0 1 0
Bradley M. Kuhn - 4 months ago 2020-07-17 20:11:46
bkuhn@sfconservancy.org
Copyleft Compliance: Minor rewrite of strategy & firmware liberation This rewrite should improve the stand-alone nature of these documents and allow for better integration with other summary text and announcements on the website. Note that they have now drifted heavily from the original formulation of the items as grant proposals.
1 file changed with 81 insertions and 83 deletions:
↑ Collapse Diff ↑
...
 
@@ -5,15 +5,14 @@
5 5
 

	
6 6
 
<h1 id="software-freedom-conservancy-proposal-for-gpl-enforcement-grant">History and Future Strategy</h1>
7 7
 

	
8
 
<p>The Software Freedom Conservancy is a 501(c)(3) non-profit charity
9
 
  registered in New York.  Founded in 2006, Conservancy helps people take control
10
 
  of their computing by growing the software freedom movement, supporting
11
 
  community-driven alternatives to proprietary software, and defending free
12
 
  software with practical initiatives.  Conservancy accomplishes these goals
13
 
  with various initiatives including fiscal sponsorship, licensing and project
14
 
  governance policy, and public advocacy.  Some of Conservancy's most important
15
 
  licensing policy work involves defending and upholding the rights of
16
 
  software users and consumers under copyleft licenses, such as the GPL.</p>
8
 
<p>As existing donors and supporters know, the Software Freedom Conservancy
9
 
  is a 501(c)(3) non-profit charity registered in New York, and Conservancy
10
 
  helps people take control of their computing by growing the software
11
 
  freedom movement, supporting community-driven alternatives to proprietary
12
 
  software, and defending free software with practical initiatives.
13
 
  Conservancy accomplishes these goals with various initiatives, including
14
 
  defending and upholding the rights of software users and consumers under
15
 
  copyleft licenses, such as the GPL.</p>
17 16
 

	
18 17
 
<h2 id="brief-history-of-user-focused-gpl-enforcement">Brief History of
19 18
 
  User-Focused GPL Enforcement</h2>
...
 
@@ -23,28 +22,28 @@
23 22
 
  mainstream, and wireless routers for home use had flooded the market
24 23
 
  earlier in the year. By June
25 24
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
26
 
    general public knew that Linksys (a division of Cisco) was violating the
27
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered
28
 
  (rather easily) that Linux, BusyBox and many GNU programs were included in
29
 
  the router, but Linksys and Cisco had failed to provide source code or any
30
 
  offer for source code to its customers.</p>
25
 
  general public knew that Linksys (a division of Cisco) was violating the
26
 
  GPL</a> on their WRT54G model wireless routers. Hobbyists discovered
27
 
  (rather easily) that Linux and BusyBox were included in the router, but
28
 
  Linksys and Cisco had failed to provide source code or any offer for source
29
 
  code to its customers.</p>
31 30
 

	
32 31
 
<p>A coalition formed made up of organizations and individuals — including
33 32
 
  Erik Andersen (major contributor to and former leader of the BusyBox
34 33
 
  project) and Harald Welte (major contributor to Linux’s netfilter
35 34
 
  subsystem) — to enforce the
36 35
 
  GPL. <a href="https://sfconservancy.org/about/staff/#bkuhn">Bradley
37
 
    M. Kuhn</a>, who is now Conservancy’s Policy Analyst and
38
 
  Hacker-in-Residence, led and coordinated that coalition when he was
39
 
  Executive Director of the FSF. By early 2004, this coalition, through the
36
 
  M. Kuhn</a>, who is now Conservancy’s Policy Analyst and
37
 
  Hacker-in-Residence, led and coordinated that coalition (when he was
38
 
  Executive Director of the FSF). By early 2004, this coalition, through the
40 39
 
  process of GPL enforcement, compelled Linksys to release an
41 40
 
  almost-GPL-compliant source release for the
42 41
 
  WRT54G. A <a href="https://openwrt.org/about/history">group of volunteers
43
 
    quickly built a new project, called OpenWRT</a> based on that source
42
 
  quickly built a new project, called OpenWRT</a> based on that source
44 43
 
  release. In the years that have followed, OpenWRT has been ported to almost
45
 
  every major wireless router product. Now, more than 15 years later, the
44
 
  every major wireless router product.  Now, more than 15 years later, the
46 45
 
  OpenWRT project routinely utilizes GPL source releases to build, improve
47
 
  and port OpenWRT. The project has also joined coalitions to fight the FCC
46
 
  and port OpenWRT.  The project has also joined coalitions to fight the FCC
48 47
 
  to ensure that consumers have and deserve rights to install modified
49 48
 
  firmwares on their devices and that such hobbyist improvements are no
50 49
 
  threat to spectrum regulation.</p>
...
 
@@ -58,12 +57,12 @@
58 57
 
  create hardware that fully supports OpenWRT’s features and improvements
59 58
 
  (such as dealing
60 59
 
  with <a href="https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm">the
61
 
    dreaded “bufferbloat” bugs</a>). This interplay between the hobbyist
60
 
  dreaded “bufferbloat” bugs</a>). This interplay between the hobbyist
62 61
 
  community and for-profit ventures promotes innovation in
63 62
 
  technology. Without both permission <em>and</em> the ability to build and
64 63
 
  modify the software on their devices, the hobbyist community
65
 
  shrinks. Eventually, instead of encouraging people to experiment with their
66
 
  devices, hobbyists are limited by the oft-arbitrary manufacturer-imposed
64
 
  shrinks. Without intervention to assure companies respect the hobbyist
65
 
  community, hobbyists are limited by the oft-arbitrary manufacturer-imposed
67 66
 
  restraints in the OEM firmware. OpenWRT saved the wireless router market
68 67
 
  from this disaster; we seek to help other embedded electronic subindustries
69 68
 
  avoid that fate. The authors of GPL’d software chose that license so its
...
 
@@ -87,8 +86,8 @@
87 86
 
  firmware that works on that era of Samsung televisions and allows consumers
88 87
 
  to modify and upgrade their firmware using FOSS.</p>
89 88
 

	
90
 
<p>Harald Welte also continued his efforts during the early and mid-2000s
91
 
  after the Linksys enforcement through
89
 
<p>Harald Welte also continued his efforts during the early and mid-2000s,
90
 
  after the Linksys enforcement, through
92 91
 
  his <a href="https://gpl-violations.org/">gpl-violations.org
93 92
 
    project</a>. Harald successfully sued many companies (mostly in the
94 93
 
  wireless router industry) in Germany to achieve compliance and yield source
...
 
@@ -97,25 +96,25 @@
97 96
 
<h2 id="importance-of-linux-enforcement-specifically">Importance of Linux Enforcement Specifically</h2>
98 97
 

	
99 98
 
<p>In recent years, embedded systems technology has expanded beyond wireless
100
 
  routers to so-called “Internet of Things” devices designed for connectivity
101
 
  with other devices in the home and to the “Cloud”. Consumer electronics
102
 
  companies now feature and differentiate products based on Internet
103
 
  connectivity, and related services. Conservancy has seen Linux-based
104
 
  firmwares on refrigerators, baby monitors, virtual assistants, soundbars,
105
 
  doorbells, home security cameras, police body cameras, cars, AV receivers,
106
 
  and televisions.</p>
107
 

	
108
 
<p>This wide deployment of general purpose computers into mundane household
109
 
  devices raises profound privacy and consumer rights
99
 
  routers to so-called “Internet of Things” (IoT) devices designed for
100
 
  connectivity with other devices in the home and to the “Cloud”. Consumer
101
 
  electronics companies now feature and differentiate products based on
102
 
  Internet connectivity and related services. Conservancy has seen
103
 
  Linux-based firmwares on refrigerators, baby monitors, virtual assistants,
104
 
  soundbars, doorbells, home security cameras, police body cameras, cars, AV
105
 
  receivers, and televisions.</p>
106
 

	
107
 
<p>This wide deployment of general purpose computers into
108
 
  mundane household devices raises profound privacy and consumer rights
110 109
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
111 110
 
  — invading the privacy and security of individual homes. Even when
112 111
 
  companies succeed in keeping out third parties, consumers
113 112
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
114
 
    by camera makers</a> to automatically upload their videos to local
113
 
  by camera makers</a> to automatically upload their videos to local
115 114
 
  police. Televisions
116 115
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
117
 
    on consumers for the purposes of marketing and massive data
118
 
    collection</a>.</p>
116
 
  on consumers for the purposes of marketing and massive data
117
 
  collection</a>.</p>
119 118
 

	
120 119
 
<p>There is one overarching irony to this growing dystopia: nearly all these
121 120
 
  devices are based primarily on software licensed under the GPL: most
...
 
@@ -159,21 +158,22 @@
159 158
 
  examine, modify and experiment with software in their own devices. Those
160 159
 
  hobbyists became the professional embedded device developers of today!
161 160
 
  Theoretically, the advent of the “Internet of Things” — with its many
162
 
  devices that run Linux — should give opportunities for young hobbyists to
163
 
  quickly explore and improve the devices they depend on in their every day
164
 
  lives. Yet, that’s rarely possible in reality. To ensure that both current
165
 
  and future hobbyists can practically modify their Linux-based devices, we
166
 
  must enforce Linux’s license. With public awareness that their devices can
167
 
  be improved, the desire for learning will increase, and will embolden the
168
 
  curiosity of newcomers of all ages and backgrounds. The practical benefits
169
 
  of this virtuous cycle are immediately apparent. With technological
170
 
  experimentation, people are encouraged to try new things, learn how their
171
 
  devices work, and perhaps create whole new types of devices and
172
 
  technologies that no one has even dreamed of before.</p>
173
 

	
174
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
175
 
  vendor of the hardware itself. This centralized approach is brittle and
176
 
  inevitably leads to invasions of the public’s privacy and loss of control of their
161
 
  devices that run Linux  <em>should</em> give opportunities for young
162
 
  hobbyists to quickly explore and improve the devices they depend on in
163
 
  their every day lives.  Yet, that’s rarely possible in reality.  To ensure
164
 
  that both current and future hobbyists can practically modify their
165
 
  Linux-based devices, we must enforce Linux’s license. With public awareness
166
 
  that their devices can be improved, the desire for learning will increase,
167
 
  and will embolden the curiosity of newcomers of all ages and
168
 
  backgrounds. The practical benefits of this virtuous cycle are immediately
169
 
  apparent. With technological experimentation, people are encouraged to try
170
 
  new things, learn how their devices work, and perhaps create whole new
171
 
  types of devices and technologies that no one has even dreamed of
172
 
  before.</p>
173
 

	
174
 
<p>IoT firmware should never rely on one vendor — even the vendor of the
175
 
  hardware itself. This centralized approach is brittle and inevitably leads
176
 
  to invasions of the public’s privacy and loss of control of their
177 177
 
  technology. Conservancy’s GPL enforcement work is part of the puzzle that
178 178
 
  ensures users can choose who their devices connect to, and how they
179 179
 
  connect. Everyone deserves control over their own computing — from their
...
 
@@ -212,24 +212,23 @@
212 212
 
  goodwill. After the BusyBox lawsuit settled, we observed a slow move toward
213 213
 
  intentional non-compliance throughout the embedded electronics
214 214
 
  industry. Companies use delay and “hardball” pre-litigation tactics to
215
 
  drain the limited resources available for enforcement, which we faced for
216
 
  example
217
 
  in <a href="https://sfconservancy.org/copyleft-compliance/vmware-lawsuit-links.html">the
218
 
    VMware violation</a>. While VMware ultimately complied with the GPL, they
215
 
  drain the limited resources available for enforcement, which we faced (for
216
 
  example) in <a href="/copyleft-compliance/vmware-lawsuit-links.html">the
217
 
  VMware violation</a>. While VMware ultimately complied with the GPL, they
219 218
 
  did so by reengineering the product and removing Linux from it — and only
220 219
 
  after the product was nearing end-of-life.</p>
221 220
 

	
222 221
 
<p>Conservancy has recently completed an evaluation of the industry’s use of
223 222
 
  Linux in embedded products. Our findings are disheartening and require
224
 
  action. Across the entire industry, most major manufacturers almost flaunt
225
 
  their failure to comply with the GPL. In our private negotiations, pursuant
226
 
  to
227
 
  our <a href="https://sfconservancy.org/copyleft-compliance/principles.html">Principles
228
 
    of Community-Oriented GPL Enforcement</a>, GPL violators stall, avoid,
223
 
  action.  Across the entire industry, most major manufacturers almost flaunt
224
 
  their failure to comply with the GPL.  In our private negotiations,
225
 
  pursuant to
226
 
  our <a href="/copyleft-compliance/principles.html">Principles
227
 
  of Community-Oriented GPL Enforcement</a>, GPL violators stall, avoid,
229 228
 
  delay and generally refuse to comply with the GPL. Their disdain for the
230
 
  rights of their customers is often palpable. Their attitude is almost
231
 
  universal: “if you think we’re really violating the GPL, then go ahead and
232
 
  sue us. Otherwise, you’re our lowest priority.”</p>
229
 
  rights of their customers is often palpable.  Their attitude is almost
230
 
  universal: <q>if you think we’re really violating the GPL, then go ahead and
231
 
  sue us. Otherwise, you’re our lowest priority</q>.</p>
233 232
 

	
234 233
 
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
235 234
 

	
...
 
@@ -239,7 +238,7 @@
239 238
 
<h3 id="litigation">Litigation</h3>
240 239
 

	
241 240
 
<p>Conservancy has many violation matters that we have pursued during the
242
 
  last year where we expect compliance is impossible without litigation. We
241
 
  last year where we expect compliance is impossible without litigation.  We
243 242
 
  are poised to select — from among the many violations in the embedded
244 243
 
  electronics space — a representative example and take action in USA courts
245 244
 
  against a violator who has failed to properly provide source code
...
 
@@ -254,28 +253,27 @@
254 253
 
<p>Conservancy, after years of analyzing its successes and failures of
255 254
 
  previous GPL compliance litigation, has developed — in conjunction with
256 255
 
  litigation counsel over the last year — new approaches to litigation
257
 
  strategy. We believe this will bring to fruition the promise of copyleft: a
258
 
  license that assures the rights and software freedoms of hobbyists who seek
259
 
  full control and modifiability of devices they own. With the benefit of
260
 
  this grant, Conservancy plans to accelerate these plans in 2020 and to keep
261
 
  the public informed at every stage of the process.</p>
256
 
  strategy.  We believe this will bring to fruition the promise of copyleft:
257
 
  a license that assures the rights and software freedoms of hobbyists who
258
 
  seek full control and modifiability of devices they own. With the benefit
259
 
  of this grant, Conservancy plans to accelerate these plans in 2020 and to
260
 
  keep the public informed at every stage of the process.</p>
262 261
 

	
263 262
 
<h3 id="persistent-non-litigation-enforcement">Persistent Non-Litigation Enforcement</h3>
264 263
 

	
265 264
 
<p>While we will seek damages to cover our reasonable costs of this work, we
266 265
 
  do not expect that any recovery in litigation can fully fund the broad base
267
 
  of work necessary to ensure compliance and the software freedom it
268
 
  brings. Conservancy is the primary charitable watchdog of
269
 
  GPL compliance for Linux-based devices. We seek to use litigation as a tool
270
 
  in a broader course of action to continue our work in this regard. We
271
 
  expect and welcome that the high profile nature of litigation will inspire
272
 
  more device owners to report violations to us. We expect we’ll learn about
273
 
  classes of devices we previously had no idea contained Linux, and we’ll
274
 
  begin our diligent and unrelenting work to achieve software freedom for the
275
 
  owners of those devices. We will also build more partnerships across the
276
 
  technology sector and consumer rights organizations to highlight the
277
 
  benefit of copyleft to not just hobbyists, but the entire general
278
 
  public.</p>
266
 
  of work necessary to ensure compliance and the software freedom it brings.
267
 
  Conservancy is the primary charitable watchdog of GPL compliance for
268
 
  Linux-based devices.  We seek to use litigation as a tool in a broader
269
 
  course of action to continue our work in this regard.  We expect and
270
 
  welcome that the high profile nature of litigation will inspire more device
271
 
  owners to report violations to us. We expect we’ll learn about classes of
272
 
  devices we previously had no idea contained Linux, and we’ll begin our
273
 
  diligent and unrelenting work to achieve software freedom for the owners of
274
 
  those devices. We will also build more partnerships across the technology
275
 
  sector and consumer rights organizations to highlight the benefit of
276
 
  copyleft to not just hobbyists, but the entire general public.</p>
279 277
 

	
280 278
 
<h3 id="alternative-firmware-project">Alternative Firmware Project</h3>
281 279
 

	
0 comments (0 inline, 0 general)