A US federal district court decision in California favoring database biz Neoj4 is incorrect and imperils free open-source software, according to the Software Freedom Conservancy.
Neo4j Enterprise Edition (EE) was at first offered under both a paid-for commercial license and for free under the GNU Affero General Public License, version 3 (AGPLv3). In May 2018, version 3.4 of the software was put under AGLv3 plus additional terms from the Commons Clause license, which is not an open-source license and explicitly says as much in its documentation.
The viability of Neo4j’s AGPLv3+Commons Clause license is what’s at issue, because taken as a whole, the AGPLv3 includes language that says any added terms are removable. That view has been rejected in court – which accepts Neoj4’s right to craft custom terms and to resolve contradictions in those terms – and the Software Freedom Conservancy believes the court erred.
As The Register reported last month, Neo4j and its Swedish subsidiary have been pursuing legal claims, filed in 2018 and 2019, against several companies that sold what was marketed as an open-source licensed version of Neo4j EE under the name ONgDB – allegedly in violation of terms in the concatenated AGPLv3+Commons Clause license and Neo4j’s trademarks.
The Graph Foundation, one of the defendants, in February 2021 settled with Neo4j, agreeing that it would stop calling specific versions of ONgDB, forked from Neo4j EE, a “100 percent free and open source version” of Neo4J EE.
In May 2021, US District Court Judge Edward J. Davila, who is overseeing Neoj4’s case against PureThink and iGov – both run by John Mark Suhy to sell ONgDB – granted Neo4j’s motion for partial summary judgment [PDF]. The ruling declared the defendants could not infringe Neo4j’s trademark and could not claim that ONgDB is open source software. In effect, the district court said you can’t call non-open-source software open source.
The defendants, PureThink and iGov, challenged that ruling – the case continues to be litigated – though in February the US Court of Appeals for the Ninth Circuit affirmed the district court’s decision specifically with regard to the lower court’s partial summary judgment, including the point about only calling open-source software open source.
Open-source developers under corporate pressure to adopt less-permissive licenses, Percona CEO says
The Open Source Initiative, which oversees the Open Source Definition and the licenses based on the OSD, applauded the appeals court decision. So too did Bruce Perens, who created the Open Source Definition in 1997. Both welcomed the court’s acknowledgement that it’s false advertising to claim a license is open source when it’s not.
But on Thursday, Bradley Kuhn, policy fellow and hacker-in-residence at Software Freedom Conservancy, took issue with the district court’s partial summary judgment and the Ninth Circuit’s endorsement of it. He said he’d agree that the defendants ought not say their software is under a free and open source (FOSS) license if the AGPLv3+Commons Clause combo were valid. But he argues the two licenses can’t co-exist as published by Neo4j.
“We believe the court held incorrectly by concluding that Suhy was not permitted to remove the ‘Commons Clause,'” wrote Kuhn in a blog post. “Their order that enjoins Suhy from calling the resulting code ‘FOSS’ is problematic because the underlying holding (if later upheld on appeal) could seriously harm FOSS and copyleft.”
Their order that enjoins Suhy from calling the resulting code ‘FOSS’ is problematic because the underlying holding (if later upheld on appeal) could seriously harm FOSS and copyleft
Kuhn, who created the Affero clause in the AGPLv1 and co-drafted v3, says that the AGPLv3 contains a clause that explicitly allows the removal of terms added to the AGPLv3, something Suhy’s companies argued but the judge rejected.
The AGPLv3 license says, “If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.”
The judge, citing his prior ruling against The Graph Foundation, says [PDF] the terms of the AGPLv3 “prohibit a licensee from imposing further restrictions, but do not prohibit a licensor from doing so.” And he argues that “it would be contrary to principles of contract and copyright law to interpret these provisions as limiting Neo4J Sweden’s exclusive right to license its copyrighted software under terms of its choosing.”
“It’s just wrong,” Kuhn told The Register in a phone interview. He agrees that Neo4j has the right to set its own licensing terms but points out that the company specifically chose the full text of AGPLv3. And in making that choice, he argues, they can’t selectively ignore the AGPLv3’s terms when they specifically state their software is “subject to the terms of the GNU AFFERO GENERAL PUBLIC LICENSE Version 3, with the Commons Clause.”
“Neo4j defines ‘This License’ to mean ‘version 3 of the GNU Affero General Public License,'” he wrote in his post. “Then, Neo4j tells all licensees that ‘If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.’ Yet, after all that, Neo4j had the audacity to claim to the court that they didn’t actually mean that last sentence, and the court rubber-stamped that view.”
Perens in an email agreed with Kuhn’s interpretation.
“The license of Neo4J Enterprise Edition has the Affero GPL v3 license (AGPLv3), a license with very strong share-and-share-alike terms, but these weren’t good enough for Neo4J Inc, which added a license term called the ‘Commons Clause,’ which says ‘you can’t sell it.'”
But the AGPLv3, said Perens, includes a passage that allows the removal of added restrictions.
“So Neo4J also gave anyone permission to remove the Commons Clause from Neo4J and use it as if it’s just under the AGPLv3 license,” he said. “Which is what the defendant did. The judge said he couldn’t. Now, an appeals court may get to reverse that decision.”
NASA advised to study up on what open source, free software, and permissive licenses actually mean
Paul Berg, a software licensing consultant who has worked for Amazon and Microsoft, among others, told The Register in an email that Kuhn in his post raises salient points.
“A core issue under contention that I see here is that Neo4j is releasing a product they own under proprietary licensing terms with an unconventional license,” he said, adding that the license text “obscures those terms rather than explicitly stating them.”
“They are doing this by including the whole of the text of a well-known open source license, yet adding confusing and seemingly contradictory terms which conflict directly with the stated intent of the drafters of the open source license,” he continued.
Berg argues that by structuring their license this way, they benefit from association with free-and-open-source software without actually offering the implied assurances.
“This causes some users of their product to begin designing and building their own systems under these false assumptions only to realize after committing to their design that the software is not open source,” he argued. “This often results in insurmountable late stage migrations to another technology or accepting Neo4j’s costly alternative licensing, a sales conversion tactic. One which is severely disadvantageous to the user if the software and of negative utility.”
Berg, pointing to the Log4shell incident, said there’s a growing need in the tech industry for developers to integrate third-party dependencies under unambiguous licensing terms in a way that minimizes supply chain disruption.
Software, he said, “should include clear knowledge of origin, clear licensing terms, and transparent security information. Regardless of current law or existing license text, this is the aim we should strive for and prioritize as an industry instead of trading that for misleading branding and Ill-gotten sales.” ®