Why Couldn't Cisco And FSF Come To An Agreement?
from the this-makes-no-sense dept
There’s lots of talk in tech circles about the fact that the Free Software Foundation is now suing Cisco for copyright infringement, over Cisco’s misuse of GPL’d code in its Linksys routers. What seems odd is that this got as far as it did. The issue with Linksys and its use of GPL’d code has been talked about for years, and it seems like there should have been a simple solution from the very beginning: Cisco/Linksys should have made the code available, as per the terms of the license. So why didn’t they? Well, the details from the case suggest that, while Cisco did drag its feet in releasing the code, FSF then came back with additional demands, specifically:
- Cisco needed to appoint a “free software compliance officer.”
- Cisco needed to try to inform all past customers of its failed compliance
- Cisco needed to pay FSF a chunk of money
It appears that it’s these issues over which the two parties disagree and the lawsuit was filed. While I’m sympathetic to the FSF’s position, this might be going a bit too far. Nothing in the GPL requires someone to set up a “compliance officer.” Yes, due to Cisco’s foot-dragging, you can see why FSF would ask for such a thing, but it’s difficult to see how it should be required, or eventually involve a lawsuit. Also, it’s unclear why Cisco should need to inform people. The folks who actually care are likely to hear about this anyway. Yes, Cisco violated the GPL, and yes, it was slow to get itself in compliance, but FSF seems to be demanding an awful lot in response.
Filed Under: gpl, lawsuit, open source
Companies: cisco, free software foundation, linksys
Comments on “Why Couldn't Cisco And FSF Come To An Agreement?”
This has nothing to do with what’s in the GPL.
Cisco is guilty of large-scale commercial copyright-infringement.
The talks were simply of the type “If you do X, we will retroactively grant you a license and won’t sue your sorry asses”. The FSF could have demanded that the CFO of Cisco does a handstand while being naked.
A compliance officer is an obvious demand; would you trust a company who has again and again violated your license?
Telling the past customers is a requirement of the GPL; you can’t use the freedoms granted by the GPL if you don’t know that the code you are using is licensed under the GPL.
And it serves as a nice deterent for future infringers: it’s damn embarassing to have to tell all your customers that you are a lying thief.
Why so surprised?
If this had been infringement of the copyright of some other entity who owned a compiler tools suite and a bunch of software for managing computers and so forth, nobody would be surprised at any of these terms. Cisco have had many chances to bring their Linksys unit into compliance and have not been able to consistently do so.
Cisco is a company of significant capability. If they have persistently not managed to solve these compliance issues effectively, it is not through a lack of ability but a lack of inclination or a lack of adequate prioritisation.
These conditions seem quite in line with the likely demands of another copyright holder in the same position; indeed, since they’ve been in talks with the FSF for ages I’m surprised they don’t already have a compliance officer.
Notice the things though that the FSF aren’t demanding. They’re not demanding products be withdrawn from the market, for example. They’re not demanding that Cisco’s customers be compensated for the goods of value they’ve been denied (though I guess only those customers would be able to bring that suit).
I can only assume from the limited information available to the public that if this is not simply the result of Cisco not caring enough to solve the problem, Cisco’s poor compliance must be the effect of one of two things. First, inability to fully comply due to some other obligation (though I greatly doubt this) or second, simply that the Linksys business unit kept such poor records that it was impossible to determine what needed to be done to bring about and maintain compliance. Even this second thing is a bit doubtful, since from the FSF’s representations, many talks were had in which I’m sure the FSF made clear what needed to happen.
This is all speculation though. I will be interested to understand Cisco’s point of view.
Re: Why so surprised?
Denied value? My Linsys wrt54g with dd-wrt third-party firmware (release after Linksys was forced to release the code) is the best value I have ever owned. QOS, multiple wireless modes (bridge, AP, distributed wireless, etc), transmission strength booster, etc, in a $50 router. Can’t beat that. Anyone with one of these routers should check out the available third-party firmwares.
Just a reminder: all proceeds from this lawsuit go directly to the “Buy Richard Stallman a New Diamond Encrusted Gold Beard” foundation.
Perhaps Cisco will now get off its bum
And start using FreeBSD or NetBSD for its products to avoid the GPL ‘infection’.
Per inside sources
Pun not intended, but per some inside sources (including some AC posts on Slashdot by supposed Cisco employees) the issue for Cisco is that because they put in certain code (such as keys) those are technically GPL as well and the source would have to be available.
Pretty much that renders any security moot.
Re: Per inside sources
If the security relies on the source code being a secret, then it’s already broken, is it not?
past vs future infringement
There are two separate issues here. By making the code available, Cisco prevents any future infringement of the GPL license. But it also has to make amends for its past infringement. That’s what these demands are about.
specific FSF additional demands ..
01. Cisco needed to appoint a “free software compliance officer.
02. Cisco needed to try to inform all past customers of its failed compliance
03. Cisco needed to pay FSF a chunk of money
Do you have any citations for the above, especially #3
Re: specific FSF additional demands ..
The link to the EFF’s complaint was in the article that TechDirt referred to, on page 11.
Re: Re: specific FSF additional demands ..
Oops….meant FSF
Re: Re: specific FSF additional demands ..
“The link to the EFF’s complaint was in the article that TechDirt referred to, on page 11“, DanC
Yea, but that’s a request for damages in the current litigation, a response by the FSF to Ciscos’ previous failure to respond to requests for compliance. Unless Cisco are expreriencing a time paradox, how could an event in the future (damages) influence Ciscos’ decision in the past to not settle with the FSF in the future. This is all causing my head to SPIN .. 🙂
The quoted text in the TechDirt article suggests that the FSF had previously demanded money, if so where and when ?
‘details from the case suggest that .. FSF then came back with additional demands, specifically .. Cisco needed to pay FSF a chunk of money‘, TechDirt>
‘That the Court order Defendant to account for and disgorge to Plaintiff all profits derived by Defendant from its unlawful acts;‘, FSF
Re: Re: Re: specific FSF additional demands ..
Yea, but that’s a request for damages in the current litigation, a response by the FSF to Ciscos’ previous failure to respond to requests for compliance. Unless Cisco are expreriencing a time paradox, how could an event in the future (damages) influence Ciscos’ decision in the past to not settle with the FSF in the future. This is all causing my head to SPIN .. 🙂
No, that portion was simply establishing the timeline for the communications between the FSF and Cisco. According to the complaint, those conditions were sent on March 25, 2008 as a proposed resolution to Cisco’s violations of the GPL.
There is no time warp:
1. Cisco violated the GPL.
2. FSF started talking to Cisco about resolutions
3. Cisco dragged it’s feet and continued violating the GPL
4. FSF sent the demands listed.
5. Cisco refused the demands.
6. FSF sued.
Re: Re: Re:2 specific FSF timeline ..
“There is no time warp:”, DanC
‘1. Cisco violated the GPL.
2. FSF started talking to Cisco about resolutions
3. Cisco dragged it’s feet and continued violating the GPL
4. FSF sent the demands listed.
5. Cisco refused the demands.
6. FSF sued.’
Could you provide a citation for #4, specifically a demand for ‘a chunk of money’ and show that it occured before #6.
Re: Re: Re:3 specific FSF timeline ..
Could you provide a citation for #4, specifically a demand for ‘a chunk of money’ and show that it occured before #6.
Um. He already provided the citation. On page 11 of the complaint, it says on March 25, 2008, FSF sent the following list of demands, and it includes “Linksys shall compensate FSF….”
The lawsuit was filed on December 11, 2008.
So, yes, 4 happened well before 6.
Re: Re: Re:4 specific FSF timeline ..
‘So, yes, 4 happened well before 6‘
Thank you for clarifying the timeline for me .. Regardless, the original TechDirt quote is misleading, it wasn’t the FSF ‘additional’ demand for money that dissuaded Cisco from settling.
Re: Re: Re:5 specific FSF timeline ..
Thank you for clarifying the timeline for me .. Regardless, the original TechDirt quote is misleading, it wasn’t the FSF ‘additional’ demand for money that dissuaded Cisco from settling.
Says who? It seems clear that Cisco refused to give in on those demands, hence the lawsuit.
Re: Re: specific FSF additional demands ..
I think you mean FSF and SFLC’s complaint
This is why....
I don’t actively support the FSF, even though they support things I believe in. They just go too far. They seem like they feel like it’s more important to keep grinding their axes than it is to give OSS and FS real credibility by being an example of a respectable and rational member of the tech community. It seems like everything they do ends up with them acting like a petulant child at some point. As much as I’d love to, I just can’t put my support behind a group that does that sort of thing, I think it ultimately does more harm than good.
Re: This is why....
Yet another GPL hater. Time to check your M$ stock now.
Re: This is why....
How does acting to enforce the terms of the license deem them in your eyes, to be acting like petulant children and more interested in grinding axes?
“You may copy and distribute the Program ..in .. executable form .. provided that you also .. Accompany it with the .. source code“
Re: This is why....
They just go too far.
No, its about time they man up, grow a set of ‘nads and back up their words with actions.
Look at how FSF handled the Virgin Web device.
Perhaps someone might be able to explain why the incorporation of a portion of GPL covered code into the firmware of a retail hardware product is even an issue.
Re: Re:
Perhaps someone might be able to explain why the incorporation of a portion of GPL covered code into the firmware of a retail hardware product is even an issue.
It isn’t, provided you abide by the terms of the license.
Re: Re: Re:
I understand this, but since firmware is to my knowledge generally hardware specific I do not understand why the distribution of firmware source code is necessary in the case of the retail sale of a piece of consumer hardware.
Re: Re: Re: demo of recursion
See comment ‘Re: by DanC on Dec 12th, 2008 @ 9:03am’
Re: Re: Re: Re:
I do not understand why the distribution of firmware source code is necessary in the case of the retail sale of a piece of consumer hardware.
Will the average consumer care about being able to look at the firmware source code? Of course not. But a software developer or enthusiast looking to make a hardware-specific program may benefit from it.
And honestly, the requirements to use GPL software are hardly onerous. Since it’s fairly easy to comply with the terms, and they aren’t restrictive, allowing special exemptions based on usage doesn’t really make sense and would actually weaken the license.
Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
Because that’s what the licence terms require. If you want to use the software, you must abide by the licence. Don’t like the licence? Don’t use the software.
Re: Re: Re:2 http://www.wlug.org.nz/SealedBonnetFallacy
“Because that’s what the licence terms require. If you want to use the software, you must abide by the licence. Don’t like the licence? Don’t use the software.”
I used the term “retail sale” to signify sales to the typical consumer/end user.
While a sale under such circumstances may be stretched to constitute a distribution if covered content is embodied in such retail sales, the GPL license is anything but clear in this circumstance. Of course, if a third party software developer desires a copy of source code, it need only ask and the software must be provided.
Re: Re: Re:3 http://www.wlug.org.nz/SealedBonnetFallacy
Huh? You don’t think that retail sales are distribution? You must have your own private dictionary different from the rest of us. But the GPL is very clear on that point and doubt that the court is going to accept such a lame excuse.
Re: Re: Re:4 http://www.wlug.org.nz/SealedBonnetFallacy
It always help before weighing in on a topic such as this to read the governing document, in this case the GPL terms and conditions. If you do so you will note that an important term is “convey”, and it is a stretch beyond the clear meaning of the license terms to somehow conclude that retail customers are entitled to receive source code with their purchased hardware.
Re: Re: Re:5 http://www.wlug.org.nz/SealedBonnetFallacy
Perhaps you should follow your own advice. Or be a little more honest about what it really says.
You must be talking about version 3 then (not the one mostly violated by Cisco). But still, from the GPL 3.0:
You need to explain how that excludes retail sales and relieves Cisco of complying with the terms of the license. I also don’t know where you’re getting this “receive source code with their purchased hardware” idea. Again, you should actually read the license as it says no such thing.
Re: Re: Re:6 http://www.wlug.org.nz/SealedBonnetFallacy
We are talking past each other, with most of it being due to questions/comments I made and comments I received.
Of course, I now understand that the central issue concerns the availability of source code to third party software developers. I still have to wonder, however, about the utility of source code for firmware for a specific consumer product. If firmware is product specific, it is not altogether clear why a software developer who does not manufacture the product would even care about receiving a copy. If such a developer would not even care, then I do have to wonder why the FSF is so upset it feels the need to file a lawsuit.
Insofar as I am aware, all three versions of the GPL have had a “make source code available” requirement. We do not disagree on this. My observations merely reflect my lack of understanding as to why, other than fealty to an agreement, the failure to make source code available that is unique to Cisco products is deemed an important legal issue by the FSF.
As an aside, I do find it curious that the GPL v3 (I do not know about v1 and v2) incorporates “making available”, a “right” that is being hotly debated in the US in the context of P2P file sharing. There is such an explicit right in the EU, but it has never been explicity incorporated into US copyright statutes. Some in the US argue it is inherent. Others take a contrary position.
Re: Re: Re:6 http://www.wlug.org.nz/SealedBonnetFallacy
Just to be clear, my questions are not really about the GPL, but about whether or not in this instance a failure or lack of timeliness to release source code for firmware is a breach of the license that has a significant and practical real world impact. I simply do not know the answer and am merely trying to gather data.
As an aside, I have reviewed the Cisco website to see how it treats disclosures where covered content is incorporated into its consumer products. I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance. Based upon what I read for merely one Cisco product, I have to wonder if the FSF is mandating administrative burdens that make the use of proprietary software look like a mere cakewalk in comparison.
Surely the FSF can come up with a way to ease the administrative burden in order to foster more timely compliance.
GPL violations still not fixed!
As stated in the article by Mike:
“while Cisco did drag its feet” and “Cisco violated the GPL, and yes, it was slow to get itself in compliance”
Using the past tense is very much incorrect. I think the author should re-read the FSF complaint because it directly states Linksys products remain out of compliance. What will go against Cisco if this goes to trial is that Cisco previously acknowledged the violations yet continues to practice copyright violations , which probably makes Cisco even more financially responsible.
This is why there is a lawsuit – it’s not for past sins, it for the ongoing ones that continue. Asking for all the other stuff such as a compliance officer is just thrown in for giggles to see what sticks if it goes to court. In a way, FSf may be providing an out and a way to avoid a trial without being obvious about it.
Compliance officer
Just as a point of information, I remember reading about a few settlements reached with other companies who used GPL software without complying with the license terms. In at least some of those settlements, the company agreed to add a compliance officer to the company staff.
Before anyone asks: No, I don’t have citations at hand, and I don’t have time to look for them right now. I think some of the settlements were over violations of the GPL for using the busybox software, which might help you find them if you are willing to do a little searching with Google.
On the larger issue — my impression is that the FSF has been very good over the years at first working with companies they accuse of violating the GPL before filing lawsuits. I remember seeing announcements of many such disputes being settled without a lawsuit. Without looking into the details of this particular case, my bias is that the FSF is in the right and being reasonable about their demands. It’s always possible that they may have gone off the tracks in this instance, but until I learn facts that demonstrate that has happened, I’m on the FSF’s side.
Re: Compliance officer
in regards to the compliance officer bit being done before:
http://www.softwarefreedom.org/news/2008/jul/23/busybox-supermicro/
and
http://www.softwarefreedom.org/news/2008/mar/17/busybox-verizon/
are examples
“””by alternatives() – Dec 12th, 2008 @ 3:54am
And start using FreeBSD or NetBSD for its products to avoid the GPL ‘infection’.”””
To my knowledge FreeBSD and NetBSD compiler is GCC (GNU CC) and in this case Cisco is accused of violating GCC copyright by not releasing their source modification together with their binary redistribution.
Hopefully FreeBSD and OpenBSD maintainers do release their GCC patches.
Free software conference
see
http://shibuvarkala.blogspot.com
free software international conference
see news in
http://shibuvarkala.blogspot.com
http://brainstorms.in
Look at it this way – do you think a music company would let a device manufacturer release a music player full of music, just because it was tied to the device?
They’d be suing and removing devices from the shelves before you could say ‘they’re all pirates’.
It’s the same thing. Cisco is a pirate and has been illegally distributing and making money from copyright works.
“I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance.”
I can tell you whatever such a ‘burden’ would be (that’s just fud anyway), it must surely be a lot cheaper and simpler than writing a whole operating system from scratch. Cisco even have their own operating system and they wont use that …
Why should the FSF be so nice about licensing? Do you think any other software vendor out there should just let anyone use their products how they like and ignore the fine print?
What I wonder about....
What makes me wonder is if Cisco looses this case do
they loose the right to distribute linux all together until
they are “re-instated”. If so, with what little I know about
GPL law (not much), I think they need to get an “ok” from all Linux copyright
holders. That may be a bit hard.
If they can’t ship linux it will effect there AES-1000 and Nexus-700
products and any other products that also use linux. Some of these
probably have code that needs to be released as well :-0
Interesting situation thats for sure…
I Agree
This post by Mike Masnick is right on. FSF’s demands show that it is more interested in shaking down Cisco and grandstanding than in simply ensuring compliance with the GPL and upholding the principles of public licensing.
What shakedown?
FSF has sunk a lot of time and effort and legal fees into enforcing in this case. They have a right to demand reimbursment.
There are a lot of documented cases at http://www.gpl-violations.org – in most of them the companies said “mea culpa” and made good on the violations as soon as notified.
Compliance officers aren’t exactly an onorous burden, my employer has 20 or so (15,000 staff) simply to handle MS-related software
Dlink tried to argue that GPL was bogus in German courts a couple of years back and had their corporate heads handed to them on a platter by the judge.
GPL is NOT public domain (Which is what Dlink tried to argue).
Cisco’s choices seem to be:
1: Argue that GPL is actually public domain (not upheld in any case which has gotten as far as court)
2: Argue GPL is invalid (which would see the case being plain old copyright violation, and as it’s well in excess of $50k, I believe US criminal law kicks in)
3: Accept GPL and do as they’re told by FSF
4: Accept GPL and try to get the court to dilute FSF’s demands – which is highly unlikely, given that it’s an egarious violation.
Personal opinion:
There are a LOT of consumer gadgets now containing linux/GPL code and which aren’t GPL compliant, expecially in the area of set-top boxes, DVD players and HDD recorders.
Cisco isn’t the first company to be taken to court for GPL violation, nor will it be the last. FSF have spent a LOT of time trying to get them to comply, compared to past GPL enforcement actions and their demands are more than reasonable despite the schills in here who seem to not understand the difference between BSD/GPL/Public domain
I’m hoping that Cisco are soundly spanked – it will likely mean that future GPL actions can be dealt with quickly, especially against chipmakers selling embedded devices with Linux on them to 3rd parties and then claiming it’s some proprietary setup.