This Is Absurd.
This Is Absurd.
Posted Dec 3, 2015 3:19 UTC (Thu) by ncm (guest, #165)Parent article: A referendum on GPL enforcement
Why should compliant people and organizations even further subsidize violators? Violators would be getting off easy paying many times SFC's current budget. SFC should go farther and offer a bounty to those license holders who lend their weight to SFC's efforts by inviting SFC's help enforcing their rights. SFC could and should provide many code authors a good living.
Maybe enforcement could be relaxed when "the Capitalist State withers away" on its own. I don't see that happening anytime soon, nor do I see any value in pretending it's imminent, or likely ever to happen. Violators are extracting huge revenues through their abuse, have no reasonable expectation to be allowed to continue it, and can easily afford both to comply and to pay continuing damages for past willful abuse.
There was a time when Free Software had a shaky position in the world, and needed all the goodwill it could muster. That time is long in the past. Today few can afford to compete without distributing Free Software because full compliance (even while paying damages, even in perpetuity) is much, much cheaper than the alternatives. Our sympathy should be reserved for the compliant, and for the authors.
There will never be any shortage of violators, or of potential revenue from violators, however many come into compliance. SFC is in a position to sponsor new development, directly subsidizing authors' choice to release their work under an enforceably copyleft license. Too many authors and maintainers suffer for their efforts to contribute, many unnecessarily.
Posted Dec 3, 2015 6:52 UTC (Thu)
by ssmith32 (subscriber, #72404)
[Link] (25 responses)
Posted Dec 3, 2015 7:29 UTC (Thu)
by ncm (guest, #165)
[Link] (1 responses)
Posted Dec 3, 2015 8:33 UTC (Thu)
by philh (subscriber, #14797)
[Link]
Have you noticed how "simple" the facts were to establish in e.g. the SCO case, or the current VMware case?
> but the law is pretty clear about penalty amounts for willful violations.
AFAIK "willful" is a concept that is meaningful only to US courts, where (in some cases) it is a reason to triple damages, but for that to provide any clarity one would need to have some expectation of the damages before they were to be tripled. Some courts seem to have been befuddled by the fact that Free Software does not have a per-copy fee, and so have been unable to come up with sensible damages.
It is generally considered better for all involved if violators learn to comply, as that means that their future products might continue to comply. Setting up a perverse incentive for the SFC to do a less constructive thing in order to gain income hardly seems like a good idea.
Anyway, I've already voted with my wallet ... please do likewise.
Posted Dec 3, 2015 9:00 UTC (Thu)
by mjthayer (guest, #39183)
[Link] (21 responses)
Posted Dec 3, 2015 9:39 UTC (Thu)
by pabs (subscriber, #43278)
[Link]
https://sfconservancy.org/copyleft-compliance/principles....
IIRC the latest FaiF explains that they do ask for expenses but don't insist if the company comes into compliance and doesn't end up paying.
Posted Dec 3, 2015 18:09 UTC (Thu)
by bkuhn (subscriber, #58642)
[Link] (19 responses)
We always ask politely for reimbursement of Conservancy's
costs after compliance is achieved in enforcement matters. Rarely do
companies pay, and if they do pay, they often pay less than our costs. The
only other option to force them to pay is to refuse to permit them to
distribute the copyrighted software again, even though they are in
compliance. That tactic is not fitting with community principles, in our
view. Karen Sandler and I have spent decades developing these competencies, BTW. It's just a very difficult thing
to do, no matter how skilled one is, especially when the other side knows you're a non-profit charity with limited
resources. — Bradley M. Kuhn, Distinguished Technologist,
Software Freedom Conservancy
Posted Dec 3, 2015 21:54 UTC (Thu)
by Felix (guest, #36445)
[Link] (18 responses)
On top I wished each infringing company would have to pay enough extra so you could fund 1-2 future cases so you can go to court if necessary (might be waived in case the infringer makes a binding promise to get their changes upstream in case of new drivers and the like). However I recognize that this might be just wishful thinking.
While I'm happy to donate for the SFC in general I'm not sure I want to keeping paying for GPL enforcement forever if this can be a self-funding endeavor.
Posted Dec 4, 2015 2:32 UTC (Fri)
by bkuhn (subscriber, #58642)
[Link] (16 responses)
Frankly, that's often what we do, from our point of view. Ironically,
from the violator's point of view, they are paying a lot for the whole
process already, because the first thing they do (these days) is
hire high-priced outside attorneys who advises them to fight us. After a GPL
enforcement matter gets a year or two into the usual clock, the other side
has probably paid many tens of thousands to their counsel advising them to
introduce delay and refuse to even acknowledge that they were out of
compliance; sunk cost fallacy likely kicks in at that point. By then, the
company has paid so much money to their lawyers that they are fed up with the
whole process and we're lucky to get them into compliance without a lawsuit,
let alone recover our costs. Felix noted further:
I agree that it should be true, but sadly, it's not; violators
play the odds. I often point out that Conservancy is aware of hundreds and
possibly thousands of GPL violations ongoing, just on Linux, at any given
moment. Most products with Linux have a life cycle of 18 months or less.
Violators realize that the odds are forever in their favor: for any given
product, the odds that we can get to them before the product hits end of life
are very low. Plus, when companies have outside vendors who are ultimately
responsible for the firmware (and are the primary violator) it's more
valuable to the OEM to preserve those relationships than to insist on
compliance. Factor that into the (small but nontrivial) cost of complying up
front, and you have a corporate decision-making recipe that always says to
violate first and comply later (if we ever even have to). Few companies are
committed to doing the right thing and not playing those odds. I'm glad some
do, but they're rare. You might reasonably ask why we don't go after the upstream firmware/board
manfuacturers directly. We rarely have enough evidence of a board-maker's
violation that is sufficient for enforcement action. From the point of
view of us and everyone who bought the product, the OEM is the violator,
not their firmware vendor. If the OEM protects their upstream vendor at
all costs (which they do, since the vendors have a lot of power in the
relationship once it's in place), the OEM refuses to even say the vendor
was the primary violator. We thus don't have any evidence to pursue the
original violator. Not until there is a strong set of Court cases that
show such violations won't be tolerated will this behavior change, IMO. Conservancy chose to fund the VMware suit (and set its money aside
separately — the funding for VMware is already collected and not
at issue in Conservancy's current fundraiser —) as part of a
careful strategic plan to maximize the value of the enforcement we can
afford to do. We cannot guarantee our donors that GPL
enforcement will become self-funding, but we constantly consider ways to
make it so, provided that we not compromise the moral principles of
GPL enforcement. Personally, I've seen too many cases where
well-intentioned people got involved in enforcement and then began to
value revenue over compliance — Jon Corbet made reference to one
such situation in his main article. For my part, I'm constantly
vigilant to ensure any time funds are involved in an enforcement
settlement that we are not even close to trading failures in compliance
for money. Even doing that a little bit begins the path to
corruption. This fundraising campaign is the culmination of many years of thinking and seeking a formula that generates sustainable
self-funding revenue for ethical GPL enforcement. During those years, I have personally
been offered high paying jobs if I'd just stop doing GPL enforcement,
and some companies have offered funding to Conservancy if we'd just
“remove enforcement work from [our] roster”. I suspect that
many who care about the GPL but don't work regularly in the
enforcement/compliance community will be flabbergasted to learn that powerful for-profit interests seek to curtail enforcement of
copyleft. Given this political climate, Karen and I both feel that Conservancy needs a mandate from the public to continue this work. Jon Corbet's phrase for this,
a referendum on GPL enforcement, is thus apt. Meanwhile, I know that Karen and I sometimes may sound dismissive when people
come forward with suggestions on better ways to do enforcement. It's
because we've tried as many suggestions as we can that don't compromise our enforcement principles — in
fact, we've tried most of them at least twice in different time periods;
we've done a lot of “well, that didn't work
before, but maybe things have changed and it'll work now”. Yet,
the situation doesn't get any better. In fact, violation counts
increase. In particular, over the last two years, we've seen a rise in
companies who are what I call “savvy” violators: companies
that knew about the GPL and its requirements but sought specific methods
to avoid compliance. GPL violations stopped being just a series of
innocent mistakes by n00bs a long time ago. I realize that's a long winded answer to your point, Felix, but I
hope it illuminates that we did not come to this decision to launch this
fundraiser lightly. I realize it's frustrating to be asked for an
annual donation to do the seemingly simple job of asking other people to
follow the rules, and I don't blame you for feeling some donor fatigue,
particularly when the wheels of justice move so slowly. (We'd hoped for a decision in the VMware case by now, but
it may be a long way away!) The best I can
promise you is we're always committed to looking for creative solutions
to the problem, and that we operate as transparently as we possibly can
(which is why Karen and I are spending time late into the night answering queries on
LWN ;) Finally, I'm glad LWN readers had the opportunity to read about this
and ask these questions. — Bradley M. Kuhn, Distinguished Technologist,
Software Freedom Conservancy
Posted Dec 4, 2015 8:06 UTC (Fri)
by kleptog (subscriber, #1183)
[Link] (1 responses)
Posted Dec 4, 2015 16:57 UTC (Fri)
by rghetta (subscriber, #39444)
[Link]
Posted Dec 4, 2015 20:09 UTC (Fri)
by HenrikH (subscriber, #31152)
[Link] (5 responses)
Posted Dec 4, 2015 22:13 UTC (Fri)
by bkuhn (subscriber, #58642)
[Link] (4 responses)
Well, first of all, the BSA tactics, behaviors, and overall strategy have always been abysmal, specifically because they target users. The BSA strategy of GPL enforcement would be to find everyone who bought a GPL infringing product and somehow go after them aggressively. No one should ever do that, IMO. Ethical GPL enforcement, by contrast, fights for rights of users who got that product — to make sure they can recompile and reinstall the GPL'd software they got, and that all the source code for that software is present. Blaming a user who bought an infringing product is akin to blaming the victim of a crime. Regarding your more general question about of public shaming, Erik Andersen of the BusyBox project was a fan of this strategy for a while. It has some benefits, but it ceased working for him, which is why he asked me personally (and later Conservancy as a whole) to help him enforce the GPL on his copyrights. Certainly, Karen and I talk regularly with our enforcement coalitions of copyright holders about using public shaming as a tactic. It certainly is cheaper, and if it was sure to work, we'd use it more often. But, when I see perennial GPL violators constantly mentioned in threads like this, whom Conservancy knows about but whom we've been unable to convince to comply, I conclude that public shaming is not going to work, even though it might have in the past.
Posted Dec 5, 2015 23:51 UTC (Sat)
by HenrikH (subscriber, #31152)
[Link] (3 responses)
Regarding the public shaming I wasn't talking about that being a tactic but as a tool for money just like the BSA does. I.e if the case is settled out of court then the #1 priority of the settlement would of course be to make the violator GPL compliant but then they could also get asked to pay a sum of money or else they will be put on your public list of GPL violators and also be part of a press release.
I.e it's not hush money per say and never ever an alternative to be GPL compliant. However I'm sure that you and the conservatory that works with these issues all day already have though long and hard on issues like these, it's easy for some one like me to play armchair layer :-) so once again thanks for your insightful replies!
Btw, please note that I'm in no way promoting BSA tactics, I once worked for a company that where hit hard by them (we had an employee who where responsible for licensing and when he got mad at the management he simply stopped buying licenses and reported the company to BSA and thus not only brought harm to the company but also got a finders fee from the BSA. What I however got out of that whole affair was the notion that the BSA gives you a costly option of avoiding being named in their press release and apparently a lot of companies pay that money [and that sum was bigger than the "license penalty"]).
Posted Dec 6, 2015 3:18 UTC (Sun)
by bkuhn (subscriber, #58642)
[Link] (2 responses)
It's an interesting idea, and I don't find it morally wrong on its face, but I also don't see how it's particularly helpful. If the public shaming comes after they've come into compliance, what shame is there? Everyone makes mistakes, and coming into compliance is they way you correct it. I don't think there is actually anything shameful in making a mistake and then correcting it.
Posted Dec 8, 2015 6:08 UTC (Tue)
by pabs (subscriber, #43278)
[Link] (1 responses)
Posted Dec 11, 2015 8:50 UTC (Fri)
by jospoortvliet (guest, #33164)
[Link]
Posted Dec 5, 2015 2:45 UTC (Sat)
by lukeshu (guest, #105612)
[Link] (2 responses)
Doesn't the GPLv2 terminate upon violation; if product A violates, and they therefore loose the license, shouldn't that also terminate their license for product B? That is, even if you can't get them before the product hits EOL, aren't they still affected?
As a side question from that: If you, representing a stakeholder in the kernel, show that an organization committed a GPLv2 violation, bring them in to compliance, and (on behalf of the single stakeholder) reinstate the license, isn't the license from every other stakeholder still implicitly revoked (per ยง4)?
Posted Dec 6, 2015 3:10 UTC (Sun)
by bkuhn (subscriber, #58642)
[Link] (1 responses)
I find myself inspired to quote
Futurama: But, this is where I again have to say that the GPL isn't magic pixie dust
that just works. If the violator doesn't wish to comply, we have to
compel them somehow. Termination of rights works the same way as it did in the first product, and has the same tools available. Namely, we can go
into court, and seek an injunction; just like we'd have needed to for the first product. The fact that the rights terminated
long ago in past product might help us convince the judge to grant an
injunction more quickly, and/or show the judge the company acted in bad
faith. But, the enforcement process is the same, and note that one way to
come into compliance is to stop distributing. Therefore, with regard to the
old violation, the company is now in compliance. We're unlikely to therefore
get a judge to compel a source release for the old product, since
distribution has ceased. First, it's worth noting that Conservancy doesn't just represent a
coalition of stakeholders (although we do that too), but Conservancy is also
a copyright holder in Linux as well, as some stakeholders have outright
assigned Linux copyrights to Conservancy. But, that wasn't your question. To answer your question:
Yes, you're quite correct about how rights restoration works (at least in the
USA and most other jurisdictions I'm familiar with). The negotiation point
that both FSF and Conservancy use in that enforcement scenario is simply tell violators that
once compliance is achieved, we're on their side and prepared to be an expert
witness or otherwise help the former violator oppose any copyright
holders knocking at the door for huge settlements. Such copyright holders
who came to demand pay-outs after compliance was achieved of course wouldn't
be acting under the
principles of ethical GPL enforcement anyway.
Posted Dec 6, 2015 4:10 UTC (Sun)
by lukeshu (guest, #105612)
[Link]
It's been my experience that corporate lawyers tend to be very afraid of "technically correct", which is why I asked.
Posted Dec 6, 2015 6:45 UTC (Sun)
by ncm (guest, #165)
[Link] (4 responses)
The solution may be to start another organization, e.g. The Coding Liberty Cooperative, with more effective principles, sign up authors, and go into competition, maybe pursuing repeat offenders who have been let off too easily by SFC.
Posted Dec 8, 2015 2:58 UTC (Tue)
by lutchann (subscriber, #8872)
[Link] (3 responses)
Posted Dec 8, 2015 21:22 UTC (Tue)
by bkuhn (subscriber, #58642)
[Link] (2 responses)
Even if avarice was maximized in these enforcement cases, the proceeds wouldn't be seen for a very long time.
Anyway, the only logistical way to get large amounts of money quickly and easily is to take pay-offs to look the other way when compliance isn't achieved. There are people making money doing that, which Jon made reference to in the original article. I denounce that as immoral, even if it would be a way to get money easily.
You can see on Conservancy's Form 990s that we did receive money in the BusyBox enforcement, which funded more enforcement. But enforcement where compliance is the paramount goal is only partially self-funding. I hope people will donate to bridge the gap.
Posted Dec 10, 2015 10:46 UTC (Thu)
by linuxrocks123 (subscriber, #34648)
[Link]
Oh, but, if the violator proves (burden on the violator) that they really didn't know, and shouldn't have known, the court can reduce damages to $200 per work. So then you only get $20 million.
That's still $20 million, in the absolute worst case, for what I would imagine to be a fairly low-volume product. What am I missing here?
Posted Jul 20, 2016 21:14 UTC (Wed)
by paulj (subscriber, #341)
[Link]
See also: https://paul.jakma.org/2009/12/21/killing-free-software-w...
The one cautionary bit is that such actions mustn't put off more people from going with GPL software than are attracted to it.
Posted Jul 20, 2016 21:06 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Dec 1, 2016 20:54 UTC (Thu)
by Hi-Angel (guest, #110915)
[Link]
Posted Dec 3, 2015 11:24 UTC (Thu)
by zack (subscriber, #7062)
[Link]
FWIW this part is answered in the article and by SFC already:
> The SFC has chosen not to pursue GPL-enforcement lawsuits as a revenue-generation technique, saying, probably rightly, that it would compromise the real goal: bringing companies into compliance.
This Is Absurd.
This Is Absurd.
This Is Absurd.
This Is Absurd.
This Is Absurd.
On reimbursement of costs for enforcement actions
On reimbursement of costs for enforcement actions
Replying to Felix, who noted:
On reimbursement of costs for enforcement actions & related issues
Otherwise you just provide them with free legal/tech consulting.
it should be cheaper to ship a compliant product in the
first place than to violate the GPL and fix things up later.
While I'm happy to donate for [Conservancy] in general I'm not sure I want to
keeping paying for GPL enforcement forever if this can be a self-funding
endeavor.
On reimbursement of costs for enforcement actions & related issues
+1
Having to fund for gpl compliance makes me sad, however
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
HenrikH asks:
On reimbursement of costs for enforcement actions & related issues
Would it be possible to extract money the BSA way?
Or are these companies not afraid to be publicly known as GPL violaters?
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
make the violator GPL compliant but then they could also get asked to pay a sum of money or else they will be put on your public list of GPL violators and also be part of a press release.
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
lukeshu asked:
On reimbursement of costs for enforcement actions & related issues
Doesn't the GPLv2 terminate upon violation; That is, even if you can't get
them before the product hits EOL, aren't they still affected?
You are technically correct! The best kind of
correct!
. Yes, indeed, under GPLv2§4,
the violator will lose their distribution rights (read
more in Copyleft Guide), and that termination relates to any
copyrights infringed in the original product. Thus, indeed, if those
copyrights are redistributed in a later product, their rights have already
been terminated.
If you, representing a stakeholder in the kernel, show that an organization
committed a GPLv2 violation, bring them in to compliance, and (on behalf of
the single stakeholder) reinstate the license, isn't the license from every
other stakeholder still implicitly revoked?
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions & related issues
On reimbursement of costs for enforcement actions
This Is Absurd.
This Is Absurd.