
GraphQL Patent Infringement Issues - brodock
https://github.com/facebook/graphql/issues/351
======
yasserkaddour
Gitlab put on hold their GraphQL implementation due to the patent. Gitlab
Senior Director of Legal Affairs said:

"If we were to allow this license, it could lead to potential future conflicts
with software licensed under Apache. Also, we could be impairing the future
rights of our customers. Essentially, this is not really an open source
product based on the implications of the license. While there is no payment of
cash, payment is in the form of giving up future rights." [1]

[1]
[https://github.com/facebook/graphql/issues/351#issuecomment-...](https://github.com/facebook/graphql/issues/351#issuecomment-330574513)

~~~
carussell
A couple clarifications:

\- She is talking there about the PATENTS grant in React and most other
Facebook software, not about GraphQL.

\- This is immediately preceded by a mention of the Apache Foundation. When
she says it could conflict with Apache, it either means Apache Foundation
projects (since they wouldn't be able accept contributions without reversing
their stance), or she's suggesting that Apache Foundation might issue future
revision of the license that specifically breaks compatibility. Because as of
right now, there is no conflict with Apache-the-License, only Apache-the-
Foundation, and it doesn't really matter how Apache Foundation feels about
Facebook's PATENTS grant wrt license compatibility. The conflict is a policy
one, not a legal one.

~~~
btown
In the source she is referring to the likely possibility that GraphQL ends up
being licensed under the React PATENTS grant.

~~~
carussell
I don't understand the point of your comment.

The comment I responded to framed the situation as if GitLab took a look at
the terms of the GraphQL spec, realized that it wasn't good for them, and made
the above comments to explain why. The reality is, GitLab realized the current
lack of FRAND-RF terms for GraphQL wasn't good for them, and they made the
above comments only in response to somebody else's proposed solution to the
current situation. That is, the comment doesn't explain why GitLab isn't using
GraphQL right now, it explains why GitLab wouldn't use GraphQL if Facebook
included the PATENTS grant. Which means that if someone is trying to
understand the current situation or why GitLab originally halted GraphQL
development, the comment I responded to isn't going to help anyone, because
GraphQL is not and never has been subject to the terms of that grant.

If you're still not able to make sense of this, look no further than the first
person account from the author of the Medium article referenced (who happens
to be the same person who opened the issue):

> I've been a Facebook licensing defender for other OSS like React, but I
> think _this is a completely different issue_

Emphasis added by me.

------
robocat
Links to:

“TL;DR Facebook’s GraphQL spec doesn’t grant a patent license. Therefore, for
reasons as set forth below, most GraphQL users infringe Facebook’s patents.“

[https://medium.com/@dwalsh.sdlr/using-graphql-why-
facebook-n...](https://medium.com/@dwalsh.sdlr/using-graphql-why-facebook-now-
owns-you-3182751028c9)

~~~
j_s
As posted elsewhere in this discussion, a request for professional courtesy
similar to the more common "NSFW" tag.
([https://news.ycombinator.com/item?id=15292325](https://news.ycombinator.com/item?id=15292325))

> fnord123: _That post has text of the patents in question. Please warn if you
> 're linking to text of patents so people don't expose themselves to triple
> damages_

------
DannyBee
Specs are a bit weird to try to come up with the right licensing (It was a bit
of a pain in the butt to try to get this right for webm, for example). You
want to encourage compliance with the spec, and protect people who implement
the spec. That is a different type of language that say, apache 2.

To be concrete: If you license the reference code as apache2, that would grant
patent rights to people if they used reference code, and they'd be SOL
otherwise. Licensing the spec as apache2 would do nothing, as it's not
software.

So if you want something apache2 like, you have to use a grant that tries to
talk about granting rights to implementations of the spec, and that, for
example, terminates if people sue people for implementing the spec.

The first pass i took at this was in
[https://www.webmproject.org/license/bitstream/](https://www.webmproject.org/license/bitstream/)

(but i'm sure there are better approaches now)

~~~
sheetjs
Microsoft tries to do that with the Open Specifications Promise, a covenant
not to sue: [https://msdn.microsoft.com/en-
us/openspecifications/dn646765](https://msdn.microsoft.com/en-
us/openspecifications/dn646765)

~~~
bhldr
Pretty sure that that's non-binding, which means it can change as soon as
leadership changes.

~~~
sheetjs
Allegedly it is legally binding! Scroll down to the bottom of the page, expand
"OSP General" and you'll see a question "Is this OSP legally binding on
Microsoft and will it be available in the future to me and to others?". The
response is:

> Yes, the OSP is legally binding upon Microsoft. The OSP is a unilateral
> promise from Microsoft and unilateral promises may be enforced against the
> party making such a promise. Because the OSP states that the promise is
> irrevocable, it may not be withdrawn by Microsoft. The OSP is, and will be,
> available to everyone now and in the future for the specifications to which
> it applies. As stated in the OSP, the only time Microsoft can withdraw its
> promise against a specific person or company for a specific Covered
> Specification is if that person or company brings (or voluntarily
> participates in) a patent infringement lawsuit against Microsoft regarding a
> Microsoft implementation of the same Covered Specification. This type of
> "suspension" clause is common industry practice.

~~~
brodock
there is a catch, if Microsoft ever sell any of the patents to a third party,
this is not binding to them.

~~~
CamperBob2
IANAL, but I believe that what will happen is that those patent sales will be
encumbered by the existing agreement, and accordingly less valuable.

If the new patent owner tries to sue people who relied on Microsoft's prior
promises _not_ to sue, it might be possible to accuse them (Microsoft) of
promissory estoppel and force them to cover any damages. It's probably not in
Microsoft's interest to play games like this.

------
oliwarner
As I understand it, this is bad because you could use their code within the
_copyright_ license but then be sued for using it without the applicable
_patent_ license... Making it open source but far from free.

Just out of curiosity though, has this sort of backdoor patent infringement
actually been tested in court?

IANAL, let alone a bitter twisted IP lawyer, but it seems perfectly reasonable
to infer relevant patent licenses from an open source contribution. "Hey
here's a free meal, but you better not eat it or we'll sue!" Sticky stuff.

~~~
carussell
> you could use their code within the copyright license but then be sued for
> using it without the applicable patent license... Making it open source but
> far from free

This has been the gist of the complaint against software patents for the last
decade+. It's why all the latest revisions of Apache, GPL, and MPL include
explicit patent grants and termination criteria in their texts. It's why
Microsoft included a separate patent promise when they placed .NET Core under
MIT. And it's why Facebook themselves has released most of their projects with
the now-infamous PATENTS additional grant.

> As I understand it, this is bad because

Not really. This is bad because GraphQL is a spec. If Facebook released some
GraphQL-related software under any modern FOSS license, you'd be able to use
it, regardless of any patents covering it. (See above.) The problem with
GraphQL being a spec is that if you use some GraphQL-related software that
doesn't originate from Facebook, then the licenses on any Facebook software
(and thus the patent grants in that license) are irrelevant and you have no
patent protection. And now you might begin to see why everyone in OSS who's
acting in good faith would be better off with their own Facebook-style PATENTS
grant.

------
perpetualcrayon
My take on all this is Facebook's legal team seems to be sending a message to
the open source community that they should come for the ideas, but wait for a
truly open source alternative to come out before using those ideas in their
own products.

~~~
ungzd
But if you are using ideas from their software, you are infringing patents
too.

~~~
perpetualcrayon
I'm obviously not condoning patent infringement. The idea is to learn from
useful ideas and implement a non-infringing equivalent as an open source
project. You can't patent "math", or "computer science", or ideas comparably
broad.

~~~
moocowtruck
you shouldn't be able to patent a query language for a graph either but here
we are

------
chris_wot
Even the companies who file the patents don't want the patents. It's getting
kind of ridiculous now.

~~~
harry8
Even the companies who file the patents _claim_ _they_ don't want the patents.

~~~
chris_wot
No, they have to do it as a defensive measure. It sucks, but companies like
RedHat do it all the time.

~~~
sanxiyn
We really should work on making defensive publication easier and more
recognized.

~~~
brlewis
How about we work on not allowing patents in fields where it's unreasonable to
expect the patent office to assess novelty and non-obviousness? Like software?

~~~
TeMPOraL
Or at least making their duration commensurate to the invention itself, and
the speed of evolution of the field. 3 years would be more than enough time
for the "inventors" to make money off their software patent.

~~~
jononor
Any or all of these 3 things would help!

------
deckar01
> Generic computers performing generic computer functions, without an
> inventive concept, do not amount to significantly more than the abstract
> idea. The type of information being manipulated does not impose meaningful
> limitations or render the idea less abstract. Looking at the elements as a
> combination does not add anything more than the elements analyzed
> individually. Therefore, the claim does not amount to significantly more
> than the abstract idea itself. The claim is not patent eligible.

> Examiner suggested . . . to advance the prosecution of this application: 1)
> Add the following limitations in claim 1: ‘a) graphs associated with a
> social-networking system’ . . . .

It sounds to me like the examiner is contradicting their self. They initially
state that the type of information being manipulated does not render the idea
less abstract, then go on to suggest limiting the information to social
networking graphs.

------
wyattk
Why does Facebook not use something like an MIT license? I am honestly
curious.

~~~
tcheard
The MIT license doesn't change anything in this case, because the MIT license
doesn't have a patent grant.

This GraphQL situation is different and, arguably, somewhat worse than the
ReactJS BSD+Patent license issue.

The problem here is the GraphQL specification doesn't have a patent grant
(unlike ReactJS, which does, but people don't like the terms of the grant).
And Facebook have filed a patent for GraphQL
([https://www.google.com/patents/US9646028](https://www.google.com/patents/US9646028))
that has some quite broad language.

Due to the patent, and the lack of a patent grant, most GraphQL users likely
infringe on Facebook's patents.

Please read: [https://medium.com/@dwalsh.sdlr/using-graphql-why-
facebook-n...](https://medium.com/@dwalsh.sdlr/using-graphql-why-facebook-now-
owns-you-3182751028c9)

~~~
JoshMnem
I am not a lawyer, but MIT and BSD are thought to have implicit patent
grants.[1] It would be completely absurd for a company to argue that they give
the public the right to use their software, but "just kidding -- we were
secretly withholding the rights to the patents all along so that we could sue
you for using our software!" An apparent problem with Facebook's PATENTS file
is that it explicitly withdraw the patent license if Facebook decides to
infringe on your patents and you speak up about it.

I'm not sure if the author of that article is partially trolling in the
attempt to get Facebook's patents terms applied to the entire spec.

The best solution would be to abolish software patents completely.

I think this entire PATENTS situation with Facebook is a good reason why
people should prefer Free software that is created and managed by individual
developers and independent foundations over "open source" software produced by
large companies with legal teams and dubious agendas.

[1]
[http://en.swpat.org/wiki/Patent_clauses_in_software_licences...](http://en.swpat.org/wiki/Patent_clauses_in_software_licences#Implicit_grants)

~~~
mbrock
You could create just as much fear, uncertainty and doubt by pointing to the
lack of clarity around the notion of an implicit patent grant.

~~~
JoshMnem
I don't think that they are the same. If the PATENTS file usage becomes
widespread, it would probably impact small startups without legal teams more
than anything regarding implicit patent grants would.

------
a13n
Can anyone point me to a single instance where anything bad has actually
happened because of Facebook's patent clause in one of their open source
libraries?

~~~
kowdermeister
It's a ticking bomb. You don't control what Facebook do or won't do and it's
enough for lawyers to freak out.

You can't know what would happen if Zuckerberg is replaced (accidents happen)
and corporate water-heads take over Facebook.

~~~
a13n
So that's a no then?

~~~
kowdermeister
Point me to a thing in the past that guarantees that North Korea won't use its
nuclear weapons in the future.

------
bcarroll22
Serious question. React has been around for a while. Companies like Airbnb and
Wix, for example, have been using React for a while. If Facebook were going to
leverage this the way people are scared of, wouldn’t there be some example of
them using it the way people are scared of? You know, on a company doing
something it’s proven that they could make major money on? It’s not like this
is a new provision, it’s been around for a while, and they’ve not used it to
backhand a single company that I’ve come across (please, correct me if I’m
wrong on this). So can’t this be boiled down to a conspiracy theory? There are
massively successful, profitable companies who they haven’t tried to leverage
these provisions on, so I’m honestly trying to figure out, what’s the basis
for this fear?

~~~
watty
It's a real threat, just blown way out of proportion. The second Facebook
leverages this patent clause on ANY company, React is dead and everyone will
migrate to Preact / VueJS, etc.

This means that the React patent card is a one-time play with HUGE
repercussions. Facebook isn't going to target your little company or startup
and worrying about it IMO is foolish.

~~~
bcarroll22
I think this is exactly what I am saying. There are companies using React that
are much larger than anyone who is worried about this, and they don’t seem
phased by it. That has to mean something.

~~~
kavok
These large companies could afford to move off of React if they had to.
Smaller companies could be severely impacted by having to move a core product
off of React quickly. I don't know why people are using Google as an example
of it being safe to use for a 10 person company.

~~~
bcarroll22
Okay sure, they could “afford” it, but that doesn’t mean they would want to.
And if there’s even a feeling on the legal team that some day it might be an
issue, why not just use what you’d someday have to switch to and start
investing in that ecosystem instead? That would be making a business decision
that you know could be flushing years worth of work and investment down the
toilet just because.

Besides, isn’t the wording in this clause immediate loss of use? You’d either
have to take the time to convert your app to something else before you sue
them, which would still take a long time and give them the time to
build/perfect your new lethal competitor, or sue them and shut your business
down until you converted it to something, which is equally lethal.

------
k__
Are these software patents a problem for EU companies?

I mean, we don't have software patents in Germany.

~~~
catwell
It is if you sell software to people outside the EU.

------
juancampa
Seems like a change in the license is on its way:

[https://github.com/facebook/graphql/pull/363](https://github.com/facebook/graphql/pull/363)

------
dmalik
Are there any technologies that are an alternative to GraphQL like Vue is to
React?

~~~
yasserkaddour
If you are a node developer there is Falcor by Netflix

[https://netflix.github.io/falcor/](https://netflix.github.io/falcor/)

~~~
dmalik
Yes, now that you mention it, I do remember hearing about Falcor. For anyone
that's interested I found this comparison:

[https://dev-blog.apollodata.com/graphql-vs-falcor-4f1e9cbf75...](https://dev-
blog.apollodata.com/graphql-vs-falcor-4f1e9cbf7504)

------
yuchi
Help me on this: Facebook has _just_ removed the PATENTS file from GraphQL
repository, and now there are issues for this? And at the same time people are
arguing over removing it from React?

This is madness…

~~~
worldsayshi
What? They haven't... [https://github.com/graphql/graphql-
js/blob/master/PATENTS](https://github.com/graphql/graphql-
js/blob/master/PATENTS)

~~~
Flenser
The graphql-js repo is an implementation of GraphQL in JavaScript

The graphql repo is the _specification_ for GraphQL. There has never been a
PATENTS file in that repo or any mention of patents:

[https://github.com/facebook/graphql/search?q=patents&type=Co...](https://github.com/facebook/graphql/search?q=patents&type=Commits&utf8=%E2%9C%93)

See DannyBee's post for why a patent grant for a specification is different
from software:

[https://news.ycombinator.com/item?id=15291330](https://news.ycombinator.com/item?id=15291330)

------
blazespin
Oh boy I just love Facebook's kick away the ladder patents.

------
HelloNurse
This GitHub issue is almost three weeks old and without any formal answer. At
the very least, Facebook doesn't care about solving the problem, which is
almost as bad as having malevolent plans to use these GraphQL patents.

~~~
peteretep

        > At the very least, Facebook doesn't
        > care about solving the problem
    

This attitude isn't in the least bit helpful. It's been escalated to their
legal council and the maintainer has said many many times that he's chasing
it.

~~~
HelloNurse
The poor developer answering in the GitHub issue tracker probably cares, but
he is a worker bee, not someone with any authority. All he can do is escalate
the issue into a brick wall.

