Understanding The Complexity of Copyleft Defense:

After 25 Years of GPL Enforcement, Is Copyleft Succeeding?


Bradley M. Kuhn

FOSDEM 2017 Keynote

Saturday 4 February 2017

Follow along with the slides: ebb.org/fosdem17/

Anything in blue is hyperlink; feel free to read along.

Why Talk About Copyleft?

So…Conservancy has many activities…very few of which are licensing work…

…but people love hearing about copyleft most of all.

And, you (Free Software developers) deserve to know the whole story.

What Can I Say About Copyleft?

Since I work for a charity, not a company or a trade association…

I have the freedom (and in some sense the obligation) to give you the whole story from my point of view.

Conservancy operates more transparently than any company or trade association in our community.

Philosophical First Principles

Begin always with first principles…

An Interdisciplinary Consideration

I got kicked out of university after delivering a brilliant lecture on the aggressive influence of German philosophy on rock and roll entitled “You, Kant, Always Get What You Want”.

— John Cameron Mitchell

Individual First Principles

The brief tale of “why I decided to stand up for the value of copyleft”…

The Liberal Arts

I believed in the power of interdisciplinary approach, so I began Computer Science studies in 1991, but at a liberal arts university with extensive philosophy and literature requirements.

The Campus Luggable

My 1992 laptop (from Sager) looked very much like this …

Yes, We Really Lived Like This

I went to a bookstore. I bought this magazine. I found the laptop and called them on the phone to order it.

Finding an operating system?

Our Hobbyist Culture

I read this in real time…

I'm doing a (free) operating system (just a hobby, won't be big and professional …)

— Linus Torvalds, Sunday 25 August 1991, comp.os.minix

…er, well, on Usenet, real time was “a few days”.

Our Hobbyist Culture

I'm doing a (free) operating system (just a hobby, won't be big and professional …)

— Linus Torvalds, Sunday 25 August 1991, comp.os.minix

Hobbyists: People Who Read This

Hobbyists: People Who Bought This

& I had all the source to what was installed on that the device and the ability to recompile my patches and test them. & I did.

Copyleft's First Principle

Copyleft is a strategy of utilizing copyright law to pursue the policy goal of fostering & encouraging the equal & inalienable right to copy, share, modify & improve creative works of authorship. Copyleft … describes any method that utilizes the copyright system to achieve the aforementioned goal. Copyleft as a concept is usually implemented in the details of a specific copyright license … Copyright holders of creative work can unilaterally implement these licenses for their own works to build communities that collaboratively share & improve those copylefted creative works.

— Definition of copyleft from copyleft.org

Software Freedom As Actual First Principle

The right for users to copy, share, modify — and otherwise improve and make effective use of those improvements — should not be infringed.

Copyleft is a strategy to help us achieve that first principle.

So, Is It Working?

We could, and should, consider:

Does copyleft work at all?

Inspect Every Free Software Quantum Reality?

Maybe we could run a parallel universe experiment where all Free Software is under non-copyleft licenses, and another where all are copylefted?

Inspect Every Free Software Quantum Reality?

Even if the many worlds interpretation is correct, we'd change the outcome by observing it anyway.

So, we must simply analyze the world we have… but be careful to question the truthiness and revisionist history.

Should Enforcement Ever Happen?

When asked by David Woodhouse: If you are happy with the status quo, and do not want violators to be brought into compliance …

Greg K. H. answered: I do, but I don't ever think that suing them is the right way to do it, given that we have been very successful so far without having to do that.

From: <20160824174724.GE30853@kroah.com> on ksummit-discuss

Which Quantum Reality Is This, BTW?

But, our community did often enforce the GPL.

& it's been necessary for Linux's success since the advent of the embedded system.

We've Long Benefited from Copyleft Enforcement

In spring 2003, I helped the first coalition of copyright holders, including Erik Andersen of BusyBox, Harald Welte of Linux, enforce the GPL against Cisco/Linksys.

Enforcement Spawns Communities

SVN check-in r1 of the OpenWrt project was the actual source code from the coalition's GPL compliance efforts.

But I'll admit, from a Linux, BusyBox, or Samba developer, most of this source code didn't go upstream.

GPL Is Not Primarily About Upstream

[Those who enforce the GPL] NEVER found any actual useful code that should have gone upstream

— Rob Landley, former BusyBox developer

GPL Is Not Primarily About Upstream

Rob and I spoke at LCA last week, and cleared up this misunderstanding.

The GPL helps code find its way upstream only as a secondary effect of the primary goal: by giving downstream users what they need so they can someday become upstream developers.

Users Deserve The Means of Source Production

complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

— GPLv2§3

Garrett: It's About Downstream Users Who Become Developers


[D]o you want 4 more enterprise clustering filesystems, or another complete rewrite of the page allocator for a 3% performance improvement under a specific database workload, or do you want a bunch of teenagers who grow up hacking this stuff because it's what powers every device they own? Because honestly I think it's the latter that's helped get you [Linux developers] where you are now, and they're not going to be there if the thing that matters to you most is making sure that large companies don't feel threatened rather than making sure that the next 19 year old in a dorm room can actually hack the code on their phone and build something better as a result. It's what brought me here in the first place, and I'm hardly the only one.

— Matthew Garrett, Linux Developer, 26 August 2016

Admittedly, that 19 year old hobbyist won't have what I had at 19:

But they will have this:

& this:

& this:

& this:

Lawsuit Was Needed to Liberate TV Firmware Hacking

The base of this project was the source code released from Conservancy's BusyBox lawsuit against Samsung.

Of Course, Long Ago, It Was Fewer Markets

Harald Welte from 2004–2013 brought 15 GPL enforcement actions (most of which were lawsuits) and mostly against wireless router makers:

Of Course, Long Ago, It Was Fewer Markets

Harald's many enforcement actions (most of which were lawsuits):

  • 2004: Allnet
  • 2004: Asus
  • 2004: SecurePoint
  • 2004: Sitecom
  • 2004: Gigabyte
  • 2004: TomTom
  • 2005: ARP Datacon
  • 2005: Edimax
  • 2005: CeBit
  • 2005: Fortinet
  • 2005: MEDION
  • 2005: Targa
  • 2006: D-Link
  • 2007: Iliad
  • 2011: AVM

Our History is Enforcement

I argue: Linux and other GPL'd software has been successful because enforcement and lawsuits have happened regularly since 2002.

Granted, we can't run a parallel experiment without time travel or access to the quantum “many worlds”.

But, it's clearly pure FUD to argue that GPL enforcement and filing very occasional lawsuits is a new-fangled strategy that endangers Linux.

Because, if so, Linux was so-endangered since 2002.

Meanwhile…

Compliance has become even more rare, and more devices have GPL'd software than ever.

Not just BusyBox and Linux, but Samba, ffmpeg, and many other projects.

This is not just about Linux, but Linux is the kernel of GPL activity because of the obvious: it's a kernel and it's GPL.

Harald Has Moved On

Harald is no longer enforcing for Linux, due to time demands from his other projects.

Conservancy is the only org left doing community-oriented GPL enforcement for Linux.

What do I mean by “community-oriented”?

The Principles of Community-Oriented GPL Enforcement

  • Our primary goal in GPL enforcement is to bring about GPL compliance.
  • Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license.
  • Confidentiality can increase receptiveness and responsiveness.
  • Community-oriented enforcement must never prioritize financial gain.
  • Community-oriented compliance work does not request nor accept payment to overlook problems.
  • Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis.
  • Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.

Full text at sfconservancy.org/linux-compliance/principles.html.

The .01% We Don't Agree On

Greg KH and I agree on 99.99% of GPL enforcement strategy, as we'd do the same in almost all situations.

We differ only on one minor point.

Lawsuits

Companies sue each other all time: there are hundreds of lawsuits between tech companies every year.

If we count at the maximum, we can't even get to 50 lawsuits filed by community actors against GPL violators ever in history.

Yet, we remain under constant political attack because Conservancy has funded exactly one Linux lawsuit: Christoph Hellwig's ongoing case against VMware.

Yet, Even Some Allies Find Fault With:

  • Our primary goal in GPL enforcement is to bring about GPL compliance.
  • Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license.
  • Confidentiality can increase receptiveness and responsiveness.
  • Community-oriented enforcement must never prioritize financial gain.
  • Community-oriented compliance work does not request nor accept payment to overlook problems.
  • Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis.
  • Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.

Some Donors Seek More Aggression

Two donors this year wrote Conservancy to tell us (paraphrased in summary): You do not enforce the GPL aggressively enough to seek money from violators so they fund future enforcement.

The problem is: Despite good GPL-compliant resolution (and, admittedly, settlement funds — fully disclosed on Conservancy's 2011 & 2012 Form 990s) of our one BusyBox lawsuit …

Conservancy has yet (after five years of Linux enforcement) convinced a single violator to comply with Linux's license, because most vendors insist on distributing proprietary Linux modules, and will not fix the problem.

All The Principles Do Matter

  • Our primary goal in GPL enforcement is to bring about GPL compliance.
  • Legal action is a last resort. Compliance actions are primarily education and assistance processes to aid those who are not following the license.
  • Confidentiality can increase receptiveness and responsiveness.
  • Community-oriented enforcement must never prioritize financial gain.
  • Community-oriented compliance work does not request nor accept payment to overlook problems.
  • Community-oriented compliance work starts with carefully verifying violations and finishes only after a comprehensive analysis.
  • Community-oriented compliance processes should extend the benefit of GPLv3-like termination, even for GPLv2-only works.

If You Like This Approach, You Can Donate

I hate asking individuals to fund Conservancy's GPL compliance work…

… but the alternative lead so to easily to corruption (and we've seen such in a few places).

So, if you want Conservancy to not give up on Linux compliance efforts, I do have to ask that you donate.

Conservancy Donations Matched For One Week

Yes, We Think Enforcement's More Work Than It Should Be

Karen and I don't actually like GPL enforcement:

  • It's boring.
  • It's politically dangerous for our careers and our organization.
  • Speaking for just me, I'd actually rather be a developer.

I Wish It Worked This Way

In my pre-FOSDEM interview, the conference organizers asked:
it's fair to say that most FLOSS developers don't follow the debates about copyleft licenses and their enforcement, they merely want their code to remain forever free.

I answered:

ABSOLUTELY! but

Copyleft is not magic pixie dust.

Just so we're clear: This Is What We Care About

Karen and I have been accused about caring more about copyleft than Linux.

The FUD implication is that we want to “sacrifice Linux at the holy altar of the GPL.

Linux is a bunch of code and copyrights that happen to be GPL'd; the GPL is just a tool design.

Code and licenses are ephemeral anyway; what Karen and I care about is the long-term freedom of users and developers to copy, share, modify and distribute software.

We care that new developers can hack their devices and join this community without having to use or develop proprietary software.

The Future of Copyleft Is Yours

Ultimately, Conservancy acts on behalf of developers who hold copyrights and ask us to act… but there are fewer of you left that actually want Linux to be GPL'd.

Thus, the future belongs to copyleft developers, assuming you can hold on to it…

For-Profit companies & their Trade Associations May Decide the Future Of Linux licensing

Individual Developers Should Decide How GPL works For Their Users

Linus himself told me that he hated copyright assignment and felt that every developer should keep their own copyrights and decide for themselves how, when, and who should enforce GPL.

We at Conservancy agree about that.

Developers with copyrights have chosen us to act on their behalf, so we do: that's our mandate.

Time will show if we get a bigger mandate (more developers sign up with our coalitions), or folks leave our coalitions.

As it stands, our coalitions are insisting that we keep going even in the face of the political battleground (which was created by those who oppose GPL).

Conservancy As an Agent of Developers

Ultimately, Conservancy does what our member projects ask us to do, and this is just one of many things we do to advance software freedom.

In addition to worrying about the logistics of projects to run conferences and all the other mundane but essential things we do.

We also stand in opposition to actions in the world that harm our community's diversity and freedom of action and thought:

Conservancy Opposes U.S. Presidential Executive Order on Immigration

January 30, 2017

Moreover, [Conservancy] houses dozens of member projects that develop free and open source software … developers live around the world, collaborating thanks to licenses that give them equal rights … in-person conferences are crucial to their work … many of those developers have found employment in the U.S. … prohibiting arbitrary groups from traveling to the U.S. destroys these opportunities. It exacerbates the very inequalities that free software strives against.

Full statement at: sfconservancy.org/news/2017/jan/30/opposing-us-immigration-ban/

‘Baffled” Is a Sane Reaction To This

Living in the USA is a strange experience these days, not unlike the way it feels to be in the midst of copyleft politics.

Conservancy hosts compliance feedbacks session that bring overwhelming positive response, yet…

companies & trade associations that oppose enforcement reach new heights of criticism monthly.

Why? I dunno. My guess is they fear that developers will wake up and realize that the code should belong to developers, not to companies, and will ask for control back.

So, Take It Back

So, I encourage you to wake up, demand your copyrights back, and use the licensing strategy you think is best for long-term software freedom.

If we're going to succeed, it will depend on this.

More Info / Talk License

URLs / Social Networking / Email:

Presentation and slides are: Copyright © 2015, 2016 Bradley M. Kuhn, and are licensed under the Creative Commons Attribution-Share Alike 4.0 International License.