Files
@ 3c483c2eb295
Branch filter:
Location: website/www/conservancy/static/copyleft-compliance/firmware-liberation.html
3c483c2eb295
11.0 KiB
text/html
Copyleft Compliance: Minor rewrite of strategy & firmware liberation
This rewrite should improve the stand-alone nature of these documents
and allow for better integration with other summary text and
announcements on the website.
Note that they have now drifted heavily from the original formulation
of the items as grant proposals.
This rewrite should improve the stand-alone nature of these documents
and allow for better integration with other summary text and
announcements on the website.
Note that they have now drifted heavily from the original formulation
of the items as grant proposals.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 | {% extends "base_compliance.html" %}
{% block subtitle %}Copyleft Compliance Projects - {% endblock %}
{% block submenuselection %}EnforcementStrategy{% endblock %}
{% block content %}
<h1 id="software-freedom-conservancy-proposal-for-firmware-liberation-project">Firmware Liberation Project</h1>
<h2 id="brief-history-of-openwrt">Brief History of OpenWRT</h2>
<p>The spring of 2003 was a watershed moment for software freedom on
electronic devices. 802.11 wireless technology had finally reached the
mainstream, and wireless routers for home use had flooded the market
earlier in the year. By June
2003, <a href="https://hardware.slashdot.org/story/03/06/08/1749217/is-linksys-violating-the-GPL">the
general public knew that Linksys (a division of Cisco) was violating the
GPL</a> on their WRT54G model wireless routers. Hobbyists discovered that
Linux, BusyBox and many GNU programs were included in the router, but
Linksys and Cisco had failed to provide source code or any offer for source
code to its customers. Linksys had violated the GPL, the license of these
projects.</p>
<p>A coalition successfully enforced the GPL in this case, and Linksys
released source code. A <a href="https://openwrt.org/about/history">group of
volunteers quickly built a new project, called OpenWRT</a> based on that
source release. In the years that have followed, OpenWRT has been ported to
almost every major wireless router product. Now, more than 15 years later,
the OpenWRT project routinely utilizes GPL source releases to build,
improve and port OpenWRT. OpenWRT has spurred companies to create better
routers.</p>
<h2 id="gpl-enforcement-needs-follow-through">GPL Enforcement Needs Follow-Through</h2>
<p>Simply enforcing the GPL is an important first step, and Conservancy
<a href="enforcement-strategy.html">continues our efforts in that regard</a>. However,
the success found with OpenWRT can be replicated <em>only if</em> there is
substantial effort <strong>after</strong> enforcement occurs to turn the
compliant source release into a viable alternative firmware for the
platform.</p>
<p>Conservancy has seen non-compliant Linux-based firmwares on refrigerators,
baby monitors, virtual assistants, soundbars, doorbells, home security
cameras, police body cameras, cars, AV receivers, and televisions.</p>
<p>This wide deployment of general purpose computers into mundane household
devices has profound privacy and consumer rights
implications. <a href="https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras.html">Home</a> <a href="https://www.washingtonpost.com/technology/2019/01/23/family-says-hacked-nest-camera-warned-them-north-korean-missile-attack/">security</a> <a href="https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable">cameras</a> <a href="https://www.cnn.com/2019/12/12/tech/ring-security-camera-hacker-harassed-girl-trnd/index.html">are</a> <a href="https://abc7.com/baby-monitor-hack-leads-to-kidnap-scare/4931822/">routinely</a> <a href="https://www.bbc.com/news/av/uk-44117337/security-footage-viewed-by-thousands">compromised</a>
— invading the privacy and security of individual homes. Even when
companies succeed in keeping out third parties, consumers
are <a href="https://www.theguardian.com/technology/2019/aug/29/ring-amazon-police-partnership-social-media-neighbor">pressured
by camera makers</a> to automatically upload their videos to local
police. Televisions
routinely <a href="https://techcrunch.com/2019/01/07/vizio-settlement-moves-forward/">spy
on consumers for the purposes of marketing and massive data
collection</a>.</p>
<p>“Internet of Things” firmware should never rely on one vendor — even the
vendor of the hardware itself. This centralized approach is brittle and
inevitably leads to invasions of the public’s privacy and loss of control of their
technology. Conservancy plans to address this issue in the manner that the
FOSS community knows best: put one foot in front of the other, and work to
create FOSS for every possible task that users want to accomplish. For IoT
devices, this means creating alternative firmware in the same manner that
OpenWRT has done for wireless routers.</p>
<h2 id="limited-success-of-alternative-hardware">Limited Success of
Alternative Hardware</h2>
<p>Alternative hardware projects remain an essential component of small
device freedom. Conservancy supports and engages with communities that seek
to source and build IoT-style devices from the ground up. We’re excited to
see deployable boards that allow Maker efforts to create new devices.</p>
<p>Nevertheless, we remain ever-cognizant that FOSS succeeded on servers,
laptop, desktop, and wireless router computers <em>precisely</em> because
users could buy commodity hardware at any store and install FOSS. There is
no complete, operational base operating system for most IoT devices on the
market.</p>
<h3 id="demonstrating-the-power-of-software-freedom">Demonstrating the power
of software freedom</h3>
<p>To many, the benefits of software freedom are abstract. For less technical
users, the idea of modifying or even reviewing the software on their
devices is wholly theoretical. For technical users, there is a limited time
available to invest in the devices they use for their everyday
lives. Bringing people together to take collective action for the control
of their own technology is a powerful proposition that has rarely been
demonstrated.</p>
<p>When alternative firmware projects like OpenWRT exist for IoT devices,
non-technical users can replace the software on their devices and benefit
from custom, community-controlled software. Technical users are more likely
to contribute knowing their efforts will be meaningful.</p>
<p>However, decades of corporate involvement in copyleft have demonstrated
that without an organized effort, control over one’s own software is purely
theoretical, even when software has a copyleft license, and
sometimes <em>even when</em> compliance with the copyleft license is
acheived. Conservancy recognizes that there is a unique opportunity for
charitable organizations to step in and change the power dynamic of the
tech industry for consumers.</p>
<h2 id="conservancys-plan-for-action">Conservancy’s Plan For Action</h2>
<p>Conservancy seeks to fund work on liberating firmware for a specific
device. This is accomplished with a two-prong approach: first, we will
leverage increased interest and tendency toward GPL compliance throughout
the embedded industry to more quickly achieve compliant source releases in
a particular subindustry.</p>
<p>Second, depending on what subindustry (i.e., specific class of devices)
seems most responsive to increased enforcement activity and willing to
provide compliant source releases quickly, we will launch, coordinate and
fund an alternative firmware project for that class.</p>
<h2 id="leveraging-on-increased-enforcement">Leveraging on Increased
Enforcement</h2>
<p><a href="enforcement-strategy.html">Conservancy plans to select a specific
violation and engage in litigation.</a> Based on past experience, we expect
that the press and attention to that ongoing litigation will yield
increased responsiveness by violators throughout the industry. (A similar
outcome occurred after our litigation in 2006.) This expected change in
behavior will open opportunities to replicate the OpenWRT approach in
another embedded electronic subindustry. Fast action will be necessary;
most IoT products have an 18 month lifecycle, so we seek to quickly
identify the right subindustry, gain compliance there, and move on to the
next phase.</p>
<h3 id="funding-firmware-liberation">Funding Firmware Liberation</h3>
<p>While we’ve long hoped that volunteers would take up compliant sources
obtained in our GPL enforcement efforts and build alternative firmware
projects as they did with OpenWRT, history shows us that the creation of
such projects is not guaranteed and exceedingly rare.</p>
<p>Traditionally, our community has relied exclusively on volunteers to take
up this task, and financial investment only comes after volunteers have put
in the unfunded work to make a Minimum Viable Product (MVP) liberated
firmware. While volunteer involvement remains essential to the success of
alternative firmware projects, we know from our fiscal sponsorship work
that certain aspects of FOSS projects require an experienced charity to
initiate and jump-start some of the less exciting aspects of FOSS project
creation and development. (In our last fiscal year, Conservancy funded 160
contributors to work on FOSS.)</p>
<p>In the initial phase of this grant, Conservancy will select a specific
class of device. Upon achieving compliant source releases in that
subindustry through GPL enforcement, Conservancy will launch an alternative
firmware project for that class of device.</p>
<p>Conservancy will seek to fund the time of project leaders and
infrastructure for the project. The goal is to build a firm base that draws
volunteers to the project. We know that sustaining funding over long
periods for a grassroots hobbyist activity is quite challenging; we seek to
use this grant to bootstrap and catalyze interest and contribution to the
project. Ideally, Conservancy would run the project with a single full-time
staffer for about a year, and achieve a volunteer base sufficient to
reduce funding to one part-time staffer.</p>
<h3 id="criteria-for-device-selection">Criteria for Device Selection</h3>
<p>The IoT device industry moves quickly and we must be prepared to adapt
based on new information. The first stage in this work will be to carefully
evaluate and select the device on which to focus for this
project. Conservancy will evaluate the following criteria in selecting a
class of devices:</p>
<ul>
<li><p>Do most devices in the subindustry already run a known FOSS system
(such as Android/Linux, BusyBox/Linux or GNU/Linux)?</p></li>
<li><p>In response to our increased enforcement activity, how many existing
GPL-compliant source releases are available from how many different
vendors in this subindustry?</p></li>
<li><p>Is there a known userspace application that runs on Maker-built
hardware that does the task the proprietary userspace software from the
vendor did?</p></li>
<li><p>What is the excitement level among volunteers for this
project?</p></li>
<li><p>What value will hobbyists achieve from replacing the software on their
device? For example, would they be able to avoid surveillance or add
accessibility features?</p></li>
</ul>
<p>Finally, Conservancy will be prepared and willing to recognize temporary
failure and setbacks in a particular subindustry and pivot quickly to
choosing a different class of devices. This project is ambitious, and we’ll
be adept in our approach to ensure success.</p>
|