Why Couldn't Cisco And FSF Come To An Agreement?
from the this-makes-no-sense dept
There's lots of talk in tech circles about the fact that the Free Software Foundation is now suing Cisco for copyright infringement, over Cisco's misuse of GPL'd code in its Linksys routers. What seems odd is that this got as far as it did. The issue with Linksys and its use of GPL'd code has been talked about for years, and it seems like there should have been a simple solution from the very beginning: Cisco/Linksys should have made the code available, as per the terms of the license. So why didn't they? Well, the details from the case suggest that, while Cisco did drag its feet in releasing the code, FSF then came back with additional demands, specifically:- Cisco needed to appoint a "free software compliance officer."
- Cisco needed to try to inform all past customers of its failed compliance
- Cisco needed to pay FSF a chunk of money
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: gpl, lawsuit, open source
Companies: cisco, free software foundation, linksys
Reader Comments
Subscribe: RSS
View by: Time | Thread
Cisco is guilty of large-scale commercial copyright-infringement.
The talks were simply of the type "If you do X, we will retroactively grant you a license and won't sue your sorry asses". The FSF could have demanded that the CFO of Cisco does a handstand while being naked.
A compliance officer is an obvious demand; would you trust a company who has again and again violated your license?
Telling the past customers is a requirement of the GPL; you can't use the freedoms granted by the GPL if you don't know that the code you are using is licensed under the GPL.
And it serves as a nice deterent for future infringers: it's damn embarassing to have to tell all your customers that you are a lying thief.
[ link to this | view in chronology ]
Why so surprised?
Cisco is a company of significant capability. If they have persistently not managed to solve these compliance issues effectively, it is not through a lack of ability but a lack of inclination or a lack of adequate prioritisation.
These conditions seem quite in line with the likely demands of another copyright holder in the same position; indeed, since they've been in talks with the FSF for ages I'm surprised they don't already have a compliance officer.
Notice the things though that the FSF aren't demanding. They're not demanding products be withdrawn from the market, for example. They're not demanding that Cisco's customers be compensated for the goods of value they've been denied (though I guess only those customers would be able to bring that suit).
I can only assume from the limited information available to the public that if this is not simply the result of Cisco not caring enough to solve the problem, Cisco's poor compliance must be the effect of one of two things. First, inability to fully comply due to some other obligation (though I greatly doubt this) or second, simply that the Linksys business unit kept such poor records that it was impossible to determine what needed to be done to bring about and maintain compliance. Even this second thing is a bit doubtful, since from the FSF's representations, many talks were had in which I'm sure the FSF made clear what needed to happen.
This is all speculation though. I will be interested to understand Cisco's point of view.
[ link to this | view in chronology ]
Re: Why so surprised?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Perhaps Cisco will now get off its bum
[ link to this | view in chronology ]
Per inside sources
Pretty much that renders any security moot.
[ link to this | view in chronology ]
Re: Per inside sources
[ link to this | view in chronology ]
past vs future infringement
[ link to this | view in chronology ]
specific FSF additional demands ..
02. Cisco needed to try to inform all past customers of its failed compliance
03. Cisco needed to pay FSF a chunk of money
Do you have any citations for the above, especially #3
[ link to this | view in chronology ]
Re: specific FSF additional demands ..
[ link to this | view in chronology ]
Re: Re: specific FSF additional demands ..
[ link to this | view in chronology ]
specific FSF additional demands ..
Yea, but that's a request for damages in the current litigation, a response by the FSF to Ciscos' previous failure to respond to requests for compliance. Unless Cisco are expreriencing a time paradox, how could an event in the future (damages) influence Ciscos' decision in the past to not settle with the FSF in the future. This is all causing my head to SPIN .. :)
The quoted text in the TechDirt article suggests that the FSF had previously demanded money, if so where and when ?
'details from the case suggest that .. FSF then came back with additional demands, specifically .. Cisco needed to pay FSF a chunk of money', TechDirt>
'That the Court order Defendant to account for and disgorge to Plaintiff all profits derived by Defendant from its unlawful acts;', FSF
[ link to this | view in chronology ]
Re: specific FSF additional demands ..
No, that portion was simply establishing the timeline for the communications between the FSF and Cisco. According to the complaint, those conditions were sent on March 25, 2008 as a proposed resolution to Cisco's violations of the GPL.
There is no time warp:
1. Cisco violated the GPL.
2. FSF started talking to Cisco about resolutions
3. Cisco dragged it's feet and continued violating the GPL
4. FSF sent the demands listed.
5. Cisco refused the demands.
6. FSF sued.
[ link to this | view in chronology ]
specific FSF timeline ..
'1. Cisco violated the GPL.
2. FSF started talking to Cisco about resolutions
3. Cisco dragged it's feet and continued violating the GPL
4. FSF sent the demands listed.
5. Cisco refused the demands.
6. FSF sued.'
Could you provide a citation for #4, specifically a demand for 'a chunk of money' and show that it occured before #6.
[ link to this | view in chronology ]
Re: specific FSF timeline ..
Um. He already provided the citation. On page 11 of the complaint, it says on March 25, 2008, FSF sent the following list of demands, and it includes "Linksys shall compensate FSF...."
The lawsuit was filed on December 11, 2008.
So, yes, 4 happened well before 6.
[ link to this | view in chronology ]
specific FSF timeline ..
Thank you for clarifying the timeline for me .. Regardless, the original TechDirt quote is misleading, it wasn't the FSF 'additional' demand for money that dissuaded Cisco from settling.
[ link to this | view in chronology ]
Re: specific FSF timeline ..
Says who? It seems clear that Cisco refused to give in on those demands, hence the lawsuit.
[ link to this | view in chronology ]
Re: Re: specific FSF additional demands ..
[ link to this | view in chronology ]
This is why....
[ link to this | view in chronology ]
Re: This is why....
[ link to this | view in chronology ]
Re: This is why....
"You may copy and distribute the Program ..in .. executable form .. provided that you also .. Accompany it with the .. source code"
[ link to this | view in chronology ]
Re: This is why....
No, its about time they man up, grow a set of 'nads and back up their words with actions.
Look at how FSF handled the Virgin Web device.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
It isn't, provided you abide by the terms of the license.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
demo of recursion
[ link to this | view in chronology ]
Re: Re: Re:
Will the average consumer care about being able to look at the firmware source code? Of course not. But a software developer or enthusiast looking to make a hardware-specific program may benefit from it.
And honestly, the requirements to use GPL software are hardly onerous. Since it's fairly easy to comply with the terms, and they aren't restrictive, allowing special exemptions based on usage doesn't really make sense and would actually weaken the license.
[ link to this | view in chronology ]
Re: http://www.wlug.org.nz/SealedBonnetFallacy
Because that’s what the licence terms require. If you want to use the software, you must abide by the licence. Don’t like the licence? Don’t use the software.
[ link to this | view in chronology ]
Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
I used the term "retail sale" to signify sales to the typical consumer/end user.
While a sale under such circumstances may be stretched to constitute a distribution if covered content is embodied in such retail sales, the GPL license is anything but clear in this circumstance. Of course, if a third party software developer desires a copy of source code, it need only ask and the software must be provided.
[ link to this | view in chronology ]
Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
[ link to this | view in chronology ]
Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
You must be talking about version 3 then (not the one mostly violated by Cisco). But still, from the GPL 3.0:
You need to explain how that excludes retail sales and relieves Cisco of complying with the terms of the license. I also don't know where you're getting this "receive source code with their purchased hardware" idea. Again, you should actually read the license as it says no such thing.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
Of course, I now understand that the central issue concerns the availability of source code to third party software developers. I still have to wonder, however, about the utility of source code for firmware for a specific consumer product. If firmware is product specific, it is not altogether clear why a software developer who does not manufacture the product would even care about receiving a copy. If such a developer would not even care, then I do have to wonder why the FSF is so upset it feels the need to file a lawsuit.
Insofar as I am aware, all three versions of the GPL have had a "make source code available" requirement. We do not disagree on this. My observations merely reflect my lack of understanding as to why, other than fealty to an agreement, the failure to make source code available that is unique to Cisco products is deemed an important legal issue by the FSF.
As an aside, I do find it curious that the GPL v3 (I do not know about v1 and v2) incorporates "making available", a "right" that is being hotly debated in the US in the context of P2P file sharing. There is such an explicit right in the EU, but it has never been explicity incorporated into US copyright statutes. Some in the US argue it is inherent. Others take a contrary position.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy
As an aside, I have reviewed the Cisco website to see how it treats disclosures where covered content is incorporated into its consumer products. I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance. Based upon what I read for merely one Cisco product, I have to wonder if the FSF is mandating administrative burdens that make the use of proprietary software look like a mere cakewalk in comparison.
Surely the FSF can come up with a way to ease the administrative burden in order to foster more timely compliance.
[ link to this | view in chronology ]
GPL violations still not fixed!
"while Cisco did drag its feet" and "Cisco violated the GPL, and yes, it was slow to get itself in compliance"
Using the past tense is very much incorrect. I think the author should re-read the FSF complaint because it directly states Linksys products remain out of compliance. What will go against Cisco if this goes to trial is that Cisco previously acknowledged the violations yet continues to practice copyright violations , which probably makes Cisco even more financially responsible.
This is why there is a lawsuit - it's not for past sins, it for the ongoing ones that continue. Asking for all the other stuff such as a compliance officer is just thrown in for giggles to see what sticks if it goes to court. In a way, FSf may be providing an out and a way to avoid a trial without being obvious about it.
[ link to this | view in chronology ]
Compliance officer
Before anyone asks: No, I don't have citations at hand, and I don't have time to look for them right now. I think some of the settlements were over violations of the GPL for using the busybox software, which might help you find them if you are willing to do a little searching with Google.
On the larger issue -- my impression is that the FSF has been very good over the years at first working with companies they accuse of violating the GPL before filing lawsuits. I remember seeing announcements of many such disputes being settled without a lawsuit. Without looking into the details of this particular case, my bias is that the FSF is in the right and being reasonable about their demands. It's always possible that they may have gone off the tracks in this instance, but until I learn facts that demonstrate that has happened, I'm on the FSF's side.
[ link to this | view in chronology ]
Re: Compliance officer
http://www.softwarefreedom.org/news/2008/jul/23/busybox-supermicro/
and
http://www.softwarefreedom.org/news/2008/mar/17/busybox-verizon/
are examples
[ link to this | view in chronology ]
And start using FreeBSD or NetBSD for its products to avoid the GPL 'infection'."""
To my knowledge FreeBSD and NetBSD compiler is GCC (GNU CC) and in this case Cisco is accused of violating GCC copyright by not releasing their source modification together with their binary redistribution.
Hopefully FreeBSD and OpenBSD maintainers do release their GCC patches.
[ link to this | view in chronology ]
Free software conference
[ link to this | view in chronology ]
free software international conference
http://shibuvarkala.blogspot.com
http://brainstorms.in
[ link to this | view in chronology ]
They'd be suing and removing devices from the shelves before you could say 'they're all pirates'.
It's the same thing. Cisco is a pirate and has been illegally distributing and making money from copyright works.
"I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance."
I can tell you whatever such a 'burden' would be (that's just fud anyway), it must surely be a lot cheaper and simpler than writing a whole operating system from scratch. Cisco even have their own operating system and they wont use that ...
Why should the FSF be so nice about licensing? Do you think any other software vendor out there should just let anyone use their products how they like and ignore the fine print?
[ link to this | view in chronology ]
What I wonder about....
they loose the right to distribute linux all together until
they are "re-instated". If so, with what little I know about
GPL law (not much), I think they need to get an "ok" from all Linux copyright
holders. That may be a bit hard.
If they can't ship linux it will effect there AES-1000 and Nexus-700
products and any other products that also use linux. Some of these
probably have code that needs to be released as well :-0
Interesting situation thats for sure...
[ link to this | view in chronology ]
I Agree
[ link to this | view in chronology ]
What shakedown?
There are a lot of documented cases at www.gpl-violations.org - in most of them the companies said "mea culpa" and made good on the violations as soon as notified.
Compliance officers aren't exactly an onorous burden, my employer has 20 or so (15,000 staff) simply to handle MS-related software
Dlink tried to argue that GPL was bogus in German courts a couple of years back and had their corporate heads handed to them on a platter by the judge.
GPL is NOT public domain (Which is what Dlink tried to argue).
Cisco's choices seem to be:
1: Argue that GPL is actually public domain (not upheld in any case which has gotten as far as court)
2: Argue GPL is invalid (which would see the case being plain old copyright violation, and as it's well in excess of $50k, I believe US criminal law kicks in)
3: Accept GPL and do as they're told by FSF
4: Accept GPL and try to get the court to dilute FSF's demands - which is highly unlikely, given that it's an egarious violation.
Personal opinion:
There are a LOT of consumer gadgets now containing linux/GPL code and which aren't GPL compliant, expecially in the area of set-top boxes, DVD players and HDD recorders.
Cisco isn't the first company to be taken to court for GPL violation, nor will it be the last. FSF have spent a LOT of time trying to get them to comply, compared to past GPL enforcement actions and their demands are more than reasonable despite the schills in here who seem to not understand the difference between BSD/GPL/Public domain
I'm hoping that Cisco are soundly spanked - it will likely mean that future GPL actions can be dealt with quickly, especially against chipmakers selling embedded devices with Linux on them to 3rd parties and then claiming it's some proprietary setup.
[ link to this | view in chronology ]