Who Enforces the Open Source Licenses?

sams asks: "Every few days now it seems that yet another corporate entity has tried to push the bounds of what is allowed under the open source licenses (GPL, etc..) so the question is: If a company violates the GPL license on a product, who will enforce the license? Who will take the violating company(s) to court to protect the open source intellectual work of others? Probably not the writers of the software, who probably can't afford a long drawn out trial with a company? The EFF? Ideas?" We've already had a close call with the Sun/Blackdown fiasco, and this has probably discussed in that topic. However, there is a high possibility that something like this will happen again, and we would do well to discuss this further.

Legal Firepower vs Developer Interest

This is certainly a problem, I agree. I don't think we CAN enforce the GPL-- not in the current legal climate. No individual developer or group of developers-- or the FSF-- can match in dollars spent on lawyers and months spent on courtroom time the power of a potential violator-- at least not until Congress passes tort reform (and would Clinton sign it-- I think not). So we can't really rely on legalism to protect Open Source software.

But that's ok. The key element to making an Open Source product work is mindshare. Closing up the source, embracing and extending, not giving credit where credit is due-- these are tactics that are counterproductive and alienate the network effects that make Open Source so attractive for businesses.

So even if this does happen, I wouldn't worry. We should fight to stop violations, but in the end, the power of the GPL is not in its language or legalisms, but in the community and mass entrepenurism that it makes possible. Break faith with the community, and you lose the one reason to go GPL in the first place.

For FSF-copyrighted code

For FSF-copyrighted code, they will stand up and go to court against whoever violated the GPL. There has been incidents in the past, but they have always been solved out-of-court though. The FSF lawyers tells us that this is why we should recommend that GNU software is copyrighted by the FSF (and the reason I assign my copyrights to the FSF); I don't honestly know how it will be handled otherwise (a class-action suit by all developers?), someone with more knowledge about US law can probably enlighten.

A close call with Sun/Blackdown?

Oh please.

There was no close call with Sun and Blackdown. Sun was completely within their rights to do what they did with the software. Was it rude to not give some credit to Blackdown? Of course, but the GPL doesn't prevent rudeness (Heck, Christmas doesn't prevent rudeness either). The Blackdown folks need to get thicker skins; just because your "partner" goes and uses the product to the full extent of your contract, you don't start whining. Welcome to the business world.

Dear /., stop editorializing in the story summaries. You often don't have a clue what you're writing about, and the additional verbosity just makes /. harder to read.

Re:A close call with Sun/Blackdown?

I quite agree that there was no point to or basis for a court case in the Sun/Blackdown matter.

However, open source developers do not develop for money as their primary reward, as do corporate developers. Open source development is a social activity more than a business. It's for fun, not work. For this reason I think that social rules can be just as important as legal rules, if you want *effective* open source development. Not crediting the Blackdown folks was ethically akin to not paying their own developers -- a stupid mistake if you want further development. Sun should be civil towards those doing work for them, Blackdown's reaction was justified. That most of them think Java on Linux is important enough to continue after Sun apologized speaks well of their tolerance.

Course of action

How to win your GPL-based lawsuit against big corporations, in 5 easy steps:

1. Publish all relevant details on your web site, including both the GPL-covered version of the software and either a copy or a link to the non-GPL-covered version. Include, if at all possible, a useful comparison of functionalities, diff of sources, etc. In short, try to obtain as much information as possible about the alleged violation. Make sure you triple-check everything before going any further.
   
2. Send a polite e-mail to company/individual, requesting that they "cease and desist", respect the terms of the GPL, publish full source code and/or modifications from your version, and acknowledge you as rightful "owner" and maintainer of the software. Since most companies will try to ignore you, prepare several polite copies of the same e-mail, and send to relevant authorities in the company (CEO, legal department, marketing department, etc...). Make sure to publish both e-mails and responses on your web site. I believe most companies will settle at this stage, especially if you explain very clearly what you intend to do if they do not comply (see below).
   
3. Try to get the news published on Slashdot and other public-discussion forum -- this will raise awareness of your case very, very, very fast. Include links to both GPL-protected version and non-GPL version. Make sure people can look at the evidence you have gathered on your web site. Put mirrors up if your site is slashdotted. =)
   
4. If no answer (or the wrong kind of answer) is received from the company: post entire stories on your web site, including links, etc. Contact both FSF, Slashdot, and most users of your software and (politely) ask them their help in setting up a legal defense fund. If your software is included in large Linux/Open Source distributions (for instance: Red Hat, Debian, Mandrake, SuSE), ask these companies to contribute as a gesture of goodwill. Make sure you send the entire story to on-line and off-line media (for instance the NY Times and Salon [salon.com]).
   
5. You have won: the GPL-violating company now face (a) the wrath of Internet zealots (Mmmmm... the taste of the Ping Of Death in the morning...), (b) a legal suit that could prove very costly and financially damaging and (c) a public-relations nightmare. No sane company is going to expose its backside to the kind of hellfire you have just created. Just make sure you have got everything right before unleashing this kind of thing on an innocent company, though...
   

Of course, I am not a lawyer -- but you don't need to be one to see this kind of thing unfolding.

Just imagine this: "Mr Gates, how do you explain your enormous company violated the rights of Mr John Q. LoneHacker, the creator of BlaBlaBla, by stealing his intellectual property, which was protected under the GPL?". =)

Just my $0.02...

Defenders Of The Public Interest

When an Open Source license such as the GNU Public License is violated, whose rights take a beating?

I grant the obvious--the original developer of the software is definitely in an ugly situation.

But why? Open Source Licenses are (by definition) distribution contracts. The original developer obviously has their own code, so how
much harm can come from a "licensee" refusing to return the developer's own code?

Ah, but the whole concept is that the developer isn't demanding the return of his own code, but rather the new code layered upon his own publically licensed work.

Therein lies the key. It is not merely the developer who is being deprived of content--it is the entire market of software users who are being deprived of that which they have every right to use. It is the horde of developers who wish to "scratch their itch" and improve upon an up-and-coming(or long-established!) codebase to which they have been so generously granted access to. It is the none-too-small number of investors--both large and small--who have put forth their money based upon a business model whose prime component is open access to the core software components and all future developments therein.

Open Source is indeed a public (if not natural) resource--possibly one of the few that is not depleted by usage but rather strengthened by it. However, it is alas not immune to the dangers of hoarding, pollution, and sheer misuse. Indeed, to paraphrase John Philpot Curran, eternal vigilance is the price of software liberty. Should the general perception become that the most basic precepts of Open Source licenses were being routinely ignored, both the stream of new open projects and the third party flow of incremental improvements to existing projects would dry up, as the latter group would feel no obligation to the former, and the former would notice.

Vigilance against such a situation--both real and generated by media manipulators(see Microsoft's aborted faux Letters To The Editor campaign)--is critical to the survival of the Open Source movement, and to the rights which have been granted to the public as a whole.

Is not the defense of public rights the raison d'etre of Government itself? The strip mining of communal codebases is something we've been spared thus far--should our "vigilante slashdotting" fail to sway an entrenched competitor, the involvement of government agencies and government lawyers is not something we should shy away from. There are a number of issues to consider, but Judge Jackson has shown that the U.S. Government can most assuredly "get it" when it comes to the socioeconomic issues surrounding the technology industry.

I'm not naive--although an attacking company would be harmed far more than we would by sheer public disapproval, it'd be better for everyone involved if we never had to travel down this route. Conviction does not negate the crime. However, a public statement of the willingness of government to defend us may have the peculiar effect of preventing us from needing their defense, and that is something I feel may be of value.

I'm interested in what the rest of you think about this. Feel free to disagree, or to provide insight as to what would be necessary to deal with the issues that I have brought up.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com