301 lines
18 KiB
HTML
301 lines
18 KiB
HTML
{% extends "base_compliance.html" %}
|
||
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
|
||
{% block submenuselection %}EnforcementStrategy{% endblock %}
|
||
{% block content %}
|
||
|
||
<h1 id="strategic-gpl-enforcement-initiative">The Strategic GPL Enforcement Initiative</h1>
|
||
|
||
<p>As existing donors and supporters know, the Software Freedom Conservancy
|
||
is a 501(c)(3) non-profit charity registered in New York, and Conservancy
|
||
helps people take control of their computing by growing the software
|
||
freedom movement, supporting community-driven alternatives to proprietary
|
||
software, and defending free software with practical initiatives.
|
||
Conservancy accomplishes these goals with various initiatives, including
|
||
defending and upholding the rights of software users and consumers under
|
||
copyleft licenses, such as the GPL.</p>
|
||
|
||
<h2 id="brief-history-of-user-focused-gpl-enforcement">Brief History of
|
||
User-Focused GPL Enforcement</h2>
|
||
|
||
<p>The spring of 2003 was a watershed moment for software freedom on
|
||
electronic devices. 802.11 wireless technology had finally reached the
|
||
mainstream, and wireless routers for home use had flooded the market
|
||
earlier in the year. By June
|
||
2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
|
||
general public knew that Linksys (a division of Cisco) was violating the
|
||
GPL</a> on their WRT54G model wireless routers. Hobbyists discovered
|
||
(rather easily) that Linux and BusyBox were included in the router, but
|
||
Linksys and Cisco had failed to provide source code or any offer for source
|
||
code to its customers.</p>
|
||
|
||
<p>A coalition formed made up of organizations and individuals — including
|
||
Erik Andersen (major contributor to and former leader of the BusyBox
|
||
project) and Harald Welte (major contributor to Linux’s netfilter
|
||
subsystem) — to enforce the
|
||
GPL. <a href="https://sfconservancy.org/about/staff/#bkuhn">Bradley
|
||
M. Kuhn</a>, who is now Conservancy’s Policy Analyst and
|
||
Hacker-in-Residence, led and coordinated that coalition (when he was
|
||
Executive Director of the FSF). By early 2004, this coalition, through the
|
||
process of GPL enforcement, compelled Linksys to release an
|
||
almost-GPL-compliant source release for the
|
||
WRT54G. A <a href="https://openwrt.org/about/history">group of volunteers
|
||
quickly built a new project, called OpenWRT</a> based on that source
|
||
release. In the years that have followed, OpenWRT has been ported to almost
|
||
every major wireless router product. Now, more than 15 years later, the
|
||
OpenWRT project routinely utilizes GPL source releases to build, improve
|
||
and port OpenWRT. The project has also joined coalitions to fight the FCC
|
||
to ensure that consumers have and deserve rights to install modified
|
||
firmwares on their devices and that such hobbyist improvements are no
|
||
threat to spectrum regulation.</p>
|
||
|
||
<p>Recently, OpenWRT decided to join Conservancy as one its member projects,
|
||
and Conservancy has committed to long-term assistance to this project.</p>
|
||
|
||
<p>OpenWRT has spurred companies to create better routers and other wireless
|
||
devices than they would otherwise have designed because they now need to
|
||
either compete with hobbyists, or (better still) cooperate with them to
|
||
create hardware that fully supports OpenWRT’s features and improvements
|
||
(such as dealing
|
||
with <a href="https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm">the
|
||
dreaded “bufferbloat” bugs</a>). This interplay between the hobbyist
|
||
community and for-profit ventures promotes innovation in
|
||
technology. Without both permission <em>and</em> the ability to build and
|
||
modify the software on their devices, the hobbyist community
|
||
shrinks. Without intervention to ensure companies respect the hobbyist
|
||
community, hobbyists are limited by the oft-arbitrary manufacturer-imposed
|
||
restraints in the OEM firmware. OpenWRT saved the wireless router market
|
||
from this disaster; we seek to help other embedded electronic subindustries
|
||
avoid that fate. The authors of GPL’d software chose that license so its
|
||
source is usable and readily available to hobbyists. It is our duty, as
|
||
activists for the software freedom of hobbyists, to ensure these legally
|
||
mandated rights are never curtailed.</p>
|
||
|
||
<p>(More on the OpenWRT project’s history and its connection to GPL
|
||
enforcement can be found
|
||
in <a href="https://www.youtube.com/watch?v=r4lCMx-EI1s">Kuhn’s talk
|
||
at <em>OpenWRT Summit 2016</em></a>.)</p>
|
||
|
||
<p>Conservancy has had substantial success in leveraging more device freedom
|
||
in other subindustries through GPL compliance. In 2009, Conservancy, with
|
||
co-Plaintiff Erik Andersen, sued fourteen defendants in federal court under
|
||
copyright claims on behalf of its BusyBox member project. Conservancy was
|
||
able to achieve compliance for the BusyBox project in all fourteen
|
||
cases. Most notably, the GPL-compliant source release obtained in the
|
||
lawsuit for certain Samsung televisions provided the basis for
|
||
the <a href="https://www.samygo.tv/">SamyGo project</a> — an alternative
|
||
firmware that works on that era of Samsung televisions and allows consumers
|
||
to modify and upgrade their firmware using FOSS.</p>
|
||
|
||
<p>Harald Welte also continued his efforts during the early and mid-2000s,
|
||
after the Linksys enforcement, through
|
||
his <a href="https://gpl-violations.org/">gpl-violations.org
|
||
project</a>. Harald successfully sued many companies (mostly in the
|
||
wireless router industry) in Germany to achieve compliance and yield source
|
||
releases that helped OpenWRT during that period.</p>
|
||
|
||
<h2 id="importance-of-linux-enforcement-specifically">Importance of Linux Enforcement Specifically</h2>
|
||
|
||
<p>In recent years, embedded systems technology has expanded beyond wireless
|
||
routers to so-called “Internet of Things” (IoT) devices designed for
|
||
connectivity with other devices in the home and to the “Cloud”. Consumer
|
||
electronics companies now feature and differentiate products based on
|
||
Internet connectivity and related services. Conservancy has seen
|
||
Linux-based firmwares on refrigerators, baby monitors, virtual assistants,
|
||
soundbars, doorbells, home security cameras, police body cameras, cars, AV
|
||
receivers, and televisions.</p>
|
||
|
||
<p>This wide deployment of general purpose computers into
|
||
mundane household devices raises profound privacy and consumer rights
|
||
implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
|
||
— invading the privacy and security of individual homes. Even when
|
||
companies succeed in keeping out third parties, consumers
|
||
are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
|
||
by camera makers</a> to automatically upload their videos to local
|
||
police. Televisions
|
||
routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
|
||
on consumers for the purposes of marketing and massive data
|
||
collection</a>.</p>
|
||
|
||
<p>There is one overarching irony to this growing dystopia: nearly all these
|
||
devices are based primarily on software licensed under the GPL: most
|
||
notably, Linux. While Linux-based systems do allow proprietary user-space
|
||
applications not licensed under GPL, the kernel and many other system
|
||
utilities routinely used in embedded systems, such as Conservancy’s BusyBox
|
||
project, are under that license (or similar copyleft licenses such as the
|
||
LGPL). These licenses require device makers to provide complete,
|
||
corresponding source code to everyone in possession of their
|
||
devices. Furthermore, Linux’s specific license (GPL, version 2), mandates
|
||
that source code must also include “the scripts used to control compilation
|
||
and installation of the executable”. In short, the consumers must receive
|
||
all the source code and the ability to modify, recompile and reinstall that
|
||
software. Upholding of this core freedom for Linux made OpenWRT
|
||
possible. We work to preserve (or, more often, restore) that software
|
||
freedom for consumers of other types of electronic devices.</p>
|
||
|
||
<p>When devices are compliant with the GPL’s requirements, customers can
|
||
individually or collectively take action against the surveillance and other
|
||
predatory behavior perpetuated by the manufacturers of these devices by
|
||
modifying and replacing the software. Hobbyists can aid their community by
|
||
providing these alternatives. People with no technical background already
|
||
replace firmware on their wireless routers with OpenWRT to both improve
|
||
network performance and allay privacy concerns. Furthermore, older
|
||
equipment is often saved from planned obsolescence by alternative
|
||
solutions. E-recyclers
|
||
like <a href="https://www.freegeek.org/">Freegeek</a> do this regularly for
|
||
desktop and laptop machines with GNU/Linux distributions like Debian, and
|
||
with OpenWRT for wireless routers. We seek to ensure they can do this for
|
||
other types of electronic products. However, without the complete,
|
||
corresponding source code, including the scripts to control its compilation and
|
||
installation, the fundamental purpose of copyleft is frustrated. Consumers,
|
||
hobbyists, non-profit e-recyclers and the general public are left without
|
||
the necessary tools they need and deserve, and which the license promises
|
||
them.</p>
|
||
|
||
<p>Additionally, copyleft compliance relates directly to significant
|
||
generational educational opportunities. There are few easier ways to
|
||
understand technology than to experiment with a device one already
|
||
has. Historically, FOSS has succeeded because young hobbyists could
|
||
examine, modify and experiment with software in their own devices. Those
|
||
hobbyists became the professional embedded device developers of today!
|
||
Theoretically, the advent of the “Internet of Things” — with its many
|
||
devices that run Linux — <em>should</em> give opportunities for young
|
||
hobbyists to quickly explore and improve the devices they depend on in
|
||
their every day lives. Yet, that’s rarely possible in reality. To ensure
|
||
that both current and future hobbyists can practically modify their
|
||
Linux-based devices, we must enforce Linux’s license. With public awareness
|
||
that their devices can be improved, the desire for learning will increase,
|
||
and will embolden the curiosity of newcomers of all ages and
|
||
backgrounds. The practical benefits of this virtuous cycle are immediately
|
||
apparent. With technological experimentation, people are encouraged to try
|
||
new things, learn how their devices work, and perhaps create whole new
|
||
types of devices and technologies that no one has even dreamed of
|
||
before.</p>
|
||
|
||
<p>IoT firmware should never rely on one vendor — even the vendor of the
|
||
hardware itself. This centralized approach is brittle and inevitably leads
|
||
to invasions of the public’s privacy and loss of control of their
|
||
technology. Conservancy’s GPL enforcement work is part of the puzzle that
|
||
ensures users can choose who their devices connect to, and how they
|
||
connect. Everyone deserves control over their own computing — from their
|
||
laptop to their television to their toaster. When the public can modify (or
|
||
help others modify) the software on their devices, they choose the level of
|
||
centralized control they are comfortable with. Currently, users with
|
||
Linux-based devices usually don’t even realize what is possible with
|
||
copyleft; Conservancy aims to show them.</p>
|
||
|
||
<h2 id="the-gpl-compliance-project-for-linux-developers">The GPL Compliance
|
||
Project for Linux Developers</h2>
|
||
|
||
<p>In May 2012, Software Freedom Conservancy
|
||
formed <a href="https://sfconservancy.org/copyleft-compliance/#linux">The GPL
|
||
Compliance Project for Linux Developers</a> in response to frustration by
|
||
upstream Linux developers about the prevalence of noncompliance in the
|
||
field, and their desire to stand with Conservancy’s BusyBox, Git and Samba
|
||
projects in demanding widespread GPL compliance. This coalition of Linux
|
||
developers works with Conservancy to enforce the GPL for the rights of
|
||
Linux users everywhere — particularly consumers who own electronic
|
||
devices. We accept violation reports from the general public, and
|
||
prioritize enforcement in those classes of devices where we believe that we
|
||
can do the most good to help achieve GPL compliance that will increase
|
||
software freedom for the maximum number of device users.</p>
|
||
|
||
<h2 id="the-need-for-litigation">The Need for Litigation</h2>
|
||
|
||
<p>While we still gain some success, we have found that the landscape of GPL
|
||
compliance has changed in recent years. Historically, the true “bad actors”
|
||
were rare. We found in the early days that mere education and basic
|
||
supply-chain coordination assistance yielded compliance. We sought and
|
||
often achieved goodwill in the industry via education-focused
|
||
compliance.</p>
|
||
|
||
<p>Those tactics no longer succeed; the industry has taken advantage of that
|
||
goodwill. After the BusyBox lawsuit settled, we observed a slow move toward
|
||
intentional non-compliance throughout the embedded electronics
|
||
industry. Companies use delay and “hardball” pre-litigation tactics to
|
||
drain the limited resources available for enforcement, which we faced (for
|
||
example) in <a href="/copyleft-compliance/vmware-lawsuit-links.html">the
|
||
VMware violation</a>. While VMware ultimately complied with the GPL, they
|
||
did so by reengineering the product and removing Linux from it — and only
|
||
after the product was nearing end-of-life.</p>
|
||
|
||
<p>Conservancy has recently completed an evaluation of the industry’s use of
|
||
Linux in embedded products. Our findings are disheartening and require
|
||
action. Across the entire industry, most major manufacturers almost flaunt
|
||
their failure to comply with the GPL. In our private negotiations,
|
||
pursuant to
|
||
our <a href="/copyleft-compliance/principles.html">Principles
|
||
of Community-Oriented GPL Enforcement</a>, GPL violators stall, avoid,
|
||
delay and generally refuse to comply with the GPL. Their disdain for the
|
||
rights of their customers is often palpable. Their attitude is almost
|
||
universal: <q>if you think we’re really violating the GPL, then go ahead and
|
||
sue us. Otherwise, you’re our lowest priority</q>.</p>
|
||
|
||
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
|
||
|
||
<p>Conservancy has a three-pronged plan for action: litigation, persistent
|
||
non-litigation enforcement, and alternative firmware development.</p>
|
||
|
||
<h3 id="litigation">Litigation</h3>
|
||
|
||
<p>Conservancy has many violation matters that we have pursued during the
|
||
last year where we expect compliance is impossible without litigation. We
|
||
are poised to select — from among the many violations in the embedded
|
||
electronics space — a representative example and take action in USA courts
|
||
against a violator who has failed to properly provide source code
|
||
sufficient for consumers to rebuild and install Linux, and who still
|
||
refuses to remedy that error after substantial friendly negotiation with
|
||
Conservancy.</p>
|
||
|
||
<p>Our goal remains the same as in all matters: we want a source release that
|
||
works, and we’ll end any litigation when the company fully complies on its
|
||
products and makes a bona fide commitment to future compliance.</p>
|
||
|
||
<p>Conservancy, after years of analyzing its successes and failures of
|
||
previous GPL compliance litigation, has developed — in conjunction with
|
||
litigation counsel over the last year — new approaches to litigation
|
||
strategy. We believe this will bring to fruition the promise of copyleft:
|
||
a license that ensures the rights and software freedoms of hobbyists who
|
||
seek full control and modifiability of devices they own. With the benefit
|
||
of this grant, Conservancy plans to accelerate these plans in 2020 and to
|
||
keep the public informed at every stage of the process.</p>
|
||
|
||
<h3 id="persistent-non-litigation-enforcement">Persistent Non-Litigation Enforcement</h3>
|
||
|
||
<p>While we will seek damages to cover our reasonable costs of this work, we
|
||
do not expect that any recovery in litigation can fully fund the broad base
|
||
of work necessary to ensure compliance and the software freedom it brings.
|
||
Conservancy is the primary charitable watchdog of GPL compliance for
|
||
Linux-based devices. We seek to use litigation as a tool in a broader
|
||
course of action to continue our work in this regard. We expect and
|
||
welcome that the high profile nature of litigation will inspire more device
|
||
owners to report violations to us. We expect we’ll learn about classes of
|
||
devices we previously had no idea contained Linux, and we’ll begin our
|
||
diligent and unrelenting work to achieve software freedom for the owners of
|
||
those devices. We will also build more partnerships across the technology
|
||
sector and consumer rights organizations to highlight the benefit of
|
||
copyleft to not just hobbyists, but the entire general public.</p>
|
||
|
||
<h3 id="alternative-firmware-project">Alternative Firmware Project</h3>
|
||
|
||
<p>The success of the OpenWRT project, born from GPL enforcement, has an
|
||
important component. While we’ve long hoped that volunteers, as they did
|
||
with OpenWRT and SamyGo, will take up compliant sources obtained in our GPL
|
||
enforcement efforts and build alternative firmware projects, history shows
|
||
us that the creation of such projects is not guaranteed and exceedingly
|
||
rare.</p>
|
||
|
||
<p>Traditionally, our community has relied exclusively on volunteers to take
|
||
up this task, and financial investment only comes after volunteers have put
|
||
in the unfunded work to make an MVP alternative firmware. While volunteer
|
||
involvement remains essential to the success of alternative firmware
|
||
projects, we know from our fiscal sponsorship work that certain aspects of
|
||
FOSS projects require an experienced charity to initiate and jump-start
|
||
some of the less exciting aspects of FOSS project creation and
|
||
development.</p>
|
||
|
||
<p>Conservancy plans to select a specific class of device. Upon achieving
|
||
compliant source releases in that subindustry through GPL enforcement,
|
||
Conservancy will <a href="firmware-liberation.html">launch an alternative
|
||
firmware project</a> for that class of device.</p>
|
||
|
||
{% endblock %}
|