0 1 2
Bradley M. Kuhn - 4 months ago 2020-07-15 21:52:42
bkuhn@sfconservancy.org
Copyleft Compliance: enforcement strategy & firmware liberation These two new documents are based on grant proposals for this work. We are preparing to announce the work publicly soon. This is a first draft of both documents.
3 files changed with 494 insertions and 0 deletions:
↑ Collapse Diff ↑
 
new file 100644
1
 
{% extends "base_compliance.html" %}
2
 
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
3
 
{% block submenuselection %}EnforcementStrategy{% endblock %}
4
 
{% block content %}
5
 

	
6
 
<h1 id="software-freedom-conservancy-proposal-for-gpl-enforcement-grant">History and Future Strategy</h1>
7
 

	
8
 
<p>The Software Freedom Conservancy is a 501(c)(3) non-profit charity
9
 
  registered in New York that continues it work in the are of important
10
 
  licensing policy work involves defending and upholding the rights of
11
 
  software users and consumers under copyleft licenses, such as the GPL.</p>
12
 

	
13
 
<h2 id="brief-history-of-user-focused-gpl-enforcement">Brief History of
14
 
  User-Focused GPL Enforcement</h2>
15
 

	
16
 
<p>The spring of 2003 was a watershed moment for software freedom on
17
 
  electronic devices. 802.11 wireless technology had finally reached the
18
 
  mainstream, and wireless routers for home use had flooded the market
19
 
  earlier in the year. By June
20
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
21
 
    general public knew that Linksys (a division of Cisco) was violating the
22
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered
23
 
  (rather easily) that Linux, BusyBox and many GNU programs were included in
24
 
  the router, but Linksys and Cisco had failed to provide source code or any
25
 
  offer for source code to its customers.</p>
26
 

	
27
 
<p>A coalition formed including organizations and individuals — including
28
 
  Erik Andersen (major contributor to and former leader of the BusyBox
29
 
  project) and Harald Welte (major contributor to Linux’s netfilter
30
 
  subsystem) — to enforce the
31
 
  GPL. <a href="https://sfconservancy.org/about/staff/#bkuhn">Bradley
32
 
    M. Kuhn</a>, who is now Conservancy’s Policy Analyst and
33
 
  Hacker-in-Residence, led and coordinated that coalition when he was
34
 
  Executive Director of the FSF. By early 2004, this coalition, through the
35
 
  process of GPL enforcement,compelled Linksys to release an
36
 
  almost-GPL-compliant source release for the
37
 
  WRT54G. A <a href="https://openwrt.org/about/history">group of volunteers
38
 
    quickly built a new project, called OpenWRT</a> based on that source
39
 
  release. In the years that have followed, OpenWRT has been ported to almost
40
 
  every major wireless router product. Now, more than 15 years later, the
41
 
  OpenWRT project routinely utilizes GPL source releases to build, improve
42
 
  and port OpenWRT. The project has also joined coalitions to fight the FCC
43
 
  to ensure that consumers have and deserve rights to install modified
44
 
  firmwares on their devices and that such hobbyist improvements are no
45
 
  threat to spectrum regulation.</p>
46
 

	
47
 
<p>Recently, OpenWRT decided to join Conservancy as one its member projects,
48
 
  and Conservancy has committed to long-term assistance to this project.</p>
49
 

	
50
 
<p>OpenWRT has spurred companies to create better routers and other wireless
51
 
  devices than they would otherwise have designed because they now need to
52
 
  either compete with hobbyists, or (better still) cooperate with them to
53
 
  create hardware that fully supports OpenWRT’s features and improvements
54
 
  (such as dealing
55
 
  with <a href="https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm">the
56
 
    dreaded “bufferbloat” bugs</a>). This interplay between the hobbyist
57
 
  community and for-profit ventures promotes innovation in
58
 
  technology. Without both permission <em>and</em> the ability to build and
59
 
  modify the software on their devices, the hobbyist community
60
 
  shrinks. Eventually, instead of encouraging people to experiment with their
61
 
  devices, hobbyists are limited by the oft-arbitrary manufacturer-imposed
62
 
  restraints in the OEM firmware. OpenWRT saved the wireless router market
63
 
  from this disaster; we seek to help other embedded electronic subindustries
64
 
  avoid that fate. The authors of GPL’d software chose that license so its
65
 
  source is usable and readily available to hobbyists. It is our duty, as
66
 
  activists for the software freedom of hobbyists, to ensure these legally
67
 
  mandated rights are never curtailed.</p>
68
 

	
69
 
<p>(More on the OpenWRT project’s history and its connection to GPL
70
 
  enforcement can be found
71
 
  in <a href="https://www.youtube.com/watch?v=r4lCMx-EI1s">Kuhn’s talk
72
 
    at <em>OpenWRT Summit 2016</em></a>.)</p>
73
 

	
74
 
<p>Conservancy has had substantial success in leveraging more device freedom
75
 
  in other subindustries through GPL compliance. In 2009, Conservancy, with
76
 
  co-Plaintiff Erik Andersen, sued fourteen defendants in federal court under
77
 
  copyright claims on behalf of its BusyBox member project. Conservancy was
78
 
  able to achieve compliance for the BusyBox project in all fourteen
79
 
  cases. Most notably, the GPL-compliant source release obtained in the
80
 
  lawsuit for certain Samsung televisions provided the basis for
81
 
  the <a href="https://www.samygo.tv/">SamyGo project</a> — an alternative
82
 
  firmware that works on that era of Samsung televisions and allows consumers
83
 
  to modify and upgrade their firmware using FOSS.</p>
84
 

	
85
 
<p>Harald Welte also continued his efforts during the early and mid-2000s
86
 
  after the Linksys enforcement through
87
 
  his <a href="https://gpl-violations.org/">gpl-violations.org
88
 
    project</a>. Harald successfully sued many companies (mostly in the
89
 
  wireless router industry) in Germany to achieve compliance and yield source
90
 
  releases that helped OpenWRT during that period.</p>
91
 

	
92
 
<h2 id="importance-of-linux-enforcement-specifically">Importance of Linux Enforcement Specifically</h2>
93
 

	
94
 
<p>In recent years, embedded systems technology has expanded beyond wireless
95
 
  routers to so-called “Internet of Things” devices designed for connectivity
96
 
  with other devices in the home and to the “Cloud”. Consumer electronics
97
 
  companies now feature and differentiate products based on Internet
98
 
  connectivity, and related services. Conservancy has seen Linux-based
99
 
  firmwares on refrigerators, baby monitors, virtual assistants, soundbars,
100
 
  doorbells, home security cameras, police body cameras, cars, AV receivers,
101
 
  and televisions.</p>
102
 

	
103
 
<p>This wide deployment of general purpose computers into mundane household
104
 
  devices raises profound privacy and consumer rights
105
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
106
 
  — invading the privacy and security of individual homes. Even when
107
 
  companies succeed in keeping out third parties, consumers
108
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
109
 
    by camera makers</a> to automatically upload their videos to local
110
 
  police. Televisions
111
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
112
 
    on consumers for the purposes of marketing and massive data
113
 
    collection</a>.</p>
114
 

	
115
 
<p>There is one overarching irony to this growing dystopia: nearly all these
116
 
  devices are based primarily on software licensed under the GPL: most
117
 
  notably, Linux. While Linux-based systems do allow proprietary user-space
118
 
  applications not licensed under GPL, the kernel (and many other system
119
 
  utilities routinely used in embedded systems, such as Conservancy’s BusyBox
120
 
  project) are under that license (or similar copyleft licenses such as the
121
 
  LGPL). These licenses require device markers to provide complete,
122
 
  corresponding source code to everyone in possession of their
123
 
  devices. Furthermore, Linux’s specific license (GPL, version 2), mandates
124
 
  that source code must also include “the scripts used to control compilation
125
 
  and installation of the executable”. In short, the consumers must receive
126
 
  all the source code and the ability to modify, recompile and reinstall that
127
 
  software. Upholding of this core freedom for Linux made OpenWRT
128
 
  possible. We work to preserve (or, more often, restore) that software
129
 
  freedom for consumers of other types of electronic devices.</p>
130
 

	
131
 
<p>When devices are compliant with the GPL’s requirements, customers can
132
 
  individually or collectively take action against the surveillance and other
133
 
  predatory behavior perpetuated by the manufacturers of these devices by
134
 
  modifying and replacing the software. Hobbyists can aid their community by
135
 
  providing these alternatives. People with no technical background already
136
 
  replace firmware on their wireless routers with OpenWRT to both improve
137
 
  network performance and allay privacy concerns. Furthermore, older
138
 
  equipment is often saved from planned obsolescence by alternative
139
 
  solutions. E-recyclers
140
 
  like <a href="https://www.freegeek.org/">Freegeek</a> do this regularly for
141
 
  desktop and laptop machines with GNU/Linux distributions like Debian, and
142
 
  with OpenWRT for wireless routers. We seek to assure they can do this for
143
 
  other types of electronic products. However, without the complete,
144
 
  corresponding source code and the scripts to control its compilation and
145
 
  installation, the fundamental purpose of copyleft is frustrated. Consumers,
146
 
  hobbyists, non-profit e-recyclers and the general public are left without
147
 
  the necessary tools they need and deserve, and which the license promises
148
 
  them.</p>
149
 

	
150
 
<p>Additionally, copyleft compliance relates directly to significant
151
 
  generational educational opportunities. There are few easier ways to
152
 
  understand technology than to experiment with a device one already
153
 
  has. Historically, FOSS has succeeded because young hobbyists could
154
 
  examine, modify and experiment with software in their own devices. Those
155
 
  hobbyists became the professional embedded device developers of today!
156
 
  Theoretically, the advent of the “Internet of Things” — with its many
157
 
  devices that run Linux — should give opportunities for young hobbyists to
158
 
  quickly explore and improve the devices they depend on in their every day
159
 
  lives. Yet, that’s rarely possible in reality. To ensure that both current
160
 
  and future hobbyists can practically modify their Linux-based devices, we
161
 
  must enforce Linux’s license. With public awareness that their devices can
162
 
  be improved, the desire for learning will increase, and will embolden the
163
 
  curiosity of newcomers of all ages and backgrounds. The practical benefits
164
 
  of this virtuous cycle are immediately apparent. With technological
165
 
  experimentation, people are encouraged to try new things, learn how their
166
 
  devices work, and perhaps create whole new types of devices and
167
 
  technologies that no one has even dreamed of before.</p>
168
 

	
169
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
170
 
  vendor of the hardware itself. This centralized approach is brittle and
171
 
  inevitably leads to invasions of the public’s privacy and control of their
172
 
  technology. Conservancy’s GPL enforcement work is part of the puzzle that
173
 
  ensures users can choose who their devices connect to, and how they
174
 
  connect. Everyone deserves control over their own computing — from their
175
 
  laptop to their television to their toaster. When the public can modify (or
176
 
  help others modify) the software on their devices, they choose the level of
177
 
  centralized control they are comfortable with. Currently, users with
178
 
  Linux-based devices usually don’t even realize what is possible with
179
 
  copyleft; Conservancy aims to show them.</p>
180
 

	
181
 
<h2 id="the-gpl-compliance-project-for-linux-developers">The GPL Compliance
182
 
  Project for Linux Developers</h2>
183
 

	
184
 
<p>In May 2012, Software Freedom Conservancy
185
 
  formed <a href="https://sfconservancy.org/copyleft-compliance/">The GPL
186
 
    Compliance Project for Linux Developers</a> in response to frustration by
187
 
  upstream Linux developers about the prevalence of noncompliance in the
188
 
  field, and their desire to stand with Conservancy’s BusyBox, Git and Samba
189
 
  projects in demanding widespread GPL compliance. This coalition of Linux
190
 
  developers works with Conservancy to enforce the GPL for the rights of
191
 
  Linux users everywhere — particularly consumers who own electronic
192
 
  devices. We accept violation reports from the general public, and
193
 
  prioritize enforcement in those classes of devices where we believe that we
194
 
  can do the most good to help achieve GPL compliance that will increase
195
 
  software freedom for the maximum number of device users.</p>
196
 

	
197
 
<h2 id="the-need-for-litigation">The Need for Litigation</h2>
198
 

	
199
 
<p>While we still gain some success, we have found that the landscape of GPL
200
 
  compliance has changed in recent years. Historically, the true “bad actors”
201
 
  were rare. We found in the early days that mere education and basic
202
 
  supply-chain coordination assistance yielded compliance. We sought and
203
 
  often achieved goodwill in the industry via education-focused
204
 
  compliance.</p>
205
 

	
206
 
<p>Those tactics no longer succeed; the industry has taken advantage of that
207
 
  goodwill. After the BusyBox lawsuit settled, we observed a slow move toward
208
 
  intentional non-compliance throughout the embedded electronics
209
 
  industry. Companies use delay and “hardball” pre-litigation tactics to
210
 
  drain the limited resources available for enforcement, which we faced for
211
 
  example
212
 
  in <a href="https://sfconservancy.org/copyleft-compliance/vmware-lawsuit-links.html">the
213
 
    VMware violation</a>. While VMware ultimately complied with the GPL, they
214
 
  did so by reengineering the product and removing Linux from it — and only
215
 
  after the product was nearing end-of-life.</p>
216
 

	
217
 
<p>Conservancy has recently completed an evaluation of the industry’s use of
218
 
  Linux in embedded products. Our findings are disheartening and require
219
 
  action. Across the entire industry, most major manufacturers almost flaunt
220
 
  their failure to comply with the GPL. In our private negotiations, pursuant
221
 
  to
222
 
  our <a href="https://sfconservancy.org/copyleft-compliance/principles.html">Principles
223
 
    of Community-Oriented GPL Enforcement</a>, GPL violators stall, avoid,
224
 
  delay and generally refuse to comply with the GPL. Their disdain for the
225
 
  rights of their customers is often palpable. Their attitude is almost
226
 
  universal: “if you think we’re really violating the GPL, then go ahead and
227
 
  sue us. Otherwise, you’re our lowest priority.”</p>
228
 

	
229
 
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
230
 

	
231
 
<p>Conservancy has a three-pronged plan for action: litigation, persistent
232
 
  non-litigation enforcement, and alternative firmware development.</p>
233
 

	
234
 
<h3 id="litigation">Litigation</h3>
235
 

	
236
 
<p>Conservancy has many violation matters that we have pursued during the
237
 
  last year where we expect compliance is impossible without litigation. We
238
 
  are poised to select — from among the many violations in the embedded
239
 
  electronics space — a representative example and take action in USA courts
240
 
  against a violator who has failed to properly provide source code
241
 
  sufficient for consumers to rebuild and install Linux, and who still
242
 
  refuses to remedy that error after substantial friendly negotiation with
243
 
  Conservancy.</p>
244
 

	
245
 
<p>Our goal remains the same as in all matters: we want a source release that
246
 
  works, and we’ll end any litigation when the company fully complies on its
247
 
  products and makes a bona fide commitment to future compliance.</p>
248
 

	
249
 
<p>Conservancy, after years of analyzing its successes and failures of
250
 
  previous GPL compliance litigation, has developed — in conjunction with
251
 
  litigation counsel over the last year — new approaches to litigation
252
 
  strategy. We believe this will bring to fruition the promise of copyleft: a
253
 
  license that assures the rights and software freedoms of hobbyists who seek
254
 
  full control and modifiability of devices they own. With the benefit of
255
 
  this grant, Conservancy plans to accelerate these plans in 2020 and to keep
256
 
  the public informed at every stage of the process.</p>
257
 

	
258
 
<h3 id="persistent-non-litigation-enforcement">Persistent Non-Litigation Enforcement</h3>
259
 

	
260
 
<p>While we will seek damages to cover our reasonable costs of this work, we
261
 
  do not expect that any recovery in litigation can fully fund the broad base
262
 
  of work necessary to ensure compliance and the software freedom it
263
 
  brings. Conservancy is the primary charitable watchdog of
264
 
  GPL compliance for Linux-based devices. We seek to use litigation as a tool
265
 
  in a broader course of action to continue our work in this regard. We
266
 
  expect and welcome that the high profile nature of litigation will inspire
267
 
  more device owners to report violations to us. We expect we’ll learn about
268
 
  classes of devices we previously had no idea contained Linux, and we’ll
269
 
  begin our diligent and unrelenting work to achieve software freedom for the
270
 
  owners of those devices. We will also build more partnerships across the
271
 
  technology sector and consumer rights organizations to highlight the
272
 
  benefit of copyleft to not just hobbyists, but the entire general
273
 
  public.</p>
274
 

	
275
 
<h3 id="alternative-firmware-project">Alternative Firmware Project</h3>
276
 

	
277
 
<p>The success of the OpenWRT project, born from GPL enforcement, has an
278
 
  important component. While we’ve long hoped that volunteers, as they did
279
 
  with OpenWRT and SamyGo, will take up compliant sources obtained in our GPL
280
 
  enforcement efforts and build alternative firmware projects, history shows
281
 
  us that the creation of such projects is not guaranteed and exceedingly
282
 
  rare.</p>
283
 

	
284
 
<p>Traditionally, our community has relied exclusively on volunteers to take
285
 
  up this task, and financial investment only comes after volunteers have put
286
 
  in the unfunded work to make an MVP alternative firmware. While volunteer
287
 
  involvement remains essential to the success of alternative firmware
288
 
  projects, we know from our fiscal sponsorship work that certain aspects of
289
 
  FOSS projects require an experienced charity to initiate and jump start
290
 
  some of the less exciting aspects of FOSS project creation and
291
 
  development.</p>
292
 

	
293
 
<p>Conservancy plans to select a specific class of device. Upon achieving
294
 
  compliant source releases in that subindustry through GPL enforcement,
295
 
  Conservancy will <a href="firmware-liberation">launch an alternative
296
 
  firmware project</> for that class of device.</p>
297
 

	
298
 
{% endblock %}
 
new file 100644
1
 
{% extends "base_compliance.html" %}
2
 
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
3
 
{% block submenuselection %}EnforcementStrategy{% endblock %}
4
 
{% block content %}
5
 

	
6
 
<h1 id="software-freedom-conservancy-proposal-for-firmware-liberation-project">Firmware Liberation Project</h1>
7
 

	
8
 
<h2 id="brief-history-of-openwrt">Brief History of OpenWRT</h2>
9
 

	
10
 
<p>The spring of 2003 was a watershed moment for software freedom on
11
 
  electronic devices. 802.11 wireless technology had finally reached the
12
 
  mainstream, and wireless routers for home use had flooded the market
13
 
  earlier in the year. By June
14
 
  2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
15
 
    general public knew that Linksys (a division of Cisco) was violating the
16
 
    GPL</a> on their WRT54G model wireless routers. Hobbyists discovered that
17
 
  Linux, BusyBox and many GNU programs were included in the router, but
18
 
  Linksys and Cisco had failed to provide source code or any offer for source
19
 
  code to its customers. Linksys had violated the GPL, the license of these
20
 
  projects.</p>
21
 

	
22
 
<p>A coalition successfully enforced the GPL in this case, and Linksys
23
 
  released source code A <a href="https://openwrt.org/about/history">group of
24
 
    volunteers quickly built a new project, called OpenWRT</a> based on that
25
 
  source release. In the years that have followed, OpenWRT has been ported to
26
 
  almost every major wireless router product. Now, more than 15 years later,
27
 
  the OpenWRT project routinely utilizes GPL source releases to build,
28
 
  improve and port OpenWRT. OpenWRT has spurred companies to create better
29
 
  routers.</p>
30
 

	
31
 
<h2 id="gpl-enforcement-needs-follow-through">GPL Enforcement Needs Follow-Through</h2>
32
 

	
33
 
<p>Simply enforcing the GPL is an important first step, and Conservancy
34
 
  <a href="enforcement-strategy.html">continues our efforts in that regard</a>. However,
35
 
  the success found with OpenWRT can be replicated <em>only if</em> there is
36
 
  substantial effort <strong>after</strong> enforcement occurs to turn the
37
 
  compliant source release into a viable alternative firmware for the
38
 
                                           platform.</p>
39
 
                                           
40
 
<p>Conservancy has seen non-compliant Linux-based firmwares on refrigerators,
41
 
  baby monitors, virtual assistants, soundbars, doorbells, home security
42
 
  cameras, police body cameras, cars, AV receivers, and televisions.</p>
43
 

	
44
 
<p>This wide deployment of general purpose computers into mundane household
45
 
  devices raises profound privacy and consumer rights
46
 
  implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
47
 
  — invading the privacy and security of individual homes. Even when
48
 
  companies succeed in keeping out third parties, consumers
49
 
  are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
50
 
    by camera makers</a> to automatically upload their videos to local
51
 
  police. Televisions
52
 
  routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
53
 
    on consumers for the purposes of marketing and massive data
54
 
    collection</a>.</p>
55
 

	
56
 
<p>“Internet of Things” firmware should never rely on one vendor — even the
57
 
  vendor of the hardware itself. This centralized approach is brittle and
58
 
  inevitably leads to invasions of the public’s privacy and control of their
59
 
  technology. Conservancy plans to address this issue in the manner that the
60
 
  FOSS community knows best: put one foot in front of the other, and work to
61
 
  create FOSS for every possible task that users want to accomplish. For IoT
62
 
  devices, this means creating alternative firmware in the same manner that
63
 
  OpenWRT has done for wireless routers.</p>
64
 

	
65
 
<h2 id="limited-success-of-alternative-hardware">Limited Success of
66
 
  Alternative Hardware</h2>
67
 

	
68
 
<p>Alternative hardware projects remain an essential component of small
69
 
  device freedom. Conservancy supports and engages with communities that seek
70
 
  to source and build IoT-style devices from the ground up. We’re excited to
71
 
  see deployable boards that allow Maker efforts to create new devices.</p>
72
 

	
73
 
<p>Nevertheless, we remain ever-cognizant that FOSS succeeded on servers,
74
 
  laptop, desktop, and wireless router computers <em>precisely</em> because
75
 
  users could buy commodity hardware at any store and install FOSS. There is
76
 
  no complete, operational base operating system for most IoT devices on the
77
 
  market.</p>
78
 

	
79
 
<h3 id="demonstrating-the-power-of-software-freedom">Demonstrating the power
80
 
  of software freedom,</h3>
81
 

	
82
 
<p>To many, the benefits of software freedom are abstract. For less technical
83
 
  users, the idea of modifying or even reviewing the software on their
84
 
  devices is wholly theoretical. For technical users, there is a limited time
85
 
  available to invest in the devices they use for their everyday
86
 
  lives. Bringing people together to take collective action for the control
87
 
  of their own technology is a powerful proposition that has rarely been
88
 
  demonstrated.</p>
89
 

	
90
 
<p>When alternative firmware projects like OpenWRT exist for IoT devices,
91
 
  non-technical users can replace the software on their devices and benefit
92
 
  from custom, community-controled software. Technical users are more likely
93
 
  to contribute knowing their efforts will be meaningful.</p>
94
 

	
95
 
<p>However, decades of corporate involvement in copyleft have demonstrated
96
 
  that without an organized effort, control over one’s own software is purely
97
 
  theoretical, even when software has a copyleft license, and
98
 
  sometimes <em>even when</em> compliance with the copyleft license is
99
 
  acheived. Conservancy recognizes that there is a unique opportunity for
100
 
  charitable organizations to step in and change the power dynamic of the
101
 
  tech industry for consumers.</p>
102
 

	
103
 
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
104
 

	
105
 
<p>Conservancy seeks to fund work on liberating firmware for a specific
106
 
  device. This is accomplished with a two-prong approach: first, we will
107
 
  leverage increased interest and tendency toward GPL compliance throughout
108
 
  the embedded industry to more quickly achieve compliant source releases in
109
 
  a particular subindustry.</p>
110
 

	
111
 
<p>Second, depending on what subindustry (i.e., specific class of devices)
112
 
  seems most responsive to increased enforcement activity and willing to
113
 
  provide compliant source releases quickly, we will launch, coordinate and
114
 
  fund an alternative firmware project for that class.</p>
115
 

	
116
 
<h2 id="leveraging-on-increased-enforcement">Leveraging on Increased
117
 
  Enforcement</h2>
118
 

	
119
 
<p><a href="enforcement-strategy.html">Conservancy plans to select a specific
120
 
  violation and engage in litigation. Based on past experience, we expect
121
 
  that the press and attention to that ongoing litigation will yield
122
 
  increased responsiveness by violators throughout the industry. (A similar
123
 
  outcome occurred after our litigation in 2006.) This expected change in
124
 
  behavior will open opportunities to replicate the OpenWRT approach in
125
 
  another embedded electronic subindustry. Fast action will be necessary;
126
 
  most IoT products have an 18 month lifecycle, so we seek to quickly
127
 
  identify the right subindustry, gain compliance there, and move on to the
128
 
  next phase.</p>
129
 

	
130
 
<h3 id="funding-firmware-liberation">Funding Firmware Liberation</h3>
131
 

	
132
 
<p>While we’ve long hoped that volunteers would take up compliant sources
133
 
  obtained in our GPL enforcement efforts and build alternative firmware
134
 
  projects as they did with OpenWRT, history shows us that the creation of
135
 
  such projects is not guaranteed and exceedingly rare.</p>
136
 

	
137
 
<p>Traditionally, our community has relied exclusively on volunteers to take
138
 
  up this task, and financial investment only comes after volunteers have put
139
 
  in the unfunded work to make a Minimum Viable Product (MVP) liberated
140
 
  firmware. While volunteer involvement remains essential to the success of
141
 
  alternative firmware projects, we know from our fiscal sponsorship work
142
 
  that certain aspects of FOSS projects require an experienced charity to
143
 
  initiate and jump-start some of the less exciting aspects of FOSS project
144
 
  creation and development. (In our last fiscal year, Conservancy funded 160
145
 
  contributors to work on FOSS)</p>
146
 

	
147
 
<p>In the initial phase of this grant, Conservancy will to select a specific
148
 
  class of device. Upon achieving compliant source releases in that
149
 
  subindustry through GPL enforcement, Conservancy will launch an alternative
150
 
  firmware project for that class of device.</p>
151
 

	
152
 
<p>Conservancy will seek to fund the time of project leaders and
153
 
  infrastructure for the project. The goal is to build a firm base that draws
154
 
  volunteers to the project. We know that sustaining funding over long
155
 
  periods for a grassroots hobbyist activity is quite challenging; we seek to
156
 
  use this grant to bootstrap and catalyze interest and contribution to the
157
 
  project. Ideally, Conservancy would run the project with a single full-time
158
 
  staffer for a about a year, and achieve a volunteer base sufficient to
159
 
  reduce funding to one part-time staffer.</p>
160
 

	
161
 
<h3 id="criteria-for-device-selection">Criteria for Device Selection</h3>
162
 

	
163
 
<p>The IoT device industry moves quickly and we must be prepared to adapt
164
 
  based on new information. The first stage in this work will be to carefully
165
 
  evaluate and select the device on which to focus for this
166
 
  project. Conservancy will evaluate the following criteria in selecting a
167
 
  class of devices:</p>
168
 

	
169
 
<ul>
170
 
<li><p>Do most devices in the subindustry already run a known FOSS system
171
 
    (such as Android/Linux, BusyBox/Linux or GNU/Linux)?</p></li>
172
 

	
173
 
<li><p>In response to our increased enforcement activity, how many existing
174
 
    GPL-compliant source releases are available from how many different
175
 
    vendors in this subindustry?</p></li>
176
 

	
177
 
<li><p>Is there a known userspace application that runs on Maker-built
178
 
    hardware that does the task the proprietary userspace software from the
179
 
    vendor did?</p></li>
180
 

	
181
 
<li><p>What is the excitement level among volunteers for this
182
 
    project?</p></li>
183
 

	
184
 
<li><p>What value will hobbyists achieve from replacing the software on their
185
 
    device? For example, would they be able to avoid surveillance or add
186
 
    accessibility features?</p></li>
187
 

	
188
 
</ul>
189
 

	
190
 
<p>Finally, Conservancy will be prepared and willing to recognize temporary
191
 
  failure and setbacks in a particular subindustry and pivot quickly to
192
 
  choosing a different class of devices. This project is ambitious, and we’ll
193
 
  be adept in our approach to ensure success.</p>
194
 

	
...
 
@@ -43,6 +43,8 @@
43 43
 
            <ul>
44 44
 
            <li class="AboutCompliance"><a href="/copyleft-compliance/about.html">About</a></li>
45 45
 
            <li class="CopyleftPrinciples"><a href="/copyleft-compliance/principles.html">Principles of Community-Oriented GPL Enforcement</a></li>
46
 
            <li class="EnforcementStrategy"><a href="/copyleft-compliance/enforcement-strategy.html">Current Copyleft Enforcement Strategy</a></li>
47
 
            <li class="LiberateFirmware"><a href="/copyleft-compliance/firmware-liberation.html">Liberate IoT Firmware via GPL Enforcement</a></li>
46 48
 
            <li class="VMwareLawsuitLinks"><a href="/copyleft-compliance/vmware-lawsuit-links.html">VMware Lawsuit: Summary and Resources</a></li>
47 49
 
            <li class="CopyleftOrg"><a href="https://copyleft.org/">copyleft.org</a></li>
48 50
 
            </ul>
0 comments (0 inline, 0 general)