OSBC: Life at the edge of the GPL [LWN.net]

March 27, 2009

This article was contributed by Don Marti

The Open Source Business Conference, held at San Francisco's Palace Hotel, draws a lot of lawyers, from both corporate legal departments and law firms. Continuing Legal Education (CLE) credit is available. Jeff Norman, a partner at the law firm of Kirkland & Ellis, delivered a talk on "Shims and Shams: Firewalling Proprietary Code in a Copyleft Context." This talk gives some insights into the current thinking on how difficult it can be to create a combined software product using both copyleft and proprietary code.

Most clients who want to combine GPL and proprietary code, Norman said, do not have an open source business model in mind. But the idea of creating a mixed GPL/proprietary software product is difficult and expensive. Step one for the lawyer is to explore the reasons behind the idea. The question is: "Why do you want to do something unusual instead of complying with open source disclosure requirements?" Only if the client says, "We can't open source this," does Norman recommend what he calls "shimming," which he defines as "programing practices and architectures that reduce the risk that independently created proprietary code might be deemed a derivative work based upon some other code that is intended to operate with such proprietary code." Shimming includes both procedural shims, which are development practices, and substantive shims, which are design decisions.

The GPL's reciprocity requirements rely not on any technical criterion, but on the legal definition of a "derivative work." The definition is actually consistent across countries. Norman surveyed the law in US, Europe, and Asia, and found "little substantial difference." While the definition is consistent, it's also broad, often surprisingly broad. Case law shows that derivative works can come into existence easily, whenever pre-existing work is either incorporated into new work or modified.

Two cases show the wide reach of the derivative work concept. A.R.T Company sold products based on unmodified postcards, and in one case was found to be creating a derivative work. (Another case found that A.R.T.'s product consisting of a postcard mounted on a tile was not infringing, creating a conflict between two U.S. circuit courts.) In another case, Midway Manufacturing Co. v. Artic International, Inc., the court found that selling a hardware speed-up kit for an existing arcade game was creating a derivative work of the game software, even though the defendant did not copy or modify the original game software. Courts use the test of "access and substantial similarity." If the alleged infringer had access to the copyrighted work, and even parts of the alleged derivative work are substantially similar, then, according to the test, it's a derivative work. Applying the idea to software, "proprietary code may incorporate non-proprietary code in non-obvious ways," Norman said.

"There are built in to most computer languages directives that cause code to be combined," he said. The C preprocessor's #include directive is one example. "I've seen hundreds of thousands of lines of code incorporated with one include." In one example, a proprietary program used a widget class's API, and the widget class, using a header file, incorporated code from a system library. "This whole thing becomes a derivative work," he said.

Distribution or not?

If a combination of GPL and proprietary code is only for in-house use, some clients decide simply not to redistribute it. The GPL's reciprocity requirements apply only in distribution. However, distribution could happen in a lot of ways. Does depositing source code in escrow count as distribution? How about an acquisition that's structured as a sale of assets from one company to another? "Relying on no distribution is very dangerous. There are a lot of situations where distribution can happen but you wouldn't think of it as distribution," Norman said.

The other approach is what Norman recommends. "Don't create a derivative work and then you won't have a problem." He said that some open source advocates say, "You're violating the spirit or the purpose of the GPL." But in the long run, allowing a license to reach out too far could enable proprietary vendors to apply unwanted terms to open source code. "If the end user is not creating a derivative work, not only are the license terms not being triggered but you don't want them to be triggered,"

Fallacies

In the years that developers have been using and discussing the GPL, some have developed a false sense of security about when they're creating a derivative work. Just using an API may or may not create a derivative work. The purely functional aspects of a function call are not copyrightable. However, Norman says, even minor non-functional aspects of an API, such as the sequence of fields in a structure, are probably copyrightable. And just using an API can result in bringing thousands of lines of code into your application. Another fallacy is the often-heard, "We can avoid any problems if we use dynamic rather than static links," However, dynamic linking by itself does not automatically avoid creating a derivative work.

Some US circuits ignore extremely small copying under the so-called "de minimis" exception. However, Norman said, "it would almost never cover code," There's no sure test for what is or isn't de minimis copying, and one module or section of a program could be found to be a derivative work. "Even if the whole project is not substantially similar, one module may be substantially similar," he added.

The clean room

With the broad standards of what is a derivative work, combined with the ways that software can mingle at build time, "derivative works practically create themselves," Norman said. In order for a combined product not to be a derivative work, developers need to take specialized and expensive measures. Avoiding creating a derivative work is not something to do in the ordinary course of business. Shimming requires the same clean-room techniques that software companies use to protect themselves when doing reverse engineering. Building a combined product cleanly "really has to be worth it," Norman said. "If you have someone who has never done a clean room before you're going to spend time getting them up to speed." Besides the development costs, there's some publicity cost. "In any shimming scenario you may get some negative PR," he said.

The wrong way to do shimming is simply to build a wrapper, implementing essentially the same interface as the GPL software, then communicate with the wrapper. It doesn't work because the wrapper becomes a derivative work, then the code that talks to the wrapper does too. In practice, two development teams need to work side by side, but not in direct communication with each other. One team handles GPL code, the other handles the proprietary code, and the two communicate only through the legal department, which acts as filter.

They have to be kept separate, Norman says, because, "Programmers like to borrow just like lawyers. How often do you borrow from somebody else's brief?" The filtering has to block any knowledge about creative expression from making its way across the barrier. Since anyone could have seen the GPL code, "We have a set of programmers who verify under affidavit that they've never looked at this code before." The clean room developers' access to the Internet has to be monitored, or better yet, blocked. "It's a fairly cumbersome technique, but most software companies have done some kind of clean room before," Norman said.

NDISwrapper is an example of another safe approach, Norman said. A network device driver originally written and compiled for Microsoft Windows cannot be a derivative work of Linux. NDISwrapper itself is GPL-licensed, and probably a derivative work of Linux (it's very difficult to make a kernel module that isn't). The API used in the Windows driver clearly has nothing to do with the copyleft API.

Another approach is to split the GPL code into a server process and put the proprietary code in the client. However, this is unlikely to work if the server and client are distributed together on the same CD, relying on what the GPL calls "mere aggregation." Any "intimate communication" between the server and client could also create a derivative work, Norman said. The last approach is to time-shift the creation of a derivative work to the end user. An example is the NVIDIA proprietary device drivers for Linux, which the company distributes separately from the kernel. This only works for technical or hobbyist end users, not for an integrated product. There's also a potential patent problem: distributing two pieces that, when combined, infringe a patent constitutes contributory infringement, Norman said later.

A problem shimming scenario is using it to attempt to undo a previous decision to combine software. It could be "admitting that what you did was problematic." If possible, try to buy a exception from the copyright holder instead, Norman said. Shimming is possible and might even be necessary, as in the case of third-party code that can't be relicensed. But the lesson is that companies will save time, use fewer developers, make a simpler product, and avoid legal bills just sticking with the copyleft.

(Log in to post comments)

OSBC: Life at the edge of the GPL

Posted Mar 28, 2009 7:42 UTC (Sat) by rickmoen (guest, #6943) [Link]

Joe, you are exactly right.

Rick Moen
rick@linuxmafia.com

OSBC: Life at the edge of the GPL

Posted Mar 30, 2009 4:53 UTC (Mon) by jeffnorman (guest, #57684) [Link]

No, that is incorrect. The BSD case was about loss of copyright through
failure to include the required copyright notices (a requirement that has
since been abolished). The discussion about the header files applied only
to the trade secret aspect of the case. There are several cases in this
area and none of them is very good. However, on general principles it
should be the case that you can use those portions of an API that are
essential to access and use public interfaces of a library or object. The
problem is, most APIs include far more than such essential interfaces.

Thanks

Posted Apr 1, 2009 3:51 UTC (Wed) by dberkholz (subscriber, #23346) [Link]

Jeff,

I just wanted to thank you for participating in the discussion here. It's made it infinitely more informative.

Thanks

Posted Apr 2, 2009 5:12 UTC (Thu) by jeffnorman (guest, #57684) [Link]

Your welcome, but I would say the level of discussion without my posts was
already pretty high or I would not have waded in ...thanks really to Don
who managed to accurately capture and encapsulate my talk.

OSBC: Life at the edge of the GPL

Posted Mar 30, 2009 4:11 UTC (Mon) by jeffnorman (guest, #57684) [Link]

Alas, what I said in context was that the sequence and arrangement of otherwise non-copyrightable elements of sufficiently large header file would likely be copyrightable. In other words, even if you could strip the entire set of header files used in a particular API of any copyrightable elements (a task that is a lot more difficult than it would otherwise appear in a modern API that consists of multiple header files, object oriented programming that combines code with "mere" data structures, etc.), the sequence and arrangement of the non-copyrightable information in such header files is likely independently copyrightable. That is why in clean rooms we usually require the creation of a new API.

OSBC: Life at the edge of the GPL

Posted Mar 30, 2009 11:11 UTC (Mon) by michaeljt (subscriber, #39183) [Link]

So in other words, if you created your own set of header files and your own stub shared libraries for compiling and linking against, with only the most basic knowledge of the implementation required for this task, that the applications linking against them could still count as derivative works? I suppose that this is perfect for people putting their work under the GPL.

OSBC: Life at the edge of the GPL

Posted Mar 30, 2009 14:56 UTC (Mon) by jeffnorman (guest, #57684) [Link]

in a clean room, the "dirty" team will prep a new API spec that will be limited to the specific functionality required, and reviewed by legal to make sure its all non-copyrightable. The "clean" team will then write a new set of headers and stubs from the new spec. This will provide maximum protection (though never perfect) from a derivative works claim. Cumbersome, no doubt.

OSBC: Life at the edge of the GPL

Posted Apr 3, 2009 21:40 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

Only if the client says, "We can't open source this," does Norman recommend what he calls "shimming,"
consultant: You shouldn't try to end-run the GPL. client: We've already decided that that's what we want to do, which is why we hired you. consultant: Ok here's how you get away with it.

That's not how I interpret "We can't open source this." I think it's more like this:

consultant: the easiest thing to do is open source your product.

client: We can't -- it includes code copyrighted by other people and they won't let us.

consultant: Ok, if you want to publish your product at all, this is what you'll have to do:

Another form of "we can't open source this" would be, "the nature of this product is just that if we open source it we will not be able to recoup our development costs. It's either closed source or no product."

OSBC: Life at the edge of the GPL

Posted Apr 3, 2009 23:28 UTC (Fri) by jordanb (guest, #45668) [Link]

Then the proper response would be to not use the GPLed component, rather than hiring a consultant to help them weasel around the license.

OSBC: Life at the edge of the GPL

Posted Apr 4, 2009 0:42 UTC (Sat) by giraffedata (subscriber, #1954) [Link]

Then the proper response would be to not use the GPLed component, rather than hiring a consultant to help them weasel around the license.

Weasel around the copyright. The license does nothing but add to their ability to distribute the code. It's the copyright that stands in their way.

Midway v. Arctic International

Posted Mar 28, 2009 18:06 UTC (Sat) by BrucePerens (guest, #2510) [Link]

The more you get interested in law, the more you realize how many bad lawyers are around. And judges. And it makes you appreciate the good ones.

Aggregation as derivation

Posted Mar 28, 2009 19:33 UTC (Sat) by man_ls (guest, #15091) [Link]

Or how about the suggestion that "mere aggregation" creates derivative works?

Yes, quite irrelevant. It doesn't matter because the GPL allows "mere aggregation", so it is not important if the result is a derivative work or not.

Actually the GPL doesn't even care about derivative works, it says that you can distribute the software with or without modifications if you comply with certain conditions -- and "mere aggregation" with proprietary software is allowed. Of course you cannot distribute original or derivative works without a license, and the GPL wouldn't even kick in if you are not doing this distribution; but once you do distribute you have to follow the rules in the GPL (not copyright law).

IANAL (in case you haven't guessed).

It's so obvious it's not even funny

Posted Mar 28, 2009 20:02 UTC (Sat) by khim (subscriber, #9252) [Link]

Or how about the suggestion that "mere aggregation" creates derivative works?

Actually GPL specifically says that "mere aggregation" is allowed because of course "mere aggregation" produces derived work (such compound works are governed by special rules in many jusrisdictions thus they are not "usual" derived works, but they are derived works nevertheless). Collected stories were inveted hundreds of years ago - and usualy they need specific permissions from all authors. If Joe hates Jane and says that he does not want to see their works under some cover... well - that's it. Compare with GPL which specifically says that authors don't care if unrelated story is placed under same cover.

Of course you cannot distribute original or derivative works without a license, and the GPL wouldn't even kick in if you are not doing this distribution; but once you do distribute you have to follow the rules in the GPL (not copyright law).

That's not exactly true: copyright law can supersede GPL but since default is "you have no right to distribute this period" GPL can force you to do many different things. In many countries you have rights beyond license (for example usually you can change anything in program - even in binary, proprietary blob - if it's the only way to make program work on your hardware), but usually all such rights are limited to private modifications (you can publish info about how program should be modified to work with hirdware like yours but generally you can not distribute modified version without license).

Mere Aggregation

Posted Mar 30, 2009 15:54 UTC (Mon) by butlerm (subscriber, #13312) [Link]

I should clarify what I meant to say here. Of course distribution of a "mere aggregation" on the same medium creates a derivative work in the form of the aggregate or collection. What it doesn't do is make the elements of the whole derivatives of eachother.

So the copyright holders of a software module can control how, where, and when that module is distributed, and in particular what other works it can be inseparably distributed with (e.g. on the same CD). That is well established. References to such collective works can be found in federal copyright law.

However, publishing a collection of stories most certainly does not, in and of itself, make each of the stories derivative works of each other. Suppose you statically linked proprietary code into an open source program, or open source code into a proprietary program. That certainly makes the whole a derivative work, but it certainly does not make, in and of itself, the components derivatives of eachother. That was SCO's rather ridiculous theory - i.e. that e.g. Linux JFS was a derivative work of a proprietary Unix because it some point in its history its predecessors had been linked to proprietary code.

So my point is (barring some bizarre judicial invention) a derivative work (logically at least) has to be "substantially similar" in some inclusive way to the work it is "based upon". "Access and substantial similarity" sounds like a good rule of thumb to me, as long as an exception is made for purely functional interfaces at the boundaries.

Midway v. Arctic International

Posted Mar 28, 2009 20:18 UTC (Sat) by jordanb (guest, #45668) [Link]

It should be noted that there was a later case that found the opposite way: Lewis Galoob Toys v. Nintendo of America.

The Galoob dispute was over the "Game Genie" device that you stuck in between the ROM cartridge and the NES game console, which let you poke data into memory locations to change the game. Nintendo tried to argue that doing so created what constituted a derivative work. The court decided that a customer experimenting with the copy they bought is not the creation of derivative work, and even if it were, that'd be fair use.

According to Wikipedia, Galoob was affirmed in the 9th Appellate Circuit and appealed to the Supreme Court, and Certiorari was denied.

> Of course the ultimate problem here is that historically the courts have
> been heavily biased in favor of the copyright holders on the most
> trivial points, with no basis in positive law,

When publishing was a very capital-heavy industry there was no ability for the average individual to participate, so copyright was merely an industrial regulation. When disputes did land in the courts they found both sides well-funded and well-represented and interested in finding a resolution that left the system basically intact, robust, and equitable.

In the 80s and 90s, technology improved to the point where individuals could begin to participate in the reproduction of creative works. Early on, I think, the legal establishment recognized that the industrial regulation should not extend into the homes and social circles of individuals, so you got reforms like the Home Recording Act.

Two things changed that, I believe. The first was the rhetoric about the "knowledge economy" in the 90s -- particularly as an answer to the decline of industrial production in the United States. It was intuitive that a "knowledge economy" needed strong "knowledge property" (so long as you avoided thinking about the very real differences between 'knowledge' and phyisical objects).

The second was the rapid increase in the scale of casual copying. People copying 8-track tapes were unlikely to bring down or even seriously impact the revenues of the music publishing industry. Yet now a musical recording can be copied millions of times and distributed across the planet all for virtually no cost. The result is that an entire industry has been rendered obsolete. Music doesn't need to be published anymore than ice needs delivered in insulated trucks.

Large, powerful industries don't implode quietly, however. Also other "content creation" and publishing industries are looking at music publishing and thinking "there but for the grace of God go I." So now we're in a situation where all the money in Intellectual Property is interested in nothing other than making it stronger, making it more universal, and applying it directly to the activities of individuals.

Midway v. Arctic International

Posted Mar 30, 2009 4:20 UTC (Mon) by jeffnorman (guest, #57684) [Link]

Yes but Galoob was a very narrow rationale that has very little
applicability outside gaming, and Galoob has not been followed anywhere
outside the 9th circuit (and has been subject to some pretty heavy
criticism).

Basically, the Ninth Circuit in Galoob held that an enhancement to a screen
display was not "fixed" sufficiently to constitute a derivative work. The
"fixation" requirement imposed by Galoob (literally, the "pink sunglasses
test" was used by the court to determine whether fixation occurs in the
retina) has been justly riduculed and makes very little sense.

In any case, Galoob does not apply to code, only to screen displays because
they are not fixed.

OSBC: Life at the edge of the GPL

Posted Mar 28, 2009 17:42 UTC (Sat) by BrucePerens (guest, #2510) [Link]

It's easy to distribute inadvertently. The key is that distribution is a transfer between any two legal entities. So, if you have a consultant working in your company and you give him the software, that's distribution. If said consultant later becomes upset with your company, he can try to assert his GPL rights. His NDA doesn't matter, because the GPL does not allow the addition of terms such as those found in an NDA.

The same applies to a partially-owned subsidiary, etc.

So, in general, your GPL compliance strategy should never rely on avoidance of distribution. It's too difficult to maintain.

I don't advise my customers to comply through shimming alone. That's too risky, too. I want to see some physical separation of programs - user to kernel, or separate CPU.

He makes a good point about "intimate" communication. The API used between the kernel and your software shouldn't be anything but its usual exported API or something that is well known and general like the Hayes modem protocol used to communicate with the GSM stack in cell phones. If you go messing around kernel internals, it's going to be very difficult to say something is not a derivative work.

OSBC: Life at the edge of the GPL

Posted Mar 28, 2009 21:36 UTC (Sat) by HenrikH (guest, #31152) [Link]

But your whole example is covered in GPLv3 by this text:

>You may convey covered works to others for the sole purpose of having
>them make modifications exclusively for you, or provide you with
>facilities for running those works, provided that you comply with the
>terms of this License in conveying all material for which you do not
>control copyright.

So your consultant would have no where to go with that argument.

OSBC: Life at the edge of the GPL

Posted Mar 29, 2009 0:48 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link]

Majority of software is still GPLv2 and in the case of GPLv2, these situations have not been clearly stated and it is going to remain a problem and a risky situation for quite sometime. That is unfortunate.

Yes, if only...

Posted Mar 29, 2009 2:22 UTC (Sun) by BrucePerens (guest, #2510) [Link]

GPL3 disambiguates a lot. Not just the consultant issue, but the API issue. GPL3 makes it clear that an API that is an Open Standard can be a demarcation between GPL3 software and other software.

Too bad the Linux kernel team isn't using GPL3. Essentially all of these issues are concerning the Linux kernel.

Other people's patents

Posted Mar 29, 2009 15:50 UTC (Sun) by dmarti (subscriber, #11625) [Link]

One big reason for having to avoid creating a derivative work is when you want to introduce a product that includes both GPL code and something that's patented by a third party.

This kind of thing can be tricky for Free Software projects too -- look at the legal section of the GStreamer FAQ.

Is it better to use, and possibly help improve, some GPL code, or have to get a proprietary alternative to everything because you have to get a patent license for one component?

Oh, What A Tangled Web We Weave ...

Posted Mar 30, 2009 4:33 UTC (Mon) by jeffnorman (guest, #57684) [Link]

Just for the record, the GPL (version 2 or 3) does NOT say that you are
subject to reciprocity merely by using the code. It is perfectly okay to
"use" GPL'd code so long as you do not distribute (or, under GPL3,
propagate) a derivative work based upon such code.

It is hardly a tangled web to say that you should avoid creating derivative
works of GPL code if you are not able (or willing) to distribute such
derivative work itself under the GPL.

You can think of this advice in two ways: (a) I am showing clients how to
avoid the GPL, or (b) I am showing clients how to comply with the GPL. But
if "avoiding" the GPL == "compliance" with the GPL, what possible objection
could there be?

Only if you think that the GPL's reciprocity requirement should apply to
any use of a covered work would you believe that the shimming strategies I
discuss would be "wrong," or violative of the "spirit" of the GPL; but that
extreme position, which would extend the GPL's reciprocity requirement
beyond copyright protection, has never been espoused by the FSF so far as I
know.

Another way to think of it

Posted Mar 30, 2009 19:25 UTC (Mon) by dmarti (subscriber, #11625) [Link]

There's one more way to think of it. If you're writing software, how do you structure your interfaces in such a way as to maximize the likelihood that someone developing a product that uses the software will create a derivative work? This might be important if, for example, you're in the business of selling GPL exceptions. So I guess you want to arrange the fields in your structs as artfully and expressively as possible, and use lots of macros that each drop an expressive chunk of code into your caller's project. Or use C++ templates. The number of people who actually understand both software copyright law and C++ templates has got to be small enough that they can drive their hourly rates higher than your GPL exception price.

+1, hilarious

Posted Apr 7, 2009 0:37 UTC (Tue) by xoddam (subscriber, #2322) [Link]

> The number of people who actually understand both software
> copyright law and C++ templates has got to be small enough
> that they can drive their hourly rates higher than your GPL
> exception price.

LOL!

Oh, What A Tangled Web We Weave ...

Posted Mar 30, 2009 20:57 UTC (Mon) by butlerm (subscriber, #13312) [Link]

"I mean, if its that complicated for you to try to make use of GPL code
without actually making use of GPL code, why not stick to your proprietary
code and be done with it?"

This, unfortunately, is a live by the sword die by the sword sort of issue.
If by promoting and consenting to legal arguments for an expansive
definition of derived works, free software advocates indirectly persuade
the courts to adopt such a definition, interoperability between proprietary
and free software may become impaired to the point of irrevocable
marginalization of the free software community.

For example, Windows applications do not directly make "system calls" in
the Linux sense. *Every* Win32 application is dynamically linked with a
number of proprietary Microsoft dynamic libraries at runtime. So
regardless of any exceptions free software advocates might want to write
into their own license, the adoption by the courts of the dynamic linking
equals prohibited derived work argument would make running GPL software on
Windows boxes illegal without the consent of both Microsoft and *every*
contributor to existing GPL software packages.

In addition, given the dubious distinction between library and system call
interfaces, it could become illegal to run proprietary software on the same
Linux box with GPL software. If they are both loaded on the same storage
medium, they become a collective derived work, right? What about the the
device firmware or the BIOS? That surely is a necessary part of any modern
computer. Forget the software, what about the CPU design, or the printed
circuit board layouts. Or worse, the hardware and software design of all
devices that are part of the same physical network.

Do we really want a world where companies have to partition their
operations into a GPL-net and a proprietary net, and at a minimum run a
firewall so there can be no possible communication or interoperability
between them? Because that is the logic of where all these expansive
conceptions of derived works are heading - namely tying software and
hardware developers hands so that no system can ever be constructed without
the explicit permission of every producer of every component in the whole
system. The GPL will become a dead letter overnight.

Thankfully "every contributor" already did so... by just applying GPL license to the code!

Posted Apr 2, 2009 9:14 UTC (Thu) by khim (subscriber, #9252) [Link]

So regardless of any exceptions free software advocates might want to write into their own license, the adoption by the courts of the dynamic linking equals prohibited derived work argument would make running GPL software on Windows boxes illegal without the consent of both Microsoft and *every* contributor to existing GPL software packages.

Have you actually read the GPL? Such consent already embedded in both GPL2 and GPLv3.
GPLv2: As a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
GPLv3: The Corresponding Source for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work.

In addition, given the dubious distinction between library and system call interfaces, it could become illegal to run proprietary software on the same Linux box with GPL software. If they are both loaded on the same storage medium, they become a collective derived work, right?

Absolutely true and completely irrelevant. Again: GPL specifically says that it does not care about such cases.

Do we really want a world where companies have to partition their operations into a GPL-net and a proprietary net, and at a minimum run a firewall so there can be no possible communication or interoperability between them?

That's the point of GPL, you know. It specifically says how the firewall must be designed to comply with GPL. And the reason is to avoid marginalization or assimilation of free software. If it said that you can not ever mix GPL and proprietary software in a box - it'll lead to marginalization (as you've clearly described), if it allowed close ties to proprietary software - the door to "embrace, extend, extinguish" approach will be wide open.

Because that is the logic of where all these expansive conceptions of derived works are heading - namely tying software and hardware developers hands so that no system can ever be constructed without the explicit permission of every producer of every component in the whole system.

That's very true but you are forgetting that GPL is such explicit permission and it does include clear demarcation line.

The GPL will become a dead letter overnight.

I fail to see why.