The React license for founders and CTOs
A startup founder and ex-Facebook engineer’s story of the BSD+Patents license. Disclaimer: I’m not a lawyer, nor is this legal advice.
A couple weeks ago, there was a renewed discussion about the software license for React, the popular rendering library created at Facebook. The Apache Foundation decided the Apache License is not a superset of Facebook’s license and Apache projects can’t use Facebook-licensed code like React anymore. People wondered: if Apache projects chose not to use React, what does that mean for companies who are using (or considering) React, GraphQL, or many of the other open-source projects from Facebook? There was a lot of speculation about Facebook’s license and motivations.
I worked at Facebook several years ago during some influential events, including a major patent lawsuit and the open-source release of React. Several important events influenced Facebook’s view on patents. I hope an explanation of these events will help people understand how and why Facebook’s license came to be.
Lessons in Defense
On March 12, 2012 — about a month after Facebook filed for its IPO — Yahoo sued Facebook over 10 patents for websites and web services. Companies preparing to go public are sometimes more likely to settle lawsuits to remove a dark cloud over them that could worry investors. The general sentiment in the industry was that the lawsuit against Facebook was without merit; some said Yahoo was a patent troll. This time, Facebook wanted to defend itself and set a precedent that it would not easily settle out of court.
Three weeks later, Facebook countersued with 10 patents of its own, “in response to Yahoo’s short-sighted decision to attack one of its partners and prioritize litigation over innovation.” Facebook was also quickly growing its patent portfolio. Around this time, Facebook spent over $550 million on patents from IBM and Microsoft, including some key patents for web technologies that AOL sold to Microsoft. Facebook didn’t include these patents in its countersuit against Yahoo, but it now had a stronger portfolio to draw from for future counterclaims.
In addition to Facebook’s countersuit, Yahoo had other problems of its own, like laying off 2,000 people, losing its chief product officer and several board members, and the resignation of its CEO (primarily for reasons apart from the Facebook lawsuit). Under its new interim CEO, Yahoo quickly agreed to dismiss the lawsuit with Facebook and actually partner and cross-license each other’s patent portfolios.
The 2012 Yahoo lawsuit played a key role in Facebook’s taking a defensive stance on patents. Facebook successfully defended itself using a patent portfolio. It also spent over half a billion dollars in growing that portfolio. The key thing to understand is that Facebook used and invested in patents as an important way to defend itself.
Open Source at Facebook
For years, Facebook had another problem partly related to patents: it was hard to open source your code if you were working at Facebook. The legal team needed to cross-check each project with the company’s patent portfolio to preserve its defensive value. They didn’t want to potentially give licenses to Facebook’s key patents — part of its legal protection — to companies like Yahoo who might sue Facebook.
Many open source licenses either grant irrevocable patent licenses to users, or they don’t mention patents at all and create ambiguity with regard to them. Facebook’s legal team wanted to be safe and retain the company’s key defensive patents. Facebook would potentially need its patents for a counterclaim if another company were to sue Facebook for patent infringement. If Facebook were to give away patent licenses with open source, then an adversary claiming patent infringement could be more immune to a counterclaim since it wouldn’t be infringing the licensed patents.
It was frustrating for the Facebook engineers and lawyers to go back and forth, looking over code and worrying about losing patent rights. It was a lot of work to individually check each project being open sourced, though, and projects also don’t just become open source — they stay open source, and in theory the legal team would have to review every commit. The engineers and lawyers wanted to open source code and assure users they could use the code without worrying about patents. They also wanted not to lose key patents that could defend the company if there were another lawsuit like the one in 2012 with Yahoo.
The difficulty of open sourcing code at Facebook, including React in 2013, was one of the reasons the company’s open-source contributions used to be a fraction of what they are today. It didn’t use to have a strong reputation as an open-source contributor to front-end technologies. Facebook wanted to open source code, though; when it grew communities for projects like React, core contributors emerged to help out and interview candidates often cited React and other Facebook open source as one of the reasons they were interested in applying. People at Facebook wanted to make it easier to open source code and not worry as much about patents. Facebook’s solution was the Facebook BSD+Patents license.
The Facebook BSD+Patents License
Facebook authored a new software license known as the Facebook BSD+Patents license. It consists of the standard 3-Clause BSD license with an additional patent grant. This patent grant is at the crux of the discussion around the license.
The grant says Facebook explicitly gives away licenses to their patents related to their open source code. This lets others use open source from Facebook with clear assurance that Facebook won’t offensively sue them for infringing those patents.
The grant also says those patent licenses are irrevocable unless (and only unless) someone proactively sues Facebook precisely for patent infringement, in which event they lose the grant. The grant specifically lets Facebook keep those patents for countersuits like the one in 2012 back against Yahoo. Facebook can’t take back the patent licenses for any other reason, including lawsuits about antitrust, libel, or failure to uphold a contract. Facebook also can’t take back the licenses if it sues for patent infringement first and is countersued. Facebook’s patent grant is about sharing its code while preserving its ability to defend itself against patent lawsuits.
Downsides of the BSD+Patents License
The Facebook BSD+Patents license has some downsides worth thinking about. Perhaps the most practical downsides are the misunderstanding and concern it has caused. This affects the adoption of React and how safe people feel when making a bet that affects their livelihoods.
One other downside is that, if you’re relying on Facebook open source, the license makes it hard to claim that Facebook is infringing your patents. Facebook could use your patented designs and processes and it’s understandable you’d want to hold them responsible in court. As part of the patent grant, you’d lose the patent licenses for Facebook open source upon claiming patent infringement. That could really hurt, especially if you were using React or any other Facebook open source licensed under the BSD+Patents license, and it’s not clear how much switching to another React-like library like Preact or Vue would help; you need Facebook’s patent licenses anyway — in the eyes of the law — for any library that uses data structures, algorithms, or techniques patented by Facebook.
I think these are real problems with the BSD+Patents license. I wrote this post to help people deciding whether to use React and other Facebook open source understand Facebook’s defensive stance on patents and why it made the BSD+Patents license, but I don’t think the license is perfect nor that it works for everyone. And I don’t know why Apple (Swift), Google (Angular, Kubernetes, TensorFlow), Microsoft (.NET), and sometimes Facebook itself (RocksDB, xctool) are willing to release some of their valuable technologies under more standard open source licenses.
The Proliferation of Facebook Open Source
Over the past several years, open source projects from Facebook under the BSD+Patents license, including React, have become quite popular. Facebook’s GitHub organizations have grown to over a hundred projects, including many significant ones like React, React Native, Flow, AsyncDisplayKit, and the reference GraphQL implementation. Facebook is now a much more prolific contributor to client-side open source in particular.
The legal front has appeared fairly quiet in practice. Google’s legal team collaborated with Facebook’s on wording they both agreed upon for the patent grant. To my knowledge, Facebook has never proactively sued anyone for infringing its patents. I’ve heard some concerns that the BSD+Patents license might make companies using React less attractive as acquisition targets, but most of the top tech acquirers are already using React and other Facebook open source in some way.
These days, Apple, Microsoft and Skype, Amazon, Uber, Tesla, Netflix, Salesforce and Quip, Airbnb, Twitter, Pinterest, PayPal, Slack, Dropbox, Google (internally), and many more significant companies — even Yahoo! (now Verizon) — now use React and other Facebook open source in their websites and apps. These companies have different needs than the Apache Foundation’s, and several of them contribute back to Facebook open source in the form of core contributions, conference talks, and developer meet-ups. The license and all things considered, these are just a few of the companies who use React and help build its ecosystem.
Thanks for reading.
These are a few more posts I found, to my knowledge, accurate and informative: