New patent of GraphQL means Facebook could sue you for infringement
Better be careful: using GraphQL might set you up for infringing Facebook’s patent. We take a look at the legal language and let you know if you’re possibly in trouble with Facebook’s legal team. (Spoiler: probably yes.)
Facebook may be the home of 2.2 billion friends, but their legal team is anything but amiable.
Fresh off the Apache Foundation’s recommendation that developers avoid using React.js and other software using the Facebook BSD+patents license, news comes that another well-known query language may soon infringe Facebook’s patents.
This time, GraphQL, a query language used to grab and graph data, lacks a patent specification. As attorney and developer Dennis Walsh pointed out on Medium and again on the GraphQL repo, this means that “most GraphQL users infringe Facebook’s patents”.
Oh. Cool. That list of users includes a lot of big names, including Yelp, GitHub, Intuit, Pinterest, the New York Times, and Twitter.
As of right now, GraphQL is not yet patented. It’s still at the application stage, but all signs point to the US Patent Office letting it go through.
Dennis Walsh, a former patent lawyer turned businessman/developer, explains that Facebook’s patent is so broad that it covers nearly every GraphQL implementation.
One of the big red blinking lights in the patent application is the undefined use of “social networking system”. Do they mean a site a la FB, or could an internal business network qualify? Very possibly! That means you are now violating the patent and are liable in court.
According to Walsh, projects that could be potential patent infringements include various open-source implementations for server-side languages, such as Python, Scala, Java, and NodeJS. Also at risk? GraphQL-as-a-platform providers, such as GraphCool and Scaphold. And, you know, GitHub and Twitter. No biggie.
Facebook uses a standard BSD license paired with an additional patent grant for most of their open source projects — the combination is called the Facebook BSD+Patents license.
“Facebook should immediately include a patent grant into the GraphQL spec to stop justified panic and GraphQL abandonment.”
One can only hope. However, Facebook’s legal team is now aware of this glaring loophole. Only time will tell as to what action they take.
Implications of the GraphQL patent
The discussion over on GitHub is particularly illuminating.
As @LawJolla commented, I think there is a big difference between React and GraphQL, specially regarding patents. While one is a framework, the other is a specification.
So we can’t really look at both with the same eyes, neither accept the React license explanation in the GraphQL topic.
Focusing on GraphQL, here are some of my worries, whose answers might help to understand what are the real implications of the Patent:
- How this affects the different frameworks and ecosystems?GraphQL server implementations (both open-source and closed-source, SaaS, …).
- GraphQL server tooling
- GraphQL clients (it seems this case will be the less vulnerable to the Patent, as analyzed by the article)
- How this affects to new specifications highly inspired by the GraphQL spec? (Let’s say GraphQL+) Could Facebook demand them?
Compared to GraphQL, SQL it’s been a specification/standard that’s been around for some years now and have zero patents associated to the standard itself. So, should we accept the Patent argument for the GraphQL case?
Perhaps including a patent grant in the GraphQL spec will help to alleviate this concerns.
GitLab is the biggest name to freeze GraphQL use until this legal limbo has cleared up.
As dosire said:
We’re grateful for GraphQL and believe it is the future of inter application API’s (with GRPC being the future of intra application API’s). I wanted to mention that at GitLab we decided to put our GraphQL implementation on hold, as our Senior Director of Legal Affairs mentions: “If we were to allow this license, it could lead to potential future conflicts with software licensed under Apache. Also, we could be impairing the future rights of our customers. Essentially, this is not really an open source product based on the implications of the license. While there is no payment of cash, payment is in the form of giving up future rights.”
And finally, Dennis Walsh again, (aka LawJolla):
@syrusakbary dead on and well said.
The longer that this drags out, the more I wonder what’s going on. I have faith in Facebook and still do. But the answer is obvious, and the fact we’re so far into this without any legal uttering is disturbing.
Software patents are rarely commercially valuable because most claim arbitrary elements. That is, if you were independently designing a similar system, odds are high your implementation, just by sheer implementation chance, would zig instead of zag. That zag would miss the claimed, patented arbitrary implementation.
But a way to make sure your arbitrary implementations are followed is to create an open spec. Then the arbitrary claimed elements (and GraphQLs patents have a few) are followed and infringed. Was GraphQL open sourced as a tech poisoned pill? I don’t think so. But as previously expressed, this delay is worrisome.
Since Facebook legal may read this post, I think the developer community is in enough of an uproar to mount a crowdsourced / crowdfunded USPTO request for reexamination of Facebook’s patents to invalidate them.
What do you think? Is this a cause for concern? Let us know in the comments below.