0 1 0
Bradley M. Kuhn - 4 months ago 2020-07-17 20:13:45
bkuhn@sfconservancy.org
Copyleft Compliance: Minor rewrite of firmware liberation This rewrite should improve the stand-alone nature of these documents and allow for better integration with other summary text and announcements on the website. Note that they have now drifted heavily from the original formulation of the items as grant proposals.
1 file changed with 41 insertions and 67 deletions:
↑ Collapse Diff ↑
...
 
@@ -5,62 +5,30 @@
5 5
 

	
6 6
 
<h1 id="software-freedom-conservancy-proposal-for-firmware-liberation-project">Firmware Liberation Project</h1>
7 7
 

	
8
 
<h2 id="brief-history-of-openwrt">Brief History of OpenWRT</h2>
9
 

	
10
 
<p>The spring of 2003 was a watershed moment for software freedom on
11
 
  electronic devices. 802.11 wireless technology had finally reached the
12
 
  mainstream, and wireless routers for home use had flooded the market
13
 
  earlier in the year. By June
14
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
15
 
    general public knew that Linksys (a division of Cisco) was violating the
16
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered that
17
 
  Linux, BusyBox and many GNU programs were included in the router, but
18
 
  Linksys and Cisco had failed to provide source code or any offer for source
19
 
  code to its customers. Linksys had violated the GPL, the license of these
20
 
  projects.</p>
21
 

	
22
 
<p>A coalition successfully enforced the GPL in this case, and Linksys
23
 
  released source code. A <a href="https://openwrt.org/about/history">group of
24
 
    volunteers quickly built a new project, called OpenWRT</a> based on that
25
 
  source release. In the years that have followed, OpenWRT has been ported to
26
 
  almost every major wireless router product. Now, more than 15 years later,
27
 
  the OpenWRT project routinely utilizes GPL source releases to build,
28
 
  improve and port OpenWRT. OpenWRT has spurred companies to create better
29
 
  routers.</p>
8
 
Conservancy plans to select a class of product in the Linux-based embedded
9
 
system space.  For this product, Conservancy will launch, or assist, a
10
 
project that creates a functioning alternative firmware for those devices.
11
 
The promise of GPL enforcement is only realized through actual, practical use
12
 
and improvement of the released software for users.
30 13
 

	
31 14
 
<h2 id="gpl-enforcement-needs-follow-through">GPL Enforcement Needs Follow-Through</h2>
32 15
 

	
33 16
 
<p>Simply enforcing the GPL is an important first step, and Conservancy
34
 
  <a href="enforcement-strategy.html">continues our efforts in that regard</a>. However,
35
 
  the success found with OpenWRT can be replicated <em>only if</em> there is
36
 
  substantial effort <strong>after</strong> enforcement occurs to turn the
37
 
  compliant source release into a viable alternative firmware for the
38
 
                                           platform.</p>
17
 
  <a href="enforcement-strategy.html">continues our efforts in that
18
 
  regard</a>. However, We can
19
 
  replicate <a href="/copyleft-compliance/enforcement-strategy.html#brief-history-of-user-focused-gpl-enforcement">the
20
 
  success found with OpenWRT</a> <em>only by</em> a substantial
21
 
  effort <strong>after</strong> enforcement occurs to turn the compliant
22
 
  source release into a viable alternative firmware for the platform.</p>
39 23
 
                                           
40 24
 
<p>Conservancy has seen non-compliant Linux-based firmwares on refrigerators,
41 25
 
  baby monitors, virtual assistants, soundbars, doorbells, home security
42
 
  cameras, police body cameras, cars, AV receivers, and televisions.</p>
43
 

	
44
 
<p>This wide deployment of general purpose computers into mundane household
45
 
  devices has profound privacy and consumer rights
46
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
47
 
  — invading the privacy and security of individual homes. Even when
48
 
  companies succeed in keeping out third parties, consumers
49
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
50
 
    by camera makers</a> to automatically upload their videos to local
51
 
  police. Televisions
52
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
53
 
    on consumers for the purposes of marketing and massive data
54
 
    collection</a>.</p>
55
 

	
56
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
57
 
  vendor of the hardware itself. This centralized approach is brittle and
58
 
  inevitably leads to invasions of the public’s privacy and loss of control of their
59
 
  technology. Conservancy plans to address this issue in the manner that the
60
 
  FOSS community knows best: put one foot in front of the other, and work to
61
 
  create FOSS for every possible task that users want to accomplish. For IoT
62
 
  devices, this means creating alternative firmware in the same manner that
63
 
  OpenWRT has done for wireless routers.</p>
26
 
  cameras, police body cameras, cars, AV receivers, and televisions.  We
27
 
  believe that building an alternative firmware for one of these classes of
28
 
  devices &mdash; or joining our work with an existing alternative firmware project
29
 
  that is struggling due to lack of sources available &mdash; will lead to
30
 
  more palatable software freedom for users of these device.</p>
31
 

	
64 32
 

	
65 33
 
<h2 id="limited-success-of-alternative-hardware">Limited Success of
66 34
 
  Alternative Hardware</h2>
...
 
@@ -72,9 +40,13 @@
72 40
 

	
73 41
 
<p>Nevertheless, we remain ever-cognizant that FOSS succeeded on servers,
74 42
 
  laptop, desktop, and wireless router computers <em>precisely</em> because
75
 
  users could buy commodity hardware at any store and install FOSS. There is
76
 
  no complete, operational base operating system for most IoT devices on the
77
 
  market.</p>
43
 
  users could buy commodity hardware at any store and install FOSS
44
 
  alternatives to the vendor-provided software.  Throughout the history of
45
 
  FOSS, most new users who seek to experience software freedom want to do so
46
 
  with their existing devices first.  Many don't even know much about the
47
 
  issues involved in software liberation <em>until they've already purchased
48
 
  hardware</em>.  Conservancy therefore believes support of alternative
49
 
  firmwares for such devices is paramount.</p>
78 50
 

	
79 51
 
<h3 id="demonstrating-the-power-of-software-freedom">Demonstrating the power
80 52
 
  of software freedom</h3>
...
 
@@ -111,21 +83,23 @@
111 83
 
<p>Second, depending on what subindustry (i.e., specific class of devices)
112 84
 
  seems most responsive to increased enforcement activity and willing to
113 85
 
  provide compliant source releases quickly, we will launch, coordinate and
114
 
  fund an alternative firmware project for that class.</p>
86
 
  fund an alternative firmware project for that class, or, if appropriate,
87
 
  merge our efforts with an existing alternative firmware project for that
88
 
  class of device.</p>
115 89
 

	
116 90
 
<h2 id="leveraging-on-increased-enforcement">Leveraging on Increased
117 91
 
  Enforcement</h2>
118 92
 

	
119
 
<p><a href="enforcement-strategy.html">Conservancy plans to select a specific
120
 
  violation and engage in litigation.</a> Based on past experience, we expect
121
 
  that the press and attention to that ongoing litigation will yield
122
 
  increased responsiveness by violators throughout the industry. (A similar
123
 
  outcome occurred after our litigation in 2006.) This expected change in
124
 
  behavior will open opportunities to replicate the OpenWRT approach in
125
 
  another embedded electronic subindustry. Fast action will be necessary;
126
 
  most IoT products have an 18 month lifecycle, so we seek to quickly
127
 
  identify the right subindustry, gain compliance there, and move on to the
128
 
  next phase.</p>
93
 
<p><a href="enforcement-strategy.html">Conservancy already plans to select a
94
 
  specific violation and engage in litigation.</a> Based on past experience,
95
 
  we expect that the press and attention to that ongoing litigation will
96
 
  yield increased responsiveness by violators throughout the industry. (A
97
 
  similar outcome occurred after our BusyBox-related litigation in 2006.)
98
 
  This expected change in behavior will open opportunities to replicate the
99
 
  OpenWRT approach in another embedded electronic subindustry. Fast action
100
 
  will be necessary; most IoT products have an 18 month lifecycle, so we seek
101
 
  to quickly identify the right subindustry, gain compliance there, and move
102
 
  on to the next phase.</p>
129 103
 

	
130 104
 
<h3 id="funding-firmware-liberation">Funding Firmware Liberation</h3>
131 105
 

	
...
 
@@ -153,10 +127,10 @@
153 127
 
  infrastructure for the project. The goal is to build a firm base that draws
154 128
 
  volunteers to the project. We know that sustaining funding over long
155 129
 
  periods for a grassroots hobbyist activity is quite challenging; we seek to
156
 
  use this grant to bootstrap and catalyze interest and contribution to the
157
 
  project. Ideally, Conservancy would run the project with a single full-time
158
 
  staffer for about a year, and achieve a volunteer base sufficient to
159
 
  reduce funding to one part-time staffer.</p>
130
 
  bootstrap and catalyze interest and contribution to the project. Ideally,
131
 
  Conservancy would run the project with a single full-time staffer for about
132
 
  a year, and achieve a volunteer base sufficient to reduce funding to one
133
 
  part-time staffer.</p>
160 134
 

	
161 135
 
<h3 id="criteria-for-device-selection">Criteria for Device Selection</h3>
162 136
 

	
0 comments (0 inline, 0 general)