As existing donors and sustainers know, the Software Freedom Conservancy + is a 501(c)(3) non-profit charity registered in New York, and Conservancy + helps people take control of their computing by growing the software + freedom movement, supporting community-driven alternatives to proprietary + software, and defending free software with practical initiatives. + Conservancy accomplishes these goals with various initiatives, including + defending and upholding the rights of software users and consumers under + copyleft licenses, such as the GPL.
+ +The spring of 2003 was a watershed moment for software freedom on + electronic devices. 802.11 wireless technology had finally reached the + mainstream, and wireless routers for home use had flooded the market + earlier in the year. By June + 2003, the + general public knew that Linksys (a division of Cisco) was violating the + GPL on their WRT54G model wireless routers. Hobbyists discovered + (rather easily) that Linux and BusyBox were included in the router, but + Linksys and Cisco had failed to provide source code or any offer for source + code to its customers.
+ +A coalition formed made up of organizations and individuals — including + Erik Andersen (major contributor to and former leader of the BusyBox + project) and Harald Welte (major contributor to Linux’s netfilter + subsystem) — to enforce the + GPL. Bradley + M. Kuhn, who is now Conservancy’s Policy Fellow and + Hacker-in-Residence, led and coordinated that coalition (when he was + Executive Director of the FSF). By early 2004, this coalition, through the + process of GPL enforcement, compelled Linksys to release an + almost-GPL-compliant source release for the + WRT54G. A group of volunteers + quickly built a new project, called OpenWrt based on that source + release. In the years that have followed, OpenWrt has been ported to almost + every major wireless router product. Now, more than 15 years later, the + OpenWrt project routinely utilizes GPL source releases to build, improve + and port OpenWrt. The project has also joined coalitions to fight the FCC + to ensure that consumers have and deserve rights to install modified + firmwares on their devices and that such hobbyist improvements are no + threat to spectrum regulation.
+ +Recently, OpenWrt joined Conservancy as one its member projects, + and Conservancy has committed to long-term assistance to this project.
+ +OpenWrt has spurred companies to create better routers and other wireless + devices than such companies would otherwise have designed because they now need to + either compete with hobbyists, or (better still) cooperate with those hobbyists to + create hardware that fully supports OpenWrt’s features and improvements + (such as dealing + with the + dreaded “bufferbloat” bugs). This interplay between the hobbyist + community and for-profit ventures promotes innovation in + technology. Without both permission and the ability to build and + modify the software on their devices, the hobbyist community + shrinks. Without intervention to ensure companies respect the hobbyist + community, hobbyists are limited by the oft-arbitrary manufacturer-imposed + restraints in the OEM firmware. OpenWrt saved the wireless router market + from this disaster; we seek to help other embedded electronic subindustries + avoid that fate. The authors of GPL’d software chose that license so its + source is usable and readily available to hobbyists. It is our duty, as + activists for the software freedom of hobbyists, to ensure these legally + mandated rights are never curtailed.
+ +(More on the OpenWrt project’s history and its connection to GPL + enforcement can be found + in Kuhn’s talk + at OpenWrt Summit 2016.)
+ +Conservancy has had substantial success in leveraging more device freedom + in other subindustries through GPL compliance. In 2009, Conservancy, with + co-Plaintiff Erik Andersen, sued fourteen defendants in federal court under + copyright claims on behalf of its BusyBox member project. Conservancy + achieved compliance for the BusyBox project in all fourteen + cases. Most notably, the GPL-compliant source release obtained in the + lawsuit for certain Samsung televisions provided the basis for + the SamyGo project — an alternative + firmware that works on that era of Samsung televisions and allows consumers + to modify and upgrade their firmware using FOSS.
+ +Harald Welte also continued his efforts during the early and mid-2000s, + after the Linksys enforcement, through + his gpl-violations.org + project. Harald successfully sued many companies (mostly in the + wireless router industry) in Germany to achieve compliance and yield source + releases that helped OpenWrt during that period.
+ +In recent years, embedded systems technology has expanded beyond wireless + routers to so-called “Internet of Things” (IoT) devices designed for + connectivity with other devices in the home and to the “Cloud”. Consumer + electronics companies now feature and differentiate products based on + Internet connectivity and related services. Conservancy has seen + Linux-based firmwares on refrigerators, baby monitors, virtual assistants, + soundbars, doorbells, home security cameras, police body cameras, cars, AV + receivers, and televisions.
+ +This wide deployment of general purpose computers into + mundane household devices raises profound privacy and consumer rights + implications. Home security cameras are routinely compromised + — invading the privacy and security of individual homes. Even when + companies succeed in keeping out third parties, consumers + are pressured + by camera makers to automatically upload their videos to local + police. Televisions + routinely spy + on consumers for the purposes of marketing and massive data + collection.
+ +There is one overarching irony to this growing dystopia: nearly all these + devices are based primarily on GPL'd software: most + notably, Linux. While Linux-based systems do allow proprietary user-space + applications (i.e., not licensed under GPL), the kernel and many other system + utilities routinely used in embedded systems, such as Conservancy’s BusyBox + project, are under that license (or similar copyleft licenses such as the + LGPL). These licenses require device makers to provide complete, + corresponding source code to everyone in possession of their + devices. Furthermore, Linux’s specific license (GPL, version 2), mandates + that source code must also include “the scripts used to control compilation + and installation of the executable”. In short, the consumers must receive + all the source code and the ability to modify, recompile and reinstall that + software. Upholding of this core freedom for Linux made OpenWrt + possible. We work to preserve (or, more often, restore) that software + freedom for consumers of other types of electronic devices.
+ +When devices are compliant with the GPL’s requirements, customers can + individually or collectively take action against the surveillance and other + predatory behavior perpetuated by the manufacturers of these devices by + modifying and replacing the software. Hobbyists can aid their community by + providing these alternatives. People with no technical background already + replace firmware on their wireless routers with OpenWrt to both improve + network performance and allay privacy concerns. Furthermore, older + equipment is often saved from planned obsolescence by alternative + solutions. E-recyclers + like Freegeek do this regularly for + desktop and laptop machines with GNU/Linux distributions like Debian, and + with OpenWrt for wireless routers. We seek to ensure they can do this for + other types of electronic products. However, without the complete, + corresponding source code (CCS), including the scripts to control its compilation and + installation, the fundamental purpose of copyleft is frustrated. Consumers, + hobbyists, non-profit e-recyclers and the general public are left without + the necessary tools they need and deserve, and which the license promises + them.
+ +Additionally, copyleft compliance relates directly to significant + generational educational opportunities. There are few easier ways to + understand technology than to experiment with a device one already + has. Historically, FOSS has succeeded because young hobbyists could + examine, modify and experiment with software in their own devices. Those + hobbyists became the professional embedded device developers of today! + Theoretically, the advent of the “Internet of Things” — with its many + devices that run Linux — should give opportunities for young + hobbyists to quickly explore and improve the devices they depend on in + their every day lives. Yet, that’s rarely possible in reality. To ensure + that both current and future hobbyists can practically modify their + Linux-based devices, we must enforce Linux’s license. With public awareness + that their devices can be improved, the desire for learning will increase, + and will embolden the curiosity of newcomers of all ages and + backgrounds. The practical benefits of this virtuous cycle are immediately + apparent. With technological experimentation, people are encouraged to try + new things, learn how their devices work, and perhaps create whole new + types of devices and technologies that no one has even dreamed of + before.
+ +IoT firmware should never rely on one vendor — even the vendor of the + hardware itself. This centralized approach is brittle and inevitably leads + to invasions of the public’s privacy and loss of control of their + technology. Conservancy’s GPL enforcement work is part of the puzzle that + ensures users can choose who their devices connect to, and how they + connect. Everyone deserves control over their own computing — from their + laptop to their television to their toaster. When the public can modify (or + help others modify) the software on their devices, they choose the level of + centralized control they are comfortable with. Currently, users with + Linux-based devices usually don’t even realize what is possible with + copyleft; Conservancy aims to show them.
+ +In May 2012, Software Freedom Conservancy + formed The GPL + Compliance Project for Linux Developers in response to frustration by + upstream Linux developers about the prevalence of noncompliance in the + field, and their desire to stand with Conservancy’s BusyBox, Git and Samba + projects in demanding widespread GPL compliance. This coalition of Linux + developers works with Conservancy to enforce the GPL for the rights of + Linux users everywhere — particularly consumers who own electronic + devices. We accept violation reports from the general public, and + prioritize enforcement in those classes of devices where we believe that we + can do the most good to help achieve GPL compliance that will increase + software freedom for the maximum number of device users.
+ +While we still gain some success, we have found that the landscape of GPL + compliance has changed in recent years. Historically, the true “bad actors” + were rare. We found in the early days that mere education and basic + supply-chain coordination assistance yielded compliance. We sought and + often achieved goodwill in the industry via education-focused + compliance.
+ +Those tactics no longer succeed; the industry has taken advantage of that + goodwill. After the BusyBox lawsuit settled, we observed a slow move toward + intentional non-compliance throughout the embedded electronics + industry. Companies use delay and “hardball” pre-litigation tactics to + drain the limited resources available for enforcement, which we faced (for + example) in the + VMware violation. While VMware ultimately complied with the GPL, they + did so by reengineering the product and removing Linux from it — and only + after the product was nearing end-of-life.
+ +Conservancy has recently completed an evaluation of the industry’s use of
+ Linux in embedded products. Our findings are disheartening and require
+ action. Across the entire industry, most major manufacturers almost flaunt
+ their failure to comply with the GPL. In our private negotiations,
+ pursuant to
+ our Principles
+ of Community-Oriented GPL Enforcement, GPL violators stall, avoid,
+ delay and generally refuse to comply with the GPL. Their disdain for the
+ rights of their customers is often palpable. Their attitude is almost
+ universal: if you think we’re really violating the GPL, then go ahead and
+ sue us. Otherwise, you’re our lowest priority
.
Conservancy has a three-pronged plan for action: litigation, persistent + non-litigation enforcement, and alternative firmware development.
+ +Conservancy has many violation matters that we have pursued during the + last year where we expect compliance is impossible without litigation. We + are poised to select — from among the many violations in the embedded + electronics space — a representative example and take action in USA courts + against a violator who has failed to properly provide source code + sufficient for consumers to rebuild and install Linux, and who still + refuses to remedy that error after substantial friendly negotiation with + Conservancy.
+ +Our goal remains the same as in all matters: we want a source release that + works, and we’ll end any litigation when the company fully complies on its + products and makes a bona fide commitment to future compliance.
+ +Conservancy, after years of analyzing its successes and failures of + previous GPL compliance litigation, has developed — in conjunction with + litigation counsel over the last year — new approaches to litigation + strategy. We believe this will bring to fruition the promise of copyleft: + a license that ensures the rights and software freedoms of hobbyists who + seek full control and modifiability of devices they own. Conservancy plans + to accelerate these plans in late 2020 into early 2021 and we'll keep the + public informed at every stage of the process.
+ +While we will seek damages to cover our reasonable costs of this work, we + do not expect that any recovery in litigation can fully fund the broad base + of work necessary to ensure compliance and the software freedom it brings. + Conservancy is the primary charitable watchdog of GPL compliance for + Linux-based devices. We seek to use litigation as a tool in a broader + course of action to continue our work in this regard. We expect and + welcome that the high profile nature of litigation will inspire more device + owners to report violations to us. We expect we’ll learn about classes of + devices we previously had no idea contained Linux, and we’ll begin our + diligent and unrelenting work to achieve software freedom for the owners of + those devices. We will also build more partnerships across the technology + sector and consumer rights organizations to highlight the benefit of + copyleft to not just hobbyists, but the entire general public.
+ +The success of the OpenWrt project, born from GPL enforcement, has an + important component. While we’ve long hoped that volunteers, as they did + with OpenWrt and SamyGo, will take up compliant sources obtained in our GPL + enforcement efforts and build alternative firmware projects, history shows + us that the creation of such projects is not guaranteed and exceedingly + rare.
+ +Traditionally, our community has relied exclusively on volunteers to take + up this task, and financial investment only comes after volunteers have put + in the unfunded work to make an MVP alternative firmware. While volunteer + involvement remains essential to the success of alternative firmware + projects, we know from our fiscal sponsorship work that certain aspects of + FOSS projects require an experienced charity to initiate and jump-start + some of the less exciting aspects of FOSS project creation and + development.
+ +Conservancy plans to select a specific class of device. Upon achieving + compliant source releases in that subindustry through GPL enforcement, + Conservancy will launch an alternative + firmware project for that class of device.
+ +{% endblock %}