“why should a customer care about IP assurance?”

Matt Asay asks “Why should a customer care about IP assurance?” He and Savio Rodrigues both make what appears to be the same error: comparing IP to “environmental rules or workplace safety regulations”. There is a critical difference, of course: if the EPA or comes after Microsoft, and I use Microsoft products, I can’t be sued. If a patent holder comes after Microsoft, and I use Microsoft products, I can be sued, since patent law allows penalties both for manufacture and use of infringing products. (Joe Shaw correctly cites the relevant law here.) That’s fundamentally different from most other forms of law, where customers typically aren’t liable for the sins of the vendor.

Is the risk of getting sued for use very small? Absolutely. Is that risk overblown by hostile organizations who have used it to scare customers away from competitors, or to ‘tax’ those competitors? Yup. (And in a world with a more competent antitrust enforcer, there would be antitrust concerns about this behavior.) But the risk to the customer, however small, is non-zero. So competent lawyers from large organizations must advise their clients that there is a risk, and most organizations are just too risk averse to ignore that. Hence, customers care.

Savio has another way to argue that the risk really is basically zero:

You know, I’d actually love to see Microsoft sue a customer because of IP issues. Exactly how much would they sue for to offset the millions of dollars worth of negative publicity and brand destruction?

I’d love to think that this can be used as a security blanket, but I’m not sure that’s actually the case. The damage could easily be small- just as a vast majority of Americans think ‘well, it’s OK that they tapped his phones without a warrant- he’s a criminal, and I’m not’ or, historically, have thought ‘it is OK that they restricted his first amendment rights, he’s a communist, and I’m not’, I have a nagging feeling that a majority of software buyers would think ‘it is OK that they went after him for patent violations- he’s a patent violator, and I’m not’. Never underestimate the ability of people to rationalize away those sorts of things when they think they don’t apply to them. And besides- what are they going to do if they are angry? Stop buying Exchange? Windows? Office? Seems unlikely. So I don’t think this particular security blanket works- organizations still have to assume that the risk is real, even if it is small and hence perhaps discountable.

[Edit later: Matt has a comment worth reading in response. I think he and I mostly agree on the causes of the problem; I did want to clarify, though, that patent law is substantively different from the other areas of law he and Savio cited, and think that was worth doing.]