Weekly Edition
Return to the Announcements page
| |||||||||||||||||||
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today
Best Buy, Samsung, Westinghouse, And Eleven Other Brands Named In SFLC Lawsuit Evidence of GPL Violations and Copyright Infringement Found in TVs, DVD Players, and Dozens of other Electronic Devices New York, NY, December 14, 2009//Best Buy, Samsung, Westinghouse, and JVC are among the 14 consumer electronics companies named in a copyright infringement lawsuit filed today in New York by the Software Freedom Law Center (SFLC). The SFLC is a non-profit law firm established in 2005 to provide pro-bono legal services to Free and Open Source Software (FOSS) developers. The suit was filed on behalf of the Software Freedom Conservancy (Conservancy), the non-profit corporate home of the popular software application BusyBox and many other FOSS projects, and Erik Andersen, one of the program's principal developers and copyright holders. The suit charges each of the defendants with selling products containing BusyBox in violation of the terms of its license, the GNU General Public License version 2 (GPLv2). About BusyBox: Known as the "Swiss Army Knife" for Linux, BusyBox is a common component of a growing number of household devices, including Best Buy's Insignia Blu Ray DVD Player, Samsung HDTVs, Westinghouse's 52-inch LCD Television, and more than a dozen other products that the defendants have continued to sell without the permission of the software's copyright holders. Under the terms of the GPLv2, anyone can view, modify, and use the program for free on the condition that they distribute the source code to customers. The SFLC confirmed BusyBox violations in nearly 20 separate products cited in the complaint and gave each defendant ample time to comply with the requirements of the license. "We try very hard to resolve these types of issues privately with companies, as we always prefer cooperation" said SFLC counsel Aaron Williamson. "We brought this suit as a last resort after each of these defendants ignored us or failed to meaningfully respond to our requests that they release the source code". The First Rule of GPL Compliance: "Be Responsive When Contacted": The SFLC has dealt with over a hundred compliance matters since its inception on behalf of various clients, including BusyBox and developers of significant portions of the GNU/Linux operating system. The vast majority of these matters usually end with violators voluntarily coming into compliance. In the rare cases when a company refuses to cooperate in good faith, the SFLC has been forced to take legal action on behalf of its clients to enforce FOSS requirements. Since 2007, the SFLC has sued six companies, including Verizon and Cisco, for selling products with embedded FOSS programs in violation of the GPL. Though the scope of this lawsuit is unprecedented in that it includes 14 defendants, the SFLC's primary goal is to encourage companies to join the software freedom movement, said Bradley M. Kuhn, Conservancy's president and the SFLC's technology director. "As embedded computer systems become more commonplace in everyday consumer electronics and more companies recognize the zero-cost licensing of Free Software over proprietary alternatives, it is more important than ever for manufacturers to learn to comply with the GPL", Kuhn explained. "The SFLC's objective, on behalf of its clients, is not only to ensure the freedom of FOSS code but to see that BusyBox's users get the full benefit of the software" Williamson added. The suit was filed in the United States District Court for the Southern District of New York and will be heard by Judge Shira A. Scheindlin. Drafts of the complaint and the release are vailable on our website at www.Softwarefreedom.org and attached. For additional information or to arrange interviews, please contact SFLC communications director, Lysandra Ohrstrom, at (212) 461-1915 or by e-mail at lohrstrom@softwarefreedom.org. (Log in to post comments)
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 14, 2009 18:47 UTC (Mon) by jimparis (subscriber, #38647) [Link]
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 14, 2009 19:39 UTC (Mon) by yokem_55 (subscriber, #10498) [Link]
At first I was confused as to why Worst Buy was named in the suit, as typically retailers reselling a piece of a equipment aren't the targets of GPL violation actions (although I suppose in theory they can be, even as mere conduits?). After taking a look at the suit, it looks like BB has a Best Buy branded Blue Ray player that is in violation, so the typical GPL violation situation applies. However, it will be interesting to see if going forwared, BB pushes its product vendors to be more proactive about avoiding violations so as to keep BB from getting into this situation.
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 14, 2009 20:20 UTC (Mon) by pr1268 (subscriber, #24648) [Link] Perhaps Best (Worst) Buy is named because their house brands' products (e.g. Insignia) contain GPL code. Just a thought...
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 15, 2009 3:54 UTC (Tue) by jmm82 (guest, #59425) [Link]
This section from the GPLv2(last sentence) would exclude distributor channels
from the initial charges as long as they comply once notified they were middle men for an evil ring of code smugglers.
"4. You may not copy, modify, sublicense, or distribute the Program except as
Yet, it appears in this case a subdivision of Best Buy was actually creating
Why is always busybox? Posted Dec 14, 2009 19:44 UTC (Mon) by shemminger (subscriber, #5739) [Link]
Busybox seems to be the GPL hook that they catch all these vendors on. But I can't imagine vendors making modifications, much less usable enhancements, to such a simple set of tools. The kernel is the place SFLC should be able to get them on, but the binary driver exception is so big the GPL has no power there.
Why is always busybox? Posted Dec 14, 2009 19:59 UTC (Mon) by rahvin (subscriber, #16953) [Link]
Harold Welte has copyright in BusyBox and is the most prolific enforcer of the GPL in the world. The SFLC does Harold's enforcement actions in the US. I should also point out that once SFLC has been involved they ensure compliance with all GPL applications, not just Busybox. The beauty is that Busybox is almost a requirement in the embedded space if you are using any GPL code and make it an easy target for enforcement because it's easy to find, easy to prove and heavily enforced making it a slam dunk case.
In addition, once SFLC files suit posting the code isn't enough, they usually revoke the license and refuse to reissue until they are reimbursed for legal fees + a little extra for the next action and almost always require the companies involved to appoint a GPL compliance officer so it doesn't happen again.
Why is always busybox? Posted Dec 14, 2009 20:13 UTC (Mon) by BrucePerens (guest, #2510) [Link] Nobody ever violates the license on busybox for a smart reason. Proprietary code would not be connected with it. It's just a lack of due diligence combined with a failure to respond when contacted. I could confuse things tremendously by taking my original code-base and applying the BSD license to it. :-) Bruce
Why is always busybox? Posted Dec 14, 2009 20:33 UTC (Mon) by atai (subscriber, #10977) [Link]
No, you want to apply the GPLv3 to it. That is better!
Why is always busybox? Posted Dec 14, 2009 20:42 UTC (Mon) by BrucePerens (guest, #2510) [Link]
I could dual-license it.
Why is always busybox? Posted Dec 15, 2009 22:00 UTC (Tue) by davi (guest, #18853) [Link]
You could, but I hope you do not do it.
User freedom:
Why is always busybox? Posted Dec 14, 2009 20:37 UTC (Mon) by armijn (subscriber, #3653) [Link]
Ehm, Harald has no copyrights on BusyBox and SFLC does not enforce his copyright.
Why is always busybox? Posted Dec 14, 2009 22:03 UTC (Mon) by JoeF (guest, #4486) [Link]
Harald Welte has copyrights on ipfilter, if I remember right.
That's also pretty much everywhere in devices that connect to the network. The busybox developers include Bruce Perens.
Why is always busybox? Posted Dec 14, 2009 23:15 UTC (Mon) by rahvin (subscriber, #16953) [Link]
Maybe I'm showing my ignorance, but I thought part of the ipfilter code was in busybox these days?
Why is always busybox? Posted Dec 14, 2009 23:30 UTC (Mon) by armijn (subscriber, #3653) [Link]
There is definitely no netfilter or iptables in BusyBox (I just grepped through the latest sources) :-)
Why a "little extra"? Posted Dec 14, 2009 21:30 UTC (Mon) by vondo (guest, #256) [Link]
It seems to me the time for compliance plus a little bit of funding, a slap on the wrist, is past. Any company that is paying attention should know they can't get away with this. I would really like to see a few of these companies hit hard for an amount of money that actually *hurts*. Then maybe others won't be so cavalier about it.
As it is, a company can look at this as "Let's use this code and not worry about it. If someone finds out, we can release it later. Or we can ignore it and maybe we'll have to pay some small amount in a lawsuit." That perception has to change or SFLC is going to be doing this forever.
Why a "little extra"? Posted Dec 15, 2009 2:51 UTC (Tue) by jamesh (guest, #1159) [Link]
The companies should be concerned. In cases like this, the copyright holders could ask the court for an injunction against the sale of the infringing devices.
Not being able to sell your device while still having to keep the existing stock around is not cheap and should be a pretty big deterrent.
Why a "little extra"? Because that's the right amount Posted Dec 15, 2009 10:33 UTC (Tue) by tialaramex (subscriber, #21167) [Link]
The SFLC is probably content to do this forever. Lawyers who prosecute people for fraud or theft will be doing that forever too.
Punitive costs aren't what we want as a community - the objective is to ensure that around the world, company directors think of GPL compliance as non-optional, like paying their taxes, just a cost of doing business. Winning and settling a long series of lawsuits establishes that thinking without multi-million dollar amounts.
If the SFLC gets enough money from each such lawsuit to fund the next, plus a "little extra" then we're doing well enough IMO.
Why a "little extra"? Because that's the right amount Posted Dec 18, 2009 12:42 UTC (Fri) by malor (subscriber, #2973) [Link]
Yeah, it shouldn't be a profit center, just a method to keep the capitalists in line. Their use of free software is wonderful, and we want to encourage it, not discourage it. We want them to understand that there some rules they have to follow to get access to all that great code, but that the rules aren't especially onerous and that using GPLed code isn't scary. We want them to (correctly) think that it's often a better solution than BSD or proprietary packages.
SOME of them may even turn into contributors, but getting that code into as many devices as possible is a good end in and of itself, because it usually makes devices much more hackable. It gives the free software community more control over their hardware. Even if they never contribute a line of code, they ARE contributing devices that RUN that code.
Why a "little extra"? Posted Dec 15, 2009 16:17 UTC (Tue) by endecotp (guest, #36428) [Link]
> maybe [manufacturers] have to pay some small amount in a lawsuit
As far as I can recall, the amount paid has not been disclosed in any of these cases. I think that's unfortunate, and I encourage SFLC to settle future cases without a clause preventing disclosure of the amount. Without knowing if it's $1000 or $1000000, we're unable to judge whether these cases make future infringement more or less likely.
Why is always busybox? Posted Dec 14, 2009 22:19 UTC (Mon) by arjan (subscriber, #36785) [Link]
what binary driver exemption???
Why is always busybox? Posted Dec 14, 2009 22:36 UTC (Mon) by daney (subscriber, #24551) [Link]
Perhaps it is the de facto binary driver exemption that allows companies to ship products using GPUs made by $LARGE_CHIPMAKER using binary driver blobs.
Why do we have EXPORT_SYMBOL_GPL() anyhow if EXPORT_SYMBOL() doesn't imply some sort of non-GPLness?
Why is always busybox? Posted Dec 14, 2009 22:55 UTC (Mon) by jmm82 (guest, #59425) [Link]
I have had a long discussion about this before and basically EXPORT_SYMBOL_GPL() has no legal implications and is more of a expression of one's opinion towards the exporting of symbols in the kernel than a legal binding to the symbol.
Why is always busybox? Posted Dec 14, 2009 23:53 UTC (Mon) by rgmoore (✭ supporter ✭, #75) [Link] Linus has clearly expressed his opinion that kernel modules are not necessarily derivatives of the kernel. Something that was originally written for Linux and depends explicitly on it would clearly be a derivative. But Linus's opinion is that a module that was originally written for a different OS and was ported to Linux with minimal changes would not count as a derivative of Linux. Since the GPL depends on copyright provisions that apply to derivative works, it wouldn't apply to a module that doesn't count as a derivative. As far as I can tell, Linus's analysis is correct, and a suit against a company that ported its driver for another OS and released it under a non-GPL license- NVidia being an obvious example- would fail in court.
Why is always busybox? Posted Dec 15, 2009 5:08 UTC (Tue) by drag (subscriber, #31333) [Link] Who decides what a derivative is is not Linus, GPL, or anybody else except a judge interpreting law and precedent. It's absolutely possible that one module can be a derivative and another one is not. Most above people (and probably you also) understand that 'Derivative' is a very specific legal term that is included in the copyright law of the USA. Any copyright license, like the GPL, is limited by the scope of that legal definition. It does not matter what the copyright holder _wants_ something to be, his power in controlling the work of others is limited by "derivative", at least in copyright law.With Nvidia they are shoehorning a great big blob of Windows driver code into the Linux kernel. The portion of the code that is specifically made for Linux is GPL'd. So the argument goes that the non-GPL'd parts of the driver are actually written for a different OS or at least a multitude of OSes and since it was not developed for Linux and does not depend on Linux kernel code then it is not derivative. ... Presumably. Who knows how true that is. It may be possible to sue Nvidia, but it is certainly not a slam-dunk case and, anyways, it seems that nobody is interested in doing so.
Why is always busybox? Posted Dec 15, 2009 17:59 UTC (Tue) by Trelane (subscriber, #56877) [Link]
the other thing is that the GPL is explicity *not* a use license. So long as the end user is the one doing it, they cannot argue that binary-only drivers are not legal. The interface between the binary and the GPL-ed software is the crucial bit, as it must be distributed to the end-users.
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 15, 2009 14:21 UTC (Tue) by ibisum (guest, #59406) [Link]
Is it going to be enough for them to just publish the GPL'ed code and then wash their hands of the situation, or are they also going to have to enable root access and let users replace/upgrade the apps/libs/kernel as well?
The same situation is happening with the Creative Labs Zii Egg (Plaszma OS platform), where they have built a product using GPL'ed code and only just started releasing parts of the code they're using to their developers (to whom they have shipped the products, thus: customers) .. but we are still unable to replace/upgrade the GPL'ed components, because the Zii Egg has been locked down - no root access.
I'm just wondering what the scenario is, vis a vis the 'upgradability' issue ..
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 15, 2009 19:37 UTC (Tue) by rahvin (subscriber, #16953) [Link]
GPLv3 has a specific clause to prevent what you want. It's called the Tivoisation clause and one of the key things about GPLv3 that Linus didn't like. GPLv2 says nothing about locking down hardware that uses GPL software and as a result of Linus's decision the Linux Kernel will never use GPLv3 means companies can use force hardware to use only signed kernels.
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 16, 2009 21:57 UTC (Wed) by davi (guest, #18853) [Link]
The Linux kernel does not allow complete freedom to users.
Do you know some GPLv3 kernel? Maybe GNU Hurd?
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 17, 2009 10:23 UTC (Thu) by MKesper (guest, #38539) [Link]
The Linux kernel allows complete freedom to users. It's those manufacturers that want to lock you down. And as long as the Linux kernel will be developped under GPLv2 (probably forever), no manufacturer wanting to lock users will be interested in any GPLv3 kernel. They'd rather use *BSD and make it all proprietary.
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 18, 2009 0:40 UTC (Fri) by davi (guest, #18853) [Link]
It is a pity the Linux kernel can not be upgraded to use the GPLv3 license.
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 20, 2009 17:48 UTC (Sun) by smipi1 (subscriber, #57041) [Link]
Manufacturers know that most consumers are not experienced hackers. Giving
them all keys to root will probably result in many bricked products that falls outside the warranty.
Even worse: Let's say they hand out keys to root, thereby allowing those with
There are many such scenarios that manufacturers have to contend with if they
Best Buy, Samsung, And Westinghouse Named In SFLC Suit Today Posted Dec 20, 2009 23:27 UTC (Sun) by anselm (subscriber, #2796) [Link] It probably wouldn't be a great stretch to set up different units with their own randomly-generated root passwords. For example, AVM does it for WPA keys on the FRITZ!Box (a WLAN router/telephony appliance). That way, a would-be cracker couldn't trivially use their own device's root password to compromise other people's devices.
|
|||||||||||||||||||