Open source and liability
It is nobody's responsibility but the intellectual-property owner's to enforce his rights to said IP. If the owner does not enforce his rights, the IP cannot be upheld.
In your piece, you wrote: "It's the next big Linux controversy: Who should be liable if customers wind up using software that was created from misappropriated intellectual property?"
Interesting question. But it has the same answer as this one: Who should be liable if (Insert closed-source vendor here)'s customers wind up using software that was created from misappropriated intellectual property?
The person who misapproprated the IP is the person who is liable, whether it be open or closed source. I can't imagine you don't already know this--which casts doubt on the objectivity of your "perspective."
In a closed-source environment, if a coder violates a copyright, that coder will be punished (job loss perhaps). In an open-source environment, the same thing will happen: The person will be punished if/when caught. However, in an open-source environment, it's more likely the violation will be caught; so, it's arguably less likely to occur.
How likely is it IBM could detect its IP embedded in a SCO product without source access? Yet it's easy for any IP holder to detect its IP in open-source projects precisely because the project is open source. It is far more difficult for an IP holder to detect misappropriation in closed-source software precisely because they don't have access to the closed source.
Again, I can't imagine you don't know this: It is nobody's responsibility but the IP owner's to enforce his rights in regard to said IP. If the owner of the IP does not enforce his rights, the IP cannot be upheld. If I own some copyright or software patent and do not pursue anyone who violates my IP rights, then I lose them. That's that.
Now, as for indemnity, I'm not sure where Microsoft indemnifies me or anybody else. I've read and reread my Windows 2000 Professional EULA, and indemnification is mentioned exactly ZERO times. This EULA is the only supposed agreement between Microsoft and me. So where does this indemnification come from? Am I supposed to take their word for it? Oh, that's good business.
There's a lot of neat language about how they won't warrant their product will do squat, though. Oh, they say it will "perform substantially" as intended and documented for the first 90 days, but if it completely stops functioning after that, well...that's my problem, not theirs. And they disclaim a lot of other things too. You know, like financial damages due to their product not working, or working wrong. Maybe you should read the EULA sometime. So anyway, I'm just not following you. I have nothing from Microsoft (or any other closed-source vendor I've purchased software from) even resembling an indemnification clause.
But I know: If it turns out Microsoft "lifted" somebody else's IP and they get caught, I won't have to pay for their crime. Likewise with Linux. That is, unless our courts are that corrupt.
Aaron Howard
Columbus, Ohio