%include "default.mgp" %default 1 bgrad %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page %nodefault %back "blue" %center %size 7 reboot 7 Enforcing the GNU GPL Copyright helps Copyleft %center %size 4 by Harald Welte %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Contents Introduction The GNU GPL Revisited Motivations for licensing under the GPL Enforcing the GNU GPL Thanks %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Introduction Who is speaking to you? an independent Free Software developer who earns his living off Free Software since 1997 who is one of the authors of the linux kernel firewall system called netfilter/iptables who IS NOT A LAWYER, although this presentation is the result of dealing six months with lawyers on the GPL Why is he speaking to you? because he became aware of copyright (copyleft?) infringement and took legal action within German jurisdiction %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Disclaimer Legal Disclaimer All information presented here is provided on an as-is basis There is no warranty for correctness of legal information The author is not a lawyer This does not comprise legal advise The authors' experience is limited to German copyright law %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Ideas and Goals of the GNU GPL Free Software Software that has fundamental freedoms: to use it for any purpose to "help your neighbour" (i.e. make copies) to study it's functionality (reading source code) to fix it myself (make modifications and run them) Copyleft Is the legal idea to exercising copyright to grant the above freedoms assure that nobody can take away the freedom The GNU General Public License Is a legal instrument to apply they copyleft idea on software %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft What is copyrightable? The GNU GPL is a copyright license, and thus only covers copyrighted code Not everything is copyrightable (German: Schoepfungshoehe) Small bugfixes are not copyrightable (similar to typo-fixes in a book) As soon as the programmer has a choice in the implementation, there is significant indication of a copyrightable work Choice in algorithm, not in formal representation. Apparently, the level for copyrightable works is relatively low. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft The GNU GPL Revisited Revisiting the GNU General Public License Regulates distribution of copyrighted code, not usage Allows distribution of source code and modified source code Allows distribution of binaries or modified binaries, if The license itself is mentioned A copy of the license accompanies every copy The complete source code is either included with the copy made available to any 3rd party %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Complete Source Code %size 3 "... complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable." Our interpretation of this is: Source Code Makefiles Tools for generating the firmware binary from the source (even if they are technically no 'scripts') General Rule: Intent of License is to enable user to run modified versions of the program. They need to be enabled to do so. Result: Signing binaries and only accepting signed versions without providing a signature key is not acceptable! %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Derivative Works What is a derivative work? Not dependent on any particular kind of technology (static/dynamic linking, dlopen, whatever) Even while the modification can itself be a copyrightable work, the combination with GPL-licensed code is subject to GPL. No precendent in Germany so far As soon as code is written for a specific non-standard API (such as the iptables plugin API), there is significant indication for a derivative work This position has been successfully enforced out-of-court with two Vendors so far (iptables modules/plugins). Result Position of my lawyers (apparently also of IBM lawyers): In-kernel proprietary code (binary kernel modules) are not compliant Case-by-case analysis required, especially when drivers/filesystems are ported from other OS's. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Confusion about the GPL %size 4 Unfortunately, the wide misconception about copyright, free software, public domain (even the RedHat CEO!) leads to people unknowingly, or even wilfully only benefit from the freedom but not fulfill the obligations of the GPL. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Enforcing the GNU GPL Enforcing the GPL GPL violations are nothing new, as GPL licensed software is nothing new. However, the recent Linux boom The FSF enforces GPL violations of code on which they hold the copyright silently, without public notice in lengthy negotiations During 2003 the "Linksys" case drew a lot of attention Linksys was selling 802.11 WLAN Acces Ponts / Routers Lots of GPL licensed software embedded in the device (included Linux, uClibc, busybox, iptables, ...) FSF led alliance took the 'qiet' approach and it took about four months until the full source code was released %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Enforcing the GNU GPL The Linksys case Some developers didn't agree with this approach not enough publicity violators don't loose anything by first not complying and wait for the FSF four months delay is too much for low product lifecycles in WLAN world So the netfilter/iptables project started to do their own enforcement in more cases coming up %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Enforcing the GNU GPL Enforcing the GPL chronological order reverse engineering of firmware images sending the infringing organization a warning notice wait for them to sign a statement to cease and desist applying for a preliminary injunction if they don't (max 4 weeks after reverse engineering) Success so far amicable agreement with Asus, Belkin, Allnet, Fujitsu-Siemens, Siemens, Securepoint, U.S. Robotics, ... some of which made significant donations to charitable organizations of the free software community preliminary injunction against Sitecom, Sitecom also lost appeals case more settled cases (not public yet) negotiating in more cases public awareness %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Enforcing the GNU GPL Enforcing the GPL remains an important issue for Free Software will start to happen within the court has to be made public in order to raise awareness Problems only the copyright holder (in most cases the author) can do it users discovering GPL'd software need to communicate those issues to all copyright holders The http://www.gpl-violations.org/ project was started as a platform wher users can report alleged violations to verify those violations and inform all copyright holders to inform the public about ongoing enforcement efforts %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GPL enforcement report Cases so far Cases so far Allnet GmbH Siemens AG Fujitsu-Siemens Computers GmbH Axis A.B. Securepoint GmbH U.S.Robotics Germany GmbH undisclosed large vendor Belkin Compnents GmbH Asus GmbH Gateprotect GmbH Sitecom GmbH TomTom B.V. Gigabyte Technologies GmbH D-Link GmbH %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Make later enforcement easy Practical rules for proof by reverse engineering Don't fix typos in error messages and symbol names Leave obscure error messages like 'Rusty needs more caffeine' Make binary contain string of copyright message, not only source Practical rules for potential damages claims Use revision control system Document source of each copyrightable contribution Name+Email address in CVS commit message Consider something like FSFE FLA (Fiduciary License Agreement) Make sure that employers are fine with contributions of their employees If you find out about violation Don't make it public (has to be new/urgent for injunctive relief) Contact lawyer immediately to send wanrning notice %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %page GNU GPL - Copyright helps Copyleft Thanks Thanks to Alan Cox, Alexey Kuznetsov, David Miller, Andi Kleen for implementing (one of?) the world's best TCP/IP stacks Paul 'Rusty' Russell for starting the netfilter/iptables project for trusting me to maintain it today Astaro AG for sponsoring parts of my netfilter work Free Software Foundation for the GNU Project for the GNU General Public License %size 3 http://gpl-violations.org/ %size 3 http://gnumonks.org/ %size 3 http://www.netfilter.org/