{% extends "base_compliance.html" %} {% block subtitle %}Copyleft Compliance Projects - {% endblock %} {% block submenuselection %}EnforcementStrategy{% endblock %} {% block content %}

Firmware Liberation Project

Brief History of OpenWRT

The spring of 2003 was a watershed moment for software freedom on electronic devices. 802.11 wireless technology had finally reached the mainstream, and wireless routers for home use had flooded the market earlier in the year. By June 2003, the general public knew that Linksys (a division of Cisco) was violating the GPL on their WRT54G model wireless routers. Hobbyists discovered that Linux, BusyBox and many GNU programs were included in the router, but Linksys and Cisco had failed to provide source code or any offer for source code to its customers. Linksys had violated the GPL, the license of these projects.

A coalition successfully enforced the GPL in this case, and Linksys released source code. A group of volunteers quickly built a new project, called OpenWRT based on that source release. In the years that have followed, OpenWRT has been ported to almost every major wireless router product. Now, more than 15 years later, the OpenWRT project routinely utilizes GPL source releases to build, improve and port OpenWRT. OpenWRT has spurred companies to create better routers.

GPL Enforcement Needs Follow-Through

Simply enforcing the GPL is an important first step, and Conservancy continues our efforts in that regard. However, the success found with OpenWRT can be replicated only if there is substantial effort after enforcement occurs to turn the compliant source release into a viable alternative firmware for the platform.

Conservancy has seen non-compliant Linux-based firmwares on refrigerators, baby monitors, virtual assistants, soundbars, doorbells, home security cameras, police body cameras, cars, AV receivers, and televisions.

This wide deployment of general purpose computers into mundane household devices has profound privacy and consumer rights implications. Home security cameras are routinely compromised — invading the privacy and security of individual homes. Even when companies succeed in keeping out third parties, consumers are pressured by camera makers to automatically upload their videos to local police. Televisions routinely spy on consumers for the purposes of marketing and massive data collection.

“Internet of Things” firmware should never rely on one vendor — even the vendor of the hardware itself. This centralized approach is brittle and inevitably leads to invasions of the public’s privacy and loss of control of their technology. Conservancy plans to address this issue in the manner that the FOSS community knows best: put one foot in front of the other, and work to create FOSS for every possible task that users want to accomplish. For IoT devices, this means creating alternative firmware in the same manner that OpenWRT has done for wireless routers.

Limited Success of Alternative Hardware

Alternative hardware projects remain an essential component of small device freedom. Conservancy supports and engages with communities that seek to source and build IoT-style devices from the ground up. We’re excited to see deployable boards that allow Maker efforts to create new devices.

Nevertheless, we remain ever-cognizant that FOSS succeeded on servers, laptop, desktop, and wireless router computers precisely because users could buy commodity hardware at any store and install FOSS. There is no complete, operational base operating system for most IoT devices on the market.

Demonstrating the power of software freedom

To many, the benefits of software freedom are abstract. For less technical users, the idea of modifying or even reviewing the software on their devices is wholly theoretical. For technical users, there is a limited time available to invest in the devices they use for their everyday lives. Bringing people together to take collective action for the control of their own technology is a powerful proposition that has rarely been demonstrated.

When alternative firmware projects like OpenWRT exist for IoT devices, non-technical users can replace the software on their devices and benefit from custom, community-controlled software. Technical users are more likely to contribute knowing their efforts will be meaningful.

However, decades of corporate involvement in copyleft have demonstrated that without an organized effort, control over one’s own software is purely theoretical, even when software has a copyleft license, and sometimes even when compliance with the copyleft license is acheived. Conservancy recognizes that there is a unique opportunity for charitable organizations to step in and change the power dynamic of the tech industry for consumers.

Conservancy’s Plan For Action

Conservancy seeks to fund work on liberating firmware for a specific device. This is accomplished with a two-prong approach: first, we will leverage increased interest and tendency toward GPL compliance throughout the embedded industry to more quickly achieve compliant source releases in a particular subindustry.

Second, depending on what subindustry (i.e., specific class of devices) seems most responsive to increased enforcement activity and willing to provide compliant source releases quickly, we will launch, coordinate and fund an alternative firmware project for that class.

Leveraging on Increased Enforcement

Conservancy plans to select a specific violation and engage in litigation. Based on past experience, we expect that the press and attention to that ongoing litigation will yield increased responsiveness by violators throughout the industry. (A similar outcome occurred after our litigation in 2006.) This expected change in behavior will open opportunities to replicate the OpenWRT approach in another embedded electronic subindustry. Fast action will be necessary; most IoT products have an 18 month lifecycle, so we seek to quickly identify the right subindustry, gain compliance there, and move on to the next phase.

Funding Firmware Liberation

While we’ve long hoped that volunteers would take up compliant sources obtained in our GPL enforcement efforts and build alternative firmware projects as they did with OpenWRT, history shows us that the creation of such projects is not guaranteed and exceedingly rare.

Traditionally, our community has relied exclusively on volunteers to take up this task, and financial investment only comes after volunteers have put in the unfunded work to make a Minimum Viable Product (MVP) liberated firmware. While volunteer involvement remains essential to the success of alternative firmware projects, we know from our fiscal sponsorship work that certain aspects of FOSS projects require an experienced charity to initiate and jump-start some of the less exciting aspects of FOSS project creation and development. (In our last fiscal year, Conservancy funded 160 contributors to work on FOSS.)

In the initial phase of this grant, Conservancy will select a specific class of device. Upon achieving compliant source releases in that subindustry through GPL enforcement, Conservancy will launch an alternative firmware project for that class of device.

Conservancy will seek to fund the time of project leaders and infrastructure for the project. The goal is to build a firm base that draws volunteers to the project. We know that sustaining funding over long periods for a grassroots hobbyist activity is quite challenging; we seek to use this grant to bootstrap and catalyze interest and contribution to the project. Ideally, Conservancy would run the project with a single full-time staffer for about a year, and achieve a volunteer base sufficient to reduce funding to one part-time staffer.

Criteria for Device Selection

The IoT device industry moves quickly and we must be prepared to adapt based on new information. The first stage in this work will be to carefully evaluate and select the device on which to focus for this project. Conservancy will evaluate the following criteria in selecting a class of devices:

Finally, Conservancy will be prepared and willing to recognize temporary failure and setbacks in a particular subindustry and pivot quickly to choosing a different class of devices. This project is ambitious, and we’ll be adept in our approach to ensure success.