Why SCO decided to take IBM to court

SCO CEO Darl McBride explains the motivation behind the company's controversial lawsuit against Big Blue and its implications for the future of open source.

David Becker Staff Writer, CNET News.com
David Becker
covers games and gadgets.
David Becker
16 min read
A few years ago, Caldera Systems was bobbing along as one of the last software companies to claim a piece of the Linux land rush, scoring a successful IPO that raised $70 million.

Since then, Linux companies have gone through several rounds of grueling consolidation, and Caldera--now known as the SCO Group--has sworn off Linux. What's more, the company now finds itself a pariah in the same open-source software community it helped elevate to prominence.

SCO's non grata status among corporations stems from a lawsuit the company filed against computing giant IBM earlier this year in which it claimed that major portions of the Linux software IBM distributes are based on Unix source code SCO controls.

The dispute has grown to rattle the growing movement to boost corporate use of Linux, embroil SCO in a spat with former business buddy Novell and possibly open a new front in Microsoft's war against Linux.

But Darl McBride, CEO of SCO Group, says he thinks there's still a lot of value in the open-source approach.

"The point about open source that I believe is really cool is this notion that you have thousands of eyes around the world looking at a similar problem, and obviously when you have more people focused on something, you can solve things better," he said. "To the extent you take that model and solve problems better and create ultimately a better computing environment that solves a lot of application problems and makes life better for everybody, that's the part of open source I believe is really cool.

"I think this business of not having intellectual-property protection or in fact even having a system set up to be able to police intellectual-property violations coming into Linux, that's the part that's really going to the jury right now. I believe that we've got to get that part resolved...so the baby doesn't get thrown out with the bathwater."

McBride spoke with CNET News.com about the origins of the IBM dispute, the side effects and what comes next.

Q: How did the Linux action originate? How and when did you come to realize there was this problem?
A: It really goes back to last fall. I joined the company last summer, and we spent a quarter or two looking at this Unix operating system asset we have.

SCO ends up owning the intellectual-property rights to the Unix operating system, which is a pretty substantial asset to be holding. So we started looking closely at where Unix was relative to Linux. Linux was starting to take off, and we did have some concerns.

We saw some initial problems last fall, and we tried to address those with vendors in the December time frame. We didn't really get a lot of traction with just having friendly discussions. So we came out in the first part of this year and basically said, 'We are going to enforce our intellectual-property rights.' And even though we weren't directly going after IBM at that point, they had a violent reaction to (that).

So at that point in time, we tried to work through the issues with IBM. We came to an impasse, and that's what led to our filing our lawsuit against IBM on March 7. Concurrent with filing our lawsuit against IBM, we put them on notice that we were going to be revoking our AIX (IBM's Unix distribution) license. Under the contract, we have to give them 100 days notice. That notice was due on Friday, June 13, and if we hadn't had the issues resolved then, we would revoke their AIX license.

We're talking about line-by-line code copying. That includes not just the function but the exact, word-for-word lines of code.
During the period of time we were focused on the IBM issues, it came to our attention that we had our code, our Unix System 5 code, showing up directly inside of Linux. So that, in turn, led us to send out letters to 1,500 of the largest companies around the world, to let them know we had these substantial intellectual-property violations and to notify them that we had these problems. We didn't think that necessarily they were the ones that generated the problems, but they had been passed a hot potato they were holding.

Was it a matter of someone at SCO just working with Linux source code and saying, 'Hey, that looks familiar?'
When we filed against IBM, they were supposed to respond in 30 days, and they filed an extension for another 60 days. So we had about 60 days where we were waiting for IBM to respond. So we turned a group of programmers loose--we had three teams from different disciplines busting down the code base, the different code bases of System 5, AIX and Linux. And it was in that process of going through the deep dive of what exactly is in all of these code bases that we came up with these more substantial problems.

Why was IBM the initial focus?
When we first started talking about how we were trying to protect our intellectual-property assets around Unix...IBM basically became very upset we were going to go down the path of even talking about intellectual-property rights in relation to Linux. And they basically threatened that if we didn't pull back from our statements that we were going down that path, they would quit doing business with us at all.

To me, it was a strange posture to be taking for a company that collects a billion and a half dollars a year on their own intellectual-property portfolio. And so that caused us to go digging on what was behind the initial set of problems we found...And as we dug deeper, we found that we did have significant violations going on with respect to their version of Unix they had licensed from us.

At one of their conventions this year, an IBM executive stood in front of an audience and said that IBM was going to destroy the value of Unix and move it all over to Linux. They were going to take the know-how, the people, the methods they developed over the years around AIX--which is our licensed version of Unix--and they were going to transport all that in a wholesale fashion over to Linux. Those statements alone caused us alarm. When we dug deeper, we found they, in fact, had been doing that and they were going to do more.

What would IBM need to have done to keep this from going to court?
We were certainly willing to try to work through issues...I think there's a lot of ways you can resolve things short of full-out litigation. Licensing programs come to mind; different marketplace partnerships come to mind. There are a number of things we could have done together.

How blatant was the code-lifting you discovered?
When we take a top-tier view of the amount of code showing up inside of Linux today that is either directly related to our Unix System 5 that we directly own or is related to one of our flavors of Unix that we have derivative works rights over--we don't necessarily own those flavors, but we have control rights over how that information gets disseminated--the amount is substantial. We're not talking about just lines of code; we're talking about entire programs. We're talking about hundred of thousands of lines of code.

Where people get a little confused is when they think of SCO Unix as just the Unix that runs the cash register at McDonalds. We think of this as a tree. We have the tree trunk, with Unix System 5 running right down the middle of the trunk. That is our core ownership position on Unix.

Off the tree trunk, you have a number of branches, and these are the various flavors of Unix. HP-UX, IBM's AIX, Sun Solaris, Fujitsu, NEC--there are a number of flavors out there. SCO has a couple of flavors, too, called OpenServer and UnixWare. But don't confuse the branches with the trunk. The System 5 source code, that is really the area that gives us incredible rights, because it includes the control rights on the derivative works that branch off from that trunk.

Some open-source defenders have said that there's only one way you can write certain functions, so some part of the Unix and Linux code are bound to look the same. Do the similarities go beyond that?
We're talking about line-by-line code copying. That includes not just the function but the exact, word-for-word lines of code. And the developer comments are exactly, 100 percent the same. The developer comments really get to the DNA of the code. It's one thing to have something look the same, but when the developer comments are exactly the same, that tells you everything you need to know that this is in fact lifted, that it has been copied and pasted from Unix into Linux.

What prompted the 1,500 letters? Couldn't you have found a more informal way to tell these companies what was going on?
Those letters had to do with the fact we had just uncovered these issues, and with the legal requirements...we felt we had to go out and let the world know we had come across these problems.

We can sit there and talk to IBM all day long, but if in fact users are running systems that have basically pirated software inside of there, or stolen software inside of their systems, they have liability. We're not saying that they created that liability; we think there are a number of parties along the way that generated that. But we feel like we have an absolute requirement to let them know what was going on as we went down this path.

A lot of people think the net effect of those letters has been to intimidate businesses out of doing anything with Linux. Do you think that's true?
We think that Linux has been able to become enterprise-class in the last couple of years in large part because of the amount of vendor contributions that have gone into Linux. If you look at a pre-2000 version of Linux, when it was the 2.2 kernel, you've got the ability to connect two-way and four-way systems together, which was kind of interesting, but not enterprise-class. Over the last couple of years, you've seen support for high-end symmetrical multiprocessing, you see the ability to take a string of 32 or 64 Intel boxes, string them together and create supercomputer computational ability.

And if you look at the amount of vendor code that's gone into Linux since 2001, its significant...So Linux is growing up in the enterprise in large part by virtue of these code violations we see from vendor code being contributed into Linux. If Linux is going to become enterprise class, we also need to ensure it has IP integrity. We need to ensure our code is not the basis upon which it's getting its strength.

If a CIO asked you today what they should do about a Linux installation, what would you tell them?
We've asked them to do a couple of things. First of all, get a legal opinion letter. We got our legal opinion, and we know where they came down. We suspended our shipments of Linux until all these issues get resolved.

Starting in the next couple of days, we're going to be showing people what we have going on. Partly what we're asking them to do is put themselves in our shoes and understand what's going on here. As we get into July, we expect to have a public statement about how we hope to have things move forward.

Are we trying to shut Linux down? No, that is not our attempt. Are we trying to make sure our intellectual-property rights are protected along the way? Absolutely.

Are we trying to shut Linux down? No, that is not our attempt.
There's a widespread perception SCO is doing this to make a quick buck because your core business hasn't panned out. What's your response?
We are taking these actions to protect our property. It's a little bit as if you have a jewelry store and you have some very valuable diamonds in it, and one day you wake up and realize people are walking into your store and taking the diamonds and not paying on the way out. Now we are stepping up and saying, "Hold on, you've got to go through this cash register first."

I understand why people don't like it, because they've been used to taking things out for free. But it doesn't fundamentally change our rights, and fundamentally it doesn't change the responsibility we have to our shareholders to be protecting our rights.

Was Novell's involvement a surprise? What do you think prompted that?
What we've found here over the last couple of days is that Novell and IBM have been working together on some things relating to this case. So our suspicion is that some kind of deal they have going on with IBM is what motivated it.

Were we surprised? Yes. It's like you're sitting there fighting a battle; you have this David-and-Goliath battle going on. And then from the side, you get hit by this other force, this other army's attacking you. At first, you're surprised by it. But then you realize there appears to be some linkage to the Goliath, so then I guess it's not so surprising.

Even though we didn't have any copyright claims in our case with IBM, this shot came in. We stopped our battle with IBM for basically four days; we stamped out the Novell attack and put that one behind us. Now we're back on what our original focus was, which is resolving the issues we have with IBM.

So the whole thing with Novell was about unclear contract language?
The final problem is that Novell didn't dig to the bottom of their file drawer and find the second amendment to the contract. Once we exerted our second amendment rights, if you will, Novell basically took their ball and went home.

SCO realized there were problems with the contract language earlier. Wouldn't it have been useful to have those issues worked out before you went down this road with IBM?
To the extent we were filing copyright claims against IBM, sure, it would have been useful. In fact, we had some discussions with Novell as early as last year around cleaning up the language that related to the copyrights. They chose not to clarify them.

And when we filed against IBM, we chose to not even talk about copyrights. That's why it's interesting the copyright thing showed up...It was strange behavior for somebody we've had a partnership with for a long time and for a company I used to work at for eight years of my life.

How did Microsoft's agreement to pay you for Unix rights happen?
In the Microsoft case, they saw an opportunity. We originally approached them and said we're on a new licensing path; we have this intellectual property that we've started approaching vendors about. IBM is one we approached; Microsoft was another. We had about four big vendors in the last quarter that we talked with. With two of them, we signed deals. The other we're still talking with, and IBM we reached an impasse.

As far as what Microsoft gets out of the deal, they get the source code rights in order to be better able to integrate their services for Unix products, which gives them a much stronger, tighter integration between Unix and windows.

The perception is that Microsoft basically wants to use this as a weapon in its battle against Linux. What's your response?
The Linux community loves to jump on that bandwagon. There's no truth to it. We did a straight-up licensing deal around the intellectual property we had as well as the source code to allow them to tie in their Unix-related products. The world seems to be divided into two camps--those that respect intellectual property and those that don't. Those that do, to the extent they're associated with SCO, anybody who steps forward and does something with us in a positive way seems to get attacked these days.

It's not just Microsoft. We've had an industry analyst who has been attacked because they said, 'Hey, I've seen the code, and SCO's right.' We've had denial-of-service attacks on our Web site. We had a reporter who had their site hit by a denial-of-service attack because they wrote a positive story about us. Any time it seems we have somebody on our side of the table, somebody wants to start shooting at them.

Have you been surprised by the level of animosity this has generated?
I've been surprised by the level. I haven't been surprised that there has been animosity. As we started down this path, even IBM said, 'You can't go down this path of enforcing your rights, because the Linux community is going to have a field day with you guys.' The way they had described it to me is, 'You can't sue us because we don't do distributions. You can't sue developers for the Linux community, because these guys don't have a lot of money and they're going to hate you. Customers aren't going to want to see lawsuits.'

It wasn't a question of whether we had intellectual-property violations; it was 'What are you going to do about it?' My take on it is we have been wronged. We're stepping up and trying to get some justice in the situation. Is there heat coming at us? Absolutely. It's hot in the kitchen, but that's not a reason to not do what you feel is the right thing.

It's been suggested that if IBM wanted to settle this quickly, they could just buy you out. Is that a possibility?
We're not trying to sell the company; we're trying to enforce our rights. We believe that in the marketplace we operate in--just take our UnixWare operating system that competes straight up against Red Hat--if you look at the marketplace over the last two years, there've been 2 million servers shipped into the market. Our UnixWare price tag of $1,500 would have generated $3.5 billion in revenue for us.

The fact that Linux shows up in town and everybody gets excited about it because they get the same sort of value we had with UnixWare but they don't have to pay anything--I get why customers like that. It's the same reason everybody loved Napster--you get CDs for free.

But from our perspective, if you're going to show up and sell against us with a free operating system, then you better have your house in order with respect to these intellectual-property issues.

Let's fast-forward to a point where this is all settled and presumably you've won. What happens then? Do you send a bill to everyone running Linux?
In May, we sent out a notice letting people know there are problems. This month, to the extent people want to see this, we're showing people the problems.

There's a big concern that if you just drag this out in a typical litigation path, where it takes years and years to settle anything, and in the meantime you have all this uncertainty clouding over the market, it's not a positive. So we've been responding to things in a proactive way. We've been bringing out bits of our evidence...so people can get an understanding of the problems that exist.

As we get to the end of this month, as we get more user feedback...in the July time frame, we expect to come out and make some statements about how this whole situation can be resolved and how we can move forward. In terms of where we sit right now, we're not prepared to make any directional statements about how the licensing of this is going to fall out.

If you go back a few years, SCO was one of the main backers of Linux. How much of the reaction from the open-source community stems from that?
There's probably some merit to that. The reality is we were doing Linux. We kept these two businesses separated, and along the way, what you find is that the companies who are benefiting and profiting from Linux are not the distributors, which is the part of the chain we were involved in.

A lot of the distributors that did their big IPOs in the late 1999-to-2000 time frame, many of those have gone out of business or not done well. The business of distributing Linux for free is not doing well.

Which has been a real shocker...
Yeah, you sell something for free and you don't make any money--surprise, surprise. Even Red Hat, they had one little quarter where they got their head above water from a profitability standpoint, and then they're down again.

One of the things we feel very strongly about is that for this kind of model to go forward, the key players involved in the marketplace have to have an economic model that works for them

Meanwhile, the open-source community seems to feel SCO has betrayed them.
Clearly, there's an element of family feud involved. I believe, as the situation unfolds, people will see what we have. We've spent hundreds of millions of dollars on our Unix-related properties, and that's what's under attack right now, and that's what's showing up inside Linux. The more rational minds start to come to grips with what's really happening here, we believe that the community will come to be a little bit more reasonable in how they view us and how they deal with us.

To the extent this makes an IT guy think twice about deploying Linux, do you have any regrets about that, or do you think you're doing those people a favor?
I believe were doing them a huge favor. Think about an IT shop that's in the middle of putting in a system that runs an entire enterprise. You've got 5,800 stores, for example, and you're just getting ready to put it in, and you hear about this issue now, versus us deciding to wait and you hear about it six months or a year from now, in the middle of a trial or whatever.

Now, that company, instead of being on the front end of a rollout, is on the back end. That's when I'd really be ticked off. "You're telling me, SCO, that you found out about this last spring and you didn't say anything about it until now? Thanks a lot."

I believe in the short term, obviously the dust has definitely kicked up. But I believe from a user standpoint, I'd much rather know about these issues now than at some point in time down the road.