GPL Violations: Is Cisco the Big One?

Many sceptics were convinced that as free software spread out beyond hackers into the general computing sector the rigorous GNU GPL licence would gradually be replaced by more accommodating – meaning weaker – forms, since it was “obvious” that its unbending rules were too strict for widespread use. In fact, the GPL has grown in importance, until today it is probably fair to say that it underpins most of the free software world, including enterprise applications. This makes any violation of its terms particularly worrying, because if left unchallenged, it threatens to undermine the entire ecosystem.

And yet, surprisingly, the Free Software Foundation has been very reluctant to take those who violate the licence's terms to court, preferring, instead, to adopt a softly-softly approach. As Eben Moglen, the main architect of the FSF's legal policy, told me back in 2000, when I interviewed him for Rebel Code:

“About a dozen times a year,” Moglen says, “somebody does something [that] violates the GPL. Most of the time, they're doing so inadvertently, they haven't thought through what the requirements are. And I call them them and I say, 'Look, you're violating the GPL. What you need to do is this. Would you help us?'” The answer is invariably yes, he says.

“What is true,” Moglen admits, “is that no large American software company has engaged in a public controversy with us over the enforcement of the GPL.” And although some might conclude “that means...there's something about the GPL [that] is not enforceable, I would turn that proposition around,” Moglen says. “There have been no such controversies because nobody thinks they're going to in them.”

But Moglen was well aware that a time would come when a “large American software company” *would* engage in just such a public controversy:

“I think that sometime it's probably going to become necessary, in order to dispel a little FUD on these subjects, for us to choose to take the judicial enforcement route with a case [that] we would otherwise feel comfortable working out in our traditional way.”

That time, it seems, has just arrived:

The Free Software Foundation (FSF) today announced that it has filed a copyright infringement lawsuit against Cisco. The FSF's complaint alleges that in the course of distributing various products under the Linksys brand Cisco has violated the licenses of many programs on which the FSF holds copyright, including GCC, binutils, and the GNU C Library. In doing so, Cisco has denied its users their right to share and modify the software.

Most of these programs are licensed under the GNU General Public License (GPL), and the rest are under the GNU Lesser General Public License (LGPL). Both these licenses encourage everyone, including companies like Cisco, to modify the software as they see fit and then share it with others, under certain conditions. One of those conditions says that anyone who redistributes the software must also provide their recipients with the source code to that program. The FSF has documented many instances where Cisco has distributed licensed software but failed to provide its customers with the corresponding source code.

Harald Welte, who has done so much good work on GNU GPL violations with his gpl-violations.org project, provides some interesting background:

At gpl-violations.org, we had our fair share of dealing with Cisco (and particularly Linksys, a Cisco division). Never we have received any entirely satisfactory response. Sure, when you notify them of some GPL infringement, they will take some steps here and there. But in all those years, I have not seen a case where there was a thorough response. Whatever was disclosed as 'GPL source' was incomplete, didn't compile, and with the next firmware release there was again no source code for that new release. And then came the next product, sourced-in from a different OEM, and the entire process had to re-start from scratch.

Yes, they have gone and hired some engineer[s] to explicitly deal with the GPL related issues, like they have taken other steps in the right direction. But it was always superficial. Never addressing the problem at the root, i.e. have a proper in-house business process and supply chain license management to ensure the next product is not yet again a copyright infringement on GPL licensed software. It is so easy to resolve at the source, and so hard to fix later.

This consistent sloppiness suggests something close to contempt for the licence terms. That's curious given the fact that Cisco has recently made some positive moves to boost its GNU/Linux-based Application eXtension Platform (AXP):

Cisco is asking developers to instead think "inside the box" to create applications that will run on the Linux based Cisco AXP module. It's tossing in $100,000 in prize money just to keep it interesting.

This might be a case of the right hand not knowing what the left hand is doing, but that seems unlikely, since licensing is a fundamental issue that proprietary software companies certainly think about. It's significant that the competition mentioned above isn't about open source as such, just apps that run on GNU/Linux:

Though open source applications are welcomed by the Cisco contest, Kiran noted that it doesn't matter for the contest. "Cisco doesn't want to own the IP (intellectual property). As long as people can come up with an original idea, open source or otherwise we're OK with that."

This suggests that it sees open source as a handy and cheap source of materials that it can use, but not something that it explicitly wants to support, or indeed cares much about. That's a view that has already been voiced well before the current FSF action.

Against that background, I don't think the current alleged violations are an intentional attack on the GNU GPL – the “Big One” that everyone is waiting for to settle definitively its legal validity - but spring rather from a fundamental misunderstanding of what free software is about. Since it doesn't understand why people really care about being able to see the up-to-date source code, Cisco probably didn't think it would matter if it didn't comply fully with the GNU GPL licence. Once it realises that its ignorance and indifference is seriously damaging its reputation among a key constituency – that of developers – I predict it will soon comply with the licence, not least because it will cost a trivial amount of money and effort to do so.

The issue is not whether it will change its mind about fulfilling the terms of the licence to the letter in this case, but whether it will change its entire attitude to free software, and start giving it the respect it deserves. The best result from the current FSF action would not be a victory in the courts – welcome though that would be – but if Cisco became a permanent and serious contributor to the free software world. That would not be not just a win for the FSF, but a win-win for everyone.

Glyn Moody writes about free software at opendotdotdot.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re:

day070309's picture

del
--
P.S. sorry, i dislike nofollow

FSF is coming full circle on

Anonymous's picture

FSF is coming full circle on this. FSF was inspired partly by the innaccessibility of a printer driver in the old days. Now the matter is software inside small boxes. This time, there is a clear, legal remedy because the software is licensed under the GPL.

Unfortunately, it *has* to be done

Sum Yung Gai's picture

Sadly, the only language many companies seem to understand is the loss of lots of money. Like Microsoft, Cisco doesn't care a whit about "embarrassment", but rather, "how much ahead can we come out if we cheat, even if we get caught?"

This lawsuit needs to happen, and it needs to cost Cisco a quite substantial amount of money, for the same reason that even peaceful nations still maintain armies and even some hippie mothers purchase handguns for home defense. It's a deterrent to those who would attack you and/or your stuff. In this case, the "attack" is at the copyright of the GNU-licensed software, the "defensive handgun" is the lawsuit, and the "deterrent" is loss of lots of money. This will signal other companies, large or small, that you *MUST* obey the license for software that you choose to use...INCLUDING when that license is the GNU GPL.

For this reason, now that the lawsuit has been filed, I hope that it costs Cisco many, many millions of dollars. Maybe then they'll wake up and either not use the software (thus obeying the license), or use the software in accordance with the license's terms.

--SYG

Open Source Pie

FredR's picture

I think Cisco just wants part of the "Open Source Pie". And the lawsuit is embarrassing. It's a case of biting the hand that feeds it, I don't think they'll fight it, but more like "Oops, we goofed, sorry about that."

I'm a longtime Cisco/Linux advocate. The thought process behind Cisco's products are aligned with the thought process for many Linux/OSS projects. I think they'll get the egg off of their face and life will continue on.

-- FLR or flrichar is a superfan of Linux Journal, and goofs around in the LJ IRC Channel

Full Circle

Robert Pogson's picture

FSF is coming full circle on this. FSF was inspired partly by the innaccessibility of a printer driver in the old days. Now the matter is software inside small boxes. This time, there is a clear, legal remedy because the software is licensed under the GPL.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState