But DiDio makes an additional argument: If SCO is right, she says, then Linux customers all over the world could be in hot water. Why, then, aren't IBM, Red Hat and other Linux vendors addressing this apparent risk with their customers? She notes that "neither IBM nor Red Hat are offering their customers any indemnification" -- that is, insurance against the lawsuits threatened by SCO or, for that matter, any other company that might come along at some point to claim that Linux might be infringing on a copyright. "Why is the world's No. 1 computer company not willing to offer any type of indemnification for Linux? Why are they not saying so publicly? They're afraid that they could lose, and so if they lose that would be a very big payout." What does it say about Linux if the big companies who sell it aren't willing to warrant that it's legal?

Red Hat, despite repeated requests, was not available for comment on the SCO case. When asked about indemnification, Trink Guarino, a spokeswoman for IBM, said that because Linux is an open-source program, "no single company provides it, and users understand that there are no warranties or indemnities that come with it, and that no single company can indemnify it." Guarino also sent Salon an internal memo that IBM's executives recently sent to its sales team. The letter tells salespeople that they should inform customers that SCO's case is baseless and that they have nothing to fear from Linux. "Make no mistake, SCO will continue to look for ways to create fear, uncertainty and doubt -- FUD, not facts, remains the focus of SCO's efforts," Bob Samson, an IBM vice president, wrote. "As the lawsuit continues, understand that the industry will resolve it. In the meantime, if you get questions, as always, send them to this ID or contact your local counsel."

But if IBM truly believed that SCO's case was FUD, Laura DiDio wonders, why isn't it telling its customers that it will assume any legal risks they incur in using it? DiDio notes that this is a standard practice for proprietary operating system sales. "If Linux is going to take its place as an enterprise server and desktop operating system alongside Unix and Windows and Netware and Apple Macintosh, it has got to be certified ready and worthy not just from a technical standpoint but from a business standpoint," she says.

What DiDio does not note, though, is that indemnification, like any form of insurance, costs money. Part of the reason proprietary operating systems cost as much as they do is that the companies you purchase them from pay for this insurance and then they pass the cost on to customers. And for software released under the GPL, indemnification might cost more -- not because open-source software carries any measurably greater risk, but because, in a highly technical, actuarial sense, the risks associated with open-source software might just be harder to calculate, says Gordon Haff. If IBM and Red Hat refuse to indemnify their customers, they're not necessarily saying they believe their customers are at risk; "they're saying that there are unknowable things in the world -- including potential intellectual property issues -- and for them to stand up and offer a potentially open-ended indemnification would be fiscally irresponsible," he says. "I think executives and lawyers get very nervous about indemnification clauses."

That may be a reasonable explanation for why Linux comes without indemnification, but it is not one likely to satisfy folks who might be just a bit wary about using the free OS when, every day, SCO is calling it illegal. If you keep using Linux and then, contrary to all expectations, SCO wins big in court, could you find yourself owing SCO a great deal? How much will you be liable for if you simply ignore SCO?

"I'm confident you'll owe nothing," says Lawrence Rosen, the general counsel of the Open Source Initiative. Under several theories of law, even if SCO wins against IBM, it will not be able to recoup money from users of Linux, he says.

For one thing, Rosen says, if IBM pays SCO its damages, then SCO is, in a legal sense, no longer damaged -- and can't claim money from anybody else. "There's a principle in the law that says that you can't double dip for your damages," Rosen says. "Lets suppose that you get into a three-car pileup and you sue one driver and he pays you out in full. Are you entitled to sue the other car? No. That would be paying twice for your damages."

If SCO proves and wins its case, then you, as the buyer of Linux, will have essentially purchased stolen goods -- though you believed it to be legitimate. Can someone sue you for using a product that you believed was legal but that later turned out to be stolen? That's unlikely, Rosen says. "This is unlike the big debate that's going on in music," he says. "Remember, you're not an infringer just because you played a piece of copied music -- you're an infringer because you copied it or distributed it. With Linux, you're typically just using it, not selling it or copying it. If I'm just using it, how am I infringing?"

Rosen's position seems logical, and if you're using Linux, there appears to be little to fear. SCO can't get you just for running an operating system, even if it insists that it can, and even if IBM won't indemnify you against its lawsuits.

But there is still a risk for Linux, Rosen says: It's that, in the apparent uncertainty created by SCO and others, people just don't know whom to believe. "I think that's the real problem of the SCO lawsuit is that it raised all these concerns," he say. "A company or a product has to deal with fear -- fear exploited by its enemies, its competitors. This fear has to be explained away by the company. What we have to do is tell people, 'Look, software is written by human beings and human beings do things -- and we are undertaking a process to minimize risks.'"

The question for Linux is, can people overcome the fear?

Recent Stories