LWN: Comments on "An injunction against Fortinet for GPL violations"

Time Limit

bastiaan — Thu, 21 Apr 2005 16:57:27 +0000

IIRC, you don't lose the right to sue after the time limit. However you *do* lose the right to apply for a temporary injunction. The reasoning is that temporary injunctions are for urgent issues, and taking more than a month to file suit demonstrates the matter is not that urgent to you.

An injunction against Fortinet for GPL violations

xoddam — Sat, 16 Apr 2005 08:16:10 +0000

Excellent point.

An injunction against Fortinet for GPL violations

khim — Fri, 15 Apr 2005 19:30:19 +0000

Besides, gpl-violations.org did not circumvent the protections in order to use the software. They did it to reveal GPL violations. I think that matters in the law.

It should. Since reverse engineering not for purpose of using the product is done every single day on millions of computers around the world!

How ? Why ? Easy: anti-virus software. It does automatic reverse engineering of each and every program to catch "virus-like activity". If you'll think about it this exactly the same procedure copyright holder must do to catch copyright violation when code is obfuscated. And when automated procedure fails anti-virus companies continue with manual reverse engineering and then add more sophisticated algorythms in automatic version.

An injunction against Fortinet for GPL violations

bbigby — Fri, 15 Apr 2005 13:58:54 +0000

I don't think that the DMCA will protect Fortinet under these circumstances. The problem for Fortinet is that the DMCA is for protecting copyright material of the rightful owner. In this case, Fortinet is NOT the owner of the GPL'ed software. Clearly, they are violating copyright law AND the DMCA does not apply in this case.

Even if you say, "Ah, but the DMCA protects the part of Fortinet's product that is theirs." Perhaps, but there is something in law, called "unclean hands." You cannot receive compensation for a loss when you have acquired gains from breaking the law. Besides, gpl-violations.org did not circumvent the protections in order to use the software. They did it to reveal GPL violations. I think that matters in the law. If gpl-violations.org had not found any violations, they would have quietly discarded the information that they acquired. None would be the wiser.

An injunction against Fortinet for GPL violations

ernest — Fri, 15 Apr 2005 13:15:26 +0000

As far as I understand it, the DMCA would not even help in this case, even in the Wild West (ie the US). Apparently there is something about being a thief that juges dislike.

An injunction against Fortinet for GPL violations

freddyh — Fri, 15 Apr 2005 06:47:57 +0000

I'm probably being irrationally paranoid, but this smells like a case where the DMCA could easily be abused. If Fortinet claims that their encryption is an anti-piracy measure, whoever cracked it could be facing some serious shit.

Luckily, under German law you *are* allowed to do reverse engineering if the thing you are reverse engineering includes your own work. I would guess this clause is available in other jurisdictions as well, although I am not sure. I would also guess that in the US you're simply not at all allowed to do this.

Obviously this is still a problem because you don't know yet if it's your work until you've reverse engineered it... So, if you finally conclude that the product doesn't include your work then there is no law-suit, and the company doesn't have to know you've reverse engineered in the first place ;)

Time Limit

Duncan — Fri, 15 Apr 2005 06:46:51 +0000

Exactly, only I believe the time limit is four weeks (perhaps your 30
days?). Harald Welte has mentioned this specifically before, as an
important aspect of the situation. He makes the companies aware of the
situation and the ticking clock in his warnings, and has observed that in
most cases it tends to bring companies that otherwise might wish to drag
things out for years, until the product is no longer on the market anyway
and they've moved on, to the the table much faster. With the clock
ticking like that, they have little recourse. If for whatever reason they
can't move fast enough, they end up with an injunction. However, AFAIK,
it has only gone that far a couple times, both ending up in our favor,
because most companies have sense enough to see the light, and recognize
they are over a barrel.

In many cases, the company hadn't the foggiest idea it was open source
code, either, because they bought it from some fly-by-nite Chinese company
or the like, and any assurances re source origin they got were entirely
worthless. At that point, they pretty much haven't a choice but to make
public their code, and in the future either resolve to check things more
thoroughly, /not/ always taking the low or fastest available bid, or
decide from the experience that it wasn't so bad after all, and they make
a point after that to check for releasable code and do so if they can.

Unfortunately, I don't know which reaction is more common, but in either
case, they end up with a better respect for GPL code, which in itself is
useful, as it strenthens the guarantees that the GPL offer.

Duncan

Time Limit

freddyh — Fri, 15 Apr 2005 06:35:11 +0000

The time limit under German law is indeed one month. Herald Welte gave a very nice presentation about the GPL-violations project on Fosdem in which he explained much of the procedure (http://www.fosdem.org/2005/index/speakers/speakers_welte), unfortunately the sheets of his presentation are not yet available.

Time Limit

ncm — Thu, 14 Apr 2005 21:20:35 +0000

In German law, I gather, you are obliged to file suit within a fixed amount of time (30 days? Two weeks?) after you are first informed of the violation, or lose the right to sue. They can't afford to be too accommodating. In U.S. case law it's a lot more fuzzy. After a while they seem to be able to claim squatters' rights, in violation of the written statute.

An injunction against Fortinet for GPL violations

nedrichards — Thu, 14 Apr 2005 20:13:46 +0000

>Hopefully, Fortinet's own copyright violations will render that path >untenable. But in the US court system, you can never rely on the >intelligence of judges.

Good thing the action is taking place in the Munich district court then.

An injunction against Fortinet for GPL violations

chbarts — Thu, 14 Apr 2005 20:02:17 +0000

According to gpl-violations.org, Fortinet used GPL software in certain products and then used cryptographic techniques to conceal that usage.

Hopefully, Fortinet's own copyright violations will render that path untenable. But in the US court system, you can never rely on the intelligence of judges.

An injunction against Fortinet for GPL violations

euvitudo — Thu, 14 Apr 2005 18:48:17 +0000

On the other hand, if you ran a company, wouldn't you take a C&D seriously, or would you consider a C&D threat from a bunch of FOSS people to be insignificant and toothless? Hopefully this will send a message that FOSS licenses should be taken seriously (some companies seem to take, e.g., the GPL, seriously, as there are so many alternative OS licenses to the GPL that have sprung up in recent years--CPL, SISSL, etc.).

An injunction against Fortinet for GPL violations

azhrei_fje — Thu, 14 Apr 2005 17:32:08 +0000

From what I've heard so far, I like the approach being taken in this process: contact the alleged offender and ask them if they knew what the situation was, then send a C&D letter, then ask for an injunction in court.

To me, it shows an interest in working with the manufacturer before just taking them to court. I would like to know what the time frame was between sending the C&D letter and filing for the injunction, though. If the C&D was sent on March 17th, then they must've filed for the injunction about 2 weeks later, given that the courts will take a week or two to review the case and make a decision. I'm not sure two weeks from C&D to injunction is long enough; on the one hand, it should be done right away, but on the other hand, it might take some time for a C&D letter to get to the right people.