Changeset - 7ac2f13099b4
[Not reviewed]
0 1 0
Bradley M. Kuhn - 12 months ago 2020-10-01 17:52:25
bkuhn@sfconservancy.org
Copyleft Compliance: Minor rewrite of firmware liberation

This rewrite should improve the stand-alone nature of these documents
and allow for better integration with other summary text and
announcements on the website.

Note that they have now drifted heavily from the original formulation
of the items as grant proposals.
1 file changed with 41 insertions and 67 deletions:
0 comments (0 inline, 0 general)
www/conservancy/static/copyleft-compliance/firmware-liberation.html
Show inline comments
...
 
@@ -5,62 +5,30 @@
 

	
 
<h1 id="software-freedom-conservancy-proposal-for-firmware-liberation-project">Firmware Liberation Project</h1>
 

	
 
<h2 id="brief-history-of-openwrt">Brief History of OpenWRT</h2>
 

	
 
<p>The spring of 2003 was a watershed moment for software freedom on
 
  electronic devices. 802.11 wireless technology had finally reached the
 
  mainstream, and wireless routers for home use had flooded the market
 
  earlier in the year. By June
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
 
    general public knew that Linksys (a division of Cisco) was violating the
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered that
 
  Linux, BusyBox and many GNU programs were included in the router, but
 
  Linksys and Cisco had failed to provide source code or any offer for source
 
  code to its customers. Linksys had violated the GPL, the license of these
 
  projects.</p>
 

	
 
<p>A coalition successfully enforced the GPL in this case, and Linksys
 
  released source code. A <a href="https://openwrt.org/about/history">group of
 
    volunteers quickly built a new project, called OpenWRT</a> based on that
 
  source release. In the years that have followed, OpenWRT has been ported to
 
  almost every major wireless router product. Now, more than 15 years later,
 
  the OpenWRT project routinely utilizes GPL source releases to build,
 
  improve and port OpenWRT. OpenWRT has spurred companies to create better
 
  routers.</p>
 
Conservancy plans to select a class of product in the Linux-based embedded
 
system space.  For this product, Conservancy will launch, or assist, a
 
project that creates a functioning alternative firmware for those devices.
 
The promise of GPL enforcement is only realized through actual, practical use
 
and improvement of the released software for users.
 

	
 
<h2 id="gpl-enforcement-needs-follow-through">GPL Enforcement Needs Follow-Through</h2>
 

	
 
<p>Simply enforcing the GPL is an important first step, and Conservancy
 
  <a href="enforcement-strategy.html">continues our efforts in that regard</a>. However,
 
  the success found with OpenWRT can be replicated <em>only if</em> there is
 
  substantial effort <strong>after</strong> enforcement occurs to turn the
 
  compliant source release into a viable alternative firmware for the
 
                                           platform.</p>
 
  <a href="enforcement-strategy.html">continues our efforts in that
 
  regard</a>. However, We can
 
  replicate <a href="/copyleft-compliance/enforcement-strategy.html#brief-history-of-user-focused-gpl-enforcement">the
 
  success found with OpenWRT</a> <em>only by</em> a substantial
 
  effort <strong>after</strong> enforcement occurs to turn the compliant
 
  source release into a viable alternative firmware for the platform.</p>
 
                                           
 
<p>Conservancy has seen non-compliant Linux-based firmwares on refrigerators,
 
  baby monitors, virtual assistants, soundbars, doorbells, home security
 
  cameras, police body cameras, cars, AV receivers, and televisions.</p>
 

	
 
<p>This wide deployment of general purpose computers into mundane household
 
  devices has profound privacy and consumer rights
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
 
  — invading the privacy and security of individual homes. Even when
 
  companies succeed in keeping out third parties, consumers
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
 
    by camera makers</a> to automatically upload their videos to local
 
  police. Televisions
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
 
    on consumers for the purposes of marketing and massive data
 
    collection</a>.</p>
 

	
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
 
  vendor of the hardware itself. This centralized approach is brittle and
 
  inevitably leads to invasions of the public’s privacy and loss of control of their
 
  technology. Conservancy plans to address this issue in the manner that the
 
  FOSS community knows best: put one foot in front of the other, and work to
 
  create FOSS for every possible task that users want to accomplish. For IoT
 
  devices, this means creating alternative firmware in the same manner that
 
  OpenWRT has done for wireless routers.</p>
 
  cameras, police body cameras, cars, AV receivers, and televisions.  We
 
  believe that building an alternative firmware for one of these classes of
 
  devices &mdash; or joining our work with an existing alternative firmware project
 
  that is struggling due to lack of sources available &mdash; will lead to
 
  more palatable software freedom for users of these device.</p>
 

	
 

	
 
<h2 id="limited-success-of-alternative-hardware">Limited Success of
 
  Alternative Hardware</h2>
...
 
@@ -72,9 +40,13 @@
 

	
 
<p>Nevertheless, we remain ever-cognizant that FOSS succeeded on servers,
 
  laptop, desktop, and wireless router computers <em>precisely</em> because
 
  users could buy commodity hardware at any store and install FOSS. There is
 
  no complete, operational base operating system for most IoT devices on the
 
  market.</p>
 
  users could buy commodity hardware at any store and install FOSS
 
  alternatives to the vendor-provided software.  Throughout the history of
 
  FOSS, most new users who seek to experience software freedom want to do so
 
  with their existing devices first.  Many don't even know much about the
 
  issues involved in software liberation <em>until they've already purchased
 
  hardware</em>.  Conservancy therefore believes support of alternative
 
  firmwares for such devices is paramount.</p>
 

	
 
<h3 id="demonstrating-the-power-of-software-freedom">Demonstrating the power
 
  of software freedom</h3>
...
 
@@ -111,21 +83,23 @@
 
<p>Second, depending on what subindustry (i.e., specific class of devices)
 
  seems most responsive to increased enforcement activity and willing to
 
  provide compliant source releases quickly, we will launch, coordinate and
 
  fund an alternative firmware project for that class.</p>
 
  fund an alternative firmware project for that class, or, if appropriate,
 
  merge our efforts with an existing alternative firmware project for that
 
  class of device.</p>
 

	
 
<h2 id="leveraging-on-increased-enforcement">Leveraging on Increased
 
  Enforcement</h2>
 

	
 
<p><a href="enforcement-strategy.html">Conservancy plans to select a specific
 
  violation and engage in litigation.</a> Based on past experience, we expect
 
  that the press and attention to that ongoing litigation will yield
 
  increased responsiveness by violators throughout the industry. (A similar
 
  outcome occurred after our litigation in 2006.) This expected change in
 
  behavior will open opportunities to replicate the OpenWRT approach in
 
  another embedded electronic subindustry. Fast action will be necessary;
 
  most IoT products have an 18 month lifecycle, so we seek to quickly
 
  identify the right subindustry, gain compliance there, and move on to the
 
  next phase.</p>
 
<p><a href="enforcement-strategy.html">Conservancy already plans to select a
 
  specific violation and engage in litigation.</a> Based on past experience,
 
  we expect that the press and attention to that ongoing litigation will
 
  yield increased responsiveness by violators throughout the industry. (A
 
  similar outcome occurred after our BusyBox-related litigation in 2006.)
 
  This expected change in behavior will open opportunities to replicate the
 
  OpenWRT approach in another embedded electronic subindustry. Fast action
 
  will be necessary; most IoT products have an 18 month lifecycle, so we seek
 
  to quickly identify the right subindustry, gain compliance there, and move
 
  on to the next phase.</p>
 

	
 
<h3 id="funding-firmware-liberation">Funding Firmware Liberation</h3>
 

	
...
 
@@ -153,10 +127,10 @@
 
  infrastructure for the project. The goal is to build a firm base that draws
 
  volunteers to the project. We know that sustaining funding over long
 
  periods for a grassroots hobbyist activity is quite challenging; we seek to
 
  use this grant to bootstrap and catalyze interest and contribution to the
 
  project. Ideally, Conservancy would run the project with a single full-time
 
  staffer for about a year, and achieve a volunteer base sufficient to
 
  reduce funding to one part-time staffer.</p>
 
  bootstrap and catalyze interest and contribution to the project. Ideally,
 
  Conservancy would run the project with a single full-time staffer for about
 
  a year, and achieve a volunteer base sufficient to reduce funding to one
 
  part-time staffer.</p>
 

	
 
<h3 id="criteria-for-device-selection">Criteria for Device Selection</h3>
 

	
0 comments (0 inline, 0 general)