The Other Side of Openness: Licence Enforcement

It's generally recognised that one of Richard Stallman's key contributions to free software - and far beyond it - was coming up with the GNU General Public Licence. It was a typically clever hack that turned copyright on its head: instead of...


It’s generally recognised that one of Richard Stallman’s key contributions to free software – and far beyond it – was coming up with the GNU General Public Licence. It was a typically clever hack that turned copyright on its head: instead of being used to stop people sharing, it hovers in the background as a way of making sure people do share. In other words, copyright becomes the legal threat that lies behind free software, and ensures that it functions as intended.

But threats only work if you are ultimately prepared to follow through with them, and that means a crucial if largely neglected aspect of free software is enforcement of the licence. The main organisation that has shouldered the burden of enforcement is the Software Freedom Conservancy:

a not-for-profit organization that helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects. Conservancy provides a non-profit home and infrastructure for FLOSS projects. This allows FLOSS developers to focus on what they do best — writing and improving FLOSS for the general public — while Conservancy takes care of the projects' needs that do not relate directly to software development and documentation.

One of those indirect needs is enforcing the GNU GPL, and the person who has probably done more in this regard than anyone is Bradley M. Kuhn, although he is active in the free software world in other important ways, too. As it happens, he has recently relinquished his role as the Software Freedom Conservancy’s Executive Director, passing that title on to Karen Sandler, formerly Executive Director of the GNOME Foundation:

While Kuhn’s work as Conservancy’s President and on its Board of Directors remain unchanged, Kuhn’s new full-time staff role is titled “Distinguished Technologist”. Regarding this change, Kuhn said: “This new role allows me to continue to help shape, in coordination with the Board, the overall vision for the organization. My daily role will now focus on important long-term projects, such as leading our new initiative to build non-profit accounting software and our license enforcement efforts. I also look forward to recruiting more new member projects”.

Here are some more details on the enforcement efforts:

The GPL Compliance Project for Linux Developers is comprised of copyright holders in the kernel, Linux, who have contributed to Linux under its license, the GPLv2. These copyright holders have formally asked Conservancy to engage in compliance efforts for their copyrights in the Linux kernel.

Historically, Conservancy was well-known for its ongoing license compliance efforts on behalf of its BusyBox member project. In May 2012, Conservancy announced a coordinated compliance effort on behalf of its BusyBox and Samba projects, and also launched this unique project, called the GPL Compliance Project for Linux Developers, which handles compliance and enforcement activities on behalf of more than a dozen Linux copyright holders.

Conservancy’s GPL Compliance Project is run in a collaborative manner with the project developers. All copyright holders involved have the opportunity to give input and guidance on Conservancy’s strategy in dealing with compliance issues. Thus, all Conservancy’s compliance matter have full support of relevant copyright holders.

Kuhn has put together a detailed explanation of the enforcement process:

The primary goal of every GPL enforcement action is to gain compliance, which means getting to users complete and corresponding source code so they can copy, share, modify and install improved versions. The GPL itself is a copyright license that does a weird hack on copyright: it uses the copyright rules to turn them around, and require people to share software freely (as in freedom) in exchange for permission to copy, modify and distribute the software. A GPL violation occurs when someone fails to meet the license requirements and thereby infringes copyright. The copyright rules themselves then are the only remedy to enforce the license — requiring that the violator come into compliance with the license if they want permission to continue distribution.

The whole thing is well worth reading if you want to understand how the process works. But recently I came across another post from Kuhn in which he cast a fascinating light onto the murkier aspects of licence enforcement – and some of the dodgy moves that people are making there:

an executive at a well-known corporation that contributes to Linux and other Free Software projects once tried to convince me that his company would give huge amounts of money to Conservancy if Conservancy stopped stop doing GPL enforcement entirely. Other mid-level managers followed up later with the same message.

Later, a different executive from a different company, which has invested millions in Linux and Linux-related products, told me privately that his company would “just stop its work in Linux, Samba and BusyBox if you don't stop this GPL enforcement” (which would’ve been comical if he hadn’t seemed dead serious — it seemed he really thought I was naïve enough to believe that might be true). I told him that I found that impossible to believe, and that he flattered the few GPL enforcers in the world if he was saying our behavior alone could change his company’s major business plans. That executive ended the conversation by telling me that if we were “doing any GPL enforcement against [his] competitors, get in touch, because [he] could help”. (There is some hypocrisy in these positions, as you can see.) This executive also said during the same conversation that that his “lawyers have researched the question and found that you cannot ever enforce the GPL without 100% of the copyright”. Of course, we’d already gotten multiple judicial decisions in BusyBox cases that show he’s just wrong about that. :) He was just trying to see if he could scare me.

That gives an indication of how enforcement remains a touchy subject for even open source companies, some of whom would rather just hitch a free ride on free software, and not have to worry about the details. It’s a good job we have dedicated people like Kuhn willing to spend many hours educating companies about their responsibilities: without them, the GPL and other free software licences would lose their force, jeopardising the entire mechanism of sharing.

Sadly, this attempt by companies to take without respecting the rules is not limited to the world of software. For some time I’ve suggested that OpenStreetMap is fast becoming one of the key open projects, as location emerges as a critical aspect of mobile computing. It seems that OpenStreetMap is now sufficiently important and valuable that some companies are starting to abuse its generosity just as others abuse free software’s munificence:

OpenStreetMap is the global, open and free map dataset that anyone can use. It is created by a huge community of volunteers who pour their time and energy in to the project. It’s also fun, beautiful and cool.

So it’s sad that people don’t want to respect the license. It asks two very simple things:

Please say you’re using OSM. This is very simple. If you change the map, please give the changes back. This is called “share-alike”.

Compared to paying a lot of money for incredibly license-restricted data, you’d think people would be ok with these requirements.

Sadly, this isn’t the case.

There are those who are now willfully disregarding our tiny little requirements. It’s being framed as some gigantic and unreasonable proposition, asking to say where the data came from or giving data back when you fix things. As if it’s completely bananas to ask such a thing. As if Linux or Wikipedia should be disaster ghost towns while asking for exactly the same thing of their users.

That’s from a blog post by Steve Coast, OpenStreetMap’s founder. He goes on to propose a simple four-step plan for dealing with such licensing infractions. And as he ruefully concludes:

In a narrow way, this all a good thing. It shows the growth and maturity of the project, that there are those out there that want to own it or take all the advantages without even saying where the data came from. But in the end, we have to defend ourselves for what little, tiny things we ask.

Indeed; just ask Bradley Kuhn.

Follow me @glynmoody on Twitter or, and glynmoody on Google

"Recommended For You"

Sun open sources Java under GNU public licence GNU/Linux - finally it's Free software