Generative Artificial Intelligence and the Requirements of Open Source Software Licenses
Recently filed litigation against Microsoft Corporation, GitHub, Inc., and various OpenAI entities ("Defendants") highlights new challenges that generative artificial intelligence ("AI") presents and risks associated with open source software ("OSS") license compliance.
Software developers have long turned to OSS for low-cost, flexible, and scalable solutions. The restrictions and obligations of OSS license agreements have presented various challenges that companies have learned to address through protocols and oversight to facilitate license compliance. Even so, compliance with certain OSS licenses can be challenging. As generative AI increasingly finds use in developing software, new challenges are emerging even with respect to more routine license compliance.
In November 2022, four anonymous software developers, J. Does 1-4 ("Plaintiffs") filed their now consolidated class action complaints in the Northern District of California against Defendants (J. DOE 1 et al. v. GitHub, Inc. et al., Case No. 4:22-cv-06823-JST (N.D. Cal.)). Plaintiffs allege that they and the class are owners of copyrighted materials made available publicly on GitHub, and that Defendants' AI-based systems—OpenAI's Codex and GitHub's Copilot—generate suggestions that are often near-identical reproductions of code scraped from public GitHub repositories, without giving the attribution required under the applicable OSS licenses. Plaintiffs contend that both the training and operation of Codex and Copilot violate their IP rights and licenses.
Plaintiffs, representing the class, assert 12 causes of action, including violation of the Digital Millennium Copyright Act ("DMCA"), the California Consumer Privacy Act, and breach of contract.
Defendants filed motions to dismiss on January 26, 2023, arguing, among other positions, that Plaintiffs do not have standing because they fail to allege any facts supporting the allegation that their code plausibly would be generated as Codex or Copilot's output such that these Plaintiffs have suffered injury. Defendants also countered that Plaintiffs' DMCA § 1202 claims fail because Copilot, as a neutral technology, cannot satisfy § 1202's intent and knowledge requirements.
This case, likely the first of many, emphasizes the importance of managing the risks of using AI in software development. Compliance with OSS license requirements can be difficult even in traditional software development environments. GitHub indicates that the introduction of AI to the software development model presents new issues and increases the significance of OSS compliance.
The hearing to dismiss the suit is set for May 4, 2023, before the Honorable Jon S. Tigar.