The rise of copyright trolls
The rise of copyright trolls
Posted May 2, 2017 21:39 UTC (Tue) by tytso (subscriber, #9993)In reply to: The rise of copyright trolls by smurf
Parent article: The rise of copyright trolls
The danger here is similar to union actions where the "strikers" engage in a "Work to Rule" and try to follow every single rule, and destroys all productivity while they do it. Clearly, if the rules were sane, this wouldn't be an issue. Or a policeman who decides to only pull over people of color for speeding, when nearly everyone is driving faster than the speed limit. (Clearly you should be following the laws at all time. You criminal.) Or when all a policeman needs to do to be justified in shooting someone in the US is to claim that he felt personally threatened. It's technically legal, but it may not be morally right.
Very often, society works by allowing proprietorial (or law enforcement agent) discretion. And if they abuse that discretion, there will be an outcry to adjust the rules. The problem with Copyright Trolls is that if they abuse that discretion, then just as people are arguing that discretion should be taken away from police offers (and the standard by which they can legally use deadly force will be tightly constrained, perhaps to the point that police lives will be placed at risk), companies will argue that similar discretion should be taken away from the potential copyright trolls, again to the detriment to the community at large (while Patrick McHardy pockets millions of euros). In the case of the GPL, the name which those companies may call upon may go by the initials 'B', 'S', and 'D'. And I would be the first to argue that this is a bad thing.
Posted May 2, 2017 21:59 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (26 responses)
There are other steps that a company can do, like running BlackDuck (or other scanners) to check for accidental GPL source code in repositories and having an internal process to deal with the accidents. This will pretty much reduce damages to zero in the worst case.
And finally, we're not talking here about "slightly different kernel versions". We're talking about blatant wholesale GPL violations with not even a hint of source code. And "proprietorial discretion" just enables mafia protection rackets: "Nice business model you've got here, it'd be a shame if you got sued for GPL violation".
Posted May 2, 2017 22:11 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (4 responses)
Posted May 2, 2017 22:14 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
If you're not in compliance then duh. Your own fault.
Posted May 2, 2017 22:41 UTC (Tue)
by armijn (subscriber, #3653)
[Link] (2 responses)
Although it might seem easy it turns out that it is extremely difficult to fix. I am trying though.
Posted May 3, 2017 9:38 UTC (Wed)
by niner (subscriber, #26151)
[Link] (1 responses)
It's actually much harder to comply with Microsoft's licenses. "Oh, we were not allowed to move that machine into a VM because somewhere in the 50 pages of EULA that's forbidden?" Microsoft is also much harder on its users with mandatory license checks which can turn out to be much work for a company. Yet it does not harm their business in the slightest. So it's hard to imagine a mass exodus off Linux just because companies need to tighten up their supply chains.
Posted May 4, 2017 12:03 UTC (Thu)
by mikemol (guest, #83507)
[Link]
Do you know what the alternative is? Whatever's quick, easy and is *pre-approved by Legal* so a dev team can get their quick-turnaround, low-margin, product out the door in time to be on the shelves this Christmas.
Which is going to mean more-permissive licenses at best, quick-hack one-off in-house software or licensed proprietary libraries and systems at worst.
That's not an improvement. Nobody expects you to feel sorry for them, but you might have some sympathy for the Internet whose quality of network peer will very likely suffer.
Posted May 2, 2017 23:13 UTC (Tue)
by corbet (editor, #1)
[Link] (14 responses)
Posted May 3, 2017 8:39 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
Posted May 3, 2017 9:03 UTC (Wed)
by armijn (subscriber, #3653)
[Link]
Posted May 3, 2017 11:53 UTC (Wed)
by rsidd (subscriber, #2582)
[Link]
Posted May 3, 2017 11:21 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (10 responses)
Posted May 3, 2017 11:46 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (9 responses)
Posted May 3, 2017 11:58 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (8 responses)
How is acknowledging or mentioning a conflict of interest "low"? Regarding the non-true part, does Tjaldur's page not advertise: among other, compliance-related services? Could you explain how such a company does not have an interest in there being a high perceived threat of (a) non-compliance with the GPL for trivial, non-obvious reasons for which you'd need expert help and (b) significant monetary damages as a result of that?
Posted May 3, 2017 12:01 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (7 responses)
Actually, there would not even be a conflict of interest. Simply arguing in one's own interest. Again, how is mentioning that 'low'?
Posted May 3, 2017 12:28 UTC (Wed)
by armijn (subscriber, #3653)
[Link] (6 responses)
Posted May 3, 2017 13:20 UTC (Wed)
by aggelos (subscriber, #41752)
[Link] (5 responses)
Your intentions are unknowable and immaterial to my point, nor did I ever discuss them. My comment was to the LWN editors, to suggest that they explicitly mention facts relevant to what they are reporting on. And no, that cannot be brushed aside by "mere coverage". The FUD part is open for everyone to judge.
Posted May 5, 2017 2:41 UTC (Fri)
by Paf (subscriber, #91811)
[Link] (4 responses)
And given the strong advocacy of finding a way to deal with McHardy that would NOT put more money in the pockets of the lawyers, I think it's very clear this is not FUD. It's careful concern, backed up by independent sources. These are far from the only people complaining about the nature of the McHardy suits, for example, and the article is a report from a conference talk... Where no one in attendance (most of whom, I think it's safe to say, are better placed to judge than we readers) felt it necessary to question the premise of good intent, based on what they saw.
So, bravo, good luck, and thank you for trying to deal with this.
Posted May 5, 2017 8:55 UTC (Fri)
by aggelos (subscriber, #41752)
[Link] (3 responses)
Actually, the fact that the existence of FUD around GPL compliance is to the presenters' interest (which was my point here) is not really open to interpretation. Reasonable people could disagree on whether any (or which) statements of the presenters go out of their way to exaggerate the risks involved by speculation on unidentified and unknowable laws and regulations. I think the case is well made for both sides of that particular argument. More and better guidance for GPL compliance is a laudable goal. The goal does not set the means beyond analysis and interpretation though.
Posted May 5, 2017 17:22 UTC (Fri)
by sdalley (subscriber, #18550)
[Link] (2 responses)
You have to be careful with that sort of reasoning growing tinfoil-hatted conspiracy legs and running away with you, pardon the mixed metaphor. After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
It all comes back to whose integrity you trust, and whose you don't.
My strong impression is that Armijn et al are actively trying to clean up the FUD, not make it worse. What then? Would it really be better to have armchair lawyers from the peanut gallery, or principled people who do this stuff for a day job and know what they're talking about?
Posted May 7, 2017 20:49 UTC (Sun)
by nix (subscriber, #2304)
[Link]
Unfortunately, then reality bites: the institution of the police was created because of massive scandals around the privately-funded thief-taker system that preceded it, in which not only were some of them (e.g. Stephen MacDaniel) framing innocents as criminals to get rewards (which has recurred in South America and Nigeria in the last half-decade alone), but some were maximizing crime and indeed endeavouring to monopolize it: the classic example was Jonathan Wild. You don't get this to such a degree with doctors because doctors can't extract life from sick people the way criminals can extract goods and money from the people they rob, extort, etc. Doctors' employers can only extract money, in for-profit systems.
(Similarly, lawyers' interest is often in the maximization of the length of cases, since many charge by the hour, while their client's interest is presumably in winning the case and also in not having to pay the lawyers more than they have to. There are certain notable firms in the UK with this modus operandi which any reader of Private Eye would be able to name in an instant.)
Conflicts of interest are everywhere. They sprout like mushrooms when you stop looking for them.
Posted May 8, 2017 9:05 UTC (Mon)
by paulj (subscriber, #341)
[Link]
You say that as if it is ridiculous, but this is actually true. There is indeed evidence that a medical profession that works in an environment where there is a profit motive will have a bias towards more expensive interventions.
People are prone to bias. Even the best of people. They may not even be aware of it themselves. The way these biases work is that professionals can convince themselves they are doing the right thing as part of it. You need to openly acknowledge interests that might bias things (as is best practice in the medical world, e.g.) to have a hope of countering it. And generally be systematic about counter-balancing self-interest-bias - cause humans _are_ very prone to it.
Posted May 4, 2017 20:43 UTC (Thu)
by tytso (subscriber, #9993)
[Link] (5 responses)
Can you accept that both might exist? And that the GPL doesn't distinguish between what might be considered material and non-material breaches of the GPL. Worse, we can't necessarily trust that the judge will do the right thing. The worst thing is when the troll shows up and sends a threatening legal letter and tries to get the company to sign a contract which says, "in exchange for <troll> not revoking the GPL license, we (a) agree to an NDA (so the community won't know what the troll is up to), and (b) even if we are of compliance by an teeny-weeny amount, we agree to pay $XX,XXX per violation)". And once the company signs the contract, it's now no longer a copyright issue, but a contract issue between the victim company and the troll.
Posted May 5, 2017 9:11 UTC (Fri)
by aggelos (subscriber, #41752)
[Link]
Do you have access to the primary litigation data or secondary information from companies McHardy approached? If so, are you free to share e.g. statistics on the claims made, how often, how did the claims evolve over time (perhaps accounting for the specifics of each case)? This is highly suboptimal as confirmation bias is something we're all vulnerable to, but any information would help further discussion. I know this is would be a lot of work, but thought I'd ask in case someone already has that data :-)
Posted May 6, 2017 19:40 UTC (Sat)
by bkuhn (subscriber, #58642)
[Link]
I agree with tytso that the community should know about bad behavior in the area of enforcement, which is why Conservancy was the first to publicly condemn McHardy's actions. Oddly, the Linux Foundation, Radcliffe, and many individuals in the compliance industrial complex directly refused Conservancy's requests over a period of years to come forward and join us in condemning his actions. The statements in this thread on the panel it discusses are coming almost a year after we finally gave up waiting for all those people to join us in DTRT'ing and did it just with us and the Netfilter team. As for NDAs, in my extensive experience, the usual entity that demands an NDA is a violator, not the individual doing enforcement. One of the reasons that GPL violations are so hard to resolve is that the company won't resolve it unless the party enforcing agrees to an NDA about all terms for settlement. I'd much rather just publish all GPL enforcement settlement agreements, but sadly, too often the only way to convince a company to comply is to agree to sign an NDA about the detailed terms of how they came into compliance. I've been handed many settlement agreements for McHardy's actions from those he's annoyed; it's why I was able to learn enough about what he was doing to condemn him publicly. There are plenty of bad things that McHardy is doing, but NDAs aren't one of them. If you have evidence of McHardy demanding NDAs, please provide it. It seems to me there's plenty of bad acts we can document by McHardy that we need not make things up about what he's doing.
Posted May 7, 2017 16:51 UTC (Sun)
by jra (subscriber, #55261)
[Link] (2 responses)
Posted May 7, 2017 18:35 UTC (Sun)
by bronson (subscriber, #4806)
[Link]
Posted May 16, 2017 16:15 UTC (Tue)
by flussence (guest, #85566)
[Link]
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Um...are you familiar with the McHardy suits in particular? As I understand it (not that I have vast amounts of inside information) we're not talking about "wholesale GPL violations" here. We're talking about companies that want to comply with the license, have attempted to do so, and are still getting burned. This does not seem helpful for the long-term success of Linux or the GPL.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
It would indeed be useful be able to take a look at the actual court cases. Failing that, I think the article is remiss not to explicitly mention that the presentation on these court cases is from people who have a business interest in there being FUD around GPL compliance.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
We are one of the leading experts in analysing binaries for software governance and GPL license compliance. We use a combination of manual scanning and automated scanning.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
Yes, it is open to all to judge
The rise of unreasonable paranoia
The rise of unreasonable paranoia
After impugning legal people, why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
Of course, the problem with assuming that this doesn't happen is that sometimes it does. Obviously the medical profession has no interest in keeping us sick because they have more work than they can possibly deal with -- adding more sick people isn't helpful -- but they do have an interest, in for-profit systems, in maximizing the amount they charge for their work, charging wildly different fees for the same work depending on your bargaining power, doing unnecessary work, etc (all of which is utterly rife in the US right now). Similarly, the police obviously do not profit from crime because even today there is more of it than they can identify, and in the past crime levels were much higher, so obviously this was even more true back then. So the police have never had an interest in the maximization of crime, even though the more crime there is, the more necessary the police appear.
The rise of unreasonable paranoia
why not impugn the motives of, say, the medical profession, who obviously have an interest in keeping us sick, because otherwise, you know, they're going to have less work, &c, &c.
The rise of copyright trolls
The rise of copyright trolls
*You* may be talking about wholesale violations, but other people are talking about people who are really doing copyright trolling by going after companies who are trying to do the right thing, but who are technically out of compliance because of slight differences between the binaries and corresponding source.
NDAs are usually at the insistence of the violator, not the enforcer.
The rise of copyright trolls
The rise of copyright trolls
The rise of copyright trolls
It's not just a matter of them rejecting the GPLv3. Ignoring the current state of affairs where several kernel contributors have voiced as much, it's *impossible* to track down all copyright holders, or the estates of late ones. It's no good to say 95% quorum on a license change is enough as some other projects have done either, because in one this large there's going to be more than a few McHardy types in that remaining 5%.