Tuesday, January 04, 2011

A study of GPL voilation cases in 2006 2007

I did this report for my coursework, but I think I will publish it in order to get wider opinion on my work.

Scope: The document is academic in nature and reflects opinion and understanding of author developed from reading of various other related documents. This document may not be legally accurate due to limited technical understanding of law by the author, however author has tried to keep it factual to best of his beliefs. The document uses GPL’s version 2 as “the license”, which is most widely used and applicable for the cases presented in this document.

Referencing: The name of authors appears along with the year of publication separated by comma(“,”) inside a square bracket [author name, year], the author name and year are italicized for emphasis. The full details of references are expanded at the end of this paper in reference section.


Following three stories are selected for study in this report:
1. Free software foundation’s legal committee sues Monsoon multimedia for GPL violation [out-law page=8490, 2007]
2. British Telecom accused of violating terms of GPL on their broadband home router [out-law page=7685, 2005]
3. Fortinet UK does not comply with terms of GPL [out-law page=5620, 2005]



a) Risks

The risks involved in these three stories:
i. Violation of GPL leads to infringement of copy rights of authors of the software licensed under GPL.
ii. Such violation risks the existence of free software and rights of community to promote such software.
iii. The legal hurdles in enforcing GPL due to its different nature as compared to other licenses.
iv. In case of legal action against GPL violator, it may send wrong signals to companies planning of using open source software in future.
v. The legal action may lead to big financial damage of the violating organization causing bilateral damage. Such damage is bad for promotion of open source software in business.

b) Issues

Before we actually look into what are the issues related to GPL violation, we need to define what constitutes a violation as understood from [faqs at gnu.org, 2010]

GNU’s General Public License allows an organization and/or individual to copy a software, modify it and redistribute the software freely or by charging a fee. But the redistribution of the software should be covered under GPL and the source code need to be provided either through a medium or website link. The source code could be provided either on request or voluntarily [Kuhn et al, 2008].

GPL will be considered violated If the organization and/or individual
i. do not ship the software under the same license or
ii. denies the recipient of software the source code on request or
iii. tries to hide the fact that software is licensed under GPL by some form of encryption or similar techniques.

The most common issue is treating a GPL’d software as public domain software. In case of British Telecom issue was lack of awareness, however Monsoon multimedia disregarded the license itself. If propriety code is included with GPL’d code, the issue would be the difficulty to provide these codes separately. Another important issue is to educate customer if they receive any GPL’d code to redistribute it with the same license [Moglen, 2001].

c) Problems

One of the biggest problem faced by reporters of gpl-viloation is proving that any piece of software is indeed derived from an open source software [cnet news, 2005].
Due to distributed nature of software development, one of the problem is to finding the rightful owner of copyright. The next problem is her ability to actually carry out legal actions against the violator.
Another problem is the lack of funds for filing a court case, most of the open source projects are donation driven or sustaining from the individual income.

d) Consequences

The consequence of GPL violation is hindrance in process of sharing the knowledge and benefit of knowledge for the society. The consequences of problem faced due to violation makes it difficult to implement. The consequence of free nature of license makes companies ignore its terms.

2. Stakeholders

The primary stakeholders

i. Free software foundation’s different agencies
ii. various software companies which violated the gpl terms.
iii. The shareholder and investors of these companies

The secondary stakeholders
i. court of law for these cases
ii. developers from Free and open source software(FOSS) community.
In fortinet and BT cases the agency involved is gpl-violation.org whereas in case of Monsoon multimedia Software freedom Law centre(SFLC) is involved. Herald Welte acted on behalf of gplviolation.org in the courts, he holds copyrights for “netfilters” and busybox(after transfer by original authors).

3. Possible Actions

According to legal primer by SFLC[Fontana et al, 2008] the very first action is sending a letter informing the violator about the possible violation of GPL(which may be unintentional). If the letter is ignored, then sending a letter of injunction obtained from the court restraining further distribution. In most cases a out of court settlement is preferred, however if the offending party is not willing to comply, then only legal battle should be fought. The real motive of any action is awareness and enforcement for protection of copyrights of FOSS community.

Professional Aspect:

a. Responsibilities of decision makers

i. The organization should
a. understand the terms of GPL and decision to use the open source software should be conscious and consistent with company policies.
b. communicate the same to employees, in case they try to use open source software in the product.
c. provide mediums to provide source code to customer and communicate the terms.

ii. FSF is responsible for enforcement of GPL. It should educated organizations and developers about the requirements and actions related to GPL compliance. In case of violation, it is responsible for taking corrective actions.

b. Applicable sections of code of Ethics:

ACM code of Ethics and professional conduct:
i. Section 1.5
ii. Section 1.6
iii. Section 2.3
iv. Section 2.6
v. Section 1.3
IEEE/ACM Software engineers code of ethics and professional practice:
i. Section 2.07
ii. Section 2.09
iii. Section 5.09
iv. Section 6.01
v. Section 6.06

2. Rights of stakeholders

Stakeholders have right to
i. freely share the knowledge and distribute the open source software freely, but in accordance with GPL.
ii. copy, modify it and redistribute it further.
iii. seek copyrights on their original work.
iv. seek a legal action, if the user do no comply to conditions of the enclosing license.
v. ask for clarification from the party claiming the copyrights and seeking legal action.
vi. do legitimate business with software and make profit, while giving credits to original creator of the software.
vii. compensation for expenses and damaged caused by infringing party.

3. Impact of possible actions on stakeholders
i. For FOSS developers: the process of software development gets a more legal status.
ii. For FSF: enforcement of terms of license and thus safeguarding the interest of open source community.
iii. For companies: change in strategy for usage of free software and decision for promotion and contribution to FOSS. Any legal action can effect their reputation negatively.
iv. For legal community: such case will provide new areas of application for existing laws.

Legal Aspects:

1. UK act of parliament
Application of Copyright, Design and Patent Act 1988 and amendments made through The Copyright (Computer Programs) Regulations 1992:
These software are covered by section 3 (1)b as valid candidate for consideration. The author or joint authorship is defined as per provisions of section 9(1) and 10. The authors have right to make copy of the program and issue it to public under section 16 1(a) and 16 1(b). The receiving party can make copy of the work in lawful way under 50(c). While the software is redistributed in any form, it should be redistributed with same license(i.e. GPL)

Before we can recognize more laws which are relevant to these stories, we need to analyse the nature of GPL as a license. Section 2,3 and 4 of GPL license v2 [gnu.org, 1991] are considered binding by the law [Hoppner, 2004] as decided by German court in sitecom case. The German court also decided to charge the sitecom guilty of violating German civil code by breaching the terms of contract. However, Eben Moglen, the attorney at FSF made it clear in his article that the GPL is license and not a contract [Jones, 2001]. This complicates the application of contract laws to these cases.
The Author do not have sufficient legal understanding for finding an exact equivalent of German civil code. But Author speculates the following UK acts should be applicable if the court decides in the same way as German court:
Unfair contract Terms Act 1977 section 1(3) defines about the breach of contract by a business, which in this case is violation of GPL during sale of the product without proper license.
Sales of good act 1979 section 12 prevents sale of any item to which seller have no legal rights. In these case, sellers are selling a software product for which they don’t own copyrights. They are infringing the copyright of original author by not selling the product with its proper terms.

2. Two previously resolved legal cases.

As pointed out in previous section, Sitecom was found guilty of violating GPL and sued in Germany[out-law page=4486, 2004]. Another story of previously resolved GPL case is Dlink v/s gpl-violation.org [gpl-violation.org, 2006]

Similarities between the stories:

These stories involve infringement of copyrights of FOSS developers. The compliance can be bought by proper understanding of terms without resorting to any legal action. However, if they fail to abide by the terms in spite of being cautioned, all of them can be bought under legal action for copyright infringement.

Difference between the stories:

Some of these companies(BT, Fortinet) complied to the GPL terms on being made aware of it. Some of them(Dlink and Sitecom) didn’t complied until the legal letter of injunction was sent to them.
Dlink agreed to terms and condition of license, but refused to pay the legal expenses and other minimal costs. Later court ordered Dlink to pay for the expenses.
Monsoon multimedia went even further by not only complying to GPL but also appointing a dedicated open source compliance officer to monitor and ensure the GPL compliance.

Ethical Aspects

a. Deontological Perspective:
There is very little in actions of these organization which can be justified using Deontological perspective. The violation cannot be justified as unintentional since the organisation should understand the terms of License before using the software. The source code have a copy of GPL in it or a READ-ME file pointing to location of license online. The action of hiding the fact is immoral and action is equivalent to theft.

b. Consequentialist perspective:
The amount of happiness or utility increased by not giving proper credits to original authors of code seems very little. The only advantage one can draw from not providing source code is competitive advantage from rival companies. However this advantage is insignificant since other organization can also use open source software for their code. And if the rival organization complies with GPL, it can get stronger ties with FOSS community. Even if we consider that it can lead to happiness of Employees of organization by some profits, it will cause a much higher loss to FOSS community and thus there are no real gains.

Both ethical perspectives condemns the action of GPL violators, because neither the action nor the result is morally right or advantageous. This causes a lot of trouble to people who are creating software for general good of society and sharing their knowledge.

a. Negative rights:
i. Freedom to copy, use, modify and collaborate for creating open source software .
ii. The use of free software for business or any legal purpose.

b. Positive rights:
i. Providing the same license when distributing the software.
ii. Providing the source code, when required.
iii. Creating awareness.
iv. reporting a case of gpl violation.

As it can be seen there are very little conflict in negative and positive rights in these cases. The only conflict is usage of open source software in business purpose and providing a source code can cause misuse of software, since it will be easy for attackers to understand the working of software. However this issue is more related to software development and security features than related to GPL.

My proposed solution

While the solution options are provided differently for each case each of them can be applied to all of them for the same reason as stated.

Case 1:
Monsoon multimedia should pay compensation to gpl-violation.org for the legal fees and equipments and efforts required to prove its infringement. It should also create awareness about Compliance of GPL to customer and employees by creating policy document and conducting training on regular basis.

Professional rationale:
This will be consistent with organizations duty as listed in ACM code of conduct for doing greater good for society and creating awareness related to license terms and conditions.
Ethical rationale:
Providing a compensation for a legal fees and other costs is ethical from both perspectives since its a good act and increases the net happiness of everyone. The compensation is a very small amount in comparison to the worth of profits earned by usage of an open source software.
Legal rationale:
Fulfilling GPL requirement is necessary legal requirement, however in order to stop any
employee of customer from unintentionally violating the term of license, training and
awareness is necessary.

Case 2:
Though BT responded immediately to the letter from FSF[out-law page=7685, 2005], however it should appoint a team of developer which should work in providing GPL compliance along with possibility of contributing code back to FOSS community.

Professional rationale: For being more trustworthy and contributing to society while using software meant for same purpose is very much in accordance with ACM guidelines.
Ethical rationale: Its a very ethical thing to contribute back to community, it also increases net utility and happiness. BT is a huge organization, its action are followed by others, and thus it should set a high standard of moral responsibilities.
Legal rationale: BT fulfilled its legal obligation by accepting the terms. However in order to avoid any legal issues in future the compliance committee is a good step.

Case 3:
Fortinet should stop shipping of its product until all the compliance is issued. It should also send notices to existing customer telling the new license term of the software.
Professional rationale:
This will be consistent with ACM professional code by informing the customers of possible issues they may have to face due to usage of that particular product.
Ethical rationale
Its unethical from both perspective to ship a product without properly attributing the credit to the original authors.
Legal rationale
Shipping of products infringing copyright for business purpose is illegal. Also its in best interest of customers to be aware of terms of product license in order to avoid any legal hassles.

References are made in text as indicated on cover page under section referencing. The full details are provided here.

Outlaw news, page 5620, “Software firm settles GPL violation lawsuit”, 28/04/2005. Available at http://www.out-law.com/default.aspx?page=5620 [Accessed 04/12/2010]

Outlaw news, page 8490, “First US lawsuit to test GPL open source licence”, 24/09/2007. Available at http://www.out-law.com/default.aspx?page=8490 [Accessed 04/12/2010]

Outlaw news, page 7685, “BT's Home Hub runs on Linux”, 23/01/2007. Available at http://www.out-law.com/default.aspx?page=7685 [Accessed 04/12/2010]

Outlaw news, page 4486, “German court upholds open source licence”, 26/04/2004. Available at http://out-law.com/default.aspx?page=4486 [Accessed 04/12/2010]

GPL Violation case archives, “Dlink verdict”, 22/09/2006. Available at http://gpl-violations.org/news/20060922-dlink-judgement_frankfurt.html [Accessed 04/12/2010]

Sara Baase, 2008. A gift of fire: social, legal, and ethical issues for computing and internet 3rd edition, New jersey(U.S): Pearson Education.

Dr. Lee Gillam, 2010. Challenges for computing professionals, COMM006 [online via ulearn], University of Surrey.

S J A Robertson, 'The Validity of Shrink-Wrap Licences in Scots Law Beta Computers (Europe) Ltd v. Adobe Systems (Europe) Ltd', Case Note, 1998 (2) The Journal of Information, Law and Technology (JILT). Available at http://elj.warwick.ac.uk/jilt/cases/98_2rob [Accessed 04/12/2010]

J Höppner, "The GPL prevails: An analysis of the first-ever Court decision on the validity and effectivity of the GPL", (2004) 1:4 SCRIPTed 628, Available at http://www.law.ed.ac.uk/ahrc/script-ed/issue4/GPL-case.asp [Accessed 04/12/2010]

Bradley M. Kuhn, Aaron Williamson, Karen M. Sandler, “A Practical Guide to GPL Compliance”, Software freedom law centre, 2008. Available at http://www.softwarefreedom.org/resources/2008/compliance-guide.html [Accessed 04/12/2010]

Richard Fontana, Bradley M. Kuhn, Eben Moglen,Matthew Norwood, Daniel B. Ravicher, Karen Sandler, James Vasile, Aaron Williamson, “A Legal Issues Primer for Open Source and Free Software Projects”, Software freedom law centre, 2008. Available at http://www.softwarefreedom.org/resources/2008/foss-primer.htm [Accessed 04/12/2010]

Eben Moglen, “Enforcing the GNU GPL”, GNU publications, 2001. Available at Available at http://www.gnu.org/philosophy/enforcing-gpl.html [Accessed 04/12/2010]

Frequently asked questions from GNU’s official site, 2010. Available at http://www.gnu.org/licenses/gpl-faq.html [Accessed 04/12/2010]

Copyright, Designs and Patents Act 1988 (c. 48), UK Statute Law database. Available at

http://www.statutelaw.gov.uk/content.aspx?activeTextDocId=2250249#1375485 [Accessed 04/12/2010]

Unfair Contract Terms Act 1977, UK Govt Legislations. Available at

http://www.legislation.gov.uk/ukpga/1977/50/section/1?view=extent [Accessed 04/12/2010]

Sale of Goods Act 1979, UK Govt Legislations. Available at http://www.legislation.gov.uk/ukpga/1979/54/contents [Accessed 04/12/2010]

GNU General Public License version 2. 1991, Massachusetts(U.S). Available at http://www.gnu.org/licenses/gpl-2.0.html [Accessed 04/12/2010]

ACM /IEEE publications 1999, “Software Engineering Code of Ethics and Professional Practice”. Available at http://www.acm.org/about/se-code [Accessed 04/12/2010]

ACM /IEEE publications 1992, “ACM Code of Ethics and Professional Conduct”. Available at http://www.acm.org/about/code-of-ethics[Accessed 04/12/2010]

Pamela Jones, 2003 “The GPL Is a License, not a Contract”, published at lwn.net online linux magazine. Available at http://lwn.net/Articles/61292/ [Accessed 04/12/2010]

Stephen Shankland, March 16, 2005 “Open-source programmer alleges Linux misuse”, CNET News. Available at http://news.cnet.com/Open-source-programmer-alleges-Linux-misuse/2100-7344_3-5621156.html?tag=mncol;txt [Accessed 04/12/2010]

Final Judgement of the District Court of Munich I, issued 19 May 2004 – 21 O 6123/04. Translation provide at http://www.jbb.de/judgment_dc_frankfurt_gpl.pdf [Accessed 04/12/2010]

Copy of complaint lodged by Software freedom Law Centre against Monsoon Multimedia Inc. on Sep 19, 2007 at District Court New York(U.S.). Available at http://www.softwarefreedom.org/news/2007/sep/20/busybox/complaint.pdf [Accessed 04/12/2010]

The Wikipedia, 2010. Online open source wikipedia, “Acts of Parliament in the United Kingdom”. Available at

http://en.wikipedia.org/wiki/Acts_of_Parliament_in_the_United_Kingdom [Accessed 04/12/2010]

IRC conversation at #gnu at irc.freenode.net, 28/11/2010. Discussion “Laws safeguarding GPL in various countries”