Enforcing the GNU GPL - Copyright helps Copyleft
Harald
Welte
laforge@gpl-violations.org
2004
Harald Welte <laforge@gpl-violations.org>
Dec 01, 2004
1
netfilter core team
$Revision: 1.4 $
More and more vendors of various computing devices, especially network-related
appliances such as Routers, NAT-Gateways and 802.11 Access Points are using
Linux and other GPL licensed free software in their products.
While the Linux community can look at this as a big success, there is a back
side of that coin: A large number of those vendors have no idea about the GPL
license terms, and as a result do not fulfill their obligations under the GPL.
The netfilter/iptables project has started legal proceedngs against a number of
companies in violation of the GPL since December 2003. Those legal proceedings
were quite successful so far, resulting in twelve amicable agreements and one
granted preliminary injunction. The list of companies includes large
corporations such as Siemens, Asus and Belkin.
This paper and the corresponding presentation will give an overview about the
author's recent successful enforcement of the GNU GPL within German
jurisdiction.
The paper will go on describing what exactly is neccessarry to fully comply
with the GPL, including the author's legal position on corner cases such as
cryptographic signing.
In the end, it seems like the idea of the founding fathers of the GNU GPL
works: Guaranteeing Copyleft by using Copyright.
Legal Disclaimer
The author of this paper is a software developer, not a lawyer. The content of
this paper represents his knowledge after dealing with the legal issues of
about 20 gpl violation cases.
All information in this paper is presented on a nas-is basis. There is no
warranty for correctness.
The paper does not comprise legal advise, and any details might be coupled to German copyright law (UrhG)
Free Software and its role in the software industry
Though Free Software (sometimes referred to as Open Source Software) according
to our definition exists since the early 1980's, it didn't became popular until
the advent of the internet.
The concept of cooperative development between otherwise unrelated parties was an ideal match with the new possibilities of worldwide communication.
Free Software finds its way into almost any market within the industry. While
FOSS deployment traditionally being strong in the server market, it recently
gains in the desktop workstation market, too (e.g. Open Office, Mozilla).
However, the largest number of FOSS deployments is in the embedded computing
market. You can easily find Linux and other FOSS embeddeed into devices such
as DSL routers, WLAN access points, network attached storage, digital TV
receivers, home multimedia centres and recently even wireless phones.
What is copyrightable
Since the GNU GPL is a copyright license, it can only cover copyrightable
works. The exact definition of what is copyrightable and what not might vary
from legislation to legislation.
Software is considered the immaterial result of a creative act, and is treated
very much like literary works. It might therefore be applicable to look at the
analogy of a printed book.
In order for a work to be copyrightable, it has to be non-trivial (German:
Schöpfungshöhe). Much like a lector of a book, anybody who just
corrects spelling mistakes, compiler warnings, or even functional fixes such as
fixing a signedness bug or a typecast are unlikely to be seen as a
copyrightable contribution to an existing work.
An indication for copyrightability can be the question: Did the author have a
choice (i.e. between different algorithms)? As soon as there are multiple ways
of getting a particular job done, and the author has to make decisions on which
way to go, this is an indication for copyrightability.
The GNU GPL revisited
As a copyright license, the GNU GPL mainly regulates distribution of a
copyrighted work, not usage. To the opposite, the GNU GPL does not allow an
author to make any additional restrictions like must not be used for
military purpose
.
As a summary, the license allows distribution of the source code (including
modifications, if any) if
The GPL license itself is mentioned
A copy of the full license text accompanies every copy
The GPL allows distribution of the object code (including modifications) if
The GPL license itself is mentioned
A copy of the full license text accompanies every copy
The complete corresponding source code
or a written offer to ship it to any third party is included with every copy
Complete Source Code
The GPL contains a very specific definition of what the term full source
code
actually means in practise:
... complete source code means all the source code for all modules it contains,
plus any associated interface definition files, plus the scripts used to
control compilation and installation of the executable.
The interpretation of the paper's author of this (for C programs) is:
source code
Header Files
Makefiles
Tools for installation of a modified binary, even if they are not technically implemented as scripts
The general rule in case of any question is the intent of the license: To
enable the user to modify the source code and run modified versions.
This brings us to the conclusion that in case of a bundle of hardware and
software, the hardware can not be implemented in a way to only accept
cryptographically signed software, without providing either the original key,
or the option of setting a new key in the hardware.
Derivative Work
The question of derivative works is probably the hardest question with regard
to the GPL. According to the license text, any derivative work can only be
distributed under the GPL, too. However, the definition of a derivative work
is left to the legal framework of copyright.
The paper's author is convinced that any court decision would not look at the
particular technology used to integrate multiple software parts. It is much
more a question of how much dependency there is between the two pieces.
If a program is written against a specific non-standard API, this can be
considered as an indication for a derivative work. If a program is written
against standard APIs, and the GPL licensed parts that provide those APIs can
be easily exchanged with other [existing] implementations, then it can be considered as indication for no derivative work.
Unfortunately there is no precedent on this issue, so it's up to the first
court decisions on the issue of derivative works to determine.
Collective Works
... it is not the intent ... to claim rights or contest your rights to work written entirely by you; rather, the intent is to excercise the right to control the distribution of derivative or collective works ...
... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work under the scope of this license
So the GPL allows mere aggregation
, which is what e.g. the
GNU/Linux distributors like RedHat or SuSE do, when they ship GPL-licensed
programs together with a proprietary Macromedia Flash player on one CD- or
DVD-Medium.
Further research is required to determine what exactly would be a collective
work, and how far this is backed by copyright law.
Non-Public Modifications
Since the GPL regulates distribution and not use, any modifications that are
not distributed in any form do not require offering the source code.
Special emphasis has to be given on when distribution happens within the legal
context.
Undoubtedly, as soon as you distribute modifications to a third party, such as
a contractor or another company, you are bound by the GPL to either include the
full source code, or a written offer. Please note that if you don't include
the source code at any given time, the written offer must be available to any third party!
Interestingly, at least in German copyright law, distribution can also happen
within an organization. Apparently, as soon as a copy is distributed to a
group larger than a small number of close colleagues whom you know personally,
distribution happens - and thus the obligations of the GPL apply.
GPL Violations
The GPL is violated as soon as one or more of the obligations are not fulfilled.
For this case, the GPL automatically revokes any right, even the usage right on
the original unmodified code. So not only the distribution is infringing, also the mere use is no longer permitted.
This very strong provision is quite common in copyright licenses, especially in
the world of proprietary software - so businesses involved in the software businesses are already used to that concept.
Past GPL Enforcement
In fact, GPL enforcement is not something completely new. The Free Software
Foundation (FSF) has been handling a number of GPL enforcement cases throughout
it's history since 1984.
However, their approach is quiet negotiations with the respective parties.
While this being productive in the respective cases, it obviously cannot serve
as example to raise public awareness about GPL compliance.
Also, anyone who uses GPL licensed software doesn't really have an economic
incentive to behave license compliant, if he cannot loose something. While the
Free Software movement being very ideological, we cannot neglect the fact that
businesses are only driven by economy.
Thus, it is the idea of the author to raise the economic price of license
infringement by
making infringement public (and thus imposing a negative marketing effect)
raising legal charges which force them to comply or otherwise loose the chance to use GPL covered code
claiming damages as a direct economic price
The Linksys Case
In 2003, the Linksys Case was drawing a lot of attention from the FOSS
community. Linksys Corporation (a subsidiary of Cisco, the worldwide leader in
network equipment such as enterprise switches and routers) was selling 802.11
(aka WiFi, WLAN) Access Points and Routers containing GPL licensed software.
The devices were sold virtually worldwide, and Linksys is one of the largest
players in the 802.11 consumer market. Software embedded into the device
contains the Linux OS Kernel, uClibc, busybox, netfilter/iptables.
An alliance of copyright holders (including the author of this paper) was lead by the Free Software Foundation to bring Linksys into compliance with the GPL license terms.
While in the end successfully bringing Linksys into compliance, it took that
alliance about four months to achieve the full sourcecode release by Linksys.
The strategy of Linksys was to overly delay the negotiations, making one
incoomplete source code release after the other.
Especially considering that the product lifecycle in the 802.11 being usually
somewhere between three and six months, this kind of delay was not acceptable
to a number of involved copyright holders.
Looking back from now, it is important to note that the Linksys GPL case has
actually helped Linksys a lot with regard to the popularity of their products.
A lot of users buy their product exactly because they know they receive the
sourcecode and the right to modify it. There's now a vivid community around
their products, offering community-based alternative software (aka firmware)
for them. Also, a number of small and medium-sized businesses have alternative
commercial free software offers. Due to that success, almost any new Linksys
product was based on Free Software, too!
Enforcement Case Timeline
The author of this paper started the gpl-violations.org
project
in order to help with new cases coming up after the Linksys case.
The usual timeline of an enforcemnt case looks like this:
Customer/User of the product sends information about the product to copyright holders
Copyright holders confirm violation by re-engineering the product and making a test purchase
Copyright holder sends a warning notice to the product vendor
Copyright holder waits for some two weeks if vendor is willing to sing a declaration to cease and decist
If no declaration to cease and decist was signed
Contract technical expert recognized to court to do a study
Apply for a preliminary injunction at court
If declaration to cease and decist was signed
Try to find amicable agreement about damages and information claims
Probably grant a grace period for products already produced and in stock
Success so far
Since the launch of gpl-violations.org, it has been a huge success for the FOSS
community. Up to now, there have been about 25 cases where the GPL has been
enforced out-of-court. In addition, there two preliminary injunctions have
been granted. An appeals case against one injunction was turned down by the
court. Thus, precedent has been set forth for likely further cases to follow.
Especially the first preliminary injunction received big interest throughout
the computing industry and the legal community. It received significant media
coverage and thus resulted in exactly what the copyright holders wanted to
achive: Raising public awareness about the GPL license conditions.
Further Reading
The Free Software Foundation:
The gpl-violations.org project:
The GNU project project:
The law firm JBB (has court orders as PDF on their site):
The gpl-violations.org section in the weblog of the author: