The key phrase is "...let us imagine something akin to..."; I was giving examples of the type of project that (re)implements
a significant de-facto industry standard API to achieve interoperability. The same could apply to cloud services APIs being
re-implemented for cross-service portability as in, for example, Eucalyptus, OpenStack and CloudStack.

The appeals court decided that the trial court erred in pinpointing the time at which the creative expression occurred (the merger doctrine).

Until now it has been generally accepted in the development community that this would be the time at which the interoperable
alternative was created and this was the interpretation the trial court adopted.

The appeals court determined that is incorrect; the correct point in time is when the original expression occurred - in this case, when the Java developers at Sun designed the API. The upshot of that
interpretation means that an interoperability project could not legally create an alternative implementation (in the U.S.A.) on the assumption that the API was not subject to copyright; the only way
to determine legality would be for a trial and the fair-use defence before a Jury.

"Oracle also argues that the district court erred in invoking interoperability in its copyrightability analysis.
Specifically, Oracle argues that Google’s interoperability arguments are only relevant, if at all, to fair use
— not to the question of whether the API packages are copyrightable. We agree."

The appeal court further affirmed the trial court's 'scenes a fair' decision in respect of the specific defence Google raised using that doctrine. The EFF (and others) also raised this issue in their
Amici Curiae briefs to the appeals court.

"On appeal, Google refers to scenes a faire concepts briefly, as do some amici, apparently contending that,
because programmers have become accustomed to and comfortable using the groupings in the Java API packages,
those groupings are so common place as to be indispensable to the expression of an acceptable programming
platform. As such, the argument goes, they are so associated with the “idea” of what the packages are
accomplishing that they should be treated as ideas rather than expression. See Br. of Amici Curiae Rackspace US, Inc.,
et al. at 19-22."
...
"Finally, Google’s reliance on the doctrine below and the amici reference to it here are premised on a fundamental misunderstanding of the doctrine. Like merger, the focus of the scenes a faire
doctrine is on the circumstances
presented to the creator, not the copier. See Mitel, 124 F.3d at 1375 (finding error to the extent the trial court discussed “whether external factors such as market forces and efficiency
considerations justified Iqtel’s copying of the command codes”). The court’s analytical focus must be upon the external factors that dictated Sun’s selection of classes, methods, and code
— not upon what Google encountered at the time it chose to copy those groupings and that code."


I see no reason why, on a literal reading of the appeal court's decision, the same reasoning will not be
applied to, for example, the command-line arguments of discrete binaries, network protocols in respect of the data structure
symbols and ordering, or 'standards' along the lines of POSIX/SUS.

It seems to impact reverse engineering too, since most black-box reverse engineering techniques aim to observe the external interactions of an executing binary and then write an interface
specification (API) from which a compatible implementation is written in a clean-room environment.

Because copyright terms are so long it seems to me to have the potential to be far more disruptive than the U.S.A.'s Software Patent problems.

Even for interoperability developers outside the U.S.A. this has major implications if their software is likely to be imported into the U.S.A.; both for them and their users.

I am afraid that I have not yet had a chance to get to grips with the Oracle v. Google case, but you might find the discussion before the High Court, and the Court of Appeal, in the SAS v. WPL case in the UK, to be of interest, along with the reference for the Court of Justice of the European Union, in interpreting the computer programs directive:

High Court: http://www.bailii.org/ew/cases/EWHC/Ch/2013/69.html
CJEU reference: http://curia.europa.eu/juris/document/document.jsf?docid=122362&doclang=EN
Court of Appeal: http://www.bailii.org/ew/cases/EWCA/Civ/2013/1482.html

There is summary here:

http://www.scl.org/site.aspx?i=ne34424

but, as with the case itself, “tortuous” is a fair description.



Enjoy :)


Neil

__________

Neil Brown
***@neilzone.co.uk | http://neilzone.co.uk

I am not taking any side, but could you be more specific on your comment
"the result this would have on the GPL"?

Thanks,
Kern

If APIs can't be freely copied, then that means that it is essentially
impossible to interoperate with systems without the vendors permission.

WINE is not legal.
Nor, is GCC compiling to target architectures where the vendor has not
released information with a free licence but it's been reverse engineered.
Nor is Samba or any of the many filesystems that have been reverse
engineered.

That's not at all what the appeals court wrote. Footnote 15, in full:

'During oral argument, Google’s counsel stated that “a program written
in the Java language can run on Android if it’s only using packages
within the 37. So if I’m a developer and I have written a program, I’ve
written it in Java, I can stick an Android header on it and it will run
in Android because it is using the identical names of the classes,
methods, and packages.” Oral Argument at 31:31. Counsel did not identify
any programs that use only the 37 API packages at issue, however, and
did not attest that any such program would be useful. Nor did Google
cite to any record evidence to support this claim.'

Even if there's a useful program which only uses the 37 API packages at
issue, and I'm not sure that there's a "useful" program like that, I
don't know that it would change anything. I've seen reference to jetty
and i-jetty, but I think that just demonstrates that, no, a "useful"
program will tend to use more than the 37 API's; it might use additional
Android packages.

This really has nothing at all to do with reverse engineering:

'As the former Register of Copyrights of the United States pointed out
in his brief amicus curiae, “[h]ad Google reverse engineered the
programming packages to figure out the ideas and functionality of the
original, and then created its own structure and its own literal code,
Oracle would have no remedy under copyright whatsoever.”'

where the former Register, whomever that was, points out how reverse
engineering works -- which I'm sure that the appeals court already
knew. In any event, there it is, it's a good quote.

You absolutely will be permitted to work on on any API. In the case of
Firefox, since, I think, it's under the GPL, just release your code
under the GPL. If you're reverse engineering something, then, as the
former Register writes, that gives an exemption.

Seems pretty clear, and no different from the current situation. Right?
Or, am I misunderstanding?

However, to allow the SSO of any, and let's emphasize **any** computer
program, to be stolen, and let's use the word stolen, that would be a
dramatic shift. Yes/no?

If there's no way to enforce SSO under copyright, then any SSO can be
**stolen** -- which is the word being used by the judges in this case.
the appeals court chose to write about the wider implications, so I'm
adopting the language of first judge, and the appeals court, to use
**any** and **stolen**.



-Thufir

I think your missing a key point, which is that you reverse-engineered,
which is exactly exempt:

'Sec. 103(f) of the DMCA
<http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act> (17
U.S.C. § 1201 (f)
<http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00001201----000-.html>)
says that a person who is in legal possession of a program, is permitted
to reverse-engineer and circumvent its protection if this is necessary
in order to achieve "interoperability"...'

-wikipedia

never occured. Granted, Harmony was an attempt at reverse engineering,
but Dalvik is more than just Harmony. Google has never disputed that
they copied, in fact it never came up.

Google didn't reverse engineer. While I appreciate your point, it's not
directly relevant -- the analogy doesn't hold. Nowhere in its legal
filings did Google even claim to have reverse engineered anything. Also
from the appeals court:

"Oral Argument at 31:31. Counsel did not identify any programs that use
only the 37 API packages at issue, however, and did not attest that any
such program would be useful. Nor did Google cite to any record evidence
to support this claim."

and, most damning:

'As the former Register of Copyrights of the United States pointed out
in his brief amicus curiae, “[h]ad Google reverse engineered the
programming packages to figure out the ideas and functionality of the
original, and then created its own structure and its own literal code,
Oracle would have no remedy under copyright whatsoever.”'


No, I've gotta say that, based on what I've read, this has absolutely
nothing to do with reverse engineering; your analogy doesn't apply.


Thufir

let's look for example at the microsoft NT Domains and Exchange 5.5
network traffic that i reverse-engineered (for zero monetary reward)
over a three year period in 1997-1999 and in 2001/2005 respectively.

the reverse-engineering was at several different levels:

a) the modifications (and significant and *necessary* technical
improvements) that microsoft had made to DCE/RPC.

b) the implementation of NetBIOS over TCP and UDP

c) the implementation of NetBIOS *services* over TCP and UDP (yes
there are such services: NetBIOS has the concept of "ports" just like
UDP and TCP, so there are several - undocumented - NetBIOS services).

d) their extensions to the SMB protocol (which have a long and
chequered history going through IBM, Xenix, SCO and many other
contributors)

e) their extensions to the LANMAN protocol (originally i believe by IBM)

f) their implementations of around 15 to 20 *separate and distinct*
MSRPC services (such as winreg, lsass, NETLOGON, spoolss, srvsvc and
so on) each of which may be considered to be an API in their own right
(MSRPC aka DCE/RPC basically provides networked access to future-proof
extensible c style functions *as if* they were local APIs. note the
key word "APIs" here)

g) their implementation of MAPI which had its own special RPC format
(it came from a 3rd party company that MS bought a long time ago, and
was originally sent over TCP/IP. later it was proxied over an MSRPC
stream so gained authentication, encryption and so on. kinda cool).

all of these things can - and are - considered to be APIs. they are
basically Remote Procedure Calls (APIs) where the data over-the-wire
is merely a marshalled format of the API.

the implementation of such RPC services comprises both an RPC layer
(a means to translate the APIs into a network stream) *AND* an actual
implementation of the APIs themselves. the RPC "layer" merely divides
the API so that its caller is in one process (potentially even on
another computer over a network) and the calle is in another process.

in fact, a case could be made that even JSONRPC services, XMPRPC
services, SOAP services (the basis of .NET inter-process
communication) - *ALL* of these would now become copyrightable APIs.
world-wide that's ENORMOUS.

just for the microsoft reverse-engineering alone, under the new
ruling, all the efforts made by many people for *years* in pursuing
both the U.S. Dept of Justice and the EU Monopolies and Mergers
Commission, would be completely and utterly wasted.

you would no longer be permitted to work on or use Wine, because Wine
also contains implementations of the IDL files (the MSRPC services)
and nor of MSRPC.itself.

you would no longer be permitted to work on or use Samba or any of
its services.

you would no longer be permitted to utilise or work on the Firefox
Web Browser, because it has implemented a near-identical copy of the
Microsoft COM protocol named XPCOM (badly, it has to be said. they
stupidly left out co-classes and this has caused a *severe* amount of
trouble for over a decade both internally as well as in the c++
community where gecko / xulrunner are used in 3rd party products). to
implement a near-identical copy of XPCOM they *also* needed to
implement a similar system to DCE/RPC (MSRPC) but they left out the
networking, and many of the implementation details are different
***BUT*** the point is that at the ****API***** level they have
*EXACTLY* the same functions as COM (minus, stupidly, co-classes).
they even implemented a Registry (because COM requires a registry, so
XPCOM also has one).

so DO YOU UNDERSTAND. you would NO LONGER BE PERMITTED TO USE ANY OF
THIS SOFTWARE BECAUSE THE APIs WOULD BE COPYRIGHTED.

in the case of firefox that is hundreds of millions of people
suddenly hit. the mozilla foundation and the mozilla corporation
would be open to huge liability overnight for distributing
illegally-licensed software via its downloads section.

in the case of samba that is millions of businesses impacted with
demands for API license extortion fees.

in the case of wine that is... i don't honestly know what the reach
of wine is, but it has to be millions of people who would be exposed
to extortionate API "license" fees, and they would have to consider
terminating the use of the thousands of programs that work under the
GNU/Linux Operating System and consider turning to proprietary
Operating Systems.

they might even consider turning to qemu in order to run those
proprietary Operating Systems (such as Windows) in order to run that
Operating System (which they of course would have to pay for). but,
there could potentially be a case made that the emulated execution of
the machine code instructions could be considered to be an *API* by
the original copyright holders of those machine code instruction sets,
leaving them AGAIN liable to potential demands for extortionate
"license" fees - just for using qemu or other virtual machine
execution software.

which also reminds me that other virtual machine interfaces such as
XEN, VMware - all those and their associated tools - would also be
considered to have "APIs" that would also be now "copyrighted".

in the case of Microsoft .NET services (because they use SOAP) or in
the case of direct SOAP services millions of businesses world-wide
would need to suddenly deal with the massive burden of worrying about
whether their SOAP interoperability layer is properly legally licensed
because it is an implementation of an API.

in the case of JSONRPC, XMLRPC and other web-based RPC services,
millions of businesses world-wide and *every* software libre developer
in the world who has ever developed a web-based RPC service,
interoperable client or server, would suddenly now need to be
concerned that the API that they have implemented is properly legally
licensed.

one other thing: software libre developers would also be burdened with
the additional task of issuing a LICENSE to use their API! by
default, copyright law DEMANDS that you, the copyright holder, issue a
license. if you do not issue a license then the default is that
nobody may use the copyrighted work *without permission*. you KNOW
this.

but... because APIs would now be *added* to that, the simplest way to
cover it would be to create a new version of the GPL that explicitly
covers APIs, and have everyone in the world upgrade all software to
the GPLv4.

even microsoft is not exempt from altering the agreement that they
made the IDL files of the MSRPC services available under, because
their license will (i surmise) cover the use of the *IDL FILES
THEMSELVES*, *NOT* the underlying *API* that the functions *WITHIN*
the IDL files represent.

even facebook and any other company providing developer access to
their services would be put to enormous trouble because they have an
RPC layer on top of which access to their **APIs** are provided.

oh. and, not least: because all of the GNU/Linux software libre
distributions would suddenly be distributing binary implementations of
unlicensed APIs (both networked, dynamic and statically-bound), they
would *ALL* be liable for knowingly-infringing of copyrighted material
(APIs), and could be subjected to DMCA cease and desist notices as
well as being required to pay huge extortionate compensation costs to
the "poor old creator of the API'.

likewise any business or individual running a mirror (public or
otherwise) of any GNU/Linux software distribution would also be
liable. i know of several busineses that have legitimate and
important business reasons for keeping an internal mirror of GNU/Linux
distributions as they maintain remote auto-upgrading systems for
hundreds of clients where they need to "pre-vet" the upgrades before
they are rolled out. their business would - apart from now needing to
license the actual APIs being used - be *severely* adversely impacted
if they had to add additional extortion costs just for running
mirrors.

let alone the burden of going through what... 30,000 packages, just
to check if they have APIs???

the irony is that this would be so incredibly disruptive - world-wide
- that *oracle themselves* would actually be significantly and
massively adversely impacted. their greed in pursuing this matter is
just... quite literally insane.

is that of sufficient importance and magnitude for you to comprehend
the significance here, and how incredibly disastrous it would be for
APIs to become copyrighted. not just for software libre but for *ALL*
software users and businesses.

if there is anything above which is unclear *please ask*. this is *important*.

l.

I don't understand why you're bringing up reverse-engineering. Google
never claimed to have reverse-engineered anything in this trial. Where,
and I mean this sincerely, do you get the idea that reverse engineering
is at all applicable?

Please reference:


'As the former Register of Copyrights of the United States pointed out
in his brief amicus curiae, “[h]ad Google reverse engineered the
programming packages to figure out the ideas and functionality of the
original, and then created its own structure and its own literal code,
Oracle would have no remedy under copyright whatsoever.”'

Which is directly from the appeals court. This has nothing at all to do
with reverse-engineering, except that, as noted, Google didn't reverse
engineer anything. Nor, in any filing, and I include the appeal to the
SCOTUS, does Google claim to have reverse engineered anything. If I'm
incorrect, please point me to a document. I might be right, I might be
wrong.

I'm baffled as to why you believe this is related to reverse engineering
-- the former Register of Copyrights is very clear that it's unrelated
to reverse-engineering. Do you disagree with that assessment by the
former Register? If so, what's your basis for such an assessment?

Where does this notion come from, that this case hinges on reverse
engineering an API?
yes, API, ok. These were reverse engineered? If so, how is that at all
relevant?
And anyone could, and still can, reverse engineer any API. The appeals
court, as clearly as is possible, explains how to work-around copyright
of an API: reverse engineer it.
Ok..."copyrightable API's", I'm with you. For these API's, have they
been reverse engineered? I ask because that work-around exists.
You mean that the API's weren't reverse-engineered? or that that the
already were? It's not clear, when you write "for the microsoft
reverse-engineering" whether you mean for future or past
reverse-engineering.

Because, again, if they were already reverse-engineered, and please do
let me know whether you agree or not, the appeals court clearly states
that it's ok to reverse engineer.
Why? Wine is reverse-engineered, at least according to Wikipedia. You
assert this, but offer no logic. Reverse engineer is allowed under the
decision by the appeals court, and Wine is reverse engineered. What's
the problem?
While wikipedia doesn't state that Samba was reverse engineered, the
description fits more with:

'As the former Register of Copyrights of the United States pointed out
in his brief amicus curiae, “[h]ad Google reverse engineered the
programming packages to figure out the ideas and functionality of the
original, and then created its own structure and its own literal code,
Oracle would have no remedy under copyright whatsoever.”'

than:

'Instead, Google chose to copy both the declaring code and the overall
SSO of the 37 Java API packages at issue.'

and

'The compatibility Google sought to foster was not with Oracle’s Java
platform or with the JVM central to that platform. Instead, Google
wanted to capitalize on the fact that software developers were already
trained and experienced in using the Java API packages at issue.'

I'm neither a lawyer nor an engineer, but those seem very different to
this layman. Do they seem the same to you? One is for the **purpose**
of interoperability, and involves figuring out ideas and functionality,
while the other is, at best, of a weak sort of interoperability:

"And so all these Android phones are going to be incompatible." -James
Gosling

and the intention is more to capitalize, literally, monetarily, on a
popular API, rather than compatability.

Surely you see a difference?
the fact that the API's are copyrighted isn't any different than now,
correct me if I'm wrong. What's the actual, literal, exact difference?

While you write that it's not possible to work on those API's, that's
just an incorrect reading of the actual decision by the appeals court.
Where do they write or imply that? To the contrary, they take the time
to spell out exactly how to work on such a copyrighted API.
You haven't supported this idea, at least not in a way I understand.
Did mozilla try for non-compatability? That's what the appeals court
says Google did:

'Indeed, given the record evidence that Google designed Android so that
it would not be compatible with the Java platform, or the JVM
specifically, we find Google’s interoperability argument confusing.'

I don't think so. I think both in intent and methodology, what Mozilla
did was very different from what Google did.

If you think that the methodology, or intentions, were the same, please
do be specific -- I'm interested in the details.
While wikipedia doesn't go so far as to say that Samba was reverse
engineered, it certainly wasn't copied like this:

'Instead, Google chose to copy both the declaring code and the overall
SSO of the 37 Java API packages at issue.'

and the intentions were very different from Google's:

'Instead, Google chose to copy both the declaring code and the overall
SSO of the 37 Java API packages at issue.'

The methods and intentions are very different...right?
No. I mean, just, plain, no. Wine is reverse engineered, and, in very
clear language, the appeals court wrote that it's permissible to
reverse-engineer software, including API's.
Might Qemu fall in the neighborhood of:

"...reverse engineered the programming packages to figure out the ideas
and functionality of the original..."

because, based on the website, it sounds alot closer to that than
something along these lines:


"...Google chose to copy both the declaring code and the overall SSO of
the 37 Java API packages at issue."


The appeals court distinguishes between these types of activities,
that's mainly what they seem to write about in their decision -- it
makes an interesting read.
I ask because I don't know -- are these reverse engineered?
It's totally permissible to implement an API for the purpose of
compatability:

'...permitted to reverse-engineer and circumvent its protection if this
is necessary in order to achieve "interoperability"...'

that's right from wikipedia. So, it's just incorrect to say that it's
not possible to interact with SOAP or some other protocol, in fact,
there's, as near as I can tell, an explicit exemption. All that the
appeals court does is seem to start from that point, that there's such
an exemption, and then consider whether Google complied or not.

Do you see the situation differently?
Yes, and, for the purposes of compatability, see above, it's still
allowed...also, see wikipedia on reverse engineering -- which is
compatible with the appeals court decision.
No, that's not the case at all. I know that's your assertion, but it's
not backed up by anything actually written in the decision by the
appeals court. Nor, I hazard to guess, is such an interpretation to be
found on a blog by a lawyer. if so, please do let me know.

The GPL specifically allows the use of an API, and, what your describing
sounds like what I understand to be the LGPL; that to use a
library/API/SSO/etc is allowed. Now, if you start copying that API,
don't make a compatible version, don't try to "...figure out the ideas
and functionality of the original...", then, I would say, hey, don't
copy it. Would you disagree and say, sure, go ahead, copy/paste the
API, write your own implementation, and, while you're at it, change it
from GPL to a proprietary license?

Because that's the clear implication:

'Though the trial court did add the caveat that it “does not hold that
the structure, sequence and organization of all computer programs may be
stolen,”'

To make that statement concrete, that means take a GPL'ed API and,
literally, just copy the signatures, and make it proprietary. In fact,
you can copy some or all, and don't even need to worry about
interoperability. Wow.
yes, I get where you're going. Again, this goes back to the purpose of
compatibility, the intentions of Google, as well as whether or not they
simply copied or tried to figure out the "...ideas and functionality of
the original..." or not. Those are some important distinctions you
don't discuss.
I would say not, because, and I'll just go out an a limb here, that
those API's weren't copied in the way Google copied Java, that intention
wasn't incompatibility, and that there was an attempt to understand the
original.

Three points, all important, all discussed at length by the appeals court.
You're jumping ahead to a hypothetical. There's a big if. You're ignoring:

1.) intentions
2.) compatibility
3.) copy versus understanding

all three points are well documented in the actual decision by the
appeals court.
Oracle's greed, and whether or not Ellison is a jerk or not, are
irrelevant, wouldn't you say? This is about the wider implications.
Whether Google or Oracle win $ -- well, who cares? Obviously the owners
and employees of the companies, but it has nothing to do with this
discussion.
I agree, it's important. That's why I asked.

Now, I must point out, in that huge e-mail of yours, not once did you
quote the decision by the appeals court. Did you at least glance at the
decision by the appeals court?



-Thufir

I think this exactly hits the nail on the head: "...provided that the
copyright is maintained." By changing the license from GPL to ASL (or,
theoretically, closed-source), I don't consider that ok. In the pdf,
"verbatim" shows up nine times in the context of copying. It's "novel"
that they just copied the declaring code:

"...Google conceded that it copied it [the declaring code] verbatim,"
page 27.

This is something which only FOSS is vulnerable to, because the
declaring code is there to be copied. For proprietary code, there might
be some documentation, but it wouldn't get copied verbatim in the same
way. The implication that it's then possible to, literally, copy the
API verbatim (p 27), not for the purpose of compatibility, but to cash
in on the popularity of the original (p 51), without trying to figure
out the original (p 48), is huge. Again, this only applies to FOSS, and
would allow anyone to steal an API (p 42). Stolen, the word used not
just by the first trial, but also by the appeals court. Note that
there's no dissenting opinion from the appeals court.

Google found a work-around to remove the GPL, in certain circumstances,
of certain types of code, if, and it's a big if, they ultimately
prevail. Since Google, or someone, will eventually come along, copy all
that declaring code, verbatim, farm out the implementing code, and slap
the ASL license on the result, why use the GPL at all?


-Thufir

Yes, of course. I assume you prefer that I answer in-line, if not
please let me know. When I make a small on paragraph request I usually
top post because it seems simpler to me, but I'll gladly respect the
usage of this list.
OK, I read the article (one page -- seems a bit short) and it
corresponds to my concept of what an API is, because I am a programmer.
OK, I understand the above, and didn't mean to imply I believe something
different.
Yes, copyrighting APIs would make interoperability impossible or almost
impossible. I agree that most people believe that APIs are not
copyrightable and we in open source have always assumed this is the
case. However, certain APIs are copyrighted and they are generally
protected by not disclosing the API -- such as Oracle's DB backup
interface. Bacula Systems (open core) was able to write an Oracle DB
plugin only because we signed an NDA.

I believe that most APIs are a unique creative work, but at the same
time, I believe that they should not be copyrightable otherwise, it
permits monopolies, and would effectively lock out open source.

Some writers were complaining on this list that copyrighting APIs would
have a big effect on the GPL, and I was asking about that, because I
think the effect is not specifically on the GPL but on *any* free/open
code that could use the interface.

Bottom line: as an open source author and advocate, I would not like to
see published APIs copyrightable.
Yes, it is. Best regards,
Kern