funding & viability questions of GPL enforcement.

To: debian-user@lists.debian.org
Subject: funding & viability questions of GPL enforcement.
From: "Bradley M. Kuhn" <bkuhn@sfconservancy.org>
Date: Sat, 15 Jul 2017 10:24:56 -0700
Message-id: <[🔎] 87d1914npz.fsf_-_@ebb.org>
In-reply-to: <[🔎] CAK2MWOsMHNCyQbfx4r0AtHbgP9r2SeizBBjf48eMACcVuzcPsg@mail.gmail.com> (Bruce Perens's message of "Fri, 14 Jul 2017 13:07:12 -0700")
References: <a39831d34e5a4f6a32c6b31ce77fadbf@airmail.cc> <E1dN1cA-0000uP-IF@fencepost.gnu.org> <CAK2MWOuWQPovpYWzAN76pd47fGE13RmvzbUGyjDnTGnaRqqd6w@mail.gmail.com> <CAK2MWOudwKTFaHhgtVVE8rwiL4-LX2SbkqbYRdUz---TvtpBuQ@mail.gmail.com> <[🔎] 87d192dhb8.fsf@ebb.org> <[🔎] CAK2MWOsMHNCyQbfx4r0AtHbgP9r2SeizBBjf48eMACcVuzcPsg@mail.gmail.com>

Bruce, your analysis ignores the political forces that have allied to thwart
GPL enforcement efforts.  If Conservancy did not face these anti-enforcement
politics regularly, Conservancy could and would spend more time working on
bringing more companies into compliance.

I hope you'll review my FOSDEM keynote [0] and LibrePlanet talk [1] (the
latter of which was covered on LWN [2]), wherein I discuss the political
efforts by many others who seek to end GPL enforcement.  I hope you'll
assist us in that political struggle, rather than shaming and blaming the
one organization who actually enforces the GPL for Linux, Debian, Samba, and
many other projects.

Bruce wrote yesterday on debian-user:
> [Conservancy] may have allowed itself ... to be in the position of
> suppressing developer's rights.

Rather than suppressing developers' rights (as you accused of us above),
Conservancy has created the only welcoming coalition of Linux copyright
holders [3] who wish to enforce, adhering to community principles.  The
wealthy and powerful who seek to end GPL enforcement view our coalition as
the primary threat to their goal.  That's why they invest inordinate
resources into thwarting Conservancy's enforcement efforts.

Bruce also wrote yesterday on debian-user:
> it would be fair for these dual-licensing companies, who offered the GPL
> but made dual licensing available to those who did not wish to accept the
> GPL terms, to exact the fees of lost commercial licensing from commercial
> infringers. Those infringers clearly had paid licensing as an option.

Meanwhile, these aggressive enforcement-centric business models function
precisely because their central tenant *discourages* sharing and
modification of the code under the copyleft license.  The typical goal of
those models is to frighten "customers" into buying a non-copyleft license.
While you're correct that they generate revenue, I don't believe that the
goal of copyleft was to create an ecosystem where most users operate under a
proprietary license that they were cajoled to accept -- under threat of
overly captious for-profit enforcement.

You also mentioned the "revenue model" of lawsuits.  While perhaps Patrick
McHardy gained some amount of personal wealth (although reports on how much
he's really recovered are unreliable rumors), that was only successful
precisely because McHardy's enforcement did not prioritize encouraging
compliant behavior.  (In fact, his model required discouraging such
behavior, because (in his settlement agreements that I've seen) his larger
recoveries came from confused violators who agreed to pay larger amounts if
found out of compliance again later.)  Such types of lawsuits are a serious
problem.  That's why Conservancy was first to criticize McHardy [4], and why
Conservancy worked with the Netfilter team to encourage them to (a) also
denounce McHardy's activity [5] and (b) endorse the Principles of
Community-Oriented GPL Enforcement [6].

Note that those Principles don't say that damages should never be sought in
lawsuits, but rather, that *prioritizing* revenue over compliance is a
problem.  You can see on Conservancy's past Form 990s that Conservancy has
received revenue from GPL enforcement.  What I think those of you who have
not actually engaged in litigation don't realize is that when you face a
large bankroll on the Defendant's side, you take on real financial risk in
litigation.  Even though most Courts will award attorney's fees and costs
*at the end*, a small charity bringing litigation must consider carefully
what happens while the years of litigation and appeals continue, during
which the Defendant funds the best legal and political power that money can
buy to try to crush you.  The copyright system is rigged against the small
entity, so we must be agile, creative, and twice as diligent to succeed.

So, Bruce, I'm more frustrated than anyone that GPL violations are rampant
and we've not found in our community an effective way to fund enforcement
such that GPL violations become rare rather than common.  But -- even though
every time I walk into an electronics store, I see a rows of GPL-violating
products -- I don't think it justifies abandoning our Principles, or taking
unnecessary risks.  Furthermore, we already have initiatives like McHardy's
and we don't see increased compliance as a result.  Thus, even if we wanted
to pursue enforcement driven by avarice, such has already been shown not to
achieve what matters most -- more software freedom for users and developers.

Bruce wrote further on debian-user:
> 1. Failure of SFC or its funded parties to attempt to appeal the VMWare
> decision

Bruce, please don't spread this disinformation; I know many are saying it,
and you probably heard it from others, but it's just incorrect.  The appeal
in Hellwig v. VMware is active in the German courts [7].  Everyone knows
that legal appeals take a very long time.  We just have to wait and keep
funding the lawyers until it's done.

Bruce wrote further on debian-user:
> 2. A consultation with the Linux kernel developers who are not terribly in
> favor of enforcement

I encourage those interested in this issue to read the email threads
regarding this carefully.  There is a loud but tiny minority of Linux
developers associated with Linux Foundation that do oppose all GPL
enforcement, but there are many people in that same thread, including (but
not limited to) Harald Welte [8], Matthew Garrett [9], and David Woodhouse
[10], who came out in loud support of Conservancy's GPL enforcement efforts.

> 3. No visible enforcement for quite a while.

Publicly admonishing violators before privately giving them ample and
friendly opportunities comply is known to fail as a strategy.  That's the
point I made in my previous email.

> As you know, I have a compliance business.....  you don't tell me what 1%
> you are working on.

Bruce, you've admitted publicly on this thread something that I've known for
some time: at least part, if not all, of the revenue to your business comes
from corporate clients that violate the GPL.  You've even been the
violator's representative party that I've negotiated with in past
violations.  I can't very well reach out to you about third-party GPL
violations, given your business.

While I'm glad that you take your job seriously and seek to get your clients
into compliance when they violate, it also means you'll face difficulty
because you simultaneously seek to be a violator-paid fixer *and* an
advocate for the software freedom of copyleft software users.

> So eventually, Bradley, we lose patience. I have no way to fund
> enforcement of GPL violations.

Bruce, if you're losing patience with the amount of resources Conservancy
can bring to bear to enforcement, then I hope you'll become a Conservancy
Supporter.  Our Supporter program *is* what funds the enforcement efforts
that we have now.  While admittedly that leaves Conservancy only with the
resources to handle 1% of all known GPL violations, the realistic
alternative is to give up and handle 0% instead.  As I've explained, we
don't currently know of a politically- and financially- viable alternative.


Finally, this is probably a good moment -- since this thread has erupted on
a Debian Mailing List -- to let everyone know that Conservancy also
organizes a GPL copyright aggregation project for Debian contributors as
well, see: https://sfconservancy.org/copyleft-compliance/#debian and
https://sfconservancy.org/news/2015/aug/17/debian/.


[0] https://sfconservancy.org/news/2017/feb/13/bkuhn-fosdem-keynote/
[1] https://media.libreplanet.org/u/libreplanet/m/understanding-the-complexity-of-copyleft-defense/
[2] https://lwn.net/Articles/719610/
[3] https://sfconservancy.org/copyleft-compliance/#linux
[4] https://sfconservancy.org/blog/2016/jul/19/patrick-mchardy-gpl-enforcement/
[5] https://www.netfilter.org/files/statement.pdf
[6] https://marc.info/?l=netfilter-devel&m=146887464512702
[7] https://sfconservancy.org/news/2016/aug/09/vmware-appeal/
[8] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003709.html
[9] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003583.html
[10] https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003628.html
-- 
Bradley M. Kuhn
Distinguished Technologist of Software Freedom Conservancy
========================================================================
Become a Conservancy Supporter today: https://sfconservancy.org/supporter

Reply to:

Follow-Ups:
- Re: funding & viability questions of GPL enforcement.
  - From: Alessandro Vesely <vesely@tana.it>

References:
- Re: Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?
  - From: "Bradley M. Kuhn" <bkuhn@sfconservancy.org>
- Re: Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?
  - From: Bruce Perens <bruce@perens.com>

Prev by Date: [SOLVED (mostly)] Re: SAMBA problems on Debian 8.8
Next by Date: Re: Gateway disappears on IPv6
Previous by thread: Re: Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?
Next by thread: Re: funding & viability questions of GPL enforcement.
Index(es):
- Date
- Thread