The past and the future of Free Software License Violations =========================================================== :author: Harald Welte #:copyright: sysmocom - s.f.m.c. GmbH (License: CC-BY-SA) :backend: slidy :max-width: 45em == About the speaker * A _deeply_ technical person, IANAL. * Started as FOSS sysadmin in the mid-1990ies * Network security expert, electronics engineer, software developer. * Former Linux Kernel developer from 1999 on * Former head of netfilter core team * Founder of gpl-violations.org * Recipient of FSF Award for the Advancement of Free Software * Recipient of Google/O'Reilly Open Source Award * Now fully immersed in implementing cellular (GSM/3G) protocol stacks under the Osmocom.org project (mostly AGPLv3) == The past of FS license enforcement For those not around to witness it: * early work by the FSF (until 2004?) ** entirely out of court * gpl-violations.org (2003-2011) ** started by a Linux Kernel developer (yours truly) * Software Freedom Conservancy (2006-current) ** doing excellent work on behalf of many projects since == gpl-violations.org early history * device makers stared to use embedded Linux in WiFi routers * vendors did not get into compliance * some frustration existed with FSFs back then very tolerant approach of pushing for compliance at Linksys * further companies were infringing, triggering me as one of the many copyright holders to pursue independent legal action against product vendors in Germany == gpl-violations.org later history Fast-Forward 8 years. Results: * more than two hundred enforcements in total ** some of them didn't even reach any legal claims ** most of them were settled out of court ** some very few actually had to go to court * created some of the first precedent in terms of GPL enforcement in court, both in Germany and world-wide * not a single case lost == gpl-violations.org dormancy * While doing netfilter work as dayjob, there still was time to do compliance work in spare time * Increasingly difficult when I got involved with OpenMoko in Taiwan (2007-2009) * Impossible to find time while I started + bootstrapped my new company sysmocom from 2011 onwards * Big loss to the project when Armijn left in 2012 Result: No gpl-violations.org activity in years. Project became dormant. == gpl-violations.org dormancy * I've never been particularly sad about the dormancy * We did some pioneering and hugely successful work in GPL enforcement, creating ripples throughout the technology industry. * The legal network got started as a forum for related topics * Other people (e.g. SFC) started to do enforcement * So I didn't think it's a loss if I focus on other areas for an undefined amount of time Still, it is a pity that it was too much tied to me personally, and there was no structure and no team that could continue the work. Let's learn from that... == Resurrection, Step 1 (Q4/2015) * brought historic content of gpl-violations.org back online * occasional blog post about GPL related topics again * getting more exposure in FOSS legal community again * reporting about VMware case (in which I'm not legally involved, but which I very much support) == Resurrection, Step 2 (2016) * establishing a legal body for new gpl-violations.org activities ** put project on more shoulders ** less dependency on me personally ** taking legal action as natural person didn't allow others to get involved to larger extent due to associated personal risk * I wanted to have it established before LLW, but schedule slipped. Plan is to definitely complete this within Q2/2016. == gpl-violations.org e.V. * structure of a German "eingetragener Verein" (e.V.) * membership-based entity, where FOSS developers can become members * members can (but do not have to) sign fiduciary license agreement to enable gpl-violations.org e.V. to enforce license on their behalf * any enforcement will be done in compliance with the principles of community-oriented enforcement as published by SFC+FSF * is not going to be charitable due to increased tax/legal risk ** financial structure and usage of funds will be published to avoid any claims regarding misappropriation of funds == How is this different to SFC? * Jurisdiction / Geographic Scope ** SFC is primarily active in the US (so far?) ** gpl-violations.org would be primarily active in Germany, maybe EU * There's no shortage of violations to enforce, i.e. room for many more people or entities doing active enforcement * Very narrow focus on copyleft license enforcement, no other services Apart from that, in terms of goals and actual enforcement work, not all that different. At last not that it is planned. == Isn't more enforcement harmful? * there is some feeling that more enforcement scares people away from FOSS * I think it matters a lot about the _style_ of enforcement. We need more evidence of people caring about licenses and doing enforcement in a proper and respected way; compliance-centric and within a generally accepted common sense. * I also think license enforcement is required to make new (corporate) players in the FOSS world comply, and to continuously encourage and increase motivations for companies to be compliant * Last, but not least: License enforcement is also happening in proprietary software, so it's not a specific issue of FOSS, so let's not over-dramatize it. == Actual enforcement process * will probably not look any different from the past * reports of GPL violations by the community at large * technical investigation + establishing legal evidence * sending warning notice to company, requesting cease + desist * resolving the issue hopefully out of court * going to court whenever it is really necessary == Outlook * get over with formalities of establishment * get initial group of members to sign up * establish and tune the related processes * get started with some actual enforcement Let's meet again next year at LLW and talk about the progress by then. == Thanks * to Armijn for helping me all those years in the past at gpl-violations.org * to Till Jaeger and his team at JBB for all their legal help * to FSFE for their great work far beyond the Legal Network You now have a license to ask questions (SCNR).