Open Source Security hit with bill for defamation claim

Judge okays $260K in defense costs to Bruce Perens and lawyers under anti-SLAPP

By Thomas Claburn in San Francisco


Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim.

The security biz, and its president Brad Spengler, sued Perens last year over a blog post, alleging defamation.

Perens, one of the early leaders in the open source movement, said it was his opinion that Grsecurity's policy limiting the redistribution of its software would expose customers to claims of contributory infringement and breach of contract under the terms of the GPLv2.

Open Source Security and Spengler challenged that claim, saying it was libelous and harmed the company's business.

Last December, San Francisco magistrate judge Laurel Beeler disagreed, ruling that Perens's statement was an opinion and not libelous.

In January, Open Source Security appealed the decision to the US Ninth Circuit Court of Appeals.

A month later, Perens and his legal team from O’Melveny and Myers LLP sued to recover legal defense costs – $526,893.50 – under California's Anti-SLAPP statute, a law enacted in 1992 to deter unfounded lawsuits that aim to suppress speech through the imposition of a costly court battle.

This amount, revised from previous filings, is based on 904 hours of work by five attorneys, a case manager and a project assistant.

Linux kernel hardeners Grsecurity sue open source's Bruce Perens


The defense team also asked for a 1.5x cost multiplier, based on an agreement between Perens and his attorneys that they would forego certain fees as part of a risk-sharing arrangement. Open Source Security challenged the amount sought as excessive and over the weekend the judge agreed.

"These fees are unreasonable," judge Beeler said in her ruling. "The court awards $259,900.50 in fees (for 446.20 hours) and $2,403.12 in costs."

But she denied the plaintiff's effort to delay the fee award until the appeal is resolved. So that bill is now due.

"Unfortunately, this is a setback for us," said Rohit Chhabra, founder of the Chhabra Law Firm and the attorney representing Open Source Security, in an email to The Register. "Nonetheless, we are confident Open Source Security will ultimately persist."

The security software biz may persist but the Electronic Frontier Foundation hopes to prevent the firm from prevailing. On May 24, two attorneys from the cyber rights advocacy group – Jamie Williams and Aaron Mackey – joined the appeal to represent Perens.

Reached by phone, Mackey declined to comment beyond acknowledging that the EFF intends to represent Perens before the Ninth Circuit. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Hitting Microsoft's metal: SUSE flings Enterprise Linux at SAP HANA on Azure

SUSECON '19 Fancy a slice of SLES for SAP?

Take your pick: Linux on Windows 10 hardware, or Windows 10 on Linux hardware

We can't see the Arm in having a little tinker

Open sourcerers drop sick Fedora Remix to get Windows Subsystem for Linux pumping

You'll have to pay for the privilege, though

Windows Subsystem for Linux distro gets a preening, updated version waddles into Microsoft's app store

If you're feeling a little bit Linux, p-p-p-pick up a p-p-p-Pengwin...1.2

Linux kernel 'give me root, now' security hole sighted, dubbed 'Mutagen Astronomy'

Red Hat Enterprise and CentOS users at risk domain hacked, plastered with trolling, filth and anti-transgender vandalism

Web admin blames public Whois and lack of 2FA

Love Microsoft Teams? Love Linux? Then you won't love this

Updated Learn to love the browser instead

Linux 5.0 is out except it's really 4.21 because Linus 'ran out of fingers and toes' to count on

Ohhh, Torvalds! You are a card!

Scaling up Azure Service Fabric Linux Clusters using Ubuntu Xenial? Not so fast, friend

Workaround needed if you suddenly run into trouble with latest Linux OS update

Linux 4.19 lets you declare your trust in AMD, IBM and Intel

Wave the CPU trust flag if you're feeling safe enough