The Software Freedom Conservancy is a 501(c)(3) non-profit charity + registered in New York that continues it work in the are of important + licensing policy work involves defending and upholding the rights of + software users and consumers under copyleft licenses, such as the GPL.
+ +The spring of 2003 was a watershed moment for software freedom on + electronic devices. 802.11 wireless technology had finally reached the + mainstream, and wireless routers for home use had flooded the market + earlier in the year. By June + 2003, the + general public knew that Linksys (a division of Cisco) was violating the + GPL on their WRT54G model wireless routers. Hobbyists discovered + (rather easily) that Linux, BusyBox and many GNU programs were included in + the router, but Linksys and Cisco had failed to provide source code or any + offer for source code to its customers.
+ +A coalition formed including organizations and individuals — including + Erik Andersen (major contributor to and former leader of the BusyBox + project) and Harald Welte (major contributor to Linux’s netfilter + subsystem) — to enforce the + GPL. Bradley + M. Kuhn, who is now Conservancy’s Policy Analyst and + Hacker-in-Residence, led and coordinated that coalition when he was + Executive Director of the FSF. By early 2004, this coalition, through the + process of GPL enforcement,compelled Linksys to release an + almost-GPL-compliant source release for the + WRT54G. A group of volunteers + quickly built a new project, called OpenWRT based on that source + release. In the years that have followed, OpenWRT has been ported to almost + every major wireless router product. Now, more than 15 years later, the + OpenWRT project routinely utilizes GPL source releases to build, improve + and port OpenWRT. The project has also joined coalitions to fight the FCC + to ensure that consumers have and deserve rights to install modified + firmwares on their devices and that such hobbyist improvements are no + threat to spectrum regulation.
+ +Recently, OpenWRT decided to join Conservancy as one its member projects, + and Conservancy has committed to long-term assistance to this project.
+ +OpenWRT has spurred companies to create better routers and other wireless + devices than they would otherwise have designed because they now need to + either compete with hobbyists, or (better still) cooperate with them to + create hardware that fully supports OpenWRT’s features and improvements + (such as dealing + with the + dreaded “bufferbloat” bugs). This interplay between the hobbyist + community and for-profit ventures promotes innovation in + technology. Without both permission and the ability to build and + modify the software on their devices, the hobbyist community + shrinks. Eventually, instead of encouraging people to experiment with their + devices, hobbyists are limited by the oft-arbitrary manufacturer-imposed + restraints in the OEM firmware. OpenWRT saved the wireless router market + from this disaster; we seek to help other embedded electronic subindustries + avoid that fate. The authors of GPL’d software chose that license so its + source is usable and readily available to hobbyists. It is our duty, as + activists for the software freedom of hobbyists, to ensure these legally + mandated rights are never curtailed.
+ +(More on the OpenWRT project’s history and its connection to GPL + enforcement can be found + in Kuhn’s talk + at OpenWRT Summit 2016.)
+ +Conservancy has had substantial success in leveraging more device freedom + in other subindustries through GPL compliance. In 2009, Conservancy, with + co-Plaintiff Erik Andersen, sued fourteen defendants in federal court under + copyright claims on behalf of its BusyBox member project. Conservancy was + able to achieve compliance for the BusyBox project in all fourteen + cases. Most notably, the GPL-compliant source release obtained in the + lawsuit for certain Samsung televisions provided the basis for + the SamyGo project — an alternative + firmware that works on that era of Samsung televisions and allows consumers + to modify and upgrade their firmware using FOSS.
+ +Harald Welte also continued his efforts during the early and mid-2000s + after the Linksys enforcement through + his gpl-violations.org + project. Harald successfully sued many companies (mostly in the + wireless router industry) in Germany to achieve compliance and yield source + releases that helped OpenWRT during that period.
+ +In recent years, embedded systems technology has expanded beyond wireless + routers to so-called “Internet of Things” devices designed for connectivity + with other devices in the home and to the “Cloud”. Consumer electronics + companies now feature and differentiate products based on Internet + connectivity, and related services. Conservancy has seen Linux-based + firmwares on refrigerators, baby monitors, virtual assistants, soundbars, + doorbells, home security cameras, police body cameras, cars, AV receivers, + and televisions.
+ +This wide deployment of general purpose computers into mundane household + devices raises profound privacy and consumer rights + implications. Home security cameras are routinely compromised + — invading the privacy and security of individual homes. Even when + companies succeed in keeping out third parties, consumers + are pressured + by camera makers to automatically upload their videos to local + police. Televisions + routinely spy + on consumers for the purposes of marketing and massive data + collection.
+ +There is one overarching irony to this growing dystopia: nearly all these + devices are based primarily on software licensed under the GPL: most + notably, Linux. While Linux-based systems do allow proprietary user-space + applications not licensed under GPL, the kernel (and many other system + utilities routinely used in embedded systems, such as Conservancy’s BusyBox + project) are under that license (or similar copyleft licenses such as the + LGPL). These licenses require device markers to provide complete, + corresponding source code to everyone in possession of their + devices. Furthermore, Linux’s specific license (GPL, version 2), mandates + that source code must also include “the scripts used to control compilation + and installation of the executable”. In short, the consumers must receive + all the source code and the ability to modify, recompile and reinstall that + software. Upholding of this core freedom for Linux made OpenWRT + possible. We work to preserve (or, more often, restore) that software + freedom for consumers of other types of electronic devices.
+ +When devices are compliant with the GPL’s requirements, customers can + individually or collectively take action against the surveillance and other + predatory behavior perpetuated by the manufacturers of these devices by + modifying and replacing the software. Hobbyists can aid their community by + providing these alternatives. People with no technical background already + replace firmware on their wireless routers with OpenWRT to both improve + network performance and allay privacy concerns. Furthermore, older + equipment is often saved from planned obsolescence by alternative + solutions. E-recyclers + like Freegeek do this regularly for + desktop and laptop machines with GNU/Linux distributions like Debian, and + with OpenWRT for wireless routers. We seek to assure they can do this for + other types of electronic products. However, without the complete, + corresponding source code and the scripts to control its compilation and + installation, the fundamental purpose of copyleft is frustrated. Consumers, + hobbyists, non-profit e-recyclers and the general public are left without + the necessary tools they need and deserve, and which the license promises + them.
+ +Additionally, copyleft compliance relates directly to significant + generational educational opportunities. There are few easier ways to + understand technology than to experiment with a device one already + has. Historically, FOSS has succeeded because young hobbyists could + examine, modify and experiment with software in their own devices. Those + hobbyists became the professional embedded device developers of today! + Theoretically, the advent of the “Internet of Things” — with its many + devices that run Linux — should give opportunities for young hobbyists to + quickly explore and improve the devices they depend on in their every day + lives. Yet, that’s rarely possible in reality. To ensure that both current + and future hobbyists can practically modify their Linux-based devices, we + must enforce Linux’s license. With public awareness that their devices can + be improved, the desire for learning will increase, and will embolden the + curiosity of newcomers of all ages and backgrounds. The practical benefits + of this virtuous cycle are immediately apparent. With technological + experimentation, people are encouraged to try new things, learn how their + devices work, and perhaps create whole new types of devices and + technologies that no one has even dreamed of before.
+ +“Internet of Things” firmware should never rely on one vendor — even the + vendor of the hardware itself. This centralized approach is brittle and + inevitably leads to invasions of the public’s privacy and control of their + technology. Conservancy’s GPL enforcement work is part of the puzzle that + ensures users can choose who their devices connect to, and how they + connect. Everyone deserves control over their own computing — from their + laptop to their television to their toaster. When the public can modify (or + help others modify) the software on their devices, they choose the level of + centralized control they are comfortable with. Currently, users with + Linux-based devices usually don’t even realize what is possible with + copyleft; Conservancy aims to show them.
+ +In May 2012, Software Freedom Conservancy + formed The GPL + Compliance Project for Linux Developers in response to frustration by + upstream Linux developers about the prevalence of noncompliance in the + field, and their desire to stand with Conservancy’s BusyBox, Git and Samba + projects in demanding widespread GPL compliance. This coalition of Linux + developers works with Conservancy to enforce the GPL for the rights of + Linux users everywhere — particularly consumers who own electronic + devices. We accept violation reports from the general public, and + prioritize enforcement in those classes of devices where we believe that we + can do the most good to help achieve GPL compliance that will increase + software freedom for the maximum number of device users.
+ +While we still gain some success, we have found that the landscape of GPL + compliance has changed in recent years. Historically, the true “bad actors” + were rare. We found in the early days that mere education and basic + supply-chain coordination assistance yielded compliance. We sought and + often achieved goodwill in the industry via education-focused + compliance.
+ +Those tactics no longer succeed; the industry has taken advantage of that + goodwill. After the BusyBox lawsuit settled, we observed a slow move toward + intentional non-compliance throughout the embedded electronics + industry. Companies use delay and “hardball” pre-litigation tactics to + drain the limited resources available for enforcement, which we faced for + example + in the + VMware violation. While VMware ultimately complied with the GPL, they + did so by reengineering the product and removing Linux from it — and only + after the product was nearing end-of-life.
+ +Conservancy has recently completed an evaluation of the industry’s use of + Linux in embedded products. Our findings are disheartening and require + action. Across the entire industry, most major manufacturers almost flaunt + their failure to comply with the GPL. In our private negotiations, pursuant + to + our Principles + of Community-Oriented GPL Enforcement, GPL violators stall, avoid, + delay and generally refuse to comply with the GPL. Their disdain for the + rights of their customers is often palpable. Their attitude is almost + universal: “if you think we’re really violating the GPL, then go ahead and + sue us. Otherwise, you’re our lowest priority.”
+ +Conservancy has a three-pronged plan for action: litigation, persistent + non-litigation enforcement, and alternative firmware development.
+ +Conservancy has many violation matters that we have pursued during the + last year where we expect compliance is impossible without litigation. We + are poised to select — from among the many violations in the embedded + electronics space — a representative example and take action in USA courts + against a violator who has failed to properly provide source code + sufficient for consumers to rebuild and install Linux, and who still + refuses to remedy that error after substantial friendly negotiation with + Conservancy.
+ +Our goal remains the same as in all matters: we want a source release that + works, and we’ll end any litigation when the company fully complies on its + products and makes a bona fide commitment to future compliance.
+ +Conservancy, after years of analyzing its successes and failures of + previous GPL compliance litigation, has developed — in conjunction with + litigation counsel over the last year — new approaches to litigation + strategy. We believe this will bring to fruition the promise of copyleft: a + license that assures the rights and software freedoms of hobbyists who seek + full control and modifiability of devices they own. With the benefit of + this grant, Conservancy plans to accelerate these plans in 2020 and to keep + the public informed at every stage of the process.
+ +While we will seek damages to cover our reasonable costs of this work, we + do not expect that any recovery in litigation can fully fund the broad base + of work necessary to ensure compliance and the software freedom it + brings. Conservancy is the primary charitable watchdog of + GPL compliance for Linux-based devices. We seek to use litigation as a tool + in a broader course of action to continue our work in this regard. We + expect and welcome that the high profile nature of litigation will inspire + more device owners to report violations to us. We expect we’ll learn about + classes of devices we previously had no idea contained Linux, and we’ll + begin our diligent and unrelenting work to achieve software freedom for the + owners of those devices. We will also build more partnerships across the + technology sector and consumer rights organizations to highlight the + benefit of copyleft to not just hobbyists, but the entire general + public.
+ +The success of the OpenWRT project, born from GPL enforcement, has an + important component. While we’ve long hoped that volunteers, as they did + with OpenWRT and SamyGo, will take up compliant sources obtained in our GPL + enforcement efforts and build alternative firmware projects, history shows + us that the creation of such projects is not guaranteed and exceedingly + rare.
+ +Traditionally, our community has relied exclusively on volunteers to take + up this task, and financial investment only comes after volunteers have put + in the unfunded work to make an MVP alternative firmware. While volunteer + involvement remains essential to the success of alternative firmware + projects, we know from our fiscal sponsorship work that certain aspects of + FOSS projects require an experienced charity to initiate and jump start + some of the less exciting aspects of FOSS project creation and + development.
+ +Conservancy plans to select a specific class of device. Upon achieving + compliant source releases in that subindustry through GPL enforcement, + Conservancy will launch an alternative + firmware project for that class of device.
+ +{% endblock %}