Maker of Linux patch batch grsecurity can’t duck $260,000 legal bills, says Cali appeals court in anti-SLAPP case

Open Source Security – the maker of the grsecurity patches that harden Linux kernels against attack – must cough up $260,000 to foot the legal bills of software industry grandee Bruce Perens.

So ruled California’s Ninth Circuit Court of Appeals today, affirming a lower court’s ruling against Open Source Security (OSS).

In June 2017, Perens published a blog post in which he said that he believed grsecurity exposed users to potential liability under version 2 of the GNU General Public License because the grsecurity code states that customers will not get further updates if they exercise their right to redistribute the software, as allowed by the GPLv2.

As Perens – the creator of the open-source definition – pointed out, section 6 of the GPLv2 specifically forbids the addition of contractual terms.

Two months later, OSS sued Perens for defamation over his claims about the validity of the company’s software redistribution policy.

In December 2017, the judge hearing the case in San Francisco dismissed the defamation claim, opening the door for Perens to seek court costs under the US state’s Anti-SLAPP statute, which is designed to discourage litigation intended to stifle public speech and civic participation.

A month later, while the two parties wrangled over the amount of the court costs, initially more than $526,000, OSS appealed the decision to California’s Ninth Circuit Court.

By June 2018, the lower court handling the case concluded that the initial legal cost estimate was unreasonable and reduced Perens’ award to $260,000. That amount has now been accepted by the Ninth Circuit.

Perens, in an email to The Register, expressed gratitude toward the attorneys who defended him, Melody Drummond-Hansen and Heather Meeker of O’Melveny and Myers LLP, and Jamie Williams and Cara Gagliano of the Electronic Frontier Foundation (EFF), which joined the litigation during the appeal stage.

“The court held that my blog post did not express a false assertion of fact,” he said. “The court also held that my blog post did not imply a false assertion of fact, and that my status as an expert in the industry does not change that.”

In an email to The Register, EFF staff attorney Jamie Williams expressed satisfaction with the Ninth Circuit’s affirmation of the lower court ruling.

Someone drowning in paperwork

Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: ‘We’ve gone the wrong way with licensing’

READ MORE

“This was a straightforward defamation case – one involving no defamatory statements – and we are glad that the Court easily recognized that,” said Williams. “Mr Perens’ blog post was an expression of opinion based on stated, true facts. OSS’s lawsuit was designed to silence Mr Perens, and to punish him for expressing his opinion.

“This was a quintessential lawsuit against public participation. And as today’s decision confirms, while OSS was free to disagree with Mr Perens, it was not free to sue him for merely exercising his First Amendment right to engage in the public debate about a matter of public concern.”

Rohit Chhabra, founder of the Chhabra Law Firm and attorney for OSS, declined to clarify whether OSS will pay the award or seek further legal review, either by petitioning the three-judge panel for a rehearing or asking for an en banc hearing before all eleven Ninth Circuit judges.

OSS has 14 days to file such a petition, which should cite a specific justification, such as an overlooked fact or point of law, a change in the law, or a conflict with another Ninth Circuit decision.

In a statement posted online, Chhabra said, “While we review the panel’s decision and assess our legal options, the court’s holding makes one thing very clear: Mr Perens’ statements are not facts, but mere opinion.”

His statement continues, “I find no legal issue, whatsoever, in OSS’s condition to provide access to future versions from their servers only if users do not exercise their GPL rights,” and he insists that OSS has an absolute right to deny future services because the GPL doesn’t include an explicit statement that developers cannot refuse to do business with another for any reason. ®

Sponsored: Detecting cyber attacks as a small to medium business