From 7ac2f13099b4b772c73523bbc17e14c24d18498a 2020-10-01 17:52:25 From: Bradley M. Kuhn Date: 2020-10-01 17:52:25 Subject: [PATCH] Copyleft Compliance: Minor rewrite of firmware liberation This rewrite should improve the stand-alone nature of these documents and allow for better integration with other summary text and announcements on the website. Note that they have now drifted heavily from the original formulation of the items as grant proposals. --- diff --git a/www/conservancy/static/copyleft-compliance/firmware-liberation.html b/www/conservancy/static/copyleft-compliance/firmware-liberation.html index e9f608bc2406985260ce27c6595f255702ba4675..c86c0daacc3f5e47779921a05289f77977eaab1b 100644 --- a/www/conservancy/static/copyleft-compliance/firmware-liberation.html +++ b/www/conservancy/static/copyleft-compliance/firmware-liberation.html @@ -5,62 +5,30 @@

Firmware Liberation Project

-

Brief History of OpenWRT

- -

The spring of 2003 was a watershed moment for software freedom on - electronic devices. 802.11 wireless technology had finally reached the - mainstream, and wireless routers for home use had flooded the market - earlier in the year. By June - 2003, the - general public knew that Linksys (a division of Cisco) was violating the - GPL on their WRT54G model wireless routers. Hobbyists discovered that - Linux, BusyBox and many GNU programs were included in the router, but - Linksys and Cisco had failed to provide source code or any offer for source - code to its customers. Linksys had violated the GPL, the license of these - projects.

- -

A coalition successfully enforced the GPL in this case, and Linksys - released source code. A group of - volunteers quickly built a new project, called OpenWRT based on that - source release. In the years that have followed, OpenWRT has been ported to - almost every major wireless router product. Now, more than 15 years later, - the OpenWRT project routinely utilizes GPL source releases to build, - improve and port OpenWRT. OpenWRT has spurred companies to create better - routers.

+Conservancy plans to select a class of product in the Linux-based embedded +system space. For this product, Conservancy will launch, or assist, a +project that creates a functioning alternative firmware for those devices. +The promise of GPL enforcement is only realized through actual, practical use +and improvement of the released software for users.

GPL Enforcement Needs Follow-Through

Simply enforcing the GPL is an important first step, and Conservancy - continues our efforts in that regard. However, - the success found with OpenWRT can be replicated only if there is - substantial effort after enforcement occurs to turn the - compliant source release into a viable alternative firmware for the - platform.

+ continues our efforts in that + regard. However, We can + replicate the + success found with OpenWRT only by a substantial + effort after enforcement occurs to turn the compliant + source release into a viable alternative firmware for the platform.

Conservancy has seen non-compliant Linux-based firmwares on refrigerators, baby monitors, virtual assistants, soundbars, doorbells, home security - cameras, police body cameras, cars, AV receivers, and televisions.

- -

This wide deployment of general purpose computers into mundane household - devices has profound privacy and consumer rights - implications. Home security cameras are routinely compromised - — invading the privacy and security of individual homes. Even when - companies succeed in keeping out third parties, consumers - are pressured - by camera makers to automatically upload their videos to local - police. Televisions - routinely spy - on consumers for the purposes of marketing and massive data - collection.

- -

“Internet of Things” firmware should never rely on one vendor — even the - vendor of the hardware itself. This centralized approach is brittle and - inevitably leads to invasions of the public’s privacy and loss of control of their - technology. Conservancy plans to address this issue in the manner that the - FOSS community knows best: put one foot in front of the other, and work to - create FOSS for every possible task that users want to accomplish. For IoT - devices, this means creating alternative firmware in the same manner that - OpenWRT has done for wireless routers.

+ cameras, police body cameras, cars, AV receivers, and televisions. We + believe that building an alternative firmware for one of these classes of + devices — or joining our work with an existing alternative firmware project + that is struggling due to lack of sources available — will lead to + more palatable software freedom for users of these device.

+

Limited Success of Alternative Hardware

@@ -72,9 +40,13 @@

Nevertheless, we remain ever-cognizant that FOSS succeeded on servers, laptop, desktop, and wireless router computers precisely because - users could buy commodity hardware at any store and install FOSS. There is - no complete, operational base operating system for most IoT devices on the - market.

+ users could buy commodity hardware at any store and install FOSS + alternatives to the vendor-provided software. Throughout the history of + FOSS, most new users who seek to experience software freedom want to do so + with their existing devices first. Many don't even know much about the + issues involved in software liberation until they've already purchased + hardware. Conservancy therefore believes support of alternative + firmwares for such devices is paramount.

Demonstrating the power of software freedom

@@ -111,21 +83,23 @@

Second, depending on what subindustry (i.e., specific class of devices) seems most responsive to increased enforcement activity and willing to provide compliant source releases quickly, we will launch, coordinate and - fund an alternative firmware project for that class.

+ fund an alternative firmware project for that class, or, if appropriate, + merge our efforts with an existing alternative firmware project for that + class of device.

Leveraging on Increased Enforcement

-

Conservancy plans to select a specific - violation and engage in litigation. Based on past experience, we expect - that the press and attention to that ongoing litigation will yield - increased responsiveness by violators throughout the industry. (A similar - outcome occurred after our litigation in 2006.) This expected change in - behavior will open opportunities to replicate the OpenWRT approach in - another embedded electronic subindustry. Fast action will be necessary; - most IoT products have an 18 month lifecycle, so we seek to quickly - identify the right subindustry, gain compliance there, and move on to the - next phase.

+

Conservancy already plans to select a + specific violation and engage in litigation. Based on past experience, + we expect that the press and attention to that ongoing litigation will + yield increased responsiveness by violators throughout the industry. (A + similar outcome occurred after our BusyBox-related litigation in 2006.) + This expected change in behavior will open opportunities to replicate the + OpenWRT approach in another embedded electronic subindustry. Fast action + will be necessary; most IoT products have an 18 month lifecycle, so we seek + to quickly identify the right subindustry, gain compliance there, and move + on to the next phase.

Funding Firmware Liberation

@@ -153,10 +127,10 @@ infrastructure for the project. The goal is to build a firm base that draws volunteers to the project. We know that sustaining funding over long periods for a grassroots hobbyist activity is quite challenging; we seek to - use this grant to bootstrap and catalyze interest and contribution to the - project. Ideally, Conservancy would run the project with a single full-time - staffer for about a year, and achieve a volunteer base sufficient to - reduce funding to one part-time staffer.

+ bootstrap and catalyze interest and contribution to the project. Ideally, + Conservancy would run the project with a single full-time staffer for about + a year, and achieve a volunteer base sufficient to reduce funding to one + part-time staffer.

Criteria for Device Selection