1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
|
<?xml version='1.0' encoding='ISO-8859-1'?>
<!DOCTYPE article PUBLIC '-//OASIS//DTD DocBook XML V4.3//EN' 'http://www.docbook.org/xml/4.3/docbookx.dtd'>
<article id="gpl-enforcement-ccc2004">
<articleinfo>
<title>Enforcing the GNU GPL - Copyright helps Copyleft</title>
<authorgroup>
<author>
<personname>
<firstname>Harald</firstname>
<surname>Welte</surname>
</personname>
<!--
<personblurb>Harald Welte</personblurb>
<affiliation>
<orgname>netfilter core team</orgname>
<address>
<email>laforge@netfilter.org</email>
</address>
</affiliation>
-->
<email>laforge@gpl-violations.org</email>
</author>
</authorgroup>
<copyright>
<year>2004</year>
<holder>Harald Welte <laforge@gpl-violations.org> </holder>
</copyright>
<date>Dec 01, 2004</date>
<edition>1</edition>
<orgname>netfilter core team</orgname>
<releaseinfo>
$Revision: 1.4 $
</releaseinfo>
<abstract>
<para>
More and more vendors of various computing devices, especially network-related
appliances such as Routers, NAT-Gateways and 802.11 Access Points are using
Linux and other GPL licensed free software in their products.
</para>
<para>
While the Linux community can look at this as a big success, there is a back
side of that coin: A large number of those vendors have no idea about the GPL
license terms, and as a result do not fulfill their obligations under the GPL.
</para>
<para>
The netfilter/iptables project has started legal proceedngs against a number of
companies in violation of the GPL since December 2003. Those legal proceedings
were quite successful so far, resulting in twelve amicable agreements and one
granted preliminary injunction. The list of companies includes large
corporations such as Siemens, Asus and Belkin.
</para>
<para>
This paper and the corresponding presentation will give an overview about the
author's recent successful enforcement of the GNU GPL within German
jurisdiction.
</para>
<para>
The paper will go on describing what exactly is neccessarry to fully comply
with the GPL, including the author's legal position on corner cases such as
cryptographic signing.
</para>
<para>
In the end, it seems like the idea of the founding fathers of the GNU GPL
works: Guaranteeing Copyleft by using Copyright.
</para>
</abstract>
</articleinfo>
<section>
<title>Legal Disclaimer</title>
<para>
The author of this paper is a software developer, not a lawyer. The content of
this paper represents his knowledge after dealing with the legal issues of
about 20 gpl violation cases.
</para>
<para>
All information in this paper is presented on a nas-is basis. There is no
warranty for correctness.
</para>
<para>
The paper does not comprise legal advise, and any details might be coupled to German copyright law (UrhG)
</para>
</section>
<section>
<title>Free Software and its role in the software industry</title>
<para>
Though Free Software (sometimes referred to as Open Source Software) according
to our definition exists since the early 1980's, it didn't became popular until
the advent of the internet.
</para>
<para>
The concept of cooperative development between otherwise unrelated parties was an ideal match with the new possibilities of worldwide communication.
</para>
<para>
Free Software finds its way into almost any market within the industry. While
FOSS deployment traditionally being strong in the server market, it recently
gains in the desktop workstation market, too (e.g. Open Office, Mozilla).
</para>
<para>
However, the largest number of FOSS deployments is in the embedded computing
market. You can easily find Linux and other FOSS embeddeed into devices such
as DSL routers, WLAN access points, network attached storage, digital TV
receivers, home multimedia centres and recently even wireless phones.
</para>
</section>
<section>
<title>What is copyrightable</title>
<para>
Since the GNU GPL is a copyright license, it can only cover copyrightable
works. The exact definition of what is copyrightable and what not might vary
from legislation to legislation.
</para>
<para>
Software is considered the immaterial result of a creative act, and is treated
very much like literary works. It might therefore be applicable to look at the
analogy of a printed book.
</para>
<para>
In order for a work to be copyrightable, it has to be non-trivial (German:
Schöpfungshöhe). Much like a lector of a book, anybody who just
corrects spelling mistakes, compiler warnings, or even functional fixes such as
fixing a signedness bug or a typecast are unlikely to be seen as a
copyrightable contribution to an existing work.
</para>
<para>
An indication for copyrightability can be the question: Did the author have a
choice (i.e. between different algorithms)? As soon as there are multiple ways
of getting a particular job done, and the author has to make decisions on which
way to go, this is an indication for copyrightability.
</para>
</section>
<section>
<title>The GNU GPL revisited</title>
<para>
As a copyright license, the GNU GPL mainly regulates distribution of a
copyrighted work, not usage. To the opposite, the GNU GPL does not allow an
author to make any additional restrictions like <quote>must not be used for
military purpose</quote>.
</para>
<para>
As a summary, the license allows distribution of the source code (including
modifications, if any) if
<itemizedlist>
<listitem><para>The GPL license itself is mentioned</para></listitem>
<listitem><para>A copy of the full license text accompanies every copy</para></listitem>
</itemizedlist>
</para>
<para>
The GPL allows distribution of the object code (including modifications) if
<itemizedlist>
<listitem><para>The GPL license itself is mentioned</para></listitem>
<listitem><para>A copy of the full license text accompanies every copy</para></listitem>
<listitem><para>The <quote>complete corresponding source code</quote> or a written offer to ship it to any third party is included with every copy</para></listitem>
</itemizedlist>
</para>
</section>
<section>
<title>Complete Source Code</title>
<para>
The GPL contains a very specific definition of what the term <quote>full source
code</quote> actually means in practise:
</para>
<para><quote>
... complete source code means all the source code for all modules it contains,
plus any associated interface definition files, plus the scripts used to
control compilation and installation of the executable.
</quote></para>
<para>
The interpretation of the paper's author of this (for C programs) is:
<itemizedlist>
<listitem><para>source code</para></listitem>
<listitem><para>Header Files</para></listitem>
<listitem><para>Makefiles</para></listitem>
<listitem><para>Tools for installation of a modified binary, even if they are not technically implemented as scripts</para></listitem>
</itemizedlist>
</para>
<para>
The general rule in case of any question is the intent of the license: To
enable the user to modify the source code and run modified versions.
</para>
<para>
This brings us to the conclusion that in case of a bundle of hardware and
software, the hardware can not be implemented in a way to only accept
cryptographically signed software, without providing either the original key,
or the option of setting a new key in the hardware.
</para>
</section>
<section>
<title>Derivative Work</title>
<para>
The question of derivative works is probably the hardest question with regard
to the GPL. According to the license text, any derivative work can only be
distributed under the GPL, too. However, the definition of a derivative work
is left to the legal framework of copyright.
</para>
<para>
The paper's author is convinced that any court decision would not look at the
particular technology used to integrate multiple software parts. It is much
more a question of how much dependency there is between the two pieces.
</para>
<para>
If a program is written against a specific non-standard API, this can be
considered as an indication for a derivative work. If a program is written
against standard APIs, and the GPL licensed parts that provide those APIs can
be easily exchanged with other [existing] implementations, then it can be considered as indication for no derivative work.
</para>
<para>
Unfortunately there is no precedent on this issue, so it's up to the first
court decisions on the issue of derivative works to determine.
</para>
</section>
<section>
<title>Collective Works</title>
<para>
<quote>... it is not the intent ... to claim rights or contest your rights to work written entirely by you; rather, the intent is to excercise the right to control the distribution of derivative or collective works ...</quote>
</para>
<para>
<quote>... mere aggregation of another work ... with the program on a volume of a storage or distribution medium does not bring the other work under the scope of this license</quote>
</para>
<para>
So the GPL allows <quote>mere aggregation</quote>, which is what e.g. the
GNU/Linux distributors like RedHat or SuSE do, when they ship GPL-licensed
programs together with a proprietary Macromedia Flash player on one CD- or
DVD-Medium.
</para>
<para>
Further research is required to determine what exactly would be a collective
work, and how far this is backed by copyright law.
</para>
</section>
<section>
<title>Non-Public Modifications</title>
<para>
Since the GPL regulates distribution and not use, any modifications that are
not distributed in any form do not require offering the source code.
</para>
<para>
Special emphasis has to be given on when distribution happens within the legal
context.
</para>
<para>
Undoubtedly, as soon as you distribute modifications to a third party, such as
a contractor or another company, you are bound by the GPL to either include the
full source code, or a written offer. Please note that if you don't include
the source code at any given time, the written offer must be available to any third party!
</para>
<para>
Interestingly, at least in German copyright law, distribution can also happen
within an organization. Apparently, as soon as a copy is distributed to a
group larger than a small number of close colleagues whom you know personally,
distribution happens - and thus the obligations of the GPL apply.
</para>
</section>
<section>
<title>GPL Violations</title>
<para>
The GPL is violated as soon as one or more of the obligations are not fulfilled.</para>
<para>
For this case, the GPL automatically revokes any right, even the usage right on
the original unmodified code. So not only the distribution is infringing, also the mere use is no longer permitted.
</para>
<para>
This very strong provision is quite common in copyright licenses, especially in
the world of proprietary software - so businesses involved in the software businesses are already used to that concept.
</para>
</section>
<section>
<title>Past GPL Enforcement</title>
<para>
In fact, GPL enforcement is not something completely new. The Free Software
Foundation (FSF) has been handling a number of GPL enforcement cases throughout
it's history since 1984.
</para>
<para>
However, their approach is quiet negotiations with the respective parties.
While this being productive in the respective cases, it obviously cannot serve
as example to raise public awareness about GPL compliance.
</para>
<para>
Also, anyone who uses GPL licensed software doesn't really have an economic
incentive to behave license compliant, if he cannot loose something. While the
Free Software movement being very ideological, we cannot neglect the fact that
businesses are only driven by economy.
</para>
<para>
Thus, it is the idea of the author to raise the economic price of license
infringement by
<itemizedlist>
<listitem><para>making infringement public (and thus imposing a negative marketing effect)</para></listitem>
<listitem><para>raising legal charges which force them to comply or otherwise loose the chance to use GPL covered code</para></listitem>
<listitem><para>claiming damages as a direct economic price</para></listitem>
</itemizedlist>
</para>
</section>
<section>
<title>The Linksys Case</title>
<para>
In 2003, the Linksys Case was drawing a lot of attention from the FOSS
community. Linksys Corporation (a subsidiary of Cisco, the worldwide leader in
network equipment such as enterprise switches and routers) was selling 802.11
(aka WiFi, WLAN) Access Points and Routers containing GPL licensed software.
The devices were sold virtually worldwide, and Linksys is one of the largest
players in the 802.11 consumer market. Software embedded into the device
contains the Linux OS Kernel, uClibc, busybox, netfilter/iptables.
</para>
<para>
An alliance of copyright holders (including the author of this paper) was lead by the Free Software Foundation to bring Linksys into compliance with the GPL license terms.
</para>
<para>
While in the end successfully bringing Linksys into compliance, it took that
alliance about four months to achieve the full sourcecode release by Linksys.
</para>
<para>
The strategy of Linksys was to overly delay the negotiations, making one
incoomplete source code release after the other.
</para>
<para>
Especially considering that the product lifecycle in the 802.11 being usually
somewhere between three and six months, this kind of delay was not acceptable
to a number of involved copyright holders.
</para>
<para>
Looking back from now, it is important to note that the Linksys GPL case has
actually helped Linksys a lot with regard to the popularity of their products.
A lot of users buy their product exactly because they know they receive the
sourcecode and the right to modify it. There's now a vivid community around
their products, offering community-based alternative software (aka firmware)
for them. Also, a number of small and medium-sized businesses have alternative
commercial free software offers. Due to that success, almost any new Linksys
product was based on Free Software, too!
</para>
</section>
<section>
<title>Enforcement Case Timeline</title>
<para>
The author of this paper started the <quote>gpl-violations.org</quote> project
in order to help with new cases coming up after the Linksys case.
</para>
<para>
The usual timeline of an enforcemnt case looks like this:
<itemizedlist>
<listitem><para>Customer/User of the product sends information about the product to copyright holders</para></listitem>
<listitem><para>Copyright holders confirm violation by re-engineering the product and making a test purchase</para></listitem>
<listitem><para>Copyright holder sends a warning notice to the product vendor</para></listitem>
<listitem><para>Copyright holder waits for some two weeks if vendor is willing to sing a declaration to cease and decist</para></listitem>
<listitem><para>If no declaration to cease and decist was signed
<itemizedlist>
<listitem><para>Contract technical expert recognized to court to do a study</para></listitem>
<listitem><para>Apply for a preliminary injunction at court</para></listitem>
</itemizedlist>
</para></listitem>
<listitem><para>If declaration to cease and decist was signed
<itemizedlist>
<listitem><para>Try to find amicable agreement about damages and information claims</para></listitem>
<listitem><para>Probably grant a grace period for products already produced and in stock</para></listitem>
</itemizedlist>
</para></listitem>
</itemizedlist>
</para>
</section>
<section>
<title>Success so far</title>
<para>
Since the launch of gpl-violations.org, it has been a huge success for the FOSS
community. Up to now, there have been about 25 cases where the GPL has been
enforced out-of-court. In addition, there two preliminary injunctions have
been granted. An appeals case against one injunction was turned down by the
court. Thus, precedent has been set forth for likely further cases to follow.
</para>
<para>
Especially the first preliminary injunction received big interest throughout
the computing industry and the legal community. It received significant media
coverage and thus resulted in exactly what the copyright holders wanted to
achive: Raising public awareness about the GPL license conditions.
</para>
</section>
<section>
<title>Further Reading</title>
<itemizedlist>
<listitem><para>The Free Software Foundation: <ulink url="http://www.fsf.org/"/></para></listitem>
<listitem><para>The gpl-violations.org project: <ulink url="http://www.gpl-violations.org/"/></para></listitem>
<listitem><para>The GNU project project: <ulink url="http://www.gnu.org/"/></para></listitem>
<listitem><para>The law firm JBB (has court orders as PDF on their site): <ulink url="http://www.jbb.de/"/></para></listitem>
<listitem><para>The gpl-violations.org section in the weblog of the author: <ulink url="http://gnumonks.org/~laforge/weblog/linux/gpl-violations"/></para></listitem>
</itemizedlist>
<para>
</para>
</section>
</article>
|