Heya, I wanted to clarify the situation with Search Guard / Floragunn. Our goal here is to simplify things but we are limited in the scope of what we say out of respect for the legal process.
Copyright Claim Against floragunn/Search Guard
Earlier this year, we filed a formal claim of copyright infringement against floragunn. We filed that claim because we discovered that floragunn's Search Guard product infringed our copyrights in proprietary code for the Elasticsearch security plugin. The claim identifies specific examples of infringement. Those examples include code released by floragunn as far back as 2016.
After we filed the claim, an Elastic developer in our Kibana security team thought to take it upon himself to see whether there was evidence of copying by Search Guard of our code related to Kibana security, and found additional examples of floragunn infringing our commercial code. This time, the infringed code was from a plugin for our Kibana product. We recently amended our claim to include these examples of infringement.
It is important to note that we don't have a team of engineers dedicated to scouring the internet to find infringements of our copyrights. But we believe copying is simply wrong, and we are going to stand against it.
Security as a Paid Feature (that is now Free)
When we started, we were trying to build a business around the open source Elasticsearch, and chose the path of commercial IP to augment open source and help finance the hundreds of developers we employ to continuously build our products to the benefit of our community.
Note, even Search Guard has a free tier and a paid tier for advanced security features. Commercial IP is well known in open source, and is practiced by many different companies.
Whilst it is a very valid discussion point if certain aspects of security should be paid or not, and if we should have made them free earlier, that question is unrelated to the copyright claim. Stealing is not OK, regardless, and I hope we can keep the two discussions separated.
We are having these discussions about what should be free and what should be paid all the time in Elastic and with the community, to make sure we learn and improve. It is foundational in our roots in open source and our commitment to our community of users. As a result of these discussions, we have opened the code of our security plugin and made most of it free. But these two topics are and should be disconnected.
Opening our Commercial IP (X-Pack)
More than a year ago we opened the code of our commercial IP and folded it into our repos (while clearly separated) to simplify and ease the collaboration and distribution of it. Whilst there can be a valid discussion about distributing commercial and open source code together, I would urge our users to separate this discussion from the dispute regarding Search Guard. We have found evidence that indicate this copyright infringement has been going on for years, before we opened up our commercial IP, and I humbly ask our users to decouple these discussions.
Examples of Induced Infringement Attributable to Search Guard
Our initial filing in the case included claims of both direct infringement (infringement by floragunn of our proprietary code) and indirect infringement (infringement by downstream third parties that was induced by floragunn's distribution of Search Guard). When we amended our claim, we provided a few examples of such induced infringement, including Amazon Elasticsearch Service and AWS Open Distro for Elasticsearch. We have no reason to believe these third parties knew they were using infringing code or had any intention of infringing our copyright. It is simply part of the regular and expected legal process of filing such a claim.
I still remember taking a loan almost 10 years ago to register the ELASTICSEARCH trademark during the two years I spent on my own creating Elasticsearch. It was and still is a very common practice by open source foundations (like the Apache Software Foundation) and companies (like RedHat) to make sure they control the trademarks associated with their open source projects.
It is also important to note that once you register a trademark, you need to show that you are enforcing it, otherwise you are at risk of losing the trademark.
Over the years, we have enforced our trademark collaboratively with many different projects and companies. In a similar manner that we respect the "Apache Lucene" trademark, we followed a similar path with our own.
We filed a trademark claim regarding Amazon Elasticsearch Service and Open Distro for Elasticsearch recently, because it became clear to us that Amazon's use of the trademark was causing confusion in the market, which is the touchstone of trademark infringement. That legal action was and is separate from the copyright claim against Search Guard.
Our primary claim is simple, we believe calling the service Amazon Elasticsearch Service creates confusion in the market, and therefore infringes on our trademark. If you look around, there isn't an Amazon Kafka, but Amazon Managed Streaming for Kafka (MSK). There isn't Amazon Cassandra, but Amazon Managed Apache Cassandra Service (MCS). This is done, I suspect, with Amazon trying to abide by Apache Foundation trademark rights, a foundation known to rigorously protect its trademark rights, and justly so. We have the same right to protect our trademark.
We will keep updating this blog if more questions or information is needed. Thank you to our community of users for your support, trust, and using our products.