companies too seriously. But let’s assume, just for the sake of argument, that SCO is right, and that IBM, in violation of contracts and copyrights, did copy code without permission into Linux. What lesson do these (hypothetical) facts have to teach?

Assuming that SCO’s charges are correct, the moral of the story is not, as the conventional wisdom would have it, to avoid software that comes from pimply-faced teenagers. Quite the contrary. The moral is to be wary of software from big, established companies like IBM. In SCO’s story, the pimply-faced teenagers are bystanders – the gray-haired guys in expensive suits are the crooks.

More likely, though, the fact that SCO’s story involves their code ending up in an open-source IBM product, rather than a closed-source one, is just a red herring. IBM would have had just as large an incentive to copy code into a closed-source product, and doing so would have reduced the chance of getting caught. Nobody has offered a plausible reason why the open-source nature of the end product matters.

Now let’s turn to SCO’s argument that ordinary Linux users might be liable for infringing SCO’s copyrights, even if they didn’t know that Linux contained SCO’s code. It’s hard to see how the merits of this argument depend on the fact that Linux is open-source. SCO’s arguments would seem to apply just as well to customers who made copies of closed-source IBM products (presumably, with IBM’s permission but without SCO’s). Once again, the open-source issue seems to be irrelevant.

Now it may well be that open-source products are more prone to copyright infringement or patent infringement than closed-source products. That’s an important question; but I don’t see how the SCO/IBM dispute will help us answer it.

Larry Lessig writes:

We have launched a petition to build support for the Public Domain Enhancement Act. That act would require American copyright holders to pay $1 fifty years after a work was published. If they pay the $1, the copyright continues. If they don’t, the work passes into the public domain. Historical estimates would suggest 98% of works would pass into the pubilc domain after 50 years. The Act would do a great deal to reclaim a public domain.

This proposal has received a great deal of support. It is now facing some important lobbyists’ opposition. We need a public way to begin to demonstrate who the lobbyists don’t speak for. This is the first step.

Regardless of your position on the proper length and breadth of copyright, I hope you will agree with me that there is no reason to maintain the copyright on works that are essentially abandoned. A great many old works are simply unusable, because it would cost too much to figure out who owns the copyrights on them. The Public Domain Enhancement Act would put only two tiny “burdens” on copyright owners: (1) pay a fee of one dollar to maintain their copyright on any old work, and (2) register their ownership of the copyrights on old works so that potential licensees can find their owners.

The beauty of this approach is that, while imposing essentially no cost on the owners of commercially valuable copyrights, it reclaims for the public domain that vast majority of works that have no remaining commercial value after fifty years. To enter the public domain, a work has to be so devoid of commercial value that the copyright owner isn’t willing to pay even one dollar to maintain its copyright. This seems like such a no-brainer that it’s hard to see how anyone who takes cultural progress seriously could oppose it.

If you agree with me, please sign the petition.

The Business Software Alliance (BSA), a prominent industry group, has announced the results of its annual study of copyright compliance by business software users.

According to BSA, 39% of business application software, worldwide, was infringing in 2002. This is down from a high of 49% in 1994. The U.S. was the most law-abiding country, with an infringement rate of 23% in 2002.

These are interesting data for the debate about music and movie copyrights. For software at least, the infringement rate is going down, and the U.S. has the lowest infringement rate. The software industry must be doing something right.

Big copyright owners have apparently had some degree of success in their efforts to flood file-sharing networks with decoy files, thereby frustrating users’ attempts to find copyrighted works. Conventional wisdom is that file-sharing systems will institute some kind of reputation-feedback system to help their users determine which sources tend to offer real files and which tend to offer decoys.

Reputation systems try to mimic the dynamics of real-life reputations, which are a powerful mechanism for inducing cooperative behavior, as anyone who has lived in a small town can attest. The best-known reputation technology is EBay’s, which allows everyone who transacts business with you to give you a score, and which aggregates those scores into a concise summary. EBay users are willing to pay more for an item when it is offered by a seller who has built up a good reputation over time. This system has generally worked pretty well.

If file-sharers had the same incentives as EBay users, we could be pretty confident that reputation systems would work for file-sharing vendors too. But the incentives differ in important ways.

For example, an EBay vendor wants to engage in more transactions, because he profits on each one. A file-sharer, though, doesn’t want to upload too many files, because each upload uses up part of his network resources. A file-sharer suffers if his reputation gets too good, so a reputation system may create a perverse incentive to behave poorly sometimes. Indeed, a group of friends might conspire to trash their own reputations, so as to ensure themselves unimpeded access to each others’ files.

There is also the question of who will do the record-keeping for a file-sharing reputation system. EBay is happy to keep track of the reputation reports for their users, because it boosts EBay’s business. The vendor of a file-sharing system may worry that keeping any kind of record of each transaction between users, and giving any kind of recommendation to users about where to get files, might bring the vendor one step closer to the kind of active participation in infringing transactions that got Napster in trouble.

Despite this, my prediction is that at least some file-sharing vendors will try adopting reputation systems, and that after a few false starts they will find a way to make those systems at least modestly successful to combating decoy tactics. But that’s only a guess – I won’t stake my reputation on it.

The RIAA has settled its lawsuits against four college students, dropping the suits in exchange for a payment of between $12,000 and $17,500 from each student. The settlements did not require the students to admit any wrongdoing.

The students had been accused of direct infringement (for allegedly offering copyrighted files directly from their own computers) and of contributory infringement (for allegedly running search engines that others used to find infringing files).

The RIAA spin appears to be that the students’ decision to settle on these terms indicates that the students expected to lose on the contributory infringement claim. This spin is, to say the least, implausible. Getting out of this lawsuit for $15,000 or so was a great deal for the students, considering the legal expenses involved in going to trial, and the very real possibility that the direct infringement claim alone would have led to a judgment for tens of millions of dollars.

In my view, these lawsuits tell us nothing new about the legal status of the kinds of general-purpose search engines these students were running. The lessons of these suits are simpler: (1) don’t be a direct infringer, and (2) getting sued by the RIAA is expensive.