This article isn’t about the technical arguments regarding whether or not your organization should adopt Facebook ReactJS (Facebook owns the ReactJS copyright), one of many JavaScript frameworks available today. Rather, this article is about Facebook’s curious licensing scheme that now involves a combination of the BSD (Berkeley Software Distribution) Open Source Software (OSS) License and a separate patent grant document. Over the past few years, this new licensing scheme has given rise to many online discussions and has made many organizations pause during their adoption of ReactJS. The goal of this article is to provide guidance on what the new licensing scheme means, and perhaps more importantly, what it doesn’t mean. The ReactJS license scheme is an example of why licensing matters with OSS and why you and your organization should pay close attention to the terms and conditions incident to your rights to use, copy, and distribute OSS.

DISCLAIMER: This and future columns should not be construed as specific legal advice. Although I’m a lawyer, I’m not your lawyer. The column presented here is for informational purposes only. Whenever you’re seeking legal advice, your best course of action is to always seek advice from an experienced attorney licensed in your jurisdiction.

ReactJS: What It Is and a Brief License History

ReactJS is one of the many JavaScript frameworks, like AngularJS, available today. For the record, AngularJS is licensed under MIT (another permissive license like BSD and Apache). ReactJS’s online home can be found at http://www.reactjs.org. Facebook released ReactJS in 2013, originally under the Apache V2 OSS License (https://www.apache.org/licenses/LICENSE-2.0). On numerous occasions, whether in the pages of CODE Magazine or in my OSS Licensing Course at Lynda.com (https://www.lynda.com/Programming-Foundations-tutorials/Foundations-Programming-Open-Source-Licensing/439414-2.html), I’ve said that by far, the Apache V2 License is the best license a team could select if the goal is to encourage a project’s commercial uptake because of the comprehensive and concise way patents and community contributions are addressed.

In 2014, Facebook decided to change ReactJS’s license to BSD. If Facebook had just stopped at that, there wouldn’t be an issue. Both the BSD and Apache licenses are in the permissive category in that there are few restrictions and obligations on the licensee. The permissive licenses are distinguishable from what is known as CopyLeft or non-permissive licenses like the General Public License (GPL). Licenses like the GPL place a number of restrictions and obligations on the licensee that permissive licenses don’t, such as the requirement to share modifications under certain conditions. Permissive licenses like the BSD, Apache, or MIT have no such requirements to share modifications.

Another key difference between BSD and Apache relates to patents. The BSD license, like the MIT license, is completely silent on patents. Apache, on the other hand, covers patents extensively with respect to the core project and contributions from the community. Well-run and organized projects that use BSD or MIT use a device known as a Contributor License Agreement (CLA) that, among other things, requires the contributor to grant the project and anybody who uses the project a non-exclusive worldwide irrevocable grant of any patent rights that do now exist or may exist in the future. In many ways, you can think of Apache as a permissive license that combines the elements of a CLA, including the patent grant and more specificity around copyrights, trademarks, distribution, and disclaimers.

You can think of Apache as a permissive license that combines the elements of a CLA, including the patent grant and more specificity around copyrights, trademarks, distribution, and disclaimers

From a legal standpoint, I don’t know why anybody would take the time to re-license from Apache to another permissive license. There’s nothing substantive to gain from such an action. On the other hand, given questions on patents and related items, I could understand why a team would elect to move from BSD or MIT to Apache. Apache directly addresses questions on which BSD and MIT are completely silent. ReactJS’s BSD license can be found here: https://github.com/facebook/react/blob/master/LICENSE. It’s the standard three paragraph BSD license with the standard disclaimer. For reference, you can find the form of BSD License here: https://opensource.org/licenses/BSD-3-Clause.

What makes ReactJS’s re-licensing scheme all the more curious is the fact that in conjunction with the move to BSD, a separate patent grant was added. The patent grant can be found here: https://github.com/facebook/react/blob/master/PATENTS. One question you may have is if Apache already addressed copyrights and patents, does ReactJS’s decision to bifurcate the licensing between two documents make any sense? Given ReactJS’s assertion that it is indeed OSS, in my opinion, the decision made no sense whatsoever, unless of course Facebook wanted to retain some rights. In this case, it’s Facebook’s right to sue for patent infringement and to prevent any counter claims under the patent grant. Under the Apache License, no such right would exist due to the anti-assertion clause in Paragraph 3: Grant of Patent Rights. Technically speaking, projects that use MIT and BSD can sue for patent infringement because there’s nothing in those licenses to prevent such a cause of action. In reality, the threat of a patent infringement suit is more of a perceived threat than a real threat, given the nature of most OSS projects. With large organizations in the mix, like Facebook, Microsoft, Oracle, etc., that threat becomes more real if, for no other reason, these large organizations have the wherewithal to institute such litigation.

With that background, let’s turn attention to Facebook’s ReactJS Patent Grant.

Facebook’s ReactJS Patent Grant

The following is the patent grant’s text with annotations to explain what the language means.

Additional Grant of Patent Rights Version 2

"Software" means the React software distributed by Facebook, Inc.

Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (subject to the termination provision below) license under any Necessary Claims, to make, have made, use, sell, offer to sell, import, and otherwise transfer the Software. For avoidance of doubt, no license is granted under Facebook's rights in any patent claims that are infringed by (i) modifications to the Software made by you or any third party or (ii) the Software in combination with any software or other technology.

If you’re confused by the language so far, you should be. It’s worth noting that there’s also the BSD license that grants you the right to use the software. To confuse matters more, there’s no reference to the BSD license in the Patent Grant. The Grant itself is under the term Necessary Claims that’s defined below. A Necessary Claim is nothing more than a claim or claims under patent that Facebook, as the software owner, could assert as part of an infringement suit. What this means is that Facebook reserves the right to sue for patent infringement. Although this is always a theoretical possibility under permissive licenses like MIT and BSD because they’re silent on patents, it’s generally not regarded as a practical reality under such licenses. The Apache license forecloses such suits due to its unqualified anti-assertion language. In this specific case, Facebook makes it explicit that it reserves the right to not only retain its patent rights, but to exercise them. It begs the question of whether this is really a grant at all. On one hand, there is a patent grant. On the other hand, the licensee could be sued for patent infringement.

The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: (i) against Facebook or any of its subsidiaries or corporate affiliates, (ii) against any party if such Patent Assertion arises in whole or in part from any software, technology, product or service of Facebook or any of its subsidiaries or corporate affiliates, or (iii) against any party relating to the Software. Notwithstanding the foregoing, if Facebook or any of its subsidiaries or corporate affiliates files a lawsuit alleging patent infringement against you in the first instance, and you respond by filing a patent infringement counterclaim in that lawsuit against that party that is unrelated to the Software, the license granted hereunder will not terminate under section (i) of this paragraph due to such counterclaim.

The preceding paragraph has two parts. The first is the typical anti-assertion language that you’d expect to see as part of any patent grant incident to an OSS license or a contributor license agreement. The entity explicitly protected is Facebook as well as any other entity that uses the Software. It’s important to note that Facebook is the one entity that retains the right to sue for patent infringement.

The second part is a bit more controversial. It begins with the magic words "Notwithstanding the foregoing". Anytime you see this language, what follows is known as a carve out. It means that regardless of what you read before, the following, even if it conflicts with preceding text, controls. In this particular case, it means that if Facebook sues you for patent infringement arising out of a claim pertaining to the ReactJS software, if you assert a counter-claim for patent infringement against Facebook, your rights under this patent grant terminate.

The current patent grant language was crafted in April 2015 as a response to the community’s concern that the previous grant language was ambiguous. You can find Facebook’s statement here: https://code.facebook.com/posts/1639473982937255/updating-our-open-source-patent-grant/. I’d submit that just sticking with the Apache V2 license would have been a better, clearer and less ambiguous approach.

A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.

A "Patent Assertion" is any lawsuit or other action alleging direct, indirect, or contributory infringement or inducement to infringe any patent, including a cross-claim or counterclaim.

Going back to a previous question I raised, you have to wonder whether or not this document represents a bona fide patent grant and perhaps gives rise to a more basic question of whether this patent grant was necessary or has any practical legal effect. Other questions are whether ReactJS is truly OSS and whether or not an organization should adopt ReactJS. I’ll tackle those questions now.

Is This a Bona Fide Patent Grant?

Is Facebook offering a bona-fide patent grant? In my opinion, no, because the grant is more concerned with asserting its own rights instead of putting the community at ease. It also happens to be an in artfully drafted legal document. A good, well-drafted legal document brings clarity with it. Facebook’s patent grant raises more questions than it answers. If Facebook’s goal was to encourage commercial adoption of ReactJS, this patent grant, in name only, wasn’t a good way to achieve that goal. If anything, it’s more likely to reinforce distrust and resentment.

Is Facebook offering a bona-fide patent grant? In my opinion, no, because the grant is more concerned with asserting its own rights instead of putting the community at ease.

Is This Patent Grant Necessary or Does It Have Any Practical Legal Effect?

No and no. One of the most over-estimated intellectual property concepts in OSS is in the area of patents. That’s not to say that software can’t be patented. Software and the business processes they facilitate can absolutely be patented. The key with any patent is to prevent disclosure before filing a patent application. All of the JavaScript frameworks you see today, for the most part, do the same thing. The code implementations may differ. That, however, is the subject of copyright.

These JavaScript frameworks, absent an implementation, are very generic. It’s highly questionable whether a framework on its own could represent patentable subject matter. In that regard, I don’t know what Facebook would be or could be protecting with this patent grant. And to the extent that Facebook had something to protect, why would it disclose anything before filing its claims?

Finally, any controversy would have to begin with Facebook initiating a patent infringement suit. Many who’ve commented on this issue describe Facebook’s motives here as anti-competitive. One could certainly argue that. To that end, I go back to what cognizable patent claims Facebook could assert. To do that, there would already have to be patents filed and Facebook would presumably disclose those patent applications in its grant. For the foregoing reasons, there’s no real practical effect with Facebook’s ReactJS patent grant. If patents are a concern to you with your software, you probably want to steer clear or, at the very least, be careful with your choice to adopt OSS. That question will turn on the license involved. In such cases, you should consult a qualified attorney to help you decide.

Is ReactJS Truly OSS?

Technically, the answer is no because on Facebook FAQ page, https://code.facebook.com/pages/850928938376556, they cite that Facebook uses a BSD + Patent Grant license. That combination isn’t certified by the OSI. To be OSS, the software has to be licensed under an OSI-approved license. The core use of the software is governed by the BSD License, which is an OSI certified license. Accordingly, as a practical matter, ReactJS qualifies as OSS.

Should ReactJS be Adopted?

If your organization is strict about OSS and the associated licensing, the answer is likely no, given Facebook’s unorthodox licensing scheme. In this space, it’s likely not a major issue considering that there are many other alternatives available. Three notable examples are AngularJS, Auelia, and EmberJS. There’s also Deku, Preact, Virtual-DOM, Elm, Vue.js, and Riot. In the next 12 months, there are likely to be other alternatives as well. This fact also goes to the notion that, as to the framework software itself, the relevance of patents has been largely overestimated.

On the other hand, if ReactJS meets your technical needs and is a compelling optimal choice, I wouldn’t let the patent grant document stop you from adopting ReactJS. There is indeed a lot of uproar in the OSS and development communities around this licensing scheme. One of the common misconceptions is that Facebook is trying to prevent competition. I see no evidence of that. Although Facebook does retain its prerogative to sue for patent infringement, one has to ask why they’d want to do that and if such a suit would be a realistic possibility. As I said earlier, the relevance of patents with frameworks like ReactJS, AngularJS, etc. has been greatly overestimated.

As I see it, this licensing scheme is Facebook’s attempt to prevent patent litigation in an unconventional manner in the OSS context. Facebook’s first and best choice was to simply keep the Apache V2 licensing. In the event that this was unacceptable, Facebook could have employed an alternative approach that’s been used by Microsoft, which is to use an OSS license + a promise to not enforce its patent.

An Alternative: The OSS License + Patent Promise Approach

In 2014, Microsoft open-sourced the .NET Core (CoreFX) Libraries. You can find the repository here: https://github.com/dotnet/corefx. The licensing scheme, in this case, is a combination of the MIT License + a patent promise. You can find the form of MIT License text here: https://opensource.org/licenses/MIT and the specific Microsoft .NET patent promise here: https://github.com/dotnet/corefx/blob/master/PATENTS.TXT.

Compared to the Facebook ReactJS scheme, the Microsoft scheme, although not perfect, is much better and Facebook would have been well advised to follow Microsoft’s lead if there was a determination to steer clear of the Apache V2 license. I’ve already gone on record as criticizing Microsoft’s approach for introducing confusion when a perfectly acceptable approach with Apache V2 was not only available, but has been used with other Microsoft OSS projects. As to the two OSS licenses involved with these two examples, BSD and MIT, the MIT is generally regarded as preferable because it clearly spells out the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software. At best, the BSD License implies that these permissions are granted by its license. Let’s examine how the two approaches to patents compare.

Facebook

  • Facebook reserves the right to sue for patent infringement.
  • If any licensee takes a financial interest or directly gets involved in a patent infringement suit, the license is revoked.
  • If Facebook sues a licensee for patent infringement and the licensee asserts patent infringement in counter claim, the license is revoked.

Microsoft

  • Microsoft promises not to assert its patent rights (Microsoft is the promisor).
  • If any promisee (to whom the promise is made) asserts a patent right, the patent promise is revoked.

The Microsoft Patent Promise also contains language disclaiming any assertion that any .NET patents are valid or enforceable if the code covered by the promises doesn’t already infringe an existing patent. In other words, .NET may or may not be covered by patents and the CoreFX code may or may not infringe existing patents.

Of these two approaches, it’s clear which one is geared more toward the goal of de-incentivizing patent litigation. Facebook holds open the threat that it may sue for patent infringement and at the same time, discourages any patent litigation by revoking the patent grant immediately upon the initiation of patent litigation by a licensee. Further, if Facebook sues you for patent infringement and you counter claim with a patent infringement suit of your own, the patent grant is revoked.

Microsoft, on the other hand, simply promises to not assert its rights. Like Facebook, if you institute a patent suit, the rights under the promise are revoked. The practical effect is that if you were to institute a suit, Microsoft would be free to then sue you for patent infringement.

Although the end results are essentially the same, the means are quite different. Facebook’s approach is a sword and Microsoft’s approach is a shield. In reality, would Facebook, without provocation, sue one of its licensees for patent infringement? Most likely, the answer is no. That makes the Facebook language all the more baffling. Why reserve a right in that manner if you don’t plan to exercise it? Why state in a document what would happen if Facebook sued you and you asserted a patent counter claim? In a word, it’s absurd and as I’ve said before, amounts to poor legal drafting. The Microsoft approach, on the other hand, makes more sense. In that case, Microsoft recognizes that it has a right and it’s promising not to assert it. At the same time, the community is protected from patent suits. It’s worth nothing that often, Microsoft is criticized as not being a good OSS citizen. This is a clear-cut example where Microsoft is the better OSS citizen.

Conclusion

There is probably no more misunderstood concept in OSS than the role patents play. Part of that misunderstanding arises from what patents are in the first place and how that concept differs from the other intellectual property concepts of copyright and trademark.

  • A patent is a governmental conferred right to exclude others from making, using, or selling an invention.
  • A copyright is the exclusive legal right, given to an originator or an assignee, to use, copy, distribute, print, publish, perform, film, or record literary, artistic, or musical material, and to authorize others to do the same.

Software can be the subject of both copyright and patent. To keep things straight, it’s best to think of the code as being governed by copyright and what the software does once it’s been executed is the subject of a patent.

A key requirement for patents is that before you file for a patent, the invention itself must not be disclosed. In most—if not all—cases with OSS, there is early and frequent disclosure of the code and what the code is intended to do. This suggests that the viability of patents for OSS projects is in doubt. That’s not to say that the software using one or more OSS components can’t be patented. That said, if patents are a concern for you, as I’ve suggested earlier, you’ll likely want to scrutinize the OSS you choose to incorporate into your software carefully.

With all of that in mind, what does the Facebook ReactJS licensing scheme mean to you? In my opinion, the illusory patent grant is just noise that adds confusion and reduces clarity for the OSS community. Its aggressive tone suggests that perhaps Facebook could be a better OSS citizen. Nevertheless, ReactJS is OSS because it uses the BSD OSS license. Even if, for some reason, your rights under the patent grant were revoked, the rights under BSD remain.

Even if your rights under the patent grant were revoked, the rights under BSD remain.

For the foregoing reasons, if you find ReactJS useful, although you may scratch your head with the licensing scheme, use it. The only caveat is if patents and the assertion of those rights is important to you. In that case, OSS may not be an option. That consideration applies to all OSS, not just ReactJS. If, however, what you’re building is another OSS project or an internal line of business application or something else where patents are not likely to come into play, the issue of patents and OSS is largely noise that reduces the signal.