path: root/2012/gpl-freedomhec2012/gpl_compliance.tex

% $Header: /cvsroot/latex-beamer/latex-beamer/solutions/conference-talks/conference-ornate-20min.en.tex,v 1.7 2007/01/28 20:48:23 tantau Exp $

\documentclass{beamer}

% This file is a solution template for:

% - Talk at a conference/colloquium.
% - Talk length is about 20min.
% - Style is ornate.



% Copyright 2004 by Till Tantau <tantau@users.sourceforge.net>.
%
% In principle, this file can be redistributed and/or modified under
% the terms of the GNU Public License, version 2.
%
% However, this file is supposed to be a template to be modified
% for your own needs. For this reason, if you use this file as a
% template and not specifically distribute it as part of a another
% package/program, I grant the extra permission to freely copy and
% modify this file as you see fit and even to delete this copyright
% notice. 


\mode<presentation>
{
  \usetheme{Warsaw}
  % or ...

  \setbeamercovered{transparent}
  % or whatever (possibly just delete it)
}


\usepackage[english]{babel}
% or whatever

\usepackage[latin1]{inputenc}
% or whatever

\usepackage{times}
\usepackage[T1]{fontenc}
% Or whatever. Note that the encoding and the font should match. If T1
% does not look nice, try deleting the line with the fontenc.


\title{Current Developments in GPL Compliance}

\author{Harald Welte}

\institute
{gpl-violations.org}
% - Use the \inst command only if there are several affiliations.
% - Keep it simple, no one is interested in your street address.

\date[FreedomHEC 2012] % (optional, should be abbreviation of conference name)
{FreedomHEC 2012, Taipei}
% - Either use conference name or its abbreviation.
% - Not really informative to the audience, more for people (including
%   yourself) who are reading the slides online

\subject{Embedded Linux}
% This is only inserted into the PDF information catalog. Can be left
% out. 



% If you have a file called "university-logo-filename.xxx", where xxx
% is a graphic format that can be processed by latex or pdflatex,
% resp., then you can add a logo as follows:

% \pgfdeclareimage[height=0.5cm]{university-logo}{university-logo-filename}
% \logo{\pgfuseimage{university-logo}}



% Delete this, if you do not want the table of contents to pop up at
% the beginning of each subsection:
%\AtBeginSubsection[]
%{
%  \begin{frame}<beamer>{Outline}
%    \tableofcontents[currentsection,currentsubsection]
%  \end{frame}
%}


% If you wish to uncover everything in a step-wise fashion, uncomment
% the following command: 

%\beamerdefaultoverlayspecification{<+->}


\begin{document}

\begin{frame}
  \titlepage
\end{frame}

\begin{frame}{Outline}
  \tableofcontents
  % You might wish to add the option [pausesections]
\end{frame}


% Structuring a talk is a difficult task and the following structure
% may not be suitable. Here are some rules that apply for this
% solution: 

% - Exactly two or three sections (other than the summary).
% - At *most* three subsections per section.
% - Talk about 30s to 2min per frame. So there should be between about
%   15 and 30 frames, all told.

% - A conference audience is likely to know very little of what you
%   are going to talk about. So *simplify*!
% - In a 20min talk, getting the main ideas across is hard
%   enough. Leave out details, even if it means being less precise than
%   you think necessary.
% - If you omit details that are vital to the proof/implementation,
%   just say so once. Everybody will be happy with that.

\begin{frame}{About the speaker}
\begin{itemize}
\item Programming computers since 1989
\item Linux user + application developer since 1994
\item Linux kernel development since 1999
\item GNU GPL license enforcement since 2003
\item IT security expert, network protocol security
\item Board-level Electrical Engineering
\item System-level Software for PPC, ARM, x86
\item IANAL, but companies not complying with the license forced me to spend lots of time with legal issues
\end{itemize}
\end{frame}


\section{Historical Development}

\begin{frame}{Historical development}
\begin{itemize}
	\item 1970ies: Softare becomes copyrightable
	\item 1980ies: GNU project, GPLv1
	\item 1990ies: Linux kernel, GPLv2, servers
	\item 2000s: Linux and FOSS is everywhere
\end{itemize}
\end{frame}

\subsection{FOSS is everywhere}

\begin{frame}{Linux and Free Software (FOSS) everywhere}
\begin{figure}[h]
\centering
\includegraphics[width=100mm]{linux_netfilter_singapore_entertainment.jpg}
\end{figure}
\end{frame}

\begin{frame}{More Linux - More License Violations}
\begin{itemize}
	\item Boom of Linux results in many {\em new companies} using it in products
	\item Such Linux newbies do not have a history in the FOSS community
	\item They also do not share the same culture, values and norms
	\item They simply use Linux to reduce royalty cost for proprietary OS
	\item They run into trouble (GPL violations)
\end{itemize}
\end{frame}

\subsection{GPL enforcement}

\begin{frame}{More License Violations - More Enforcement}
\begin{itemize}
	\item New Linux based products continue to enter the market
	\item License compliance often very bad
	\item Community is deeply upset about the violation of its rules
	\item Often perceived as insult of the FOSS community culture
	\item Lack of respect of corporations towards community
	\item Legal enforcement is often the only possible way for community to educate corporations
\end{itemize}
\end{frame}

\begin{frame}{GPL enforcement}
\begin{itemize}
	\item Before 2003: Mostly Free Software Foundation
	\item 2003-now: gpl-violations.org (Europe), ~ 200 cases
	\item 2005-2010: SFLC (United States)
	\item 2010-now: SFC (United States)
	\item publicly invisible enforcement
	\begin{itemize}
		\item e.g. MySQL (dual-licensing)
		\item e.g. Asterisk (dual-licensing)
	\end{itemize}
\end{itemize}
\end{frame}

\section{Beyond minimal license compliance}

\subsection{FOSS communities vs. license terms}

\begin{frame}{FOSS community is technical, not legal}
\begin{itemize}
	\item FOSS is created by software developers working together in
collaborative ways, often without any formal structure
	\item Individuals, Universities as well as Corporations
contribute their work
	\item Cooperation in a culture of sharing
	\item Even direct competitors like Intel and AMD cooperate in Linux
development, because everyone needs it
	\item FOSS communities are deeply technical. They hate company
politics.
	\item License is {\bf just} a last resort of protection against
those who absolutely don't understand FOSS
\end{itemize}
\end{frame}

\begin{frame}{Beyond pure legal compliance with licenses}
\begin{itemize}
	\item Compliance with the legal terms of the license is the
absolute bare minimum that companies have to do
	\item If you use FOSS in your products, please consider
establishing a healthy relationship with the communities that drive
development of this software
	\item It is not a customer / supplier relationship!
	\item The community expects you to participate in development
\end{itemize}
\end{frame}

\subsection{Becoming part of the community}

\begin{frame}{Why should you join?}
Benefits to Embedded electronics companies
\begin{itemize}
	\item Larger number of engineers can help you improve your product
	\begin{itemize}
		\item optimize performance (battery, speed, ...)
		\item fix more bugs than your in-house R\&D
		\item have more ideas/innovation than all engineers combined inside your company!
	\end{itemize}
	\item Be recognized within the community as {\em somebody who understands}
	\begin{itemize}
		\item allows you to attract skilled developers from the FOSS world who would otherwise never consider working for you
		\item makes you more attractive to most technical customer base of {\em early adopters}
	\end{itemize}
	\item Reduce cost of maintaining your code base
\end{itemize}
\end{frame}

\begin{frame}{How to become part of the community}
\begin{itemize}
	\item Permit your engineers to engage in technical discussions on mailing lists
	\item Submit your modifications to the respective upstream projects
	\item Join technical conferences and discuss technical issues
	\item Encourage the community to innovate and extend your products
\end{itemize}
\end{frame}

\begin{frame}{When and how to release source code}
\begin{itemize}
	\item Legal requirement:
	\begin{itemize}
		\item You're used to release source code at the time product ships because the license forces you to
	\end{itemize}
	\item Community norm:
	\begin{itemize}
		\item Your engineers interact with the project maintainers during R\&D
		\item Source code of your modifications undergoes review + inclusion in mainline
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Quality of the source code release}
\begin{itemize}
	\item Legal requirement / Reality:
	\begin{itemize}
		\item {\em complete and corresponding} source code
		\item Often does not compile
		\item Often contains proprietary kernel modules of questionable legality
		\item Often provides no (simple) way of installing re-compiled program on the actual device
	\end{itemize}
	\item Community norm:
	\begin{itemize}
		\item {\em complete and corresponding} source code
		\item no proprietary kernel modules that constrain e.g.  updates to later kernels
		\item complete utilities to install modified version of software on the device
		\item maybe even some instructions on how to do so
	\end{itemize}
\end{itemize}
\end{frame}

\begin{frame}{Summary}
\begin{itemize}
	\item Show respect for the FOSS development model based on
mutual respect and understanding
	\item Actively engage and discuss with the community
	\item Don't try to cheat your way out of license compliance
	\item Treat community as partner in development of your products
	\item Don't treat them like your enemy (DRM, Tivo-ization)!
\end{itemize}
\end{frame}

\section{Current Developments}

\subsection{Software Freedom Conservancy}

\begin{frame}{Software Freedom Conservancy}
\begin{itemize}
	\item gpl-violations.org is no longer alone
	\item SFC is doing busybox enforcement in the US
	\item Some people/entities are upset about that...
	\item ... but we {\bf need} to see more enforcement
	\item SFC activities sometimes misrepresented in public!
\end{itemize}
\end{frame}

\begin{frame}{Software Freedom Conservancy}
\begin{itemize}
	\item It's great to see enforcement outside Europe
	\item It's great to see cases go to court in the US
	\item We need more precedent in favor of GPL enforcement to
		deter people from intentionally taking the risk of
		infringement
	\item 
\end{itemize}
\end{frame}

\begin{frame}{Software Freedom Conservancy / beyond busybox}
\begin{itemize}
	\item Some Linux kernel developers will work with SFC
	\item SFC is now able to enforce GPL on Linux kernel, not just busybox
	\item Lots of devices have Linux kernel but no busybox (e.g. Android)
\end{itemize}
\end{frame}

\subsection{The AVM Case}

\begin{frame}{The AVM Case}{Background (1/2)}
\begin{itemize}
	\item AVM is commercially most successful vendor of DSL CPE (Fritz!Box)
	\item They heavily use Linux and other FOSS in their products
	\item They also have an unusual amount of proprietary code in
		the devices, compared to most other vendors (e.g. bypass
		netfilter/iptables and use their own packet filter/NAT)
	\item Cybits is a German vendor of parental control / child safe
		content filtering software (proprietary)
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{Background (2/2)}
\begin{itemize}
	\item Cybits has developed a version of their filtering software
		that can be installed by the user onto the AVM Fritz!Box
	\item The installation procedure downloaded a AVM firmware
		update, extracts the root filesystem, changes some
		scripts, deactivates individual programs and adds their
		own software into the filesystem image
	\item The modified image is then installed by the user into his
		device
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{The Dispute (preliminary proceedings)}
\begin{itemize}
	\item AVM now asks court to grant injunction against Cybits
		modifying {\em their firmware}, based on copyright,
		trademark and unfair competition claims
	\item Court grants that injunction based on AVMs claims
	\item Cybits disputes that first decision
	\item Harald Welte / gpl-violations.org become {\em side intervener}
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{The Dispute (preliminary proceedings)}
\begin{itemize}
	\item {\em side intervener} because AVM tries to use legal means
		to restrict the freedom granted by the GPL: The ability
		to modify GPL licensed code, and to use such modified
		versions
	\item As Cybits only modifies code that is not copyrighted by
		AVM, AVM cannot make copyright based claims
	\item Court lifts preliminary injunction on condition that some
		erroneous display in the web interface are resolved by
		Cybits
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{The Dispute (main proceedings)}
\begin{itemize}
	\item AVM sues Cybits in main proceedings, Harald Welte side
		intervenes again
	\item AVM is making claims over claims and files tons of papers,
		up to a point where I have doubts that the court is able
		to read all of them
	\item Among other things, they always try to present the
		firmware as something whole to which they own rights.
		But if specifically asked, they do not explicitly claim
		it's a derivative or collective work
	\item Court accepts the fact that GPL licensed software is used
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{The Dispute (ridiculous AVM claims)}
\begin{itemize}
	\item AVM claims that an illegal modification under copyright
		law is happening, as Cybits is modifying their code by
		unloading AVM's proprietary kernel module and replacing
		it with standard kernel modules like ip\_tables.
	\item AVM claims that illegal copying happens as one of AVM's
		programs is copied from flash into RAM when Cybits
		installations scripts are executing it
	\item AVM claims copyright is about software, not firmware (lol)
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{December 2011: The verdict}
\begin{itemize}
	\item Court rules that AVM cannot restrict Cybits based on
		copyright law due to the provisions of the GPL
	\item Court rules that the firmware (including all GPL and
		non-gpl licensed components) constitutes a collective
		work
	\item Court rules that thus the entire collective work becomes
		{\em infected} by the GPL (!)
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{Analysis of the verdict}
\begin{itemize}
	\item Court has made a very far-reaching verdict
	\item What is the result of the {\em infection} of the
		collective work?
	\item Why is it not {\em mere aggregation on a storage medium}?
	\item Was AVM insisting that the firmware is somehow one
		item/entity all along the court case the reason for this
		somewhat unexpected outcome?
\end{itemize}
\end{frame}

\begin{frame}{The AVM Case}{What do we learn from it?}
\begin{itemize}
	\item Some companies are behaving outrageous in terms of GPL compliance
	\item Trying to fight very hard to restrict the freedom of the
		GPL can come back very hard to your own disadvantage.
	\item AVM has publicly proven that they're probably the worst
		aggressor against the freedom of the GPL, and they have
		failed to get away with it.
\end{itemize}
\end{frame}

\subsection{Current focus at gpl-violations.org}

\begin{frame}{Chinese Android Phones}
\begin{itemize}
	\item traditionally, we only see major brands/vendors like HTC,
		Samsung, LG, Motorola in Europe
	\item at the moment, TCT, ZTE, Huawei and others are starting to
		become available
	\item we're taking a {\em very} close look at all those devices
		and have just obtained an injunction against TCT Mobile
		(Alcatel branded)
	\item Chinese vendors must learn that they have to respect
		copyright and the GPL when they ship to EU or US market
\end{itemize}
\end{frame}

\begin{frame}{Chinese Oscilloscopes (DSO)}
\begin{itemize}
	\item did you know there are fairly decent Linux based DSO
		(digital storage oscilloscopes) available?
	\item wouldn't every system-level engineer dream of being able
		to enhance the software on a DSO with his custom
		analysis / trigger / protocol decoder code?  Or for
		factory testing/automation purpose?
	\item as part of GPL enforcement, Hantek/Tekway have now
		released the source code to bootloader/kernel, including
		the kernel drivers for their DSO hardware!
\end{itemize}
\end{frame}

\begin{frame}{no-name / store-branded OEM devices}
\begin{itemize}
	\item Actually found one German "cheap electronics vendor" who
		sell more than 13 currently active products in a
		completely GPL in-compliant way
	\item Pretty big surprise, given all the enforcement that has
		been done in recent years
\end{itemize}
\end{frame}

\begin{frame}{Cooperation with Free Software Foundation Europe}
\begin{itemize}
	\item Cases that we have finished enforcement on are handed over
		to FSFE
	\item FSFE volunteers will continue to monitor compliance,
		especially of firmware updates for them
	\item If any such future incompliance is found, case gets handed
		back to gpl-violations.org for enforcement of
		contractual penalty and declaration of cease+desist
	\item Contractual penalty gets donated to FSFE
\end{itemize}
\end{frame}

\begin{frame}{Thanks}
\begin{itemize}
	\item Thanks for your attention
	\item Feel free to raise questions
\end{itemize}
\end{frame}

\end{document}