Another Netfilter GPL enforcement
[Editor's note: the following article was sent to us by Harald Welte, the leader of the Netfilter project.]
Two weeks ago you might have read about the netfilter/iptables project having resolved a GPL infringement case by a German networking gear vendor called Allnet. Today, the netfilter/iptables project made a similar announcement. The major difference: This time it's not about some unknown German company, but a large international hardware vendor: Fujitsu Siemens Computers (http://www.fujitsu-siemens.com).
So you might ask yourself: Why is there a sudden rise in pushing for GPL enforcement by the netfilter/iptables project? The remainder of this article will try to give you an answer from the project's point of view.
Everything started with the (in)famous Linksys WRT54G case. First postings about this issue are dating back to 7 June 2003 (http://lwn.net/Articles/35713/). Shortly thereafter, an FSF-led alliance for making Linksys comply to the GPL was formed. Since Linksys used netfilter/iptables to implement packet filtering and NAT on their device, the netfilter core team was invited to join that alliance. Initially this seemed like great idea. The head of the netfilter core team joined that alliance and provided information about how netfilter/iptables code was used. Even one of our GPL-licensed libraries had been linked into a proprietary, binary-only library.
Two months after first contact between the FSF-led alliance and Linksys, they finally published some code. This was just some random kernel source, and utterly incomplete (see http://lwn.net/Articles/51399/ and http://lwn.net/Articles/53140/). Despite a statement by the Cisco legal director about their world-class leading GPL compliance, it took them four months to provide a full source code release. To my knowledge, no compensation was paid, and none of the previous customers had been informed about their rights and obligations under the GPL.
The result is clear: The 'soft pressure' way of pushing for license compliance doesn't work. In fact, it encourages vendors to violate the GPL in the first place. They don't lose anything by not complying with the license. First, they release an infringing product. Second, somebody has to find out that they use GPL licensed code. Then, one of the original authors has to push for license compliance. The vendor would then further delay that issue for any time he wishes, and in the end he finally makes a source code release. But by having not lost anything in this strategy, why would he even bother complying with the GPL next time?
Meanwhile, more and more embedded networking devices like WLAN access points or DSL routers turned out to use netfilter/iptables without complying with the GPL license terms. Dissatisfied with the FSF way of GPL enforcement, the netfilter core team decided to take legal action against Allnet GmbH in Germany. We were prepared to apply for a preliminary injunction banning them from further sale of their devices.
Luckily, Allnet replied immediately to the warning notice, and they were very interested in resolving this issue out-of-court. Our main goal was and is to make people comply with the the GPL license terms. It is not in our intent to harass commercial users of netfilter/iptables, or to try to squeeze money out of them. All we're asking for is license compliance. If those vendors were using some proprietary licensed code, they would also have to comply with its license. Why should they allowed to behave different in case of the GPL?
Allnet understood and even agreed to inform all prior commercial buyers of the respective products. In addition, they show their support for free software by making donations to respected charities in the free software world.
Encouraged by this first settlement, we decided to go after every single infringing use of netfilter/iptables code we are aware of. From your author's point of view, this is the only way of raising conciousness about free software licensing in corporate management.
Fujitsu-Siemens was next on the list, and resolved in an equally friendly way.
Many more are pending, stay tuned.
Posted Mar 2, 2004 20:32 UTC (Tue)
by mongre26 (guest, #4224)
[Link] (2 responses)
I suspect however that this most recent triumph of the GPL will be overlooked when the next "GPL not tested in court" FUD comes out. "For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill."
Posted Mar 3, 2004 11:01 UTC (Wed)
by eru (subscriber, #2753)
[Link] (1 responses)
To counter it, it would be useful if some well-known web site listed a comprehensive collection of the publicly known cases where a GPL violation has been resolved out of court. At least it would demonstrate that "untested in court" does not equal "ineffective".
A question for lawyers (or armchair lawyers): assuming that GPL keeps this "untested in court but still obeyed" status for a long time, would it count as precendent in an eventual court case? I'm aware this depends on the jurisdiction. In the old Swedish legal system, on which Finnish law is also based, "customs of the land" were considered as legally binding, if they are consistent, and there is no other applicable law. That advice can still be found in the prologue of Finnish law books, although I don't know if it affects rulings any more, especially as there are now laws about almost everything unlike in the old days. But a judge trying to make sense of a GPL violation case might make use of it.
Posted Mar 3, 2004 20:13 UTC (Wed)
by oak (guest, #2786)
[Link]
"You're using our copyrighted works, have you a license?" "Are you complying with it?" Case closed. See Eben Moglen's excellent article on What's Free:
Posted Mar 2, 2004 20:55 UTC (Tue)
by Carl (guest, #824)
[Link] (7 responses)
Posted Mar 2, 2004 21:16 UTC (Tue)
by mongre26 (guest, #4224)
[Link] (4 responses)
One would think that after the successful efforts with Linksys this past summer that these other companies would have seen the writing on the wall and quickly announced their compliance with the GPL. Perhaps now that two more companies have been shown their obligations and have publicly stated they will comply with the GPL more companies will clue in. In the long run I hope that such publicity will mean that there will be much less need to even warn companies. Hopefully with press releases like those from the netfilter team companies will realize that while they do not have much in the way of financial obligations when using GPL software they nonetheless have other obligations they must meet to make use of this amazing resource that is Free Software.
Posted Mar 2, 2004 21:53 UTC (Tue)
by laf0rge (subscriber, #6469)
[Link] (3 responses)
But all we can do is go to the vendors that sell us the devices under their name. They can (and should) in turn recourse against the .tw vendor. This is the only way we can actually rach the ones who started infringement. I believe companies like FSC (who actually have a completely different hardware and software design than all the others) that they didn't intentionally violate the GPL. They 'just' resell those .tw devices and dont't know what software is in there. By threatening them with legal action, we raise awareness in the legal and management department of those vendors. Next time they sign a contract with a .tw producer, they'd hopefully be more careful on what they're buying. It's not sufficient that some technical support staff knows that there is a GPL and there theoretically are some obligations. Precise knowledge about the obligations has to become aware in the non-technical departments.
Posted Mar 3, 2004 8:20 UTC (Wed)
by fooker (guest, #14834)
[Link] (2 responses)
FYI, the 'Made in Taiwan' tag just means that the devices are manufactured in Taiwan. One can't tell where they are designed. According to your logic most of the big IC companies 'just' resell taiwanese devices with their name slapped on the package. I would suspect that companies whose whole product set consists of network devices would design them in-house. Thus being the original copyright infringers. No shady foreign pirates involved.
You are accusing Taiwan so enthusiasticly that I would assume you have some facts to back up your claims. Or that you had your tinfoil hat on when writing the article.
PS. I was able to decode your 'clever' obfusciation of the country name :-)
Posted Mar 3, 2004 9:55 UTC (Wed)
by laf0rge (subscriber, #6469)
[Link]
From the FSF enforcement in the Linksys case we know that the original design of the device (the same as Allnet, Buffalo, Belkin and a couple of others) came from Broadcom. In fact, I also know that Broadcom required at least one of their customers to sign an NDA _not_ to release any of the source code. An I am not accusing Taiwan as a country, nor the Taiwanese people. I am accusing the business practise of Taiwanese hardware vendors. And not to care about copyright (and thus the GPL) appears to be more common than actually caring about it.
Posted Mar 3, 2004 15:33 UTC (Wed)
by baruch (guest, #14769)
[Link]
The way I saw it, Linksys et al are only OEMs for hardware developed by ODMs from taiwan, Linksys will mostly supply the requirements and final acceptance testing, hardly any (if at all) development is done in-house. The general thought-line regarding GPL was: "If we are not forced, we'll do nothing to release back source code of GPL parts". There was though a clear attempt to make as little code be forced into openness.
Posted Mar 2, 2004 22:58 UTC (Tue)
by coriordan (guest, #7544)
[Link]
Posted Mar 3, 2004 6:46 UTC (Wed)
by AnswerGuy (subscriber, #1256)
[Link]
My making a few public examples they are hoping to reduce the enforcement costs and efforts that are necessary by making non-compliance more expensive.
It seems that FSC's lawyers found the strength of the GPL compelling enough to settle without a fight and agree to fully comply with the GPL. Once again the GPL demonstrates its formidable strength by ensuring the rights of copyright holders without going to court. Another Netfilter GPL enforcement
- Sun Tzu
I suspect however that this most recent triumph of the GPL will be overlooked when the next "GPL not tested in court" FUD comes out.
Another Netfilter GPL enforcement
GPL doesn't need to be tested in court. It goes like this:Another Netfilter GPL enforcement
-> No, we're violating your copyright
-> Yes, it's GPL
-> No (i.e. their license is not valid and again they're violating the copyright)
-> Yes, we're complying with it
It's in *defendent*'s best interests to argue that GPL is a valid license, otherwise they would be in copyright violation.
http://emoglen.law.columbia.edu/publications/maine-speech.html
What would be nice is an interview with someone from the FSF GPL-compliance lab about the difference in approach. I think that the way the FSF handled these things of settling out of court and no publicity so the companies involved weren't to embarrassed to cooperate is a realy nice thing to do. One thing I really dislike about the proprietary world was this constant legal treatening and calling people pirates. The FSF way of talking and making companies think about sharing is nice. I actually hope all the legal enforcement isn't necessary. But maybe the Netfilter team has a point. The publicity does make me proud that we have achieved something with the GPL.
Another Netfilter GPL enforcement
The other thing to consider is that there have been several of these router companies that have used GPL'd software and they have consistently ignored the requirements of the GPL. Another Netfilter GPL enforcement
In the end it seems that it was only a very small number of companies. Most of the WLAN routers are built from the same design, and it appears to me that Linksys, Belkin, Buffalo, Allnet and ASUS are all OEM versions of some unknown .tw producer. They get sligthly different firmware images, differntly-shaped cases and differnent vendor tags. Another Netfilter GPL enforcement
Another Netfilter GPL enforcement
I can back up my claims. From the FSC and Allnet negotiations we know that they both bought ready-built devices. FSC bought from a .tw company, which themselves bought from another .tw company. The original .tw company did have a GPL disclaimer, but the second one missed to forward it to FSC.Another Netfilter GPL enforcement
I have worked in a company that supplied software to the taiwanesse companies that developed the hardware for various resellers.Another Netfilter GPL enforcement
Here's a page with recordings of talks from LSM-2003. David Turner is the FSF's GPL compliance engineer, and his talk is about just that.
Another Netfilter GPL enforcement
As stated in the articles the Netfilter team has elected this strategy for a few profile cases in order to have a deterrent effect.Deterrent Effect
Settling for some donations to appropriate causes also defrays some of the incurred costs of enforcment, so more energy and capital can be devouted to achiving technical goals.