Why Couldn't Cisco And FSF Come To An Agreement?

from the this-makes-no-sense dept

There's lots of talk in tech circles about the fact that the Free Software Foundation is now suing Cisco for copyright infringement, over Cisco's misuse of GPL'd code in its Linksys routers. What seems odd is that this got as far as it did. The issue with Linksys and its use of GPL'd code has been talked about for years, and it seems like there should have been a simple solution from the very beginning: Cisco/Linksys should have made the code available, as per the terms of the license. So why didn't they? Well, the details from the case suggest that, while Cisco did drag its feet in releasing the code, FSF then came back with additional demands, specifically:
  • Cisco needed to appoint a "free software compliance officer."
  • Cisco needed to try to inform all past customers of its failed compliance
  • Cisco needed to pay FSF a chunk of money
It appears that it's these issues over which the two parties disagree and the lawsuit was filed. While I'm sympathetic to the FSF's position, this might be going a bit too far. Nothing in the GPL requires someone to set up a "compliance officer." Yes, due to Cisco's foot-dragging, you can see why FSF would ask for such a thing, but it's difficult to see how it should be required, or eventually involve a lawsuit. Also, it's unclear why Cisco should need to inform people. The folks who actually care are likely to hear about this anyway. Yes, Cisco violated the GPL, and yes, it was slow to get itself in compliance, but FSF seems to be demanding an awful lot in response.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gpl, lawsuit, open source
Companies: cisco, free software foundation, linksys


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    alphager, 12 Dec 2008 @ 1:53am

    This has nothing to do with what's in the GPL.
    Cisco is guilty of large-scale commercial copyright-infringement.
    The talks were simply of the type "If you do X, we will retroactively grant you a license and won't sue your sorry asses". The FSF could have demanded that the CFO of Cisco does a handstand while being naked.

    A compliance officer is an obvious demand; would you trust a company who has again and again violated your license?

    Telling the past customers is a requirement of the GPL; you can't use the freedoms granted by the GPL if you don't know that the code you are using is licensed under the GPL.
    And it serves as a nice deterent for future infringers: it's damn embarassing to have to tell all your customers that you are a lying thief.

    link to this | view in chronology ]

  • identicon
    James, 12 Dec 2008 @ 2:34am

    Why so surprised?

    If this had been infringement of the copyright of some other entity who owned a compiler tools suite and a bunch of software for managing computers and so forth, nobody would be surprised at any of these terms. Cisco have had many chances to bring their Linksys unit into compliance and have not been able to consistently do so.

    Cisco is a company of significant capability. If they have persistently not managed to solve these compliance issues effectively, it is not through a lack of ability but a lack of inclination or a lack of adequate prioritisation.

    These conditions seem quite in line with the likely demands of another copyright holder in the same position; indeed, since they've been in talks with the FSF for ages I'm surprised they don't already have a compliance officer.

    Notice the things though that the FSF aren't demanding. They're not demanding products be withdrawn from the market, for example. They're not demanding that Cisco's customers be compensated for the goods of value they've been denied (though I guess only those customers would be able to bring that suit).

    I can only assume from the limited information available to the public that if this is not simply the result of Cisco not caring enough to solve the problem, Cisco's poor compliance must be the effect of one of two things. First, inability to fully comply due to some other obligation (though I greatly doubt this) or second, simply that the Linksys business unit kept such poor records that it was impossible to determine what needed to be done to bring about and maintain compliance. Even this second thing is a bit doubtful, since from the FSF's representations, many talks were had in which I'm sure the FSF made clear what needed to happen.

    This is all speculation though. I will be interested to understand Cisco's point of view.

    link to this | view in chronology ]

    • identicon
      hegemon13, 12 Dec 2008 @ 7:15am

      Re: Why so surprised?

      Denied value? My Linsys wrt54g with dd-wrt third-party firmware (release after Linksys was forced to release the code) is the best value I have ever owned. QOS, multiple wireless modes (bridge, AP, distributed wireless, etc), transmission strength booster, etc, in a $50 router. Can't beat that. Anyone with one of these routers should check out the available third-party firmwares.

      link to this | view in chronology ]

  • identicon
    Jonathan, 12 Dec 2008 @ 3:24am

    Just a reminder: all proceeds from this lawsuit go directly to the "Buy Richard Stallman a New Diamond Encrusted Gold Beard" foundation.

    link to this | view in chronology ]

  • identicon
    alternatives(), 12 Dec 2008 @ 3:54am

    Perhaps Cisco will now get off its bum

    And start using FreeBSD or NetBSD for its products to avoid the GPL 'infection'.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2008 @ 5:01am

    Per inside sources

    Pun not intended, but per some inside sources (including some AC posts on Slashdot by supposed Cisco employees) the issue for Cisco is that because they put in certain code (such as keys) those are technically GPL as well and the source would have to be available.

    Pretty much that renders any security moot.

    link to this | view in chronology ]

    • identicon
      nasch, 12 Dec 2008 @ 9:44am

      Re: Per inside sources

      If the security relies on the source code being a secret, then it's already broken, is it not?

      link to this | view in chronology ]

  • identicon
    Comboman, 12 Dec 2008 @ 5:04am

    past vs future infringement

    There are two separate issues here. By making the code available, Cisco prevents any future infringement of the GPL license. But it also has to make amends for its past infringement. That's what these demands are about.

    link to this | view in chronology ]

  • identicon
    Doug, 12 Dec 2008 @ 6:44am

    specific FSF additional demands ..

    01. Cisco needed to appoint a "free software compliance officer.

    02. Cisco needed to try to inform all past customers of its failed compliance

    03. Cisco needed to pay FSF a chunk of money

    Do you have any citations for the above, especially #3

    link to this | view in chronology ]

    • identicon
      DanC, 12 Dec 2008 @ 7:14am

      Re: specific FSF additional demands ..

      link to this | view in chronology ]

      • identicon
        DanC, 12 Dec 2008 @ 7:31am

        Re: Re: specific FSF additional demands ..

        Oops....meant FSF

        link to this | view in chronology ]

      • identicon
        Doug, 12 Dec 2008 @ 7:43am

        specific FSF additional demands ..

        "The link to the EFF's complaint was in the article that TechDirt referred to, on page 11", DanC

        Yea, but that's a request for damages in the current litigation, a response by the FSF to Ciscos' previous failure to respond to requests for compliance. Unless Cisco are expreriencing a time paradox, how could an event in the future (damages) influence Ciscos' decision in the past to not settle with the FSF in the future. This is all causing my head to SPIN .. :)

        The quoted text in the TechDirt article suggests that the FSF had previously demanded money, if so where and when ?

        'details from the case suggest that .. FSF then came back with additional demands, specifically .. Cisco needed to pay FSF a chunk of money', TechDirt>

        'That the Court order Defendant to account for and disgorge to Plaintiff all profits derived by Defendant from its unlawful acts;', FSF

        link to this | view in chronology ]

        • identicon
          DanC, 12 Dec 2008 @ 7:56am

          Re: specific FSF additional demands ..

          Yea, but that's a request for damages in the current litigation, a response by the FSF to Ciscos' previous failure to respond to requests for compliance. Unless Cisco are expreriencing a time paradox, how could an event in the future (damages) influence Ciscos' decision in the past to not settle with the FSF in the future. This is all causing my head to SPIN .. :)

          No, that portion was simply establishing the timeline for the communications between the FSF and Cisco. According to the complaint, those conditions were sent on March 25, 2008 as a proposed resolution to Cisco's violations of the GPL.

          There is no time warp:

          1. Cisco violated the GPL.
          2. FSF started talking to Cisco about resolutions
          3. Cisco dragged it's feet and continued violating the GPL
          4. FSF sent the demands listed.
          5. Cisco refused the demands.
          6. FSF sued.

          link to this | view in chronology ]

          • identicon
            Doug, 12 Dec 2008 @ 10:31am

            specific FSF timeline ..

            "There is no time warp:", DanC

            '1. Cisco violated the GPL.
            2. FSF started talking to Cisco about resolutions
            3. Cisco dragged it's feet and continued violating the GPL
            4. FSF sent the demands listed.
            5. Cisco refused the demands.
            6. FSF sued.'

            Could you provide a citation for #4, specifically a demand for 'a chunk of money' and show that it occured before #6.

            link to this | view in chronology ]

            • icon
              Mike (profile), 12 Dec 2008 @ 10:48am

              Re: specific FSF timeline ..

              Could you provide a citation for #4, specifically a demand for 'a chunk of money' and show that it occured before #6.

              Um. He already provided the citation. On page 11 of the complaint, it says on March 25, 2008, FSF sent the following list of demands, and it includes "Linksys shall compensate FSF...."

              The lawsuit was filed on December 11, 2008.

              So, yes, 4 happened well before 6.

              link to this | view in chronology ]

              • identicon
                Doug, 12 Dec 2008 @ 11:04am

                specific FSF timeline ..

                'So, yes, 4 happened well before 6'

                Thank you for clarifying the timeline for me .. Regardless, the original TechDirt quote is misleading, it wasn't the FSF 'additional' demand for money that dissuaded Cisco from settling.

                link to this | view in chronology ]

                • icon
                  Mike (profile), 12 Dec 2008 @ 1:58pm

                  Re: specific FSF timeline ..

                  Thank you for clarifying the timeline for me .. Regardless, the original TechDirt quote is misleading, it wasn't the FSF 'additional' demand for money that dissuaded Cisco from settling.

                  Says who? It seems clear that Cisco refused to give in on those demands, hence the lawsuit.

                  link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Dec 2008 @ 2:22pm

        Re: Re: specific FSF additional demands ..

        I think you mean FSF and SFLC's complaint

        link to this | view in chronology ]

  • icon
    qhartman (profile), 12 Dec 2008 @ 8:46am

    This is why....

    I don't actively support the FSF, even though they support things I believe in. They just go too far. They seem like they feel like it's more important to keep grinding their axes than it is to give OSS and FS real credibility by being an example of a respectable and rational member of the tech community. It seems like everything they do ends up with them acting like a petulant child at some point. As much as I'd love to, I just can't put my support behind a group that does that sort of thing, I think it ultimately does more harm than good.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2008 @ 9:36am

      Re: This is why....

      Yet another GPL hater. Time to check your M$ stock now.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2008 @ 10:52am

      Re: This is why....

      How does acting to enforce the terms of the license deem them in your eyes, to be acting like petulant children and more interested in grinding axes?

      "You may copy and distribute the Program ..in .. executable form .. provided that you also .. Accompany it with the .. source code"

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Dec 2008 @ 4:11am

      Re: This is why....

      They just go too far.

      No, its about time they man up, grow a set of 'nads and back up their words with actions.

      Look at how FSF handled the Virgin Web device.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2008 @ 8:54am

    Perhaps someone might be able to explain why the incorporation of a portion of GPL covered code into the firmware of a retail hardware product is even an issue.

    link to this | view in chronology ]

    • identicon
      DanC, 12 Dec 2008 @ 9:03am

      Re:

      Perhaps someone might be able to explain why the incorporation of a portion of GPL covered code into the firmware of a retail hardware product is even an issue.

      It isn't, provided you abide by the terms of the license.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Dec 2008 @ 10:08am

        Re: Re:

        I understand this, but since firmware is to my knowledge generally hardware specific I do not understand why the distribution of firmware source code is necessary in the case of the retail sale of a piece of consumer hardware.

        link to this | view in chronology ]

        • identicon
          Doug, 12 Dec 2008 @ 10:33am

          demo of recursion

          See comment 'Re: by DanC on Dec 12th, 2008 @ 9:03am'

          link to this | view in chronology ]

        • identicon
          DanC, 12 Dec 2008 @ 10:56am

          Re: Re: Re:

          I do not understand why the distribution of firmware source code is necessary in the case of the retail sale of a piece of consumer hardware.

          Will the average consumer care about being able to look at the firmware source code? Of course not. But a software developer or enthusiast looking to make a hardware-specific program may benefit from it.

          And honestly, the requirements to use GPL software are hardly onerous. Since it's fairly easy to comply with the terms, and they aren't restrictive, allowing special exemptions based on usage doesn't really make sense and would actually weaken the license.

          link to this | view in chronology ]

        • identicon
          Lawrence D'Oliveiro, 12 Dec 2008 @ 3:27pm

          Re: http://www.wlug.org.nz/SealedBonnetFallacy

          ...since firmware is to my knowledge generally hardware specific I do not understand why the distribution of firmware source code is necessary in the case of the retail sale of a piece of consumer hardware.

          Because that’s what the licence terms require. If you want to use the software, you must abide by the licence. Don’t like the licence? Don’t use the software.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 13 Dec 2008 @ 8:04am

            Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

            "Because that’s what the licence terms require. If you want to use the software, you must abide by the licence. Don’t like the licence? Don’t use the software."

            I used the term "retail sale" to signify sales to the typical consumer/end user.

            While a sale under such circumstances may be stretched to constitute a distribution if covered content is embodied in such retail sales, the GPL license is anything but clear in this circumstance. Of course, if a third party software developer desires a copy of source code, it need only ask and the software must be provided.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 13 Dec 2008 @ 12:29pm

              Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

              Huh? You don't think that retail sales are distribution? You must have your own private dictionary different from the rest of us. But the GPL is very clear on that point and doubt that the court is going to accept such a lame excuse.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 13 Dec 2008 @ 2:54pm

                Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

                It always help before weighing in on a topic such as this to read the governing document, in this case the GPL terms and conditions. If you do so you will note that an important term is "convey", and it is a stretch beyond the clear meaning of the license terms to somehow conclude that retail customers are entitled to receive source code with their purchased hardware.

                link to this | view in chronology ]

                • identicon
                  Anonymous Coward, 13 Dec 2008 @ 3:56pm

                  Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

                  It always help before weighing in on a topic such as this to read the governing document, in this case the GPL terms and conditions.
                  Perhaps you should follow your own advice. Or be a little more honest about what it really says.
                  If you do so you will note that an important term is "convey", and it is a stretch beyond the clear meaning of the license terms to somehow conclude that retail customers are entitled to receive source code with their purchased hardware.
                  You must be talking about version 3 then (not the one mostly violated by Cisco). But still, from the GPL 3.0:
                  To "convey" a work means any kind of propagation that enables other parties to make or receive copies.
                  You need to explain how that excludes retail sales and relieves Cisco of complying with the terms of the license. I also don't know where you're getting this "receive source code with their purchased hardware" idea. Again, you should actually read the license as it says no such thing.

                  link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 13 Dec 2008 @ 7:57pm

                    Re: Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

                    We are talking past each other, with most of it being due to questions/comments I made and comments I received.

                    Of course, I now understand that the central issue concerns the availability of source code to third party software developers. I still have to wonder, however, about the utility of source code for firmware for a specific consumer product. If firmware is product specific, it is not altogether clear why a software developer who does not manufacture the product would even care about receiving a copy. If such a developer would not even care, then I do have to wonder why the FSF is so upset it feels the need to file a lawsuit.

                    Insofar as I am aware, all three versions of the GPL have had a "make source code available" requirement. We do not disagree on this. My observations merely reflect my lack of understanding as to why, other than fealty to an agreement, the failure to make source code available that is unique to Cisco products is deemed an important legal issue by the FSF.

                    As an aside, I do find it curious that the GPL v3 (I do not know about v1 and v2) incorporates "making available", a "right" that is being hotly debated in the US in the context of P2P file sharing. There is such an explicit right in the EU, but it has never been explicity incorporated into US copyright statutes. Some in the US argue it is inherent. Others take a contrary position.

                    link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 14 Dec 2008 @ 9:04am

                    Re: Re: Re: Re: Re: Re: http://www.wlug.org.nz/SealedBonnetFallacy

                    Just to be clear, my questions are not really about the GPL, but about whether or not in this instance a failure or lack of timeliness to release source code for firmware is a breach of the license that has a significant and practical real world impact. I simply do not know the answer and am merely trying to gather data.

                    As an aside, I have reviewed the Cisco website to see how it treats disclosures where covered content is incorporated into its consumer products. I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance. Based upon what I read for merely one Cisco product, I have to wonder if the FSF is mandating administrative burdens that make the use of proprietary software look like a mere cakewalk in comparison.

                    Surely the FSF can come up with a way to ease the administrative burden in order to foster more timely compliance.

                    link to this | view in chronology ]

  • identicon
    goatimus, 12 Dec 2008 @ 11:02am

    GPL violations still not fixed!

    As stated in the article by Mike:


    "while Cisco did drag its feet" and "Cisco violated the GPL, and yes, it was slow to get itself in compliance"

    Using the past tense is very much incorrect. I think the author should re-read the FSF complaint because it directly states Linksys products remain out of compliance. What will go against Cisco if this goes to trial is that Cisco previously acknowledged the violations yet continues to practice copyright violations , which probably makes Cisco even more financially responsible.

    This is why there is a lawsuit - it's not for past sins, it for the ongoing ones that continue. Asking for all the other stuff such as a compliance officer is just thrown in for giggles to see what sticks if it goes to court. In a way, FSf may be providing an out and a way to avoid a trial without being obvious about it.

    link to this | view in chronology ]

  • identicon
    KD, 12 Dec 2008 @ 11:31am

    Compliance officer

    Just as a point of information, I remember reading about a few settlements reached with other companies who used GPL software without complying with the license terms. In at least some of those settlements, the company agreed to add a compliance officer to the company staff.

    Before anyone asks: No, I don't have citations at hand, and I don't have time to look for them right now. I think some of the settlements were over violations of the GPL for using the busybox software, which might help you find them if you are willing to do a little searching with Google.

    On the larger issue -- my impression is that the FSF has been very good over the years at first working with companies they accuse of violating the GPL before filing lawsuits. I remember seeing announcements of many such disputes being settled without a lawsuit. Without looking into the details of this particular case, my bias is that the FSF is in the right and being reasonable about their demands. It's always possible that they may have gone off the tracks in this instance, but until I learn facts that demonstrate that has happened, I'm on the FSF's side.

    link to this | view in chronology ]

  • identicon
    Laurent GUERBY, 13 Dec 2008 @ 6:57am

    """by alternatives() - Dec 12th, 2008 @ 3:54am

    And start using FreeBSD or NetBSD for its products to avoid the GPL 'infection'."""

    To my knowledge FreeBSD and NetBSD compiler is GCC (GNU CC) and in this case Cisco is accused of violating GCC copyright by not releasing their source modification together with their binary redistribution.

    Hopefully FreeBSD and OpenBSD maintainers do release their GCC patches.

    link to this | view in chronology ]

  • identicon
    ashok, 13 Dec 2008 @ 10:18am

    Free software conference

    link to this | view in chronology ]

  • identicon
    ashok, 13 Dec 2008 @ 10:19am

    free software international conference

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Dec 2008 @ 11:48pm

    Look at it this way - do you think a music company would let a device manufacturer release a music player full of music, just because it was tied to the device?

    They'd be suing and removing devices from the shelves before you could say 'they're all pirates'.

    It's the same thing. Cisco is a pirate and has been illegally distributing and making money from copyright works.

    "I must admit that the administrative burdens imposed by the GPL are incredibly complex and require a significant expenditure of time and money for compliance."

    I can tell you whatever such a 'burden' would be (that's just fud anyway), it must surely be a lot cheaper and simpler than writing a whole operating system from scratch. Cisco even have their own operating system and they wont use that ...

    Why should the FSF be so nice about licensing? Do you think any other software vendor out there should just let anyone use their products how they like and ignore the fine print?

    link to this | view in chronology ]

  • identicon
    anon, 2 Jan 2009 @ 4:46am

    What I wonder about....

    What makes me wonder is if Cisco looses this case do
    they loose the right to distribute linux all together until
    they are "re-instated". If so, with what little I know about
    GPL law (not much), I think they need to get an "ok" from all Linux copyright
    holders. That may be a bit hard.

    If they can't ship linux it will effect there AES-1000 and Nexus-700
    products and any other products that also use linux. Some of these
    probably have code that needs to be released as well :-0

    Interesting situation thats for sure...

    link to this | view in chronology ]

  • identicon
    The Software Lawyer, 7 Jan 2009 @ 11:25pm

    I Agree

    This post by Mike Masnick is right on. FSF's demands show that it is more interested in shaking down Cisco and grandstanding than in simply ensuring compliance with the GPL and upholding the principles of public licensing.

    link to this | view in chronology ]

  • identicon
    Stoatwarbler, 8 Jan 2009 @ 11:28am

    What shakedown?

    FSF has sunk a lot of time and effort and legal fees into enforcing in this case. They have a right to demand reimbursment.

    There are a lot of documented cases at www.gpl-violations.org - in most of them the companies said "mea culpa" and made good on the violations as soon as notified.

    Compliance officers aren't exactly an onorous burden, my employer has 20 or so (15,000 staff) simply to handle MS-related software

    Dlink tried to argue that GPL was bogus in German courts a couple of years back and had their corporate heads handed to them on a platter by the judge.

    GPL is NOT public domain (Which is what Dlink tried to argue).

    Cisco's choices seem to be:

    1: Argue that GPL is actually public domain (not upheld in any case which has gotten as far as court)

    2: Argue GPL is invalid (which would see the case being plain old copyright violation, and as it's well in excess of $50k, I believe US criminal law kicks in)

    3: Accept GPL and do as they're told by FSF

    4: Accept GPL and try to get the court to dilute FSF's demands - which is highly unlikely, given that it's an egarious violation.


    Personal opinion:

    There are a LOT of consumer gadgets now containing linux/GPL code and which aren't GPL compliant, expecially in the area of set-top boxes, DVD players and HDD recorders.

    Cisco isn't the first company to be taken to court for GPL violation, nor will it be the last. FSF have spent a LOT of time trying to get them to comply, compared to past GPL enforcement actions and their demands are more than reasonable despite the schills in here who seem to not understand the difference between BSD/GPL/Public domain

    I'm hoping that Cisco are soundly spanked - it will likely mean that future GPL actions can be dealt with quickly, especially against chipmakers selling embedded devices with Linux on them to 3rd parties and then claiming it's some proprietary setup.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.